iOS Security Skill | Agent Skills

Agent Skills: iOS Security

Secure iOS apps with Keychain, biometrics, and data protection. Use when implementing Keychain storage, Face ID/Touch ID, or data protection in iOS. (triggers: **/*.swift, SecItemAdd, kSecClassGenericPassword, LAContext, LocalAuthentication)

UncategorizedID: hoangnguyen0403/agent-skills-standard/ios-security

iOS Security

Priority: P0 (CRITICAL)

Implementation Workflow

Store secrets in Keychain — Use SecItemAdd, SecItemUpdate, and SecItemDelete with kSecClassGenericPassword for tokens/PII. Never use UserDefaults.
Add biometric auth — Use LocalAuthentication with LAContext. Verify availability with canEvaluatePolicy before prompting.
Encrypt files — Use Data.WritingOptions.completeFileProtection when saving to disk.
Keep ATS enabled — Never disable App Transport Security globally in Info.plist.
Pin certificates — Use ServerTrustManager or TrustKit for production apps to prevent MITM attacks.
Strip sensitive logs — Ensure PII and tokens are removed from logs in Release builds.

See Keychain and biometrics implementation examples

Anti-Patterns

❌ Secrets in UserDefaults — always use Keychain
❌ Unhandled LAError — check for userCancel, authenticationFailed, etc.
❌ PII/token logging in Release builds — strip sensitive data from all log output

References

Keychain & Biometrics Implementation

Agent Skills: iOS Security

Install this agent skill to your local

Skill Files

iOS Security

Priority: P0 (CRITICAL)

Implementation Workflow

Anti-Patterns

References

Related Topics