× {{alert.msg}} Never ask again
Receive New Tutorials
GET IT FREE

iOS Security: Best Practices in Safeguarding User Data

#iOS  
– {{showDate(postTime)}}

ios security

Writing applications with security in mind is an important part of any developer’s job. Unfortunately, secure coding often times gets pushed to the back-burner when dealing with the latest bug fixes or adding a cool new feature to an app.

Security may not be as exciting as other parts of application development, but it’s an important part nonetheless.

This article will explain a few best practices that iOS developers can incorporate into their current applications to make their products safer for their user base going forward.

1. Storing credentials properly

Often times, developers need a way to save small bits of information about their users that persist through app launches. This could be a username and password for a login screen or perhaps private information about the user like age, weight, etc.

Today, we will be focusing on two of the most common ways to store small amounts of user data, NSUserDefaults and Keychain Services.

NSUserDefaults is a class that allows developers to interact with the defaults system. It is useful for storing information about the state of the application and other small behavioral preferences. For example, you can keep track of the user’s last screen they were viewing before they closed the app or which units of measurement they prefer to use.

NSUserDefaults is easy to incorporate into your application and unfortunately, that means it is frequently misused by developers of all skill levels. Because NSUserDefaults stores all data in an unencrypted .plist file, a curious person could potentially view this data with minimal effort. That means that you should never store any type of sensitive data inside NSUserDefaults.

Keychain Services, on the other hand, is an API that gives developers the ability to securely store small chunks of data in an encrypted container. The contents of this container are only available to your application which makes it a great choice to store credentials and other sensitive types of data. Keychain Services require a bit more effort to implement than NSUserDefaults, but the benefits of using it far outweigh the time involved in making it work.

2. Keyboard Caching & Secure Text Entry

The autocomplete feature in iOS is a helpful tool to type faster and more accurately in your emails, messages, and apps. When you use a UITextField with the autocomplete feature enabled, certain words may be stored in plaintext to improve the autocomplete feature for the user in the future.

When dealing with a user’s password or other sensitive data that needs to be secure, you can set the secureTextEntry attribute to YES on your UITextField. Making a secure UITextField ensures that the user’s data is both hidden from plain view and prevents it from being cached on the system.

If you have a field that doesn’t require obfuscation of the characters (that’s the little dots that show instead of your password) but shouldn’t be cached by the system, you can simply turn off autocomplete for the text field.

3. Logging

Most of us use logging to debug our applications, that is, using the NSLog or print command (depending on your preferred programming language). These two commands output basic debug information to the Xcode developer console and can help tremendously when testing applications.

While useful in development, if your application is released with these statements intact, this means you’re leaking data that could potentially be viewed by a malicious user.

Here is an example of a really bad data leak using logging:

print(“Success! User created account with password:\(textFieldPassword.text)”)

Don’t be that developer. Clean up your print statements before you ship your application. Your application will be more secure, use less memory, and be more stable in the long run.

4. Encryption

Lately, there has been a renewed push by application developers around the world to incorporate strong encryption on user data. Companies like Google, Microsoft, and Facebook have scrambled to further encrypt their data after revelations of government spying burst into the limelight.

While encryption adds a bit of complexity to app development, it ensures that the user’s data remains private should their device ever be lost or stolen.

As you know, small bits of data like login credentials should automatically be saved in the Keychain, but what about things like documents, pictures, and other large file types? The answer is, of course, encryption.

If you’re thinking that iOS already encrypts user data, you would be correct. However, the user must have chosen a password or passcode for device-level encryption to occur. If a device didn’t have a passcode setup and ended up in someone else’s hands, all app data would be accessible to anyone with a lightning cable and a computer.

Example app:

Let’s say you want to build an app for insurance purposes that stores photographs of all of your valuable documents and belongings. The application saves your home address and also the contents of each room inside its local database.

Now pretend that your device has been lost or stolen. Whoever has found your iOS device could simply open the app and see exactly what’s inside your home, all conveniently organized by room type.

Apps such as this have a responsibility to safeguard their user data using encryption. In this example, it would be wise to integrate a proper login screen mechanism and encrypt user data based on the password or passcode given by the user.

If you are in need of an easy-to-use wrapper for encrypting and decrypting data on iOS devices, I highly recommend RNCryptor by Rob Napier.

That’s it for today.

We hope you have enjoyed this short refresher on iOS security and how you can help keep your user’s data safe from malicious users. It’s important to safeguard user data as much as possible because oftentimes, a user will be unable or unwilling to protect themselves.

Other related tutorials

Author’s Bio

ios securityRyan Hartman is a senior iOS developer with over 7 years of experience creating awesome apps for iOS and Mac. Located in beautiful Berlin, Germany, he is passionate about helping others learn about programming, UI/UX design, and other technical topics.



Write for Us
RSS

Questions about this tutorial?  Get Live 1:1 help from iOS experts!
Gbenga Oladipupo
Gbenga Oladipupo
5.0
Senior Mobile Engineer with many years of experience
Senior Mobile Engineer with 7 years+ of active programming experience. I'm proficient in Kotlin, Dart, Java and Python. I have helped many new...
Hire this Expert
Ahsan Zia
Ahsan Zia
5.0
Full stack software developer with 6 years of experience
I am a full stack software developer and a Master of Android development while also having expertise on Python, Spring boot, .NET core, Laravel and...
Hire this Expert
Related Tutorials
Adopting Cocoapods in your iOS app
iOS Interview Questions For Senior Developers
Building an iOS Geolocation Travel App with React Native
Q&A With Author of Official Cocos2D Documentation: Cocos2D vs. SpriteKit & More
Handling Different Screen Sizes in Mobile Game Development
comments powered by Disqus