If you’re at all concerned about security of data stored on your users’ devices, here’s a good introduction to
There are numerous ways to secure data that you are storing on an iOS device.
The simplest way is to take advantage of the iOS Data Protection (iOS 4+). This can be accomplished by setting an attribute on a file like this…
A Core Data sqlite store can also be encrypted by setting the NSFileProtectionKey file attribute to one of the above values (after you create your persistent store coordinator).
However, an important thing to realize is that this type of data protection requires the device to have a passcode set on it.
What if you really need to insure that your data is protected regardless of whether the device has a passcode set? One way is to use the CommonCrypto libraries from Apple. This can be fairly complex. There is a great write up here from Rob Napier on what’s involved. Fortunately, he has also provided a wrapper that greatly simplifies this process…
One more way to protect your data, specifically data that you want to store in a SQLite database, would be to use SQLCipher. SQLCipher encrypts/decrypts data at the page level and is transparent to your application code. You still use the standard SQLite APIs, with one additional method call when accessing the database (passing your key to sqlite). There are excellent instructions on setting it up for use in an iOS project here.
Any other techniques for secure storage we should be aware of, Dear Readers?
h/t: @romainbriche!
UPDATE:
And speaking of security, check out this whitepaper: iOS Application Insecurity!
MAY