What is the best/most secure way for my iPhone app to remember Username and Password credentials, so that the user will not have to reenter them every time they use my app? (My app will be logging in to a server using these credentials and returning some data).
Thanks!
The best place would be the keychain. It is automatically encrypted and backed up. However, on older iOS versions, the backup would not be accessible after a restore. See the Keychain Services Programming Guide and Keychain Services Reference.
Try this SFHFKeychainUtils https://github.com/ldandersen/scifihifi-iphone/tree/master/security
It's drop dead simple and works like NSUserDefaults
There are two ways to store user/pass.
keychain api
NSUserDefaults
To learn more about it,open the iOS developer library on http://developer.apple.com
Related
May be it will be a too startup question.
We have developed an iPhone application and its uploaded in the Appstore. We have our own login mechanism, facabook login, and twitter login. Our users reporting an issue that, when the app is started and the iphone device is restarted (switched off), the application is also logged out. And users needs to login again. We have checked Facebook app. It keeps logged in when the device is restarted (switched off). We also want to do like that. Can you have suggest mechanism to do like that.
Store the Username and password in the keychain. When the app starts up, then grab the username and password from the keychain and execute the method for login.
John
You can can Store your acessToken (facebook) with NSUserDefaults, CoreData or FileSystem. I will not suggest you to save your login/password inside your app. If you need to do this, its better save data user(name,address,celphone...) but not the access, like login/password. Its more safe. Of course, you can use KeyChain, but will each in what are you thinking doing with the app.
NSUserDefaults
Save string to the NSUserDefaults?
File System - apple guide
http://developer.apple.com/library/mac/#documentation/FileManagement/Conceptual/FileSystemProgrammingGUide/FileSystemOverview/FileSystemOverview.html
Core Data
Save and Load Data - CoreData
Is it possible to distribute enterprise apps using iCloud as the download location?
I want to be able for a user to use a common username and password to connect to the
iCloud and be able to download the enterprise app and install it.
thank you
tony
You could, however remember that you would need to remain signed in with that iCloud account to sync with that accounts iCloud store. I don't think it would be practical unless all devices having the same account is ok.
Most social apps do not require users to sign in every time the apps are launched, they just store users' sign in info and automatically sign in. How is this implemented? How can I store user's sign in name and password and sign in with the stored info? Is plist file the place to do this? Thanks.
NO, use the Keychain, it is the secure storage mechanism in iOS. Check out this tutorial from Apple.
Keychain is not that easy, but there is a nice implementation of it called SFHFKeychainUtils tutorial here and the code here
Here is my situation...
I want my password to be encrypted and at the same time I want it to be in iPhone settings (by adding resource and accessing it through NSUserDefaults), but i think NSUserDefaults saves the password or information in plane text and iPhone takes care of everything in its Settings app if there is any change or whatever.
How could I make sure that information that I see in the Settings is coming from and going back to Keychain but before that, Is it possible? If not any other way? May be writing encrypted file?
I DO NOT want settings to be in my app.
thank you
us
The Keychain service cannot be invoked from within Settings, you need to do this within your app. It is good practice to ask users for their password within your app in a login page or UIAlertView at least (like the App Store does).
From the user's point of view, they don't want to have to launch Settings, enter their password, and then launch your app to log in, they want to do it all in one place.
is it possible to get the user's information, such as apple ID, through the sdk? I am writing an app which will require an account linked to the app user. I want to allow the user to have one account across multiple devices, so using the device ID is not possible. The easiest way to do this, I am thinking, is to use the app user's apple ID as this account's ID, so not requiring them to create yet another account.
No, it's a privacy issue, just like their phone number.
They'd still have to create an account on your site since you don't have access to Apple's databases, and no one will be willing to give you their iTunes passwords for obvious reasons.
All you're really saving is them entering a user name, since they'd still have to give you a password. It's very easy to remember this data for future runs of your application. Look into using NSUserDefaults. I would recommend against using the UDID and give the user the option to save their password. That way if the phone is lost, whoever finds it doesn't have automatic access to the owner's account. If the user opts for automatic login, you can easily save the password and send it along with the username when the app loads.
It's not (AFAIK) possible. You can only retrieve the device's UDID.
What I've done in the past is link an account on my side with multiple UDIDs on the user's side, so when they install the app on various devices they can just use that single account and it will automatically link that device. Not ideal, but I've not seen a better solution.
If it is a game, you can use the Game Center Account to identify an user
Instead of the UDID for the device, you might try the [UIDevice currentDevice].identifierForVendor It is linked to the device and the app installation.
I am storing the username and encrypted password in a file that is stored in the user's application file space. When the app starts up, if it finds this file, it attempts a login without asking the user. Having a password, even encrypted, stored in the file system does seem insecure, but the application is not one where people are apt to try and steal passwords.