Apple introduced the concept of access control and authentication policies for applications in iOS 8 and higher for file and keychain data protection. This screen capture from the Apple security guide provides an overview of how file and keychain data protection are placed:
All data traversals over the network are protected using encryption technologies for VPN, applications, Wi-Fi, Bluetooth, Airdrop, and so on.
A majority of inbuilt applications, such as Mail and Safari, use Transport Layer Security by default (TLS version 1.0 to 1.2). Some important classes for a well-developed app include the CFNetwork
class, which disallows SSLv3 connections. Also note the NSURLConnection
and NSURLSessionCFURL
APIs being used.
Apps that are compiled for iOS 9 automatically ensure that app transport security is enforced.