Here is my situation...
I want my password to be encrypted and at the same time I want it to be in iPhone settings (by adding resource and accessing it through NSUserDefaults), but i think NSUserDefaults saves the password or information in plane text and iPhone takes care of everything in its Settings app if there is any change or whatever.
How could I make sure that information that I see in the Settings is coming from and going back to Keychain but before that, Is it possible? If not any other way? May be writing encrypted file?
I DO NOT want settings to be in my app.
thank you
us
The Keychain service cannot be invoked from within Settings, you need to do this within your app. It is good practice to ask users for their password within your app in a login page or UIAlertView at least (like the App Store does).
From the user's point of view, they don't want to have to launch Settings, enter their password, and then launch your app to log in, they want to do it all in one place.
Related
I store the token received from an API sign in process in the user's keychain. Then for all further requests to the API I get the token from the keychain to send to the API. This happens with each request made to the API. As I have understood the keychain is the right place to store sensitive information, so I'm not storing the token in the user defaults.
On iOS everything works as expected, but on macOS, there's an alert appearing that the App wants access to the keychain. The user can then select to allow it once or to allow it always. This has two major issues:
if the user chooses "once" the dialog will appear over and over again with each request the App does.
if the user chooses "always" the dialog will not appear for some time, but after a while it will reappear nevertheless.
Why is this behavior totally different between iOS and macOS? Or did I forgot to configure something?
From a security point of view, would it be okay to read the token once at the start of the app and store it in a property?
Although the Keychain on iOS and macOS share lots of similarities, there is one big difference between the two. iOS only has a single Keychain, whereas macOS can create any amount of Keychains. You can find more info on that here.
This means that we will have to tell the macOS Keychain to behave like the iOS Keychain, which we can via the kSecUseDataProtectionKeychain key, documented here. Setting this flag to true should solve your issue.
May be it will be a too startup question.
We have developed an iPhone application and its uploaded in the Appstore. We have our own login mechanism, facabook login, and twitter login. Our users reporting an issue that, when the app is started and the iphone device is restarted (switched off), the application is also logged out. And users needs to login again. We have checked Facebook app. It keeps logged in when the device is restarted (switched off). We also want to do like that. Can you have suggest mechanism to do like that.
Store the Username and password in the keychain. When the app starts up, then grab the username and password from the keychain and execute the method for login.
John
You can can Store your acessToken (facebook) with NSUserDefaults, CoreData or FileSystem. I will not suggest you to save your login/password inside your app. If you need to do this, its better save data user(name,address,celphone...) but not the access, like login/password. Its more safe. Of course, you can use KeyChain, but will each in what are you thinking doing with the app.
NSUserDefaults
Save string to the NSUserDefaults?
File System - apple guide
http://developer.apple.com/library/mac/#documentation/FileManagement/Conceptual/FileSystemProgrammingGUide/FileSystemOverview/FileSystemOverview.html
Core Data
Save and Load Data - CoreData
User downloads my iPhone app from the appStore link I provide from invite email. Is it possible to persist/cache the user-data say email Address and pre-fill when the app launched.
Thank you.
You can get all the data that Apple allows you to get, which is absolutely none - you can't get the user's email, you can't get his phone number, you can't get his UDID. No way to identify him. If you want anything from the user, he needs to enter it manually. If you think about it - it's actually a good thing. All your iphone information is completely secure and protected.
No, this can't be done. Your special link might take the user to the app store, but then that's it. The act of installing the app has nothing to do with your link anymore and no data can be passed to the freshly installed app.
Of course once the app is installed, if the user taps on a special link you provide, it could force your app to run and provide data to it.
Maybe you could provide a QR code the use can scan with your app the first time they run it. The QR code can contain the data you want. Of course the user may choose to not scan the code. Then again, the user can install your app without using your link to begin with.
I developed an iPhone app. User need to log in to update their credentials. I'm using iOS Keychain feature to store the username and password. So, next time user launch the app user will be logged in. I would like to add remember me feature in my app. So, user will have an option to check the remember me or not.
My question is if the user don't want to remember his credentials, when I'm suppose to clear the keychain? How do I know if the app is closing/shutdown?
– applicationWillResignActive:
– applicationDidEnterBackground:
These two methods are called depending on the situation when the app enters background.(sleep button/phone call etc).
You can look it up in the docs.
https://developer.apple.com/library/IOs/#documentation/UIKit/Reference/UIApplicationDelegate_Protocol/Reference/Reference.html#//apple_ref/occ/intf/UIApplicationDelegate
You meed to write the login credentials to application preferences.
(Here is how to read write to iPhone app preference)
http://knol.google.com/k/iphone-sdk-application-preferences#
Also here is how to read default preferences
http://www.redcodelabs.com/2009/07/read-iphone-preferences/
is it possible to get the user's information, such as apple ID, through the sdk? I am writing an app which will require an account linked to the app user. I want to allow the user to have one account across multiple devices, so using the device ID is not possible. The easiest way to do this, I am thinking, is to use the app user's apple ID as this account's ID, so not requiring them to create yet another account.
No, it's a privacy issue, just like their phone number.
They'd still have to create an account on your site since you don't have access to Apple's databases, and no one will be willing to give you their iTunes passwords for obvious reasons.
All you're really saving is them entering a user name, since they'd still have to give you a password. It's very easy to remember this data for future runs of your application. Look into using NSUserDefaults. I would recommend against using the UDID and give the user the option to save their password. That way if the phone is lost, whoever finds it doesn't have automatic access to the owner's account. If the user opts for automatic login, you can easily save the password and send it along with the username when the app loads.
It's not (AFAIK) possible. You can only retrieve the device's UDID.
What I've done in the past is link an account on my side with multiple UDIDs on the user's side, so when they install the app on various devices they can just use that single account and it will automatically link that device. Not ideal, but I've not seen a better solution.
If it is a game, you can use the Game Center Account to identify an user
Instead of the UDID for the device, you might try the [UIDevice currentDevice].identifierForVendor It is linked to the device and the app installation.
I am storing the username and encrypted password in a file that is stored in the user's application file space. When the app starts up, if it finds this file, it attempts a login without asking the user. Having a password, even encrypted, stored in the file system does seem insecure, but the application is not one where people are apt to try and steal passwords.