Protecting the User's Data

Session 714 WWDC 2012

Learn about "real world" threats to users' data on OS X and iOS. See practical demonstrations of how users' data can be attacked both on the device and over the network, and find out how to defend against these threats in your app.

Good Morning and Welcome to Session 714 For the next hour, myself and my colleagues Conrad and Michael are going to be talking about protecting the user's data, and the part that you, the developers, can play in that.

First of all, a little bit about ourselves.

We are all members of the platform security team at Apple and we really operate up and down the stack, all the way down from the secure bootloader, all the way up to applications and even the cloud.

But some times that we are always involved is when a cryptographic key is used to protect user's data.

That's technologies you've probably come across before.

We also design and build solutions for internal clients For example, we were involved with designing the cryptography used by iMessage.

We expose a lot of that functionality, through third part— APIs for use by third parties such as yourselves; Security.framework, CommonCrypto being examples.

That functionality is also exposed by other Apple APIs at an even higher level, for example, NSFileManager, CFNetwork, and we're going to be pulling from both of those layers during this presentation.

What we're going to talk about: We're going to look at a common situation, which is a client app talking to a web service.

We're going to subject it to a hostile environment, a simulated attack, and show what can happen, talk about why that matters, and give some simple steps that you can put in your applications to avoid falling foul of such attacks.

Apple, Inc. AAPL
1 Infinite Loop Cupertino CA 95014 US