1 Reply
      Latest reply on Apr 16, 2019 2:14 AM by eskimo
      Ivaylo Level 1 Level 1 (0 points)

        Hello,

         

        I have a static scanner telling me that I need to change all occurences of String where I store sensitive data, because it is immutable and I should instead use a character Array and zero it out afterwards.

         

        I checked this forum and noticed to similar topics. My question is:
        - Should I avoid using SWIFT String for handling sensitive data, if there are not dependencies on the usage of String itself. Furthermore I understand that zeroing out a char array is not a 100% fix against memory scrubs, but it will make it more difficult.

        - If I was not using SWIFT but OBJECTIVE-C  how should I go and fix the same issue ?

         

        Thank you,

        Evo

        • Re: SWIFT memory security
          eskimo Apple Staff Apple Staff (11,035 points)

          You can find my thoughts on this subject here.

          Let’s look at your specific questions:

          Should I avoid using SWIFT String for handling sensitive data

          No.  Changing language or techniques won’t solve this problem.  I explain why in the thread I referenced above.

          If I was not using SWIFT but OBJECTIVE-C how should I go and fix the same issue ?

          Your language choice doesn’t matter here, because the critical problem is not your code but how your code interacts with the system.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"