77 lines
2.9 KiB
Markdown
77 lines
2.9 KiB
Markdown
# 07. Keychain & Data Protection Audit
|
|
|
|
meta:
|
|
id: ios-production-07
|
|
feature: ios-production
|
|
priority: P1
|
|
depends_on: []
|
|
tags: [security, data-protection, production]
|
|
|
|
objective:
|
|
- Audit and harden all keychain usage and data protection to ensure sensitive data is stored securely
|
|
|
|
deliverables:
|
|
- Keychain audit report
|
|
- Data protection class review
|
|
- Secure data deletion
|
|
- Encryption audit
|
|
|
|
steps:
|
|
1. Audit keychain usage:
|
|
- Review iOS/Kordant/Services/KeychainService.swift
|
|
- Verify all sensitive data stored in keychain (not UserDefaults)
|
|
- Check keychain accessibility levels:
|
|
- JWT tokens: kSecAttrAccessibleWhenUnlockedThisDeviceOnly
|
|
- Refresh tokens: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
|
|
- Biometric flag: kSecAttrAccessibleWhenUnlockedThisDeviceOnly
|
|
- Verify keychain items migrated to correct accessibility
|
|
2. Audit data storage:
|
|
- Review CacheManager.swift — should not store sensitive data
|
|
- Review UserDefaults usage — only non-sensitive preferences
|
|
- Verify no sensitive data in app sandbox documents
|
|
- Check Core Data or SQLite encryption if used
|
|
3. Implement secure deletion:
|
|
- Overwrite sensitive data before deletion
|
|
- Clear clipboard after password copy (if applicable)
|
|
- Auto-lock app after backgrounding (optional)
|
|
4. Review data protection classes:
|
|
- File protection: NSFileProtectionComplete for sensitive files
|
|
- Keychain: appropriate accessibility per item type
|
|
- Backup: exclude sensitive items from iCloud backup
|
|
5. Add encryption for local data:
|
|
- Encrypt cached API responses containing PII
|
|
- Use AES-256 with key from Secure Enclave
|
|
- Implement secure key rotation
|
|
6. Test data protection:
|
|
- Device locked → keychain items inaccessible
|
|
- Device backup → sensitive items excluded
|
|
- App deletion → all sensitive data removed
|
|
|
|
tests:
|
|
- Unit: Test keychain store/retrieve/delete
|
|
- Security: Verify data inaccessible when device locked
|
|
- Integration: Test backup exclusion
|
|
|
|
acceptance_criteria:
|
|
- All sensitive data (tokens, passwords) stored in keychain
|
|
- Keychain accessibility set to ThisDeviceOnly where possible
|
|
- No sensitive data in UserDefaults or app documents
|
|
- Cached data encrypted at rest
|
|
- Sensitive items excluded from iCloud backup
|
|
- Secure deletion overwriting data before removal
|
|
- Data inaccessible when device locked (if applicable)
|
|
- All keychain operations have error handling
|
|
|
|
validation:
|
|
- Inspect keychain → JWT stored with correct accessibility
|
|
- Check UserDefaults → no sensitive data found
|
|
- Lock device → keychain items inaccessible
|
|
- Backup device → sensitive items not in backup
|
|
- Delete app → reinstall → no previous data accessible
|
|
|
|
notes:
|
|
- Keychain persists across app reinstalls — consider this in design
|
|
- kSecAttrAccessibleWhenUnlockedThisDeviceOnly is most secure
|
|
- Use Data Protection API for file-level encryption
|
|
- Consider using CryptoKit for data encryption
|