Conforming to the NSSecureCoding protocol indicates that an object handles encoding and decoding instances of itself in a manner that is robust against object substitution attacks.
- iOS 8.0+
- macOS 10.10+
- tvOS 9.0+
- watchOS 2.0+
Historically, many classes decoded instances of themselves like this:
This technique is potentially unsafe because by the time you can verify the class type, the object has already been constructed, and if this is part of a collection class, potentially inserted into an object graph.
In order to conform to
An object that does not override
init(coder:)can conform to
NSSecureCodingwithout any changes (assuming that it is a subclass of another class that conforms).
An object that does override
initWithCoder:must decode any enclosed objects using the
decodeObjectOfClass:forKey:method. For example: