What is the best way to secure user's data saved locally in app and how to test security level?

江枫思渺然 提交于 2019-12-07 11:12:48

问题


After the recent attack on App Store I was thinking is the security meaures implemented in app for the user data security are enough? I know there is no guaranteed way to prevent attacks to your app’s data and logic but still we can frustrate attackers by implementing some kind of security .I am looking for the answers for the following questions.

  1. is NSUserDefault is secure?
  2. is Keychain Access is secure?
  3. Which is the better approach NSUserDefault or Keychain Access or any other recommended?
  4. After implementing is there any way I can test by attacking my app ?

回答1:


  1. Store credentials for accessing remote services using NSURLCredentialStorage. This uses the keychain when the persistance type is NSURLCredentialPersistencePermanent or NSURLCredentialPersistenceSynchronizable.

  2. Use the keychain directly for storing types of credentials or personal information that does not fit the above or other frameworks (i.e. Accounts or HealthKit)

  3. Do not store sensitive information in NSUserDefaults.

  4. Use the Data Protection APIs for all other local data. This can be done "app wide" using entitlements, or on individual files and directories (using NSFileManager, NSData, etc.

  5. Be very wary of 3rd party frameworks and libraries. Many of these capture sensitive information like the user's location and send it insecurely.

You can certainly attempt to attack your application or hire a company to do so for you. There are many books and resources available for guidance on how to do so, one of the better ones is The Mobile Application Hacker's Handbook




回答2:


It depends on your data what type of data you want to store, like if you want to store password or token or other important user information you should Use KeyChain.

Keychain is more secure because :-

  1. Apple itself encrypts it.
  2. Keychain cannot be accessed by any other app as it signed by the certificate your app is using.
  3. One important feature is data persists after deleting the app, while this does not happen in NSUserDefault(all data gets deleted once app is deleted.)


来源:https://stackoverflow.com/questions/32730425/what-is-the-best-way-to-secure-users-data-saved-locally-in-app-and-how-to-test

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!