Good Morning and Welcome to Session 714 For the next hour, myself and my colleagues Conrad and Michael are going to be talking about protecting the user’s data, and the part that you, the developers, can play in that.
First of all, a little bit about ourselves.
We are all members of the platform security team at Apple and we really operate up and down the stack, all the way down from the secure bootloader, all the way up to applications and even the cloud.
But some times that we are always involved is when a cryptographic key is used to protect user’s data.
That’s technologies you’ve probably come across before.
We also design and build solutions for internal clients For example, we were involved with designing the cryptography used by iMessage.
We expose a lot of that functionality, through third partâ€” APIs for use by third parties such as yourselves; Security.framework, CommonCrypto being examples.
That functionality is also exposed by other Apple APIs at an even higher level, for example, NSFileManager, CFNetwork, and we’re going to be pulling from both of those layers during this presentation.
What we’re going to talk about: We’re going to look at a common situation, which is a client app talking to a web service.
We’re going to subject it to a hostile environment, a simulated attack, and show what can happen, talk about why that matters, and give some simple steps that you can put in your applications to avoid falling foul of such attacks.