On episode 188 of iPhreaks, Jaim Zuber and Anastasiia talk about iOS Security. Anastasiia has been doing a lot of talk about it. It is a topic which is often thought that's been covered enough but not quite in reality. Stay tuned and learn how secure iOS Security really is.
Is iOS Security Secure?
Apple goes through a lot of things just to protect its users. However, the question that comes to mind is if the security measures Apple is taking is enough. Anastasi gives both a yes and a no.
Anastasiia recommends users to read the security guides written by Apple. The company also encourages developers to implement security practices, but this is not enough. Developers should also do something as they are responsible for their applications. Apple provides a lot instruments, and developers should use them correctly.
Major Mistakes of Most New Avast Developers
The first major mistake Anastasiia points out is that they don't care much because of the belief that everything in the iPhone is secured, and they don't need to do anything. Secondly, they thought that using unli HTTP is enough. HTTP is a must-have, but unfortunately it's not sufficient. Hence, it is very important to really delve into these matters to have a better understanding on application security.
What Could Be Done to Secure Apps?
To understand how to protect the data, one must determine the risks and the possible weak points. Encryption is the most basic step to protect stored and transferred data. There are a lot of methods how to do so.
NSUser default is not the ideal place to store some sensitive data because it is in plain text when the device is unlocked. When the device is locked, most data are encrypted. It is okay to store [08:36] default if you encrypt it and decrypt after reading. Keychain is the exact instrument to store passwords and bits of data.
To hear the rest of the information about iOS Security by Anastasiia, download and listen to the entire episode.
Reach out to Anastasiia by following and tweeting her @vixentael and email her at firstname.lastname@example.org. Don’t forget to let her know you heard about her on Devchat.tv’s iPhreaks podcast!
If you’re short on time, here are the highlights of 188 iOS Security:
Is iOS Security really secured? (00:50)
Major mistakes of new Avast developers? (1:58)
What could people do to secure their apps? (04:01)
Why is it a bad idea to store passwords in NSUser Defaults? (07:40)
Difficulty in accessing the sensitive data stored in Keychain? (10:00)
Adding another level of encryption on top of Keychain? (12:24)
How much security to add in applications? (15:30)
How iOS developers make sure that data sent to the network is secured? (20:08)
Jaim: No Country for Old Men