What is the best way to secure user's data saved locally in app and how to test security level?

Question

After the recent attack on App Store I was thinking is the security meaures implemented in app for the user data security are enough? I know there is no guaranteed way to prevent attacks to your app’s data and logic but still we can frustrate attackers by implementing some kind of security .I am looking for the answers for the following questions.

1. is NSUserDefault is secure?
2. is Keychain Access is secure?
3. Which is the better approach NSUserDefault or Keychain Access or any other recommended?
4. After implementing is there any way I can test by attacking my app ?

Answer 1

1. Store credentials for accessing remote services using NSURLCredentialStorage. This uses the keychain when the persistance type is NSURLCredentialPersistencePermanent or NSURLCredentialPersistenceSynchronizable.

2. Use the keychain directly for storing types of credentials or personal information that does not fit the above or other frameworks (i.e. Accounts or HealthKit)

3. Do not store sensitive information in NSUserDefaults.

4. Use the Data Protection APIs for all other local data. This can be done "app wide" using entitlements, or on individual files and directories (using NSFileManager, NSData, etc.

5. Be very wary of 3rd party frameworks and libraries. Many of these capture sensitive information like the user's location and send it insecurely.

You can certainly attempt to attack your application or hire a company to do so for you. There are many books and resources available for guidance on how to do so, one of the better ones is The Mobile Application Hacker's Handbook