Secure your app.
When you're building in-house apps for your employees, chances are there is sensitive corporate data that needs to be secured and protected. To support the process of securing data within your application, iOS includes a “sandboxed” approach to application runtime protection and requires application signing to ensure that applications cannot be tampered with. iOS also has a secure framework that facilitates secure storage of credentials in an encrypted keychain. And there are high-level frameworks that can be used to encrypt application data and provide secure networking out of the box. All of these capabilities in concert with the existing device-level IT policies to provide a secure foundation without impacting the user experience.
Architecture
The iOS security APIs are located in the Core Services layer of the operating system and are based on services in the Core OS (kernel) layer of the operating system. Apps call the security services APIs directly rather than going through the Cocoa Touch or Media layers. Networking applications can also access secure networking functions through the CFNetwork API, which is also located in the Core Services layer. CFNetwork is a high-level C API that makes it easy to create, send, and receive serialized HTTP messages. Because CFNetwork is built on top of Secure Transport, you can encrypt the data stream using any of a variety of SSL or TLS protocol versions.
Learn more about the CFNetwork services framework
Network Security
Out of the box iOS supports VPN services, enabling in-house apps to communicate with corporate networks securely. Enterprise IT organizations can configure the built-in VPN settings for IPSec, L2TP, or PPTP, or they can instruct users to download an SSL VPN client application from the App Store. For applications that are designed for access via Wi-Fi, iOS supports WPA2 Enterprise Wi-Fi with 802.1X authentication. iOS also supports standard authentication methods such as digital certificates, security tokens such as a Secure ID or CRYPTOCard and password authentication. For configurations using certificate-based authentication, iOS provides a capability called VPN On Demand.
VPN On Demand will establish a connection automatically when accessing predefined domains, providing a seamless connectivity experience for in‑house applications.
Learn more about iOS integration
iOS Security Overview
Download
Data Security
In-house apps can now take advantage of the built-in encryption available in the most recent Apple devices to protect sensitive data. Data protection leverages each userʼs unique device passcode in concert with the hardware encryption on the device to generate a strong encryption key. When your in-house app designates a particular file as protected, the system stores that file on-disk in an encrypted format.
While the device is locked, the contents of the file are inaccessible to both your application and to any potential intruders. However, when the device is unlocked by the user, a decryption key is created to allow your application to access the file. Your app just needs to be designed to secure the data at creation time and to be prepared for changes in access to that data when the user locks and unlocks the device.
Learn more about Implementing Standard Application Behaviors
Secure Authentication
iOS provides a secure, encrypted keychain for storing digital identities, user names, and passwords. Keychain Services checks an application’s signature before giving it access to a keychain. The operating system handles all keychain access without user interaction. Applications interact with the keychain through the Keychain Services API. By storing a credential in the shared keychain, your user experience will be further enhanced because users will not need to login for each application they use.
Read the Keychain Services Programming Guide