Post not yet marked as solved
Hello,
Since Xcode 11.5 has been updated, I had problems with my projects third party frameworks (RealmSwift).
First I had a message "Module compiled with Swift 5.1.2 cannot be imported by the Swift 5.2.4 compiler".
To resolve this issue, I set BUILD LIBRARY FOR DISTRIBUTION to YES on the project's build settings.
This causes the error "The legacy build system does not support building projects with Swift when SWIFTENABLELIBRARY_EVOLUTION is enabled."
Could you please tell me how can I use realmSwift with the new compiler ?
Thank you in advance.
Post not yet marked as solved
Hello,I'm developing a passord manager using Swift.The app is ready to publish but I need some recommendations to secure it completely in order to respectthe apple developer guidelines and a good security implementation to secure the app from hacking.The app will be published on two version :- A free version with admob native ads implementation,- A paid version without ads.A ask the user to create an account giving mail and password, sychronized with Firebase (in order to give him the password if forgotten).I generated a random key using this code on the realm database creation :var key = Data(count: 64)
_ = key.withUnsafeMutableBytes { bytes in
SecRandomCopyBytes(kSecRandomDefault, 64, bytes)
}
return keyI store the key on the toolchain as recommended by realm documentation :https://docs.realm.io/sync/using-synced-realms/encrypting-realmsIf the user authentication is validated by Firebase, I use the stored key to decrypt the realm database in order togive access to the saved passwords on the app.The problem is that the passwords are stored as strings on the encrypted realm database so If a user has the key he can decryptthe database and see its contents.For this kind of app, do I need another level of security ?I thought to encrypt the password strings : does AES.GCM.SealedBox can be used for that purpose ?What are the remaining recommendations for security for that kind of app ?Thank you in advance for your replies.
Hello,I am developing a highly secured iOS application with sensitive data. I'm trying to use an AES256 encryption system to secure Data.I followed the tutorial here https://code.tutsplus.com/tutorials/securing-ios-data-at-rest-encryption--cms-28786Xcode 11 (Swift 5) tells me "Overlapping accesses to 'salt', but modification requires exclusive access; consider copying to a local variable"Could you please tell how can I solve this issue please ?Here's my code :var key = Data(repeating:0, count:kCCKeySizeAES256)
var salt = Data(count: 8)
salt.withUnsafeMutableBytes {
(saltBytes: UnsafeMutablePointer<UInt8>) in//-> Void in
let saltStatus = SecRandomCopyBytes(kSecRandomDefault, salt.count, saltBytes)
if saltStatus == errSecSuccess
{
let passwordData = password.data(using:String.Encoding.utf8)!
key.withUnsafeMutableBytes { (keyBytes : UnsafeMutablePointer<UInt8>) in
let derivationStatus = CCKeyDerivationPBKDF(CCPBKDFAlgorithm(kCCPBKDF2), password, passwordData.count, saltBytes, salt.count, CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA512), 14271, keyBytes, key.count)
if derivationStatus != Int32(kCCSuccess)
{
setupSuccess = false
}
}
}
else
{
setupSuccess = false
}
}The error is located on the lines 3 and 9.Thank you for your help.
Hello,I'm developing a password management app, using Swift 5 and Xcode.I want to add my app to the list of Autofill password menu on iPhone,such as 1Password or Dashlane. Could you please tell me how can I do that ? I have no found a solution on the web.Thank you.
Hello,I am developing a password manager app using Swift.As the data need to be secured, I am planning to encrypt the attached realm databaseusing AES-256+SHA2 encryption method.What are the prerequisites to publish this kind of app on the app store ?If publishment with encryption has difficults, can I publish this kind of app with sensible data without encryption ?Thank you for your answer.
kracter56.