> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/merchant-tokenization/sdk-integration/security/ios.md). # iOS ## IOS01. Preventing Sensitive Data Leaks Use the following methods for managing sensitive data in the application life cycle: * `applicationWillResignActive`: To clear the display on the screen and to encrypt the displayed sensitive data. To clear the display, the following code can be used to hide the displayed content: ```swift UIApplication.shared.keyWindow.hidden = true ``` * `applicationDidBecomeActive`: To display and decrypt sensitive data. * `UIScreenCapturedDidChangeNotification`: To detect the screen recording. Application should clear display of and encrypt any sensitive data. ## IOS02. Remove Symbols from Xcode Output The application has to remove all symbols from the final release binary. The following settings are recommended to be set in the Xcode project in order to remove debug information and other symbols: ```swift DEPLOYMENT_POSTPROCESSING = YES GCC_GENERATE_DEBUGGING_SYMBOLS = NO STRIP_INSTALLED_PRODUCT = YES STRIP_STYLE = all COPY_PHASE_STRIP = YES ``` ## IOS03. Management of Sensitive Data in Swift The application has to ensure that all sensitive data are properly managed. As the value type of [Data](https://developer.apple.com/documentation/foundation/data) is Swift, additional pointers assigned to the data will result in a new copy of the allocated bytes. Such practices should be minimized to mitigate the number of sensitive bytes allocated. Allocated bytes can be passed as an `inout` argument to pass by reference and to be wiped once its usage is completed. The following code snippet demonstrates how to pass the allocated bytes as an `inout` argument: ```swift func helloWorld(_ data: inout Data) { ... } var data = Data() helloWorld(&data) ``` The following code snippet demonstrates how to wipe a `Data` variable: ```swift extension Data { internal mutating func wipe() { guard count > 0 else { return } let length = count withUnsafeMutableBytes { ptr in if let mutableRawPtr = ptr.baseAddress { memset_s(mutableRawPtr, length, 0, length) } } } } ``` ## IOS04. Disable Auto-Correction Cache for Sensitive Input The application must disable the auto-correction cache for inputs that request sensitive data. This prevents an attacker with access to the device from using the autocomplete suggested strings to view the sensitive text input data. The application may perform one of the following actions to disable the auto-correction cache: * Set the `secureTextEntry` field to `true`. * Set the `autoCorrectionType` field to `UITextAutocorrectionType.no`. ## IOS05. Disable Data Copy/Paste for Sensitive Data The application must disable the copy/paste menu for sensitive data. This prevents an attacker with access to the device from pasting and viewing the copied data. The following sample code disables the copy/paste menu: ```swift override func canPerformAction(_ action: Selector, withSender sender: Any?) -> Bool { let menuController = UIMenuController.shared menuController.isMenuVisible = false } ``` ## IOS06. Managing App Versions in the App Store It is possible for users to re-download previous app versions that are already purchased or installed, allowing customers to use apps on older devices that may no longer be supported by the current version of your application. If you do not wish to make these versions available, you can manage the availability of your apps' previous versions in the Rights and Pricing section of the Manage Your Apps module in AppStore Connect. For details, refer to [AppStore Connect](https://developer.apple.com/support/app-store-connect/). From a security standpoint, it is recommended to keep attack surfaces as small as possible. While keeping older versions provides a much wider audience, it can also expose the solution to old firmware whose security may have already been compromised. It is best to use one version of your application (the latest one) available at one time, and configure your build settings to support wider iOS versions, instead. **Disable App’s “Simulator” in Deployment Target** The deployment target should only include iOS devices. **Disable App’s “Apple Sillicon Mac Availability” in App Store Connect** Running an iOS application on Mac M1 is much less secure because it is easier to access to both application binary and the sandbox data. Disable App’s “Apple Sillicon Mac Availability” in App Store Connect to disallow it from installing on the M1 Mac to reduce the risk. For details on how to disable “Apple Sillicon Mac Availability”, see the Apple document [here](https://developer.apple.com/documentation/apple-silicon/running-your-ios-apps-on-macos) ## IOS07. Preventing the Tampering of the Application To prevent malicious hacking into the application code, it is recommended to verify the integrity of the application’s binary at runtime. This can be implemented in the application by calculating the checksum of the \_\_text section of \_\_TEXT segment. For implementation details, refer to [github link](https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06j-Testing-Resiliency-Against-Reverse-Engineering.md). A strong obfuscation is required to protect the code calculating checksum. For the risks associated with tampering attacks, check out the OWASP link at [OWASP link](https://www.owasp.org/index.php/Mobile_Top_10_2016-M8-Code_Tampering). ## IOS08. Xcode Compiler Security and Obfuscation Options The application must use Xcode options that increase the security and provide obfuscation by making disassembly more complex. The following settings are recommended to set in the Xcode project: ```swift GCC_UNROLL_LOOPS = YES GCC_OPTIMIZATION_LEVEL = 3 OTHER_CFLAGS = -fstack-protector-all -finline-functions CLANG_ENABLE_OBJC_ARC = YES GCC_DYNAMIC_NO_PIC = NO LD_NO_PIE = NO RUN_CLANG_STATIC_ANALYZER = YES CLANG_ANALYZER_SECURITY_FLOATLOOPCOUNTER = YES CLANG_ANALYZER_SECURITY_INSECUREAPI_RAND = YES CLANG_ANALYZER_SECURITY_INSECUREAPI_STRCPY = YES CLANG_ANALYZER_SECURITY_INSECUREAPI_GETPW_GETS = YES CLANG_ANALYZER_SECURITY_INSECUREAPI_MKSTEMP = YES CLANG_ANALYZER_SECURITY_INSECUREAPI_VFORK = YES ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.payments.thalescloud.io/merchant-tokenization/sdk-integration/security/ios.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.