Security in iOS Apps
It’s incredibly important in FinTech!
Terminology
Man-in-the-middle: An attack where the attacker sits between a user and the server.
Public-key cryptography: A cryptographic system using two keys: a public key known to everyone and a private key. The private key can be used to read unencrypted messages encrypted with the public key, but the reverse is not true.
Public key infrastructure (PKI): A set of roles, policies, hardware, software, and procedures needed to distribute, use, store, and revoke digital certificates and manage public-key encryption.
Secure Socket Layer (SSL): Encrypted client-server communication over HTTP (as specified by HTTPS).
The Article
This article is about security, and how that might be implemented in an App where security is important (in an area like FinTech).
Some Options
App Transport Security (ATS)
The Problem ATS Is Trying To Solve
ATS requires that HTTP connections made with URLSession
use secure HTTPS connections rather than the insecure HTTP connections. HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and makes it much more secure to…