Security and Privacy Enhancements

PDF for offline use
Related Samples:

Let us know how you feel about this


0/250

last updated: 2016-12

This article covers the security and privacy changes that Apple has made in iOS 10 and how they affect a Xamarin.iOS app.

Overview

Apple has made several enhancements to both security and privacy in iOS 10 that will help the developer improve the security of their apps and ensure the end user's privacy. This article will cover implementing these features in a Xamarin.iOS app.

The following topics will be covered in detail:

General Enhancements

The following general changes have been made to Security and Privacy in iOS 10:

  • The Common Data Security Architecture (CDSA) API has been deprecated and should be replaced with the SecKey API to generate asymmetric keys.
  • The new NSAllowsArbitraryLoadsInWebContent key can be add to the an app's Info.plist file and will allow web pages to load correctly while Apple Transport Security (ATS) protection is still enabled for the rest of the app. For more information, please see our App Transport Security documentation.
  • Because the new Clipboard in iOS 10 and macOS Sierra allows the user to copy and paste between devices, the API has been expanded to allow a clipboard to be limited to a specific device and be timestamped to be cleared automatically at a given point. Additionally, named pasteboards are no longer persisted and should be replaced with the shared pasteboard containers.
  • For all SSL/TLS connections, the RC4 symmetric cipher is now disabled by default. Additionally, the Secure Transport API no longer supports SSLv3 and it is recommended that the developer stop using SHA-1 and 3DES cryptography as soon as possible.

Accessing Private User Data

Apps running on iOS 10 (or later) must statically declare their intent to access specific features or user information by entering one or more Privacy Keys in their Info.plist files that explain to the user why the app wishes to gain access.

NOTE Apps that fail to provide the required keys will be silently terminated by the system when they attempt to access one of the restricted features or user information, without error! If an app starts unexpectedly failing on iOS 10, ensure that all of the required Info.plist have been specified.

The following Privacy related keys are available:

  • Privacy - Apple Music usage Description (NSAppleMusicUsageDescription) - Allows the developer to describe why the app wants to access the user's media library.
  • Privacy - Bluetooth Peripheral Usage Description (NSBluetoothPeripheralUsageDescription) - Allows the developer to describe why the app wants to access Bluetooth on the user's device.
  • Privacy - Calendars Usage Description (NSCalendarsUsageDescription) - Allows the developer to describe why the app wants to access the user's calendar.
  • Privacy - Camera Usage Description (NSCameraUsageDescription) - Allows the developer to describe why the app wants to access the device's camera.
  • Privacy - Contacts Usage Description (NSContactsUsageDescription) - Allows the developer to describe why the app wants to access the user's contacts.
  • Privacy - Health Share Usage Description (NSHealthShareUsageDescription) - Allows the developer to describe why the app wants to access the user's health data. For more information, please see Apple's HKHealthStore Class Reference.
  • Privacy - Health Update Usage Description (NSHealthUpdateUsageDescription) - Allows the developer to describe why the app wants to edit the user's health data. For more information, please see Apple's HKHealthStore Class Reference.
  • Privacy - HomeKit Usage Description (NSHomeKitUsageDescription) - Allows the developer to describe why the app wants to access the user's HomeKit Configuration Data.
  • Privacy - Location Always Usage Description (NSLocationAlwaysUsageDescription) - Allows the developer to describe why the app wants to always have access to the user's location.
  • [Deprecated] Privacy - Location Usage Description (NSLocationUsageDescription) - Allows the developer to describe why the app wants to access the user location. NOTE: This key has been deprecated in iOS 8 (and greater). Use NSLocationAlwaysUsageDescription or NSLocationWhenInUseUsageDescription instead.
  • Privacy - Location When In Use Usage Description (NSLocationWhenInUseUsageDescription) - Allows the developer to describe why the app wants to access the user's location while it is running.
  • [Deprecated] Privacy - Media Library Usage Description - Allows the developer to describe why the app wants to access to the user's media library. NOTE: This key has been deprecated in iOS 8 (and greater). Use NSAppleMusicUsageDescription instead.
  • Privacy - Microphone Usage Description (NSMicrophoneUsageDescription) - Allows the developer to describe why the app wants to access the devices microphone.
  • Privacy - Motion Usage Description (NSMotionUsageDescription) - Allows the developer to describe why the app wants to access the device's accelerometer.
  • Privacy - Photo Library Usage Description (NSPhotoLibraryUsageDescription) - Allows the developer to describe why the app wants to access the user's photo library.
  • Privacy - Reminders Usage Description (NSRemindersUsageDescription) - Allows the developer to describe why the app wants to access the user's reminders.
  • Privacy - Siri Usage Description (NSSiriUsageDescription) - Allows the developer to describe why the app wants to send user data to Siri.
  • Privacy - Speech Recognition Usage Description (NSSpeechRecognitionUsageDescription) - Allows the developer to describe why the app wants to send user data to Apple's speech recognition servers.
  • Privacy - TV Provider Usage Description (NSVideoSubscriberAccountUsageDescription) - Allows the developer to describe why the app wants to access the user's TV provider account.

For more information on working with Info.plist keys, please see Apple's Information Property List Key Reference.

Setting Privacy Keys

Take the following example of accessing HomeKit on iOS 10 (and greater), the developer will need to add the NSHomeKitUsageDescription key to the app's Info.plist file and provide a string declaring why the app wants to access the user's HomeKit database. This string will be presented to the user the first time they run the app:

To set any of the Privacy keys, do the following:

  1. Double-click the Info.plist file in the Solution Explorer to open it for editing.
  2. At the bottom of the screen, switch to the Source view.
  3. Add a new Entry to the list.
  4. From the dropdown list, select a Privacy key (such as Privacy - HomeKit Usage Description):
  5. Enter a description for why the app wants to access the given feature or user information:
  6. Save the changes to the file.

Xamarin.iOS for Visual Studio current doesn't support editing the security enhancement Info.plist settings from within the IDE, so the following workaround will be required:

  1. Open the Info.plist file in an external text editor.
  2. Before the last </dict> node, add the following node: <key>NSHomeKitUsageDescription</key>
  3. Add the following node to provide the required description: <string>Allows the app to control HomeKit enabled devices.</string>
  4. The Info.plist file should look like the following:
  5. Save the changes to the file.
  6. Return to Visual Studio and recompile's the app.

NOTE: In the example given above, failure to set the NSHomeKitUsageDescription key in the Info.plist file would result in the app silently failing (being closed by the system at runtime) without error when run in iOS 10 (or greater).

Summary

This article has covered the security and privacy changes that Apple has made in iOS 10 and how they affect a Xamarin.iOS app.

Xamarin Workbook

If it's not already installed, install the Xamarin Workbooks app first. The workbook file should download automatically, but if it doesn't, just click to start the workbook download manually.