SWIFT memory security

Hello,


I have a static scanner telling me that I need to change all occurences of String where I store sensitive data, because it is immutable and I should instead use a character Array and zero it out afterwards.


I checked this forum and noticed to similar topics. My question is:
- Should I avoid using SWIFT String for handling sensitive data, if there are not dependencies on the usage of String itself. Furthermore I understand that zeroing out a char array is not a 100% fix against memory scrubs, but it will make it more difficult.

- If I was not using SWIFT but OBJECTIVE-C how should I go and fix the same issue ?


Thank you,

Evo

Up vote post of Ivaylo Down vote post of Ivaylo
1.2k views
Posted by
Ivaylo
Reply
Add a Comment

Replies

You can find my thoughts on this subject here.

Let’s look at your specific questions:

Should I avoid using SWIFT String for handling sensitive data

No. Changing language or techniques won’t solve this problem. I explain why in the thread I referenced above.

If I was not using SWIFT but OBJECTIVE-C how should I go and fix the same issue ?

Your language choice doesn’t matter here, because the critical problem is not your code but how your code interacts with the system.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment