How to access PHP webservice securely from an Objective-C / iOS application?

4

I'm making an application where I need to securely send user data to the Web Service using PHP. For this, I'm researching about security for iOS.

What is the recommended method and what are the points that I should be concerned about?

Please preferably reference references to security documents or tutorials.

    
asked by anonymous 30.03.2015 / 03:17

1 answer

3

For an initial survey, I suggest you start by reading this document: iOS Security Guide

Before sending (offline storage), starting from page 9: Encryption and Data Protection

Sending the data, start on page 23: Network Security

Now that the question has been edited, I understand that you probably want to interact with the server using HTTP GET or POST via TLS (also known as HTTPS ). >

In this case, I suggest following the Apple specification at this link: Making HTTP and HTTPS Requests

Safety recommendations:

  • If your server is configured correctly (valid certificate, SSL disabled), you already start with good security.
  • Could increase security by manually verifying that the server's certificate is true (practically mandatory if the certificate is customized). It will increase even more if you use DNSSEC.
  • If you configure the application to send the client certificate, it will increase even more (but in that case, it will depend on the server to validate the certificate).

From the security aspect, you'll realize that iOS does not support DNSSEC. If you base your system security solely on the basis of what the vendor API provides, you are at a risk. You need to first choose the communication protocol, and base your needs around it.

By not citing references, consider my recommendations as opinions. Mainly because some of them are optional, others are not practical, and some are not required. In short, it depends on several factors.

    
30.03.2015 / 06:18