Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Keys to iOS Security

The Keys to iOS Security

Security is an important pillar of application development. Users of iOS apps expect their information to be kept safe and private.

In this talk we’ll cover the foundations security on iOS. This will include securely saving data to the Keychain, the best practices for hashing private information, and how to incorporate biometrics.

Ryan Ackermann

April 19, 2018
Tweet

Other Decks in Programming

Transcript

  1. Who are threats to iOS applications? • Criminals (after your

    data) • Business competitors (after your ideas) • Service providers (after your privacy) • Friends or family (after your secrets)
  2. Types of data to secure on iOS • User data

    (photos, notes, etc.) • Payment information • Login credentials
  3. Plain text passwords in UserDefaults • Third parties libraries •

    Unencrypted device backup • iOS filesystem explorers like iExplorer The password can be read by:
  4. Why use a salt? A salt is additional input to

    the hashing function to defend against pre-computed dictionary attacks
  5. Rainbow Table Attack Plain text MD5 hash 123456 e10adc3949ba59abbe56e057f20f883e password

    5f4dcc3b5aa765d61d8327deb882cf99 qwerty d8578edf8458ce06fbc5bb76a58c5ca4 baseball 276f8db0b86edaa7fc805516c852c889 dragon 8621ffdbc5698829397d97767ac13db3
  6. Links https://www.raywenderlich.com/185370/ Basic iOS Security: Keychain and Hashing https://developer.apple.com/videos/play/ wwdc2016/705/

    How iOS Security Really Works https://developer.apple.com/ documentation/security Apple Security Documentation