1

I want to store sensitive data in an iPhone application but also have it be unlock-able via touch ID. I've thought of some options, none of which fully accomplish my goals and would like some advice on implementation.

  1. Password protect app and encrypt data - Store only data encrypted with the user's password. Ask for password every time when decrypting to view data. I don't see how Touch ID would work in this scenario. It is secure but a pain to enter in password every time.

  2. Password protect app only - Store raw data and only allow access if the user supplies the correct password / touch ID. This accomplishes the user experience I want but is that poor practice? Will Apple ultimately reject this method because the sensitive data is not encrypted? Keep in mind I am only storing data locally, there is no cloud/web server.

  3. Scenario 1 with cache - The user enters in their password once a day, data is fetched, decrypted and then cached. The user need only authenticate the app while the decrypted data remains in cache. Clear cache if application is closed or a time limit is reached.

What does everyone think?

kayzej1141
  • 55
  • 1
  • 9

1 Answers1

2

You have a few options.

  1. Assume the user has their passcode enabled, and know that that means the DB is encrypted when the device is locked. For some cases, this is enough.

  2. Encrypt the Core Data using Encrypted Core Data. FYI, this does work, but it has lots of limitations and bugs. We used it in an enterprise app and I regret using it.

  3. Move away from Core Data to SQLite with SQLCipher. This is what I prefer now.

Bear in mind that you still have to deal with the DB key if you do per-app encryption. You can do this in a number of ways.

  1. In many cases, you can just store the key in the Keychain and that's sufficient.
  2. You can also require passcode/Touch ID/Face ID when launching your app/accessing the keychain item
  3. Finally, you cal require the user to enter the passphrase
  4. Regardless of your choice, use a key-derivation function such as PBKDF2 ~100,000 times to make brute forcing harder. Never store the actual DB key (which is derived).
David S.
  • 6,567
  • 1
  • 25
  • 45
  • Thanks for your reply. After reading about the ios keychain I think that is what I am looking for. So basically I would store the data in the keychain in its raw form rather than Core Data. Then when retrieving it the user would be prompted to enter either their passcode or touch id and if authenticated the data is presented. Sound about right? – kayzej1141 Jul 28 '18 at 20:27
  • If the data you want to store will fit into the keychain then that's probably the right solution. That's what the keychain is designed for. Just make sure you set the kSecAttrAccessible value that you want. – David S. Jul 30 '18 at 14:12