Agent-skills-standard ios-security

Secure iOS apps with Keychain, biometrics, and data protection. Use when implementing Keychain storage, Face ID/Touch ID, or data protection in iOS. (triggers: **/*.swift, SecItemAdd, kSecClassGenericPassword, LAContext, LocalAuthentication)

install

source · Clone the upstream repo

git clone https://github.com/HoangNguyen0403/agent-skills-standard

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/HoangNguyen0403/agent-skills-standard "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/ios/ios-security" ~/.claude/skills/hoangnguyen0403-agent-skills-standard-ios-security && rm -rf "$T"

manifest: skills/ios/ios-security/SKILL.md

source content

iOS Security

Priority: P0 (CRITICAL)

Implementation Workflow

Store secrets in Keychain — Use

SecItemAdd

SecItemUpdate

, and

SecItemDelete

with

kSecClassGenericPassword

for tokens/PII. Never use

UserDefaults

Add biometric auth — Use
```
LocalAuthentication
```
with
```
LAContext
```
. Verify availability with
```
canEvaluatePolicy
```
before prompting.

Encrypt files — Use

Data.WritingOptions.completeFileProtection

when saving to disk.

Keep ATS enabled — Never disable App Transport Security globally in
```
Info.plist
```
.
Pin certificates — Use
```
ServerTrustManager
```
or
```
TrustKit
```
for production apps to prevent MITM attacks.
Strip sensitive logs — Ensure PII and tokens removed from logs in Release builds.

See Keychain and biometrics implementation examples

Anti-Patterns

No Secrets in
UserDefaults
: Always use Keychain for tokens and PII
No Unhandled
LAError
: Check for
```
userCancel
```
and
```
authenticationFailed
```
in biometric flows
No PII/Token Logging: Strip sensitive data from all logs in Release builds

References

Keychain & Biometrics Implementation