IOS: How to make apps safer and iOS apps safer

Source: Internet
Author: User
Tags asymmetric encryption

IOS: How to make apps safer and iOS apps safer
1. Security Solution for network requests

1.1 https requests, preferably a secure interaction platform.

1.2 encrypt important parameter requests (AES and ERSA encryption are recommended ).

1.3 when the server returns data, it encrypts important data.

1.4 do not write the key into the code. You can first obtain the key through the asymmetric encryption interface, and then use this key for encryption in the subsequent interface communication.

1.5 The key should be replaced regularly,

If the key is written in the Code, when the APP upgrades the new version, the new version of the APP and other corresponding interface versions are changed to the new key.

If the key is obtained from the interface through asymmetric encryption, directly modify the server.

2 Client Security Solution

2.1 do not store key information in plist files or static files in projects. If key information is stored, encrypt it.

2.2 NSUserDefaults, sqlite storage file for data encryption. Encrypts the URLs in the program to Prevent Static Analysis of the URLs.

2.3 code obfuscation. For example, use macros for simple obfuscation. The method name and method body are mixed.

2.4 In the release environment, NSLog does not print logs, and print is used in swift.

2.5 In the code, the method name should not contain key, password, getIPAddress, and other words.

2.6 When Logon fails, do not explicitly judge that the user name or password is incorrect.

2.7 two or more types of authentication technologies (such as digital certificate system, hardware token, biometric characteristics, and one-time dynamic password) are used for user identity authentication during logon.

2.8 use an encrypted soft keyboard and random keyboard. When private data is input, all data is shielded.

2.9 do not display private data in plain text, partially or entirely. (Hackers get the user name and mobile phone number, and then perform fraud ).

3.0 use the anti-screenshot function.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.