Storing usernames and password - ios

right now I'm using Core Data - sqlite for database. And I have a few questions related to it.
I created a Modal with all the personal information of the user: username, date of birth, address, zip, state, etc... The password I'm using Keychain for login functionality. So, my basic question is:
Where is this information stored? Locally in the user's iphone? But what if I have millions of users, wouldn't that database file be too big? Is it safe? I mean, users can see information of another users?
How can I edit that database if not programatically in xcode? I mean, what if I want to delete some user or change some specific information.
Thanks.

Creating a local sqlite database on the device will only store the individual users info as each app is obviously stored on each device separately. Users won't see each others info.
You will need to edit data in the database programatically via the app (ie code written in xcode)

Keychain data will be stored inside a local db in the device. This is a shared db for several apps. So after you delete and reinstall the app, you will get the data. Million users may have their own devices. not logging in from a single device. The data in this keychain will be stored in the encrypted format. So you dont need to worry about the security.
In iPhone simulator, the data will be stored in ~/Library/Application Support/iPhone Simulator/<Version Number>/Library/Keychains/
If you want to edit or delete the item, then try the below tutorial
http://useyourloaf.com/blog/2010/03/29/simple-iphone-keychain-access.html

if you use Core Data - sqlite for database then every user(device) has their own copy of databse.
so don't worry about file size & information of other users.
And you can edit that databse only by your app or by app's background Process in case of Core Data

Related

Is data stored in iCloud using Key/Value accessible by users?

I have an application that is implementing storage using Key/Value pairs in iCloud. From what I read in the documentation this is almost identical to the way NSUserDefaults work.
However this potentially creates a problem because the user should not have the ability to tamper with the app data stored in there. Does this mean that the user can access this data and modify it? Or is it private to the application?
Okay reading deeply in the documentation it says
If your app needs to store passwords, do not use iCloud storage APIs
for that. The correct API for storing and managing passwords is
Keychain Services, as described in Keychain Services Reference.
I found this text here just one line before the last table :)
I also found somewhere that the user can delete his iCloud data manually which can be counted as a modification.
Also, read here, section fro "Start Fresh If Your iCloud Data Becomes Inconsistent During Development" where it says how you can clean the container. Maybe you can check what is visible inside.
It depends what type of data you are storing in the iCloud if it's sensitive then I would use keychain services approach and avoid storing sensitive information on the iCloud.
From the question it seems like you are storing the data in key-value pairs, usually, it's recommended to store preferences, settings, and simple app state and that should be ok because the user can change those, you should choose the right iCloud API for what you want to store
With iCloud the user can always delete the information it has stored as mentioned in the documentation
There may be times when a user wants to delete content from iCloud.
Provide UI to help your users understand that deleting a document from
iCloud removes it from the user’s iCloud account and from all of their
iCloud-enabled devices. Provide users with the opportunity to confirm
or cancel deletion
When you ask
Or is it private to the application?
There's an iCloud identifier in your entitlements file. If it's the same in both apps you'll be able to access the same data/documents across both the apps.
Hope that helps.

Share database [core data] between different devices, not just the user's ones

What is the best way, to share a database between different devices, that are not just the user’s ones, but for example could be his friend’s phone. That means that iCloud is not an option.
Example:
 All of my data is app-user specific, so basically:
user logs into my app, do some work
then he can log in with the same acc on his friend phone and data should be the same
Is there an any way to upload the whole user specific database to some online storage provider (like firebase,… ) and then download it on another device and initialise core data stack, when the same user logs in on a different device?
Or is it the only way to sync data with the server and than preload the database?
You could simply upload the whole database file(s) and then download it on another device. The problem though is portability. You need to ensure that both devices support the same version of the database so they are compatible. To port the same thing to another platform is again a different story but doable when not using core data.
Then there is a problem of conflicts. Imagine you forget to log out from the second device and you open it after a week and the database is accidentally synced back to the server. This will make you lose all the data you created on your "main" device.
So in general it is possible to sync the whole thing but you will have loads of issues. You should create a server that supports all entities and works through ids (so you know the object was modified and not created) and date modified to be able to resolve conflicts.
Syncing data between multiple devices is the biggest reason to use something like Firebase. That's one of its primary purposes. You would use Firebase for data storage instead of Core Data, and it would automatically handle syncing between devices. You don't write code to upload or download anything, you just read and write Firebase data and it handles the syncing. It supports user accounts, so if a user logs on on a different device, their data automatically syncs to that device. There are numerous other options besides Firebase, of course.
CloudKit also syncs between different devices, but it's linked to the current iCloud account on the phone. Since you want in-app login, it's not so good.

