You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is possible with Apple?
What are the possibilities for people who have opted out of Apple?
What are all the Apple native options?
What is possible in terms of password interfaces? (integration with a password manager)
What is possible directly with the apps?
Apple/native solutions
Local Keychain
Current solution, it's extremely secure, key-value based storage but is not synced between devices. When a user uses a different device, the keys are not available.
This solution should be available to all users with no additional steps or setups.
iCloud Keychain
End-to-end encrypted solution that syncs between devices and is considered as a very secured solution. The downside of this solution though is the technical side of it:
There is no control over it, as a dev I basically use the same principles as for local keychain but set a sync flag to true. From that moment on, the system will pass the data to the cloud at some point with no notification it happened.
There is no way I can check whether the data have been stored to the cloud, I ask the API if there's a value associated with some key and if yes, I don't know if it was provided from the local or cloud source.
For the reasons mentioned above and knowing the desired UI/UX, I find iCloud Keychain not ideal because we'd very likely get control over "is the seed/data stored in the cloud?" before landing a user to the wallet.
Important: This solution is Apple only, no way it could be shared cross platform.
Important: This solution is NOT available by default. A user must turn the iCloud Keychain on. Seems like Apple power users are likely to have it turned on but regular users are around 50%. There is no way we can check whether a user have iCloud Keychain on or off.
iCloud storage/CloudKit
This solution is not end-to-end encrypted and requires a manual encryption. We basically do exactly this solution for address book and soon for user metadata. The great thing about this solution is the API difference, much more control over the state of the sync/store/load operations as well as api that tells us whether the data are available in the cloud or not.
Important: This solution is Apple only, no way it could be shared cross platform. However the data is some encrypted binary blob stored in the file which can be easily exported and imported outside Apple ecosystem. We can even make it visible and therefore available to be found in the Files app.
Important: iCloud is a feature and not all users have it turned on. Also, when a user is not signed in with Apple ID, the iCloud is not available at all. With a few steps and workarounds, we can detect whether the iCloud is available or not. Just bare in mind, this can take a while so some progress UI is needed.
Secure Enclave
Secure enclave is among solutions here just to show all possible solutions but because there is no way it can be shared between devices, it's rules out already. Essentially it's best for:
• Best for: Storing cryptographic keys that never leave the device.
• Security: Uses hardware-backed Secure Enclave, isolated from iOS itself.
• Access: You cannot read the private key—only sign data with it.
3rd party
1password
Unfortunately, this ended even before it started. The 1password and similar password managers work in a different way we expected. It utilizes system's features like autofill, it's always connected to either browser's input on native inputs like username or password. A system then provides an interface to load such values. We hoped these managers let us store and load a custom data programmaticaly but no such APIs are available.
Assignment
Basic questions:
What is possible with Apple?
What are the possibilities for people who have opted out of Apple?
What are all the Apple native options?
What is possible in terms of password interfaces? (integration with a password manager)
What is possible directly with the apps?
Apple/native solutions
Local Keychain
Current solution, it's extremely secure, key-value based storage but is not synced between devices. When a user uses a different device, the keys are not available.
This solution should be available to all users with no additional steps or setups.
iCloud Keychain
End-to-end encrypted solution that syncs between devices and is considered as a very secured solution. The downside of this solution though is the technical side of it:
For the reasons mentioned above and knowing the desired UI/UX, I find iCloud Keychain not ideal because we'd very likely get control over "is the seed/data stored in the cloud?" before landing a user to the wallet.
Important: This solution is Apple only, no way it could be shared cross platform.
Important: This solution is NOT available by default. A user must turn the iCloud Keychain on. Seems like Apple power users are likely to have it turned on but regular users are around 50%. There is no way we can check whether a user have iCloud Keychain on or off.
iCloud storage/CloudKit
This solution is not end-to-end encrypted and requires a manual encryption. We basically do exactly this solution for address book and soon for user metadata. The great thing about this solution is the API difference, much more control over the state of the sync/store/load operations as well as api that tells us whether the data are available in the cloud or not.
Important: This solution is Apple only, no way it could be shared cross platform. However the data is some encrypted binary blob stored in the file which can be easily exported and imported outside Apple ecosystem. We can even make it visible and therefore available to be found in the Files app.
Important: iCloud is a feature and not all users have it turned on. Also, when a user is not signed in with Apple ID, the iCloud is not available at all. With a few steps and workarounds, we can detect whether the iCloud is available or not. Just bare in mind, this can take a while so some progress UI is needed.
Secure Enclave
Secure enclave is among solutions here just to show all possible solutions but because there is no way it can be shared between devices, it's rules out already. Essentially it's best for:
• Best for: Storing cryptographic keys that never leave the device.
• Security: Uses hardware-backed Secure Enclave, isolated from iOS itself.
• Access: You cannot read the private key—only sign data with it.
3rd party
1password
Unfortunately, this ended even before it started. The 1password and similar password managers work in a different way we expected. It utilizes system's features like autofill, it's always connected to either browser's input on native inputs like username or password. A system then provides an interface to load such values. We hoped these managers let us store and load a custom data programmaticaly but no such APIs are available.
Summary
The text was updated successfully, but these errors were encountered: