get to prod tasks
This commit is contained in:
76
tasks/ios-production/07-keychain-data-protection.md
Normal file
76
tasks/ios-production/07-keychain-data-protection.md
Normal file
@@ -0,0 +1,76 @@
|
||||
# 07. Keychain & Data Protection Audit
|
||||
|
||||
meta:
|
||||
id: ios-production-07
|
||||
feature: ios-production
|
||||
priority: P1
|
||||
depends_on: []
|
||||
tags: [security, data-protection, production]
|
||||
|
||||
objective:
|
||||
- Audit and harden all keychain usage and data protection to ensure sensitive data is stored securely
|
||||
|
||||
deliverables:
|
||||
- Keychain audit report
|
||||
- Data protection class review
|
||||
- Secure data deletion
|
||||
- Encryption audit
|
||||
|
||||
steps:
|
||||
1. Audit keychain usage:
|
||||
- Review iOS/Kordant/Services/KeychainService.swift
|
||||
- Verify all sensitive data stored in keychain (not UserDefaults)
|
||||
- Check keychain accessibility levels:
|
||||
- JWT tokens: kSecAttrAccessibleWhenUnlockedThisDeviceOnly
|
||||
- Refresh tokens: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
|
||||
- Biometric flag: kSecAttrAccessibleWhenUnlockedThisDeviceOnly
|
||||
- Verify keychain items migrated to correct accessibility
|
||||
2. Audit data storage:
|
||||
- Review CacheManager.swift — should not store sensitive data
|
||||
- Review UserDefaults usage — only non-sensitive preferences
|
||||
- Verify no sensitive data in app sandbox documents
|
||||
- Check Core Data or SQLite encryption if used
|
||||
3. Implement secure deletion:
|
||||
- Overwrite sensitive data before deletion
|
||||
- Clear clipboard after password copy (if applicable)
|
||||
- Auto-lock app after backgrounding (optional)
|
||||
4. Review data protection classes:
|
||||
- File protection: NSFileProtectionComplete for sensitive files
|
||||
- Keychain: appropriate accessibility per item type
|
||||
- Backup: exclude sensitive items from iCloud backup
|
||||
5. Add encryption for local data:
|
||||
- Encrypt cached API responses containing PII
|
||||
- Use AES-256 with key from Secure Enclave
|
||||
- Implement secure key rotation
|
||||
6. Test data protection:
|
||||
- Device locked → keychain items inaccessible
|
||||
- Device backup → sensitive items excluded
|
||||
- App deletion → all sensitive data removed
|
||||
|
||||
tests:
|
||||
- Unit: Test keychain store/retrieve/delete
|
||||
- Security: Verify data inaccessible when device locked
|
||||
- Integration: Test backup exclusion
|
||||
|
||||
acceptance_criteria:
|
||||
- All sensitive data (tokens, passwords) stored in keychain
|
||||
- Keychain accessibility set to ThisDeviceOnly where possible
|
||||
- No sensitive data in UserDefaults or app documents
|
||||
- Cached data encrypted at rest
|
||||
- Sensitive items excluded from iCloud backup
|
||||
- Secure deletion overwriting data before removal
|
||||
- Data inaccessible when device locked (if applicable)
|
||||
- All keychain operations have error handling
|
||||
|
||||
validation:
|
||||
- Inspect keychain → JWT stored with correct accessibility
|
||||
- Check UserDefaults → no sensitive data found
|
||||
- Lock device → keychain items inaccessible
|
||||
- Backup device → sensitive items not in backup
|
||||
- Delete app → reinstall → no previous data accessible
|
||||
|
||||
notes:
|
||||
- Keychain persists across app reinstalls — consider this in design
|
||||
- kSecAttrAccessibleWhenUnlockedThisDeviceOnly is most secure
|
||||
- Use Data Protection API for file-level encryption
|
||||
- Consider using CryptoKit for data encryption
|
||||
Reference in New Issue
Block a user