You want to ensure that your UI conforms to some of the most common security guidelines in iOS.
Follow these guidelines:
Ensure that all passwords and secure fields are entered, by
the user, into instances of
UITextField with their
secureTextEntry properties set to
If the user is on a screen that contains personal information,
such as the user’s credit card number or home address, set the
hidden property of your app’s
main window to
YES in the
applicationWillResignActive: method of
your app delegate, and set the same property to
NO (to show the window) in the
applicationDidBecomeActive: app delegate
method. This will ensure that the screenshot that iOS takes of your
app’s UI when going to the background will not contain any of your
window’s contents in it. This method is recommended by Apple.
Ensure that you validate the user’s input in your text fields/views before sending them to a server.
Using the mechanisms that you’ve learned in this chapter, secure the user’s entry if you are storing it in files on disk or in the keychain.
On screens where you accept a password or a numerical code for authentication, once the view controller is no longer on the screen, clear those password/code fields because the user won’t need them anymore. If you are not relinquishing ownership of those view controllers, their contents will stay in the memory. This includes the secure text field entries on those view controllers. It’s best to dispose of memory ...