Hi,
let's say I am involved in a very secured environment application, say for example a banking/insurance/investment app dealing with financial and sensitive data.
Then I have two main questions:
- To enable Touch ID login for viewing accounts and transactions data, is it safe to implement it simply by adding the credentials combo to the keychain and retrieving it via the iOS Keychain API available in iOS 8? What are other secured data apps with this feature doing? Do I need to encrypt something (Keychain already does that in my knowledge)?
- If I develop a WatchKit app, how could I authenticate the Apple Watch app to view secured data? Could I simply retrieve said keychain item from the paired iPhone app or via shared group? What about ACL for this keychain item? I watched session 706 "Security and your apps" of WWDC 2015: they said it is better to let the server send the cookie or token to enable that particular features you need. But this imply that I need to write new services api for those calls.
Any ideas or suggestions folks?
Thanks.