Securing Your iOS Apps in the Field...App Security Local Data Security Securing your app in the...
Transcript of Securing Your iOS Apps in the Field...App Security Local Data Security Securing your app in the...
Local Authentication
• Use device’s Touch ID - Two Models
1. Stand Alone Local Authentication- Provides access to app- Acts as a checkpoint- Fall back – Custom authentication
2. Local Authentication Integration With Keychain- Provides access to app + Authenticates Users- Allows users to stay signed in- Fall back – Device’s passcode
Securing your app in the field
Stand Alone Local AuthenticationSecuring your app in the field
• Import Local Authentication framework• Create an instance of LAContext• Evaluate Policy for Biometrics
Authentication
• Set up at Server / Portal• Types of Authentication Mechanisms
- Token based- External users, username/password- OAuth
- Windows based- Enterprise users, username/password
- PKI based- Enterprise users, Client certificate
• Save Credential to Keychain
Securing your services in the field
SDK supports all Auth Mechanisms!
Youhandle Client Code and UI!
ArcGIS
Authorization
• Set up at Server / Portal• Configured for each service• Two methods
1. Ownership Based Access Control- Owner has update / delete privileges- Can limit non-owner privileges
2. Capabilities- Can limit privileges for all users
Securing your services in the field
ArcGIS
Capabilities: Create,Query,Update
Capabilities: Create,Query
Popup Editing • SDK - handles everything• You – do nothing!
Manual Editing• You – do the checking
canDeleteFeature,canUpdateFeaturecanCreate, canDelete, canUpdatecanUpdateGeometry
ConcernAm I connecting to the right server in a secure way?
Securing your services in the field
ArcGIS
SSL
• Secure Socket Layer protocol• Digital Certificate
- Verifies Identity of Server- Creates encrypted link
• Types of Digital Certificate- Certificate Authority signed certificate- Domain certificate- Self-signed certificate
• Set up at Server / Portal
Securing your services in the field
ArcGIS
You - use https
SDK• redirects http to https• warns user about self-signed certificate
Data Protection
• iOS provides Data Encryption• Set up passcode to opt-in• Data Protection Modes
- Complete- Available only when unlocked
- Protected Unless Open- Available when unlocked - Also available when file is open already
- Protected Until First User Authentication- Available after first unlock since reboot- Default
- No Protection- Always Available
Securing your local data in the field
Modifying Data Protection Mode
• App Level- ‘Capabilities’ pane of settings
• File Level- Use NSFileManager- Set NSFileProtectionKey
Securing your local data in the field
AuthenticationAuthorization
OBACCapabilities
SSL
Services Security
Data Protection
Local Data Security
Touch ID
App Security
Summary