iOS

iOS01. Preventing sensitive data leaks

Use the following methods for managing sensitive data in the application life cycle:

applicationWillResignActive: Clear the screen and encrypt any displayed sensitive data. To clear the display, you can hide the displayed content by using the following code:

UIApplication.shared.keyWindow.hidden = true

applicationDidBecomeActive: To display and decrypt sensitive data.
UIScreenCapturedDidChangeNotification: Detect screen recording. Clear the display and encrypt any sensitive data.

iOS02. Remove symbols from Xcode output

The application has to remove all symbols from the final release binary.

The following settings are recommended to be set in the Xcode project in order to remove debug information and other symbols:

DEPLOYMENT_POSTPROCESSING = YES
GCC_GENERATE_DEBUGGING_SYMBOLS = NO
STRIP_INSTALLED_PRODUCT = YES
STRIP_STYLE = all
COPY_PHASE_STRIP = YES

iOS03. Manage sensitive data in Swift

The application must ensure sensitive data is properly managed. In Swift, Data is a value type. Assigning additional references can create new copies of the allocated bytes.

Minimize these patterns to reduce the number of sensitive bytes allocated.

Pass allocated bytes as an inout argument to pass by reference and wipe it after use.

The following code snippet demonstrates how to pass the allocated bytes as an inout argument:

func helloWorld(_ data: inout Data) {	...}
var data = Data()helloWorld(&data)

The following code snippet demonstrates how to wipe a Data variable:


extension Data {
    internal mutating func wipe() {
        guard count > 0 else {
            return
        }
        let length = count
        withUnsafeMutableBytes { ptr in
            if let mutableRawPtr = ptr.baseAddress {
                memset_s(mutableRawPtr, length, 0, length)
            }
        }
    }
}

iOS04. Disable auto-correction cache for sensitive input

The application must disable the auto-correction cache for inputs that request sensitive data. This prevents an attacker with access to the device from using the autocomplete suggested strings to view the sensitive text input data.

The application may perform one of the following actions to disable the auto-correction cache:

Set the secureTextEntry field to true.
Set the autoCorrectionType field to UITextAutocorrectionType.no.

iOS05. Disable copy and paste for sensitive data

The application must disable the copy/paste menu for sensitive data. This prevents an attacker with access to the device from pasting and viewing the copied data. The following sample code disables the copy/paste menu:

override func canPerformAction(_ action: Selector, withSender sender: Any?) -> Bool {
    let menuController = UIMenuController.shared
    menuController.isMenuVisible = false
}

iOS06. Manage app versions in the App Store

End users can re-download previous app versions they already purchased or installed. This allows use on older devices that may no longer be supported by the current version of your application. If you do not want to make these versions available, manage the availability of previous app versions in the Rights and Pricing section of the Manage Your Apps module in App Store Connect.

For details, refer to AppStore Connect.

From a security standpoint, keep attack surfaces as small as possible. Keeping older versions increases reach. It can also expose the solution to older firmware with known weaknesses. Prefer making only one version (the latest) available at a time. Expand device coverage by configuring build settings to support a wider range of iOS versions.

Disable the app’s “Apple Silicon Mac Availability” in App Store Connect

Running an iOS application on Mac M1 is much less secure because it is easier to access both the application binary and the sandbox data.

Disable the app’s “Apple Silicon Mac Availability” in App Store Connect to prevent installation on Apple silicon Macs and reduce risk.

For details, see the Apple document.

iOS07. Prevent application tampering

To prevent malicious hacking into the application code, it is recommended to verify the integrity of the application’s binary at runtime. This can be implemented in the application by calculating the checksum of the __text section of __TEXT segment.

For implementation details, refer to github link. A strong obfuscation is required to protect the code calculating checksum.

For risks associated with tampering attacks, refer to OWASP.

iOS08. Xcode compiler security and obfuscation options

Use Xcode options that increase security and make disassembly more complex.

The following settings are recommended to set in the Xcode project:

GCC_UNROLL_LOOPS = YES
GCC_OPTIMIZATION_LEVEL = 3
OTHER_CFLAGS = -fstack-protector-all -finline-functions
CLANG_ENABLE_OBJC_ARC = YES
GCC_DYNAMIC_NO_PIC = NO
LD_NO_PIE = NO
RUN_CLANG_STATIC_ANALYZER = YES
CLANG_ANALYZER_SECURITY_FLOATLOOPCOUNTER = YES
CLANG_ANALYZER_SECURITY_INSECUREAPI_RAND = YES
CLANG_ANALYZER_SECURITY_INSECUREAPI_STRCPY = YES
CLANG_ANALYZER_SECURITY_INSECUREAPI_GETPW_GETS = YES
CLANG_ANALYZER_SECURITY_INSECUREAPI_MKSTEMP = YES
CLANG_ANALYZER_SECURITY_INSECUREAPI_VFORK = YES

PreviousAndroid NextApplication submission guidelines

Last updated 4 months ago

Was this helpful?