Tell me how would you securely store private user data offline on a device? What other security best practices should be taken?
Submitted by: MuhammadAgain there is no right answer to this, but it's a great way to see how much a person has dug into iOS security. If you're interviewing with a bank I'd almost definitely expect someone to know something about it, but all companies need to take security seriously, so here's the ideal list of topics I'd expect to hear in an answer:
☛ If the data is extremely sensitive then it should never be stored offline on the device because all devices are crackable.
☛ The keychain is one option for storing data securely. However it's encryption is based on the pin code of the device. User's are not forced to set a pin, so in some situations the data may not even be encrypted. In addition the users pin code may be easily hacked.
☛ A better solution is to use something like SQLCipher which is a fully encrypted SQLite database. The encryption key can be enforced by the application and separate from the user's pin code.
Other security best practices are:
☛ Only communicate with remote servers over SSL/HTTPS.
☛ If possible implement certificate pinning in the application to prevent man-in-the-middle attacks on public WiFi.
☛ Clear sensitive data out of memory by overwriting it.
☛ Ensure all validation of data being submitted is also run on the server side.
Submitted by: Muhammad
☛ If the data is extremely sensitive then it should never be stored offline on the device because all devices are crackable.
☛ The keychain is one option for storing data securely. However it's encryption is based on the pin code of the device. User's are not forced to set a pin, so in some situations the data may not even be encrypted. In addition the users pin code may be easily hacked.
☛ A better solution is to use something like SQLCipher which is a fully encrypted SQLite database. The encryption key can be enforced by the application and separate from the user's pin code.
Other security best practices are:
☛ Only communicate with remote servers over SSL/HTTPS.
☛ If possible implement certificate pinning in the application to prevent man-in-the-middle attacks on public WiFi.
☛ Clear sensitive data out of memory by overwriting it.
☛ Ensure all validation of data being submitted is also run on the server side.
Submitted by: Muhammad
Read Online UX Designer Job Interview Questions And Answers
Top UX Designer Questions
☺ | Tell Us What Do You Do When There’s Not Enough Time To Do Research? |
☺ | Tell us what are cards in mobile design? Why are they good and when is the best time to use them? |
☺ | Tell me what is the best search pattern for mobile phones? |
☺ | Explain me how can designers leverage audio to enhance user experience? |
☺ | Tell us what is onboarding and why is it so important for mobile design? |
Top Designing Categories
☺ | Web Designing Interview Questions. |
☺ | 3D Maya Interview Questions. |
☺ | Textile Dyeing Specialist Interview Questions. |
☺ | Fashion Designer Interview Questions. |
☺ | Physical Product Designer Interview Questions. |