Security in iPhone apps

How do we maintain the data security in iPhone apps. For instance, a custom app for a bank needs more security in terms of: 1. Data in transmission 2. Data in rest (Data inside iPhone) What are the potential steps one can take to ensure the integrity and security of data? What support iPhone SDK provides to achieve this? How do w开发者_StackOverflow中文版e encrypt/decrypt the payloads? Save the data in encrypted format locally and how do we protect this from potential threat of decryption by unauthentic user?

It's a big topic but there's a great, free video on this subject from Apple's 2010 WWDC.

http://developer.apple.com/videos/wwdc/2010/ (sign in with a developer account)

Session 209, "Securing Application Data"

Also useful: Session 204, "Creating Secure Applications"

1. For the wire use SSL to a server that uses oauth or some similar authentication mechanism.

2. For local data use the keychain ( http://developer.apple.com/library/ios/#documentation/Security/Reference/keychainservices/Reference/reference.html and http://developer.apple.com/library/ios/#samplecode/GenericKeychain/Introduction/Intro.html)