Agent-Skills.md

Agent Skills: iOS Security

Secure iOS apps with Keychain, biometrics, and data protection. Use when implementing Keychain storage, Face ID/Touch ID, or data protection in iOS. (triggers: **/*.swift, SecItemAdd, kSecClassGenericPassword, LAContext, LocalAuthentication)

UncategorizedID: hoangnguyen0403/agent-skills-standard/ios-security

Repository

hoangnguyen0403/agent-skills-standard
HoangNguyen0403License: Apache-2.0
362103

Install this agent skill to your local

pnpm dlx add-skill https://github.com/HoangNguyen0403/agent-skills-standard/tree/HEAD/skills/ios/ios-security

Skill Files

Browse the full folder contents for ios-security.

Download Skill

Loading file tree…

skills/ios/ios-security/SKILL.md

Skill Metadata

Name
ios-security
Description
Secure iOS apps with Keychain, biometrics, and data protection. Use when implementing Keychain storage, Face ID/Touch ID, or data protection in iOS.

iOS Security

Priority: P0 (CRITICAL)

Implementation Workflow

  1. Store secrets in Keychain — Use SecItemAdd, SecItemUpdate, and SecItemDelete with kSecClassGenericPassword for tokens/PII. Never use UserDefaults.
  2. Add biometric auth — Use LocalAuthentication with LAContext. Verify availability with canEvaluatePolicy before prompting.
  3. Encrypt files — Use Data.WritingOptions.completeFileProtection when saving to disk.
  4. Keep ATS enabled — Never disable App Transport Security globally in Info.plist.
  5. Pin certificates — Use ServerTrustManager or TrustKit for production apps to prevent MITM attacks.
  6. Strip sensitive logs — Ensure PII and tokens removed from logs in Release builds.

See Keychain and biometrics implementation examples

Anti-Patterns

  • No Secrets in UserDefaults: Always use Keychain for tokens and PII
  • No Unhandled LAError: Check for userCancel and authenticationFailed in biometric flows
  • No PII/Token Logging: Strip sensitive data from all logs in Release builds

References

Related Topics

  • common/security-standards
  • architecture