Security Starting Point

Application security is about protecting users’ information from being read, stolen, or destroyed by malicious people and processes. Security cannot be added to code as an afterthought; it must be built in. To keep your users’ information secure, your iOS application must be resistant to attack and you must keep your users’ data in a secure environment.

iOS security features are implemented at the Core OS level and its security APIs are at the Core Services level in the system architecture.

Figure 1-1Security APIs and system architecture image: Art/security-layers.jpg

Contents:

Get Up and Running

For sample code that shows how to use the keychain to store passwords and other secrets, and how to share keychain items between applications, see GenericKeychain.

For sample code that shows the use of the cryptographic functions found in the Security framework, see CryptoExercise.

Become Proficient

If you want to learn why and how to write secure code, read Secure Coding Guide. That document explains the sources of security vulnerabilities in code and provides programming suggestions to help you write an application that will be resistant to attack. Then you can read Security Overview to learn about all the security APIs and features available in iOS.

Following that, read Keychain Services Programming Guide and Certificate, Key, and Trust Services Programming Guide to see more sample code and learn in more detail how to use the security APIs.

Download or Send Data Securely

To learn how to download data from a secure URL using the HTTPS protocol, or to send data securely over a network using a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) data stream, see CFNetwork Programming Guide.