SecureStorage in Swift: A Safer Alternative to AppStorage
Article Summary
Kcrdissanayake from PickMe Engineering reveals why SwiftUI's AppStorage is a security risk for sensitive data. Their solution? A custom property wrapper that encrypts everything before it hits storage.
AppStorage uses UserDefaults under the hood, storing data in plain text with zero encryption or tamper protection. This article introduces SecureStorage, a drop-in replacement that combines Secure Enclave encryption, Keychain storage, and HMAC-SHA256 signing to protect user credentials, tokens, and other sensitive information.
Key Takeaways
- AppStorage stores data in plain text, making credentials vulnerable to attacks
- SecureStorage uses Secure Enclave hardware encryption with keys that never leave device
- HMAC-SHA256 signing prevents data tampering and validates integrity on load
- Property wrapper syntax matches AppStorage for easy migration
- Full implementation available on GitHub with working SwiftUI examples
SecureStorage delivers AppStorage's convenience with enterprise-grade security through hardware encryption, Keychain storage, and cryptographic signing.
About This Article
SwiftUI's AppStorage doesn't encrypt data or protect it from tampering. Sensitive information like credentials and tokens get stored as plain text, which leaves them open to unauthorized access and modification.
Kcrdissanayake's SecureStorage uses the Secure Enclave for hardware-based key generation. It applies asymmetric encryption with ECIES, SHA256-AESGCM, and HMAC-SHA256 signing to encrypt data and verify its integrity before saving it.
SecureStorage matches AppStorage's convenient property wrapper syntax while adding enterprise-grade security. Developers can protect sensitive user data with automatic encryption and tamper detection without rewriting their existing code.