After the recent attack on App Store I was thinking is the security meaures implemented in app for the user data security are enough?
I know there is no guaranteed way to prevent attacks to your app’s data and logic but still we can frustrate attackers by implementing some kind of security .I am looking for the answers for the following questions.
- is NSUserDefault is secure?
- is Keychain Access is secure?
- Which is the better approach NSUserDefault or Keychain Access or any other recommended?
- After implementing is there any way I can test by attacking my app ?
Store credentials for accessing remote services using NSURLCredentialStorage. This uses the keychain when the persistance type is NSURLCredentialPersistencePermanent or NSURLCredentialPersistenceSynchronizable.
Use the keychain directly for storing types of credentials or personal information that does not fit the above or other frameworks (i.e. Accounts or HealthKit)
Do not store sensitive information in NSUserDefaults.
Use the Data Protection APIs for all other local data. This can be done "app wide" using entitlements, or on individual files and directories (using NSFileManager, NSData, etc.
Be very wary of 3rd party frameworks and libraries. Many of these capture sensitive information like the user's location and send it insecurely.
You can certainly attempt to attack your application or hire a company to do so for you. There are many books and resources available for guidance on how to do so, one of the better ones is The Mobile Application Hacker's Handbook
It depends on your data what type of data you want to store, like if you want to store password or token or other important user information you should Use KeyChain.
Keychain is more secure because :-
- Apple itself encrypts it.
- Keychain cannot be accessed by any other app as it signed by the certificate your app is using.
- One important feature is data persists after deleting the app, while this does not happen in NSUserDefault(all data gets deleted once app is deleted.)
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 够拽才男人 的文章《What is the best way to secure user's data sav》','https://www.manongdao.com/article-793255.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}