Data stored on the Android internal storage using the MODE_WORLD_READBLE or MODE_WORLD_WRITEABLE is accessible to all applications on the device. This not only denies protection against data corruption but in case of sensitive information violates user privacy and security concerns.

When storing data into the Keychain, an accessibility level needs to be set up which defines when it will be possible to access the item. The possible accessibility levels include:

-kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleAlways:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly:
The data in the Keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device.
This is recommended for items that only need to be accessible while the application is in the foreground. Items with this attribute never migrate to a new device. After a backup is restored to a new device, these items are missing. No items can be stored in this class on devices without a passcode. Disabling the device passcode causes all items in this class to be deleted.
Available in iOS 8.0 and later.

-kSecAttrAccessibleAlwaysThisDeviceOnly:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlocked:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute migrate to a new device when using encrypted backups.
This is the default value for Keychain items added without explicitly setting an accessibility constant.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlockedThisDeviceOnly:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

The accessibility levels which do not contain the ThisDeviceOnly will be backed up to iCloud and backed up to iTunes even if using unencrypted backups which can be restored to any device. Depending on how sensitive and private the stored data is, this may raise a privacy concern.

Example 1: In the following example the Keychain item is protected at all times, except when the device is powered on and unlocked but the Keychain item will be backed up to iCloud and to unencrypted iTunes backups:

...
    NSMutableDictionary *dict = [NSMutableDictionary dictionary];
    NSData *token = [@"secret" dataUsingEncoding:NSUTF8StringEncoding];

    // Configure KeyChain Item
    [dict setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id) kSecClass];
    [dict setObject:token forKey:(__bridge id)kSecValueData];
    ...
    [dict setObject:(__bridge id)kSecAttrAccessibleWhenUnlocked forKey:(__bridge id) kSecAttrAccessible];

    OSStatus error = SecItemAdd((__bridge CFDictionaryRef)dict, NULL);
...

The HTTP(S) responses may contain sensitive data such as session cookies and API tokens. The URL loading system will cache all the HTTP(S) responses for performance reasons, storing them unencrypted in an insecure shared storage.

Example 1: The following code installs the HTTP(S) response cache in shared storage space:

    protected void onCreate(Bundle savedInstanceState) {
       ...

       try {
           File httpCacheDir = new File(context.getExternalCacheDir(), "http");
           long httpCacheSize = 10 * 1024 * 1024; // 10 MiB
           HttpResponseCache.install(httpCacheDir, httpCacheSize);
       } catch (IOException e) {
           Log.i(TAG, "HTTP response cache installation failed:" + e);
       }
    }

    protected void onStop() {
       ...

       HttpResponseCache cache = HttpResponseCache.getInstalled();
       if (cache != null) {
           cache.flush();
       }
   }

The HTTP(S) responses may contain sensitive data such as session cookies and API tokens. The URL loading system will cache all the HTTP(S) responses for performance reasons, storing them unencrypted in the {app ID}/Library/Caches/com.mycompany.myapp/Cache.db* files.
Developers may think that by setting the diskCapacity or memoryCapacity properties of the URLCache class to 0, they may be effectively disabling the HTTP(S) response cache system. However, the NSURLCache documentation states that both the on-disk and in-memory caches will be truncated to the configured sizes only if the device runs low on memory or disk space. Both settings are meant to be used by the system to free system resources and improve performance, not as a security control.

The Data Protection API is designed to let applications declare when items in the Keychain and files stored on the file system should be accessible. It is available for most file and database APIs, including NSFileManager, CoreData, NSData, and SQLite. By specifying one of four protection classes for a given resource, a developer can instruct the underlying file system to encrypt it either using a key derived from both the device's UID and the user's passcode or using a key solely based on the device's UID (as well as when to automatically decrypt it).

The Data Protection classes are defined for NSFileManager as constants meant to be assigned as the value for the NSFileProtectionKey key in an NSDictionary associated with the NSFileManager instance, and files can be created or have their data protection class modified through use of NSFileManager functions including setAttributes:ofItemAtPath:error:, attributesOfItemAtPath:error:, and createFileAtPath:contents:attributes:. In addition, corresponding Data Protection constants are defined for NSData objects as NSDataWritingOptions that can be passed as the options argument to NSData functions writeToURL:options:error: and writeToFile:options:error:. The definitions for the various Data Protection class constants for NSFileManager and NSData are as follows:

-NSFileProtectionComplete, NSDataWritingFileProtectionComplete:
The resource is stored in an encrypted format on disk and cannot be read from, or written to, while the device is locked or booting.
Available in iOS 4.0 and later.
-NSFileProtectionCompleteUnlessOpen, NSDataWritingFileProtectionCompleteUnlessOpen:
The resource is stored in an encrypted format on disk. Resources can be created while the device is locked, but once closed, cannot be opened again until the device is unlocked. If the resource is opened when unlocked, you may continue to access the resource normally, even if the user locks the device.
Available in iOS 5.0 and later.
-NSFileProtectionCompleteUntilFirstUserAuthentication, NSDataWritingFileProtectionCompleteUntilFirstUserAuthentication:
The resource is stored in an encrypted format on disk and cannot be accessed until after the device has booted. After the user unlocks the device for the first time, your app can access the resource and continue to access it even if the user subsequently locks the device.
Available in iOS 5.0 and later.
-NSFileProtectionNone, NSDataWritingFileProtectionNone:
The resource has no special protections associated with it. It can be read from, or written to, at any time.
Available in iOS 4.0 and later.

So, while marking a file with NSFileProtectionCompleteUnlessOpen or NSFileProtectionCompleteUntilFirