>_SkillsHub

> ios-security

Secure iOS apps with Keychain, biometrics, and data protection. Use when implementing Keychain storage, Face ID/Touch ID, or data protection in iOS. (triggers: **/*.swift, SecItemAdd, kSecClassGenericPassword, LAContext, LocalAuthentication)

fetch
$curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/ios-security?format=md"
SKILL.mdios-security

iOS Security

Priority: P0 (CRITICAL)

Implementation Workflow

  1. Store secrets in Keychain — Use SecItemAdd, SecItemUpdate, and SecItemDelete with kSecClassGenericPassword for tokens/PII. Never use UserDefaults.
  2. Add biometric auth — Use LocalAuthentication with LAContext. Verify availability with canEvaluatePolicy before prompting.
  3. Encrypt files — Use Data.WritingOptions.completeFileProtection when saving to disk.
  4. Keep ATS enabled — Never disable App Transport Security globally in Info.plist.
  5. Pin certificates — Use ServerTrustManager or TrustKit for production apps to prevent MITM attacks.
  6. Strip sensitive logs — Ensure PII and tokens are removed from logs in Release builds.

See Keychain and biometrics implementation examples

Anti-Patterns

  • ❌ Secrets in UserDefaults — always use Keychain
  • ❌ Unhandled LAError — check for userCancel, authenticationFailed, etc.
  • ❌ PII/token logging in Release builds — strip sensitive data from all log output

References

Related Topics

  • common/security-standards
  • architecture

> related_skills --same-repo

> common-store-changelog

Generate user-facing release notes for the Apple App Store and Google Play Store by collecting git history, triaging user-impacting changes, and drafting store-compliant changelogs. Enforces character limits (App Store ≤4000, Google Play ≤500), tone, and bullet format. Use when generating release notes, app store changelog, play store release, what's new, or version release notes for any mobile app. (triggers: generate changelog, app store notes, play store release, what's new, release notes, ve

> golang-tooling

Go developer toolchain — gopls LSP diagnostics, linting, formatting, and vet. Use when setting up Go tooling, running linters, or integrating gopls with Claude Code. (triggers: gopls, golangci-lint, golangci.yml, go vet, goimports, staticcheck, go tooling, go lint)

> common-ui-design

Design distinctive, production-grade frontend UI with bold aesthetic choices. Use when building web components, pages, interfaces, dashboards, or applications in any framework (React, Next.js, Angular, Vue, HTML/CSS). (triggers: build a page, create a component, design a dashboard, landing page, UI for, build a layout, make it look good, improve the design, build UI, create interface, design screen)

> common-owasp

OWASP Top 10 audit checklist for Web Applications (2021) and APIs (2023). Load during any security review, PR review, or codebase audit touching web, mobile backend, or API code. (triggers: security review, OWASP, broken access control, IDOR, BOLA, injection, broken auth, API review, authorization, access control)

┌ stats

installs/wk0
░░░░░░░░░░
github stars452
██████████
first seenMar 17, 2026
└────────────

┌ repo

HoangNguyen0403/agent-skills-standard
by HoangNguyen0403
└────────────

┌ tags

#auth#ios#security
└────────────