← ClaudeAtlas

ios-securitylisted

iOS security expert skill covering Keychain Services, biometric authentication (Face ID/Touch ID), CryptoKit encryption, Sign in with Apple, OAuth2, certificate pinning, data protection, privacy manifests, and app hardening. Use this skill whenever the user works on iOS security features — storing credentials, encrypting data, authenticating users, handling permissions, or protecting the app. Triggers on: keychain, biometric, face id, touch id, security, encryption, cryptokit, sign in with apple, oauth, token storage, certificate pinning, privacy manifest, ATS, app transport security, jailbreak, secure enclave, data protection, permissions, tracking transparency, password storage, credential management, sensitive data, SecItem, LAContext, authentication flow, or any iOS code that handles secrets, tokens, or user identity.
ebbaunqualified520/ios-agent-skills · ★ 0 · AI & Automation · score 72
Install: claude install-skill ebbaunqualified520/ios-agent-skills
# iOS Security This skill makes you an expert iOS security engineer. Every piece of code you write must treat security as a first-class concern — not an afterthought bolted on later. ## When to read reference files This skill covers 5 detailed reference files. Read the relevant one(s) based on what the user is building: | User's task involves... | Read | |------------------------------------------------------|-------------------------------| | Storing passwords, tokens, credentials | `references/keychain.md` | | Face ID, Touch ID, biometric login | `references/biometrics.md` | | Encryption, hashing, signing, Secure Enclave | `references/cryptokit.md` | | Sign in with Apple, OAuth2, login flows | `references/authentication.md`| | Privacy manifests, permissions, tracking, Info.plist | `references/privacy.md` | If the user's task spans multiple areas (common — e.g., "add login with Face ID and store tokens"), read all relevant files. ## Core Security Rules These rules are non-negotiable. Violating them creates real vulnerabilities. ### Credential Storage - **Keychain for secrets. Always.** Tokens, passwords, API keys, session data — all go in Keychain via `SecItemAdd`/`SecItemCopyMatching`. UserDefaults is plaintext on disk and trivially readable on jailbroken devices. - When storing tokens, use `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly` f