When thinking about iPhone/iPad applications security, I can notice that there is:
==> data theft threat
and also:
==> Revenue loss threat
So I am wondering #1 what are best practices to get a better security in iOS application? Also, #2 what are best ways to reduce revenue loss and minimise hacking exposure?
for #1 I've seen some WWDC slides about security 1 2 3 4 + apple docs
and I can say that between theses best practices there are:
for #2 I think that using a business model based on free application, then in app purchase with Store Receipts verification can be the model with minimum revenue loss.
What are your best practices for security, and best way to minimise app hacking chances?
KeychainThe keychain is a secure space used to store bits of data in an encrypted database. Each iOS application gets its own space in the keychain, the space no other app can access. There's no need to store encryption keys in your app: you rely on the system to provide the highest security level.
While iOS may be considered more secure, it's not impossible for cybercriminals to hit iPhones or iPads with malicious software. Because of this, the owners of both Android and iOS devices need to be aware of possible malware and viruses, and be careful when downloading apps from third-party app stores.
#1 what are best practices to get a better security in iOS application?
Appropriate data security is highly dependent on the nature of the information. Is it long-lived or short-lived? Is it a general credential that can be used to open other things, or a single piece of data? Is the potential loss privacy, financial, or safety? Determining the appropriate protections requires a specific case and has no general answer. But you ask for best practices and there are several. None of them are perfect or unbreakable. But they are best practice. Here are a few:
NSFileProtectionComplete
wherever possible.This is just a smattering of approaches, but they set the basic tone:
#2 what are best ways to reduce revenue loss and minimise hacking exposure?
This has been discussed many times on SO. This answer includes links to several of the other discussions:
Secure https encryption for iPhone app to webpage
The short answer is: worry about your customers, not your non-customers. Many pirates will never, ever pay you money, so your time and money are better spent helping your actual customers want to pay you, and making it easy for them to do so. Focus on making more money rather than protecting yourself from money that you could never have. Never, ever, tick off a paying customer in your efforts to chastise a non-paying customer. Revenge is a sucker's game and a waste of resources.
There are two great ways to avoid piracy:
There are some basic things you can do that are worth it just, as they say, to keep honest people honest (some are discussed in the various linked discussions). But don't lie awake nights worrying about how to thwart pirates. Lie awake worrying about how to amaze your customers.
And always remember: Apple spends more money than most of us have ever seen in our lives trying to secure the iPhone. Still it's jailbroken. Think about what your budget is going to achieve.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With