Getting started with iOS UILabel Change Status Bar Color Passing Data between View Controllers Managing the Keyboard UIButton UILocalNotification UIImageView Checking for Network Connectivity Accessibility UITableView Auto Layout UIView UIAlertController MKMapView UIColor NSAttributedString CAAnimation UITextView UINavigationController Concurrency CAGradientLayer UIGestureRecognizer Custom UIViews from XIB files Safari Services UIStackView UIImage UIWebView CALayer iOS - Implementation of XMPP with Robbie Hanson framework Swift and Objective-C interoperability NSDate Custom fonts AVSpeechSynthesizer UIBarButtonItem UIScrollView Localization NSNotificationCenter UITextField Alamofire UIViewController iBeacon CLLocation NSURLSession UISwitch Checking iOS version Universal Links UICollectionView PDF Creation in iOS In-App Purchase NSTimer CGContext Reference UITabBarController UISearchController UIActivityViewController Core Location FacebookSDK AFNetworking CTCallCenter UIImagePickerController NSUserDefaults UIControl - Event Handling with Blocks UIBezierPath UIPageViewController UIAppearance Push Notifications Key Value Coding-Key Value Observation Initialization idioms Storyboard Background Modes and Events Fastlane CAShapeLayer WKWebView UUID (Universally Unique Identifier)Categories Handling URL Schemes Realm ARC (Automatic Reference Counting)UIPickerView Dynamic Type NSURL SWRevealViewController Snapshot of UIView DispatchGroup GCD (Grand Central Dispatch)Size Classes and Adaptivity UIScrollView AutoLayout IBOutlets AWS SDK Debugging Crashes UISplitViewController UISplitViewController UIDevice CloudKit GameplayKit Xcode Build & Archive From Command Line XCTest framework - Unit Testing NSData AVPlayer and AVPlayerViewController Deep Linking in iOS App Transport Security (ATS)Core Graphics Segues UIDatePicker NSPredicate EventKit NSBundle SiriKit Contacts Framework Dynamically updating a UIStackView iOS 10 Speech Recognition API NSURLConnection StoreKit Code signing Create .ipa File to upload on appstore with Applicationloader Resizing UIImage Size Classes and Adaptivity MKDistanceFormatter 3D Touch GameCenter Leaderboards Keychain Handle Multiple Environment using Macro Set View Background Block Content Hugging/Content Compression in Autolayout iOS Google Places API Navigation Bar UITextField Delegate App wide operations UILabel text underlining Cut a UIImage into a circle Make selective UIView corners rounded Convert HTML to NSAttributed string and vice verse Convert NSAttributedString to UIImage CoreImage Filters Face Detection Using CoreImage/OpenCV MPMediaPickerDelegate Graph (Coreplot)NSHTTPCookieStorage FCM Messaging in Swift Create a Custom framework in iOS Custom Keyboard AirDrop SLComposeViewController AirPrint tutorial in iOS UISlider Carthage iOS Setup Healthkit Core SpotLight in iOS UI Testing Core Motion QR Code Scanner plist iOS NSInvocation UIRefreshControl TableView WCSessionDelegate AppDelegate App Submission Process MVVM UIStoryboard Basic text file I/O iOS TTS MPVolumeView Objective-C Associated Objects Passing Data between View Controllers (with MessageBox-Concept)UIPheonix - easy, flexible, dynamic & highly scalable UI framework Chain Blocks in a Queue (with MKBlockQueue)Simulator Background Modes NSArray OpenGL UIScrollView with StackView child Cache online images MVP Architecture UIKit Dynamics Configure Beacons with CoreBluetooth Core Data Extension for rich Push Notification - iOS 10.Profile with Instruments Application rating/review request MyLayout UIFont Simulator Builds Simulating Location Using GPX files iOS Custom methods of selection of UITableViewCells Custom methods of selection of UITableViewCells UISegmentedControl SqlCipher integration Custom UITextField Security Guideline to choose best iOS Architecture Patterns UIFeedbackGenerator UIKit Dynamics with UICollectionView Multicast Delegates Using Image Aseets UITableViewCell Runtime in Objective-C ModelPresentationStyles CydiaSubstrate tweak Create a video from images Codable FileHandle NSUserActivity Rich Notifications Load images async ADDING A SWIFT BRIDGING HEADER Creating an App ID Swift: Changing the rootViewController in AppDelegate to present main or login/onboarding flow attributedText in UILabel UITableViewController

Security

Transport Security using SSL

iOS apps needs to be written in a way to provide security to data which is being transported over network.
SSL is the common way to do it.

Whenever app tries to call web services to pull or push data to servers, it should use SSL over HTTP, i.e. HTTPS.
To do this, app must call https://server.com/part such web services and not http://server.com/part.
In this case, app needs to trust the server server.com using SSL certificate.

Here is the example of validating server trust-

Implement URLSessionDelegate as:

func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
    
    if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
        let serverTrust:SecTrust = challenge.protectionSpace.serverTrust!

        func acceptServerTrust() {
            let credential:URLCredential = URLCredential(trust: serverTrust)
            challenge.sender?.use(credential, for: challenge)
            completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
        }
        
        let success = SSLTrustManager.shouldTrustServerTrust(serverTrust, forCert: "Server_Public_SSL_Cert")
        if success {
            acceptServerTrust()
            return
        }
    }
    else if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate {
        completionHandler(.rejectProtectionSpace, nil);
        return
    }
    completionHandler(.cancelAuthenticationChallenge, nil)
}

Here is trust manager: (couldn't found Swift code)

@implementation SSLTrustManager
+ (BOOL)shouldTrustServerTrust:(SecTrustRef)serverTrust forCert:(NSString*)certName {
// Load up the bundled certificate.
NSString *certPath = [[NSBundle mainBundle] pathForResource:certName ofType:@"der"];
NSData *certData = [[NSData alloc] initWithContentsOfFile:certPath];
CFDataRef certDataRef = (__bridge_retained CFDataRef)certData;
SecCertificateRef cert = SecCertificateCreateWithData(NULL, certDataRef);

// Establish a chain of trust anchored on our bundled certificate.
CFArrayRef certArrayRef = CFArrayCreate(NULL, (void *)&cert, 1, NULL);
SecTrustSetAnchorCertificates(serverTrust, certArrayRef);

// Verify that trust.
SecTrustResultType trustResult;
SecTrustEvaluate(serverTrust, &trustResult);

// Clean up.
CFRelease(certArrayRef);
CFRelease(cert);
CFRelease(certDataRef);

// Did our custom trust chain evaluate successfully?
return trustResult == kSecTrustResultUnspecified;
}
@end

Server_Public_SSL_Cert.der is servers' public SSL key.

Using this approach our app can make sure that it is communicating to the intended server and no one is intercepting the app-server communication.

Securing Data in iTunes Backups

If we want our app data to be protected against iTunes backups, we have to skip our app data from being backed up in iTunes.
Whenever iOS device backed up using iTunes on macOS, all the data stored by all the apps is copied in that backup and stored on backing computer.

But we can exclude our app data from this backup using URLResourceKey.isExcludedFromBackupKey key.
Here is the directory structure of our app:
Note: Generally sensitive data is stored in 'Application Support' directory.

e.g. If we want to exclude all our data stored in Application Support directory then we can use above mentioned key as follow:

    let urls = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask)
    let baseURL = urls[urls.count-1];
    
    let bundleIdentifier = Bundle.main.object(forInfoDictionaryKey: "CFBundleIdentifier") as! String
    let pathURL = baseURL.appendingPathComponent(bundleIdentifier)
    let persistentStoreDirectoryPath = pathURL.path
    if !FileManager.default.fileExists(atPath: persistentStoreDirectoryPath) {
        do {
            try FileManager.default.createDirectory(atPath: path, withIntermediateDirectories: true, attributes: nil)  
        }catch {
            //handle error
        }
    }
    let dirURL = URL.init(fileURLWithPath: persistentStoreDirectoryPath, isDirectory: true)
    do {
        try (dirURL as NSURL).setResourceValue((true), forKey: .isExcludedFromBackupKey)
    } catch {
        //handle error
    }

There are lots of tools available to see iTunes backups for all the backed up data to confirm whether above approach works or not.
iExplorer is good one to explore iTunes backups.

Contributors

Topic Id: 9999

Example Ids: 30709,30719

This site is not affiliated with any of the contributors.