Do I need to connect my Realm based database to a server before launch?

I have an iOS application that uses Realm as my relational database. A few questions I have:
How is Realm server less?
How do I view the database (like Parse)?
Is all the data stored on your phone? If so, will it be deleted if a user deletes the app?
Can I trust Realm/what else do I need to do to make sure my app is scalable when it goes on the app store?
Realm is just a database. It is stored on the device. If user deletes the app - the database will be gone, along with all other content of your app. There is no server-side to it.

Storing data are no sensitive in the application forever

I want to save no sensitive data in my app,
The data not delete when the app delete.
I saved in keychain but I see that In keychain save only sensitive data.
where I can to save my data?
There is no such place on iOS where you can save data that stays on the device even if your app is deleted, except for the keychain...
This is because your app is running in a Sandbox that holds all the data that belongs to your app. You have a few possibilities to achieve persistence within the context of your app (e.g. using the Documents directory of your app, NSUserDefaults or Core Data,...), but for any of these, there is the restriction that the data gets deleted along with the app.
The other option is to store the data in the cloud, either writing your own server side system to store the information or using a service like Parse.com

iOS: Storing user registration details

I an building my first iOS application and I need to store the user registration details of the user using the application. The details include his mobile number and a unique id( uuid ) which I use to contact with the backend. It would be great if I could get a suggestion on where to store this user details.
Should I be storing this in the NSUserDefaults or should I be using Keychains to store this data or even may be a using a user model in the database ( I would need a database in any case to store a few other details ). Just to add on, I also would like to perform a few validations like if the mobile number is of proper format and so on before I could actually save it. Also can any one please suggest on the security aspects of different storage mechanisms possible here?
Any help on this would be much appreciated.
The most secure way would be to use keychain services as the data is encrypted but in your scenario it seems a bit over kill. I would recommend either just using NSUserDefaults or an sqlite database I wouldn't really recommend storing in a plist as this can be accessed really easily.
But this all depends on the data you are getting, if it was just uuid and mobile number then NSUserDefaults would do probably, whereas if you were getting usernames and passwords and other personal data I would looking a mix of keychain and sqlite database.
Also you could use coredata file to store user data but seems a bit over kill as well for for such little data.
Just a little note you are actually not allowed to get the iPhones mobile phone number programmatically, getting this would use Private APIs that Apple would reject your app for using.
2.5 Apps that use non-public APIs will be rejected
So you would have to ask he user for this.
Database selection is totally depend on the architecture and security, if you just need to store the few information like login details and some field then Keychain for login details and plist for data is best option, but if your application also working with services and fetching and saving lots of data and continuously updating it then a serious database structure required. In that scenario core data and sqlite both are good option depends on your preference
Following ways you can save details.
In NSUserDefaults
In coredata file.
In sqlite database
Plist file.(Not recommended)
You can save data at server site using webservice.
Any one of these you can use according to your requirement and data.
Cheers :)
If you store information on the UserDefaults, a jailbroken device can see the information you have stored, it is a plist after all. If you are going to keep sensitive data on your device, user defaults itself is not a good option. Possible alternatives:
Use keychain: Keychain is a tool to keep usernames & passwords securely on a device; so you may need to find a way to convert all the info you have mentioned ( a dict, I presume? ) into NSData and put into/get from the keychain but it's been explained on other threads. Additionally, keep in mind that when the app is deleted, keychain data will persist on the device.
UserDefaults & encrpytion: If you can encrypt the data yourself, than using UserDefaults might be a better option. Its more straightforward than keychain and it will be deleted if you delete the app from the device (which may be the thing you want, or not. It depends)

Resources