How do we maintain the data security in iPhone apps. For instance, a custom app for a bank needs more security in terms of: 1. Data in transmission 2. Data in rest (Data inside iPhone) What are the potential steps one can take to ensure the integrity and security of data? What support iPhone SDK provides to achieve this? How do we encrypt/decrypt the payloads? Save the data in encrypted format locally and how do we protect this from potential threat of decryption by unauthentic user?
A:
For the wire use SSL to a server that uses oauth or some similar authentication mechanism.
For local data use the keychain ( http://developer.apple.com/library/ios/#documentation/Security/Reference/keychainservices/Reference/reference.html and http://developer.apple.com/library/ios/#samplecode/GenericKeychain/Introduction/Intro.html)
abdollar
2010-09-28 00:41:04
Ok Thanks. Is the data stored in KeyChain is encrypted? and If my data is huge like in MBs... lets say records of some critical customers then is KeyChain size will support it?
Abhinav
2010-09-28 00:53:39
keychain will support whatever the file system can. I would call NSFileManager and check NSFileSystemSize for the path for free space before you attempt to write things to the keychain.
abdollar
2010-09-28 01:49:55
A:
It's a big topic but there's a great, free video on this subject from Apple's 2010 WWDC.
http://developer.apple.com/videos/wwdc/2010/ (sign in with a developer account)
Session 209, "Securing Application Data"
Also useful: Session 204, "Creating Secure Applications"
grobbins
2010-09-28 01:13:33