- WWDC 2015
- introduction
-
1. App Framework
- 1.1. Adopting new trackpad feature
- 1.2. Advanced NSOperation
- 1.3. Advance Touch Input in iOS
- 1.4. Best Practices for Progress Reporting
- 1.5. Building Document Based App
- 1.6. Cocoa Touch Best Practices
- 1.7. Creating Complications with ClockKit
- 1.8. Getting Started with Multitasking on iPad in iOS 9
- 1.9. Introducing safari View Controller and WKWebView updates
- 1.10. Introducing the Contacts Framework
- 1.11. Multitasking Essentials for Media-Based Apps on iPad in iOS 9
- 1.12. Mysteries of Auto Layout, Part 1
- 1.13. Mysteries of Auto Layout, Part 2
- 1.14. New UIKit Support for International User Interfaces
- 1.15. Optimizing Your App for Multitasking on iPad in iOS 9
- 1.16. Seamless linking to your app
- 1.17. WatchKit In-Depth, Part 1
- 1.18. WatchKit In-Depth, Part 2
- 1.19. What's new in Cocoa
- 1.20. What's new in Core Data
- 1.21. What's new in HealthKit
- 1.22. What's new in Internationalization
- 1.23. What's new in Mapkit
- 1.24. What’s New in UIKit Dynamics and Visual Effects
- 1.25. iOS Accessilibility
- 2. Design
- 3. Developer Tools
- 4. Distribution
- 5. Featured
- 6. Graphics and Games
- 7. Media
-
8. System Frameworks
- 8.1. Achieving All-Day Battery
- 8.2. Apple Pay within apps
- 8.3. Building Responsive and Efficient Apps with GCD
- 8.4. CloudKit JS and Web Services
- 8.5. CloudKit Tips and Tricks
- 8.6. Introducing Search APIs
- 8.7. Introduction to Watch Connectivity
- 8.8. Low Energy,High Performance:Compression and Accelerate
- 8.9. Networking with NSURLSession
- 8.10. Privacy And Your App
- 8.11. Security and Your Apps
- 8.12. What’s New in CloudKit
- 8.13. What's New in Core Location
- 8.14. What's new in Core Motion
- 8.15. What's new in Network extension and VPN
- 8.16. What's New in Notifications
Security and Your Apps
This session focuses on the security of Apple provided in OS X and iOS.
App Transport Security
Apps build against with iOS 9 and OSX 11 cannot make HTTP connections. Add exceptions on info.plists for each insecure domain.
System Integrity Protection
Multi-layered protections for OSX.
OSX 11 will move all third-party binary to user-space from system locations.
The Keychain and Touch ID
Keychain
- specialized databases
- optimized for searching attributes
- efficiently storing for small payload
Consideration
- turn keychain code into a sample and testable unit
- User the highest data protection level
- Default
kSecAttrAccessibleWhenUnlocked - Background apps
kSecAttrAccessibleAfterFirstUnlock - Deprecated
kSecAttrAccessibleAlways
- Default
Reducing Password Prompts
- Web and native app shared web credentials
- Add App entitlement Associated Domains for actual devices
- webcredentials:www.example.com
- Server JSON (https://example.com/apple-app-site-association)
//sample json: { "webcredentials": { "apps": [ "YWBN8XTPBJ.com.example.app", "YWBN8XTPBJ.com.example.app-dev" ] } }
- Add App entitlement Associated Domains for actual devices
//saving to shared container
let user = "[email protected]"
let password = SecCreteSharedWebCredentialPassword().takeRetainedValue()
SecAddSharedWebCredential("www.example.com", username, passwoed) { error in print(error) }
//Retrieving from safari
SecRequestSharedWebCredential("www.macosforge.org", .None)
{ credentials, error in
if CFArrayGetCount(credentials) > 0 {
let dict = unsafeBitCast(CFArrayGetValueAtIndex(credentials, 0),
CFDictionaryRef.self) as Dictionary
let username = dict[kSecAttrAccount as String]
let password = dict[kSecSharedPassword as String]
login(username, password)
}
}
iCloud Keychain
- For all passwords that can be used on multiple devices
- Add kSecAttrSynchronizable to all SecItem calls
- Warning
- Updating or deleting items will affect items on ALL devices
- Check
SecItem.h - Check iOS security whitepaper
Device Specific Credentials
Examples
- Limited use tokens and cookies
- Encrypted messaging keys
- Keys with specific protection requirements
Use Touch ID when :
- Replace existing security barrier
- Adding one when it would have been too inconvenient before
- Examples
- Viewing especially sensitive data
- Confirming an operation
