As we all know apple insists on security and data privacy and it is best known for it. So we as developers should also give the same flavor to the user of our application and should always consider data security as one of the impotent pillars while writing the architecture of the application.
In Swift, there is a different easy way to achieve the data security either by using iOS keychain(with keychain wrapper), data protection(in capabilities ), third-party library, or built-in libraries.
Keychain offers a secure alternative to store sensitive data other than UserDefault, plist or similar methods. One can easily save high sensitive data such as username, password,accessKey etc.
Storing small and simple bits of data such as API Key, UserId etc are simple and easy to store in UserDefault but it is no more secure. Hacker can easily read the values of the user-default from the device. Apple has provided keychain services API to deal with this security problem and help developers build apps that safely handle passwords and other sensitive information.
Keychain is quick and fast because data encryption automatically is taken care of before it is stored in the file system so there is no need to waste time building encryption algorithms. It can be configured to lock and when it is locked it is impossible to access and decrypt stored keychain items. In iOS, the keychain is locked when the device is locked and unlocked when the device is unlocked. Also even when it is unlocked, only apps that have created an item can access it, unless configured otherwise. You can also configure it to accessing keychains items across apps
Implement Keychain API directly for storing and retrieving data is the torturous job and it is time-consuming too.another option is to use wrapper class which is easy and fast there are many wrapper libraries are available on Github and cocoapods.com.
List of Good Wrapper class as follows.
1.swiftKeychainWrapper By Jason Rendel for swift
2.Locksmith by Matthew Palmer for Swift
3.Samkeychain by sam soffes for objective c
A wrapper class gives top-level function such as add, edit and delete keychain item which is common to every wrapper class and each wrapper has its own slightly unique syntax and configurable options but they more or less follow the same pattern. Here I’m going to use swiftKeychainWrapper by Jason to demonstrate functionality
You can either install the swiftKeychainWrapper by pod or drag-drop the git project file into your project.
Assume that you have installed the pod/drag-drop the project below is the usage.
Adding item to the keychain.
let saveSuccessful: Bool = KeychainWrapper.standard.set(“Some String”, forKey: “myKey”)
Retrieve a string value from keychain:
let retrievedString: String? = KeychainWrapper.standard.string(forKey: “myKey”)
Remove a string value from keychain:
let removeSuccessful: Bool = KeychainWrapper.standard.removeObject(forKey: “myKey”)
Removing an item from keychain.
let keyRemoved: Bool = KeychainWrapper.standard.remove(key: “userPassword“)
There is another simple and easy way to enable the security layer on your app is by using the data protection feature in your project. It uses built-in hardware to store files in an encrypted format on disk and to decrypt them on demand.if data protection is enabled, protected files are inaccessible even to the app that created them if the device is locked by passcode or touch id.
How to enable Data Protection: Data protection can be enabled by turning on the data protection in Capability Tab of the project setting.
Now, if any of the files are created on the local device it is protected. The file can be created by Data and FileManager class.
Third party library:
RNCryptor and CryptoSwift are the two popular libraries available in ios for encryption data. It is easily available on GitHub.AES is an encryption technique commonly used. Best thing to use this library is it gets you up and running very quickly without having to worry about the underlying details the code is also open source so it is easy to analyze and audit it . We can also make changes as per any custom requirements into it. feature available in RNCryptor is AES-256 encryption, CBC mode, Password stretching with PBKDF2, Random IV, Encrypt then hash HMAC