I’m new in iOS development and I want to create an application that a user needs to login to do payments and other actions that involves sensitive information, thus I want to know the best practices for storing user login credentials on data base. I know that when you use “Stripe” to do payments no credit card data is stored on your data base or app. But I have a doubt in storing other sensitive data such as passwords, directions and other info. I’ve looked in the internet for the best practices of storing this kind of information and came to the conclusion that I need to apply the following:
• Encrypting passwords in the Data Base
• Use Keychain
• Use HTTPS
I’m I in the correct path? Is there a standard way of doing this?
Google for something like 'salting password hashing'
Regarding Stripe, it should be okay to store the last4 digits of the credit card (but even this can be extracted from Stripe, using the customer-id or charge-id).
Related
I have static key in my iOS application. By using that key I am encrypting credit/debit cards and sends it to server for future use. And I am using same key for decryption of card.
Now I can't use dynamic key by any key generation algorithm as I want to decrypt my card later on. So, Every time I require same key.
So, My question is how should I store my key or where I should store my key as it'll be most secure? or Can I manage this stuff by generating dynamic key every time? If yes then how?
Many iOS applications like Amazon, Uber etc are storing the card information in their server! How they people are managing this stuff?
Any help will be appreciated! Thanks!
If you need to ask this question then you are already breaking PCI compliance. Your customers credit card information should never touch your server, encrypted or otherwise. Most payment gateways handle this for you. There is very little reason why you should be doing this yourself.
If you do need to handle this yourself, and there are very few cases where you do, simply symmetrically encrypting the card information in your app is not the way to do it. Literally anyone who can download your app can decrypt other customers credit card information.
The correct approach would be to transport card information to your server secured with TLS, then encrypting and storing the key information in a HSM server side. If you can't manage this, then you are not PCI compliant and will be legally responsible.
If your business operates, or has service available to customers in the EU, then you could suffer very heavy fines for poor handling of consumer credit card information.
I have an iOS app using Swift that uses Core Data to store user data on thousands of objects. I also have FB Auth working. My question is, how do I make it so that the user data would persist even when they switch phones and log in using FB on a separate phone? It doesn't seem that FB will offer me such data persistence. I'm looking at making a server on Heroku with Vapor. Then I could use the user's e-mail as a way to identify the user... but it doesn't seem secure?
Any suggestions on easiest solution?
Checkout Firebase... Instead of using e-mail to authenticate users, you should deal with tokens. Firebase will provide you a great data flow in easiest manner.
I am new of iOS swift 3 development. Now, I am working on a project which needs encryption, message authentication code(MAC) and Hashed-base-MAC. These algorithms require secret keys. I know that it is a bad practice to hard-code the keys inside the code, like:
let key = "secretkeyabc123"
Searched and read some articles like:
In iOS, how can I store a secret "key" that will allow me to communicate with my server?
Since other people may perform reverse engineering, I am finding a way to protect my keys. Requirements:
No hash the key. Time allows to crack it, or with hashed table and dictionary
May not connect to Internet (My app. is an offline app. If your answer needs to connect to Internet. Yes, please point it out. I will think about it)
It is a static key. It may change monthly
It is a symmetry key.
Codes, concept or other things are welcome. Thanks!
Don't store the key at all. Perform a Diffie-Hellman key exchange to start an asymmetrically encrypted channel, and use this channel to send across a symmetric key to the client, which can be used for subsequent client use.
Check iCloud Keychain (based on your tags [ios], [swift], [key]).
It functions as a secure database that allows information including a user's website login passwords, Wi-Fi network passwords, credit/debit card management (though without CVV), and other account data, to be securely stored for quick access and auto-fill on webpages and elsewhere when the user needs instant access to them. They are always stored encrypted using 256-bit AES encryption, are stored on device and pushed from iCloud between devices, and only available on a user's trusted devices.
I'm developing an iOS app that uses Cognito User Pools / Federated Identities, Mobile Analytics, and S3 to manage various features of the app, and recently I have become concerned for the security of these features. I already use IAM roles to control the services unauthenticated vs authenticated users have access to, but most of these services use strings (e.g. user pool app client id or user pool app client secret for User Pools, or app id for Mobile Analytics) to give the app access to that service.
What are the best practices to securely store these strings on the device to be used when necessary? Is it even necessary to secure these strings since the app is using IAM roles?
If it is necessary to securely store the strings, I have read that using the CommonCrypto library to encrypt strings before putting them in the keychain is best, but I'm not sure what key to use for encryption since my user needs unauthenticated access to those services. Any advice would be tremendously helpful.
This is a common problem to any mobile app. If someone really wants to, it's not difficult to decompile the app and scrape the keys from it. It's great that you are using IAM roles to restrict feature usage. This will limit the blast radius of attackers, but not necessarily prevent them.
Wth user pools you also get a globally unique identifier which can be used with IAM to restrict what S3 you can use key pre-fixes (which act similar to folders) to limit the objects that users can access to pre-fixes with their unique identifier. You can refer to https://mobile.awsblog.com/post/Tx1OSMBRHZVM9V0/Understanding-Amazon-Cognito-Authentication-Part-3-Roles-and-Policies (Using user pools as the provider, which will use the identity id as the prefix). Depending on how you structure your app you could use this so each user can only modify their own objects. I don't think Analytics has any way of restricting like this... because it wouldn't really make sense for it.
As far as securing your ID's there are things you can do to help mitigate, but there is no fool proof way to prevent someone taking it. You could for instance have the app make a call to your server for the ID... but then an attacker could just call the server. You could encrypt it, which might make it more difficult for an attacker to get, but you have to keep the key somewhere and if the app could get it so could someone who decompiles the app. Unless your app users get some sort of password from outside the app and put it in there isn't a complete way to lock it against attackers.
Hope this helps.
I am developing an app that requires a user to register and log in. Currently to date I have been storing their userID (retrieved from an API), username and hashed password (plus a few other bits of information) in user defaults however after doing some research on security, users are able to modify these defaults as they are stored in a text file.
My concern is that I would not want a user to change the userID and access other users information. What would be the best way to secure the data in the app?
All information is retrieved from an online API and I am not using Core Data.
I have looked in to Keychain but would this be overkill to store userID?
The keychain would not be overkill, that kind of thing is what it's for.
Really though it sounds like a bad security problem in your API. If the user can login and can then access the data of every other user via the API and then if they fiddle with some values, that's no good.