> ios-security
Standards for Keychain, Biometrics, and Data Protection. Use when implementing Keychain storage, Face ID/Touch ID, or data protection in iOS. (triggers: **/*.swift, SecItemAdd, kSecClassGenericPassword, LAContext, LocalAuthentication)
curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/ios-security?format=md"iOS Security Standards
Priority: P0 (CRITICAL)
Implementation Guidelines
Key Storage
- Keychain: Use for sensitive tokens, passwords, and identifiers (UUIDs). Never store in
UserDefaults. - Valet: Use high-level wrappers like SwiftKeychainWrapper or Valet to avoid raw Security.framework C-APIs.
- Biometrics: Use
LocalAuthenticationfor FaceID/TouchID. Verify availability withcanEvaluatePolicy(_:error:)before evaluation.
Data Protection
- File Encryption: Use
Data.WritingOptions.completeFileProtectionwhen saving files to disk. - App Sandboxing: Respect the sandbox; do not attempt to access files outside of your container.
Network Security
- ATS: Don't disable App Transport Security (ATS) globally in
Info.plist. Use exceptions only if strictly necessary. - SSL Pinning: Use TrustKit or Alamofire pinning for backend-critical applications.
Anti-Patterns
- UserDefaults for Secrets:
**No Secrets in UserDefaults**: Use Keychain. - Ignoring LA Error Handles:
**Handle LAError**: Check for userCancel, authenticationFailed, etc. - Print Tokens:
**No logging of PII/Tokens**: Ensure logs are stripped in Release builds.
References
Related Topics
common/security-standards | architecture
> related_skills --same-repo
> typescript-tooling
Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling. (triggers: tsconfig.json, .eslintrc.*, jest.config.*, package.json, eslint, prettier, jest, vitest, build, compile, lint)
> typescript-security
Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration. (triggers: **/*.ts, **/*.tsx, validate, sanitize, xss, injection, auth, password, secret, token)
> typescript-language
Modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings. (triggers: **/*.ts, **/*.tsx, tsconfig.json, type, interface, generic, enum, union, intersection, readonly, const, namespace)
> typescript-best-practices
Idiomatic TypeScript patterns for clean, maintainable code. Use when writing or refactoring TypeScript classes, functions, modules, or async logic. (triggers: **/*.ts, **/*.tsx, class, function, module, import, export, async, promise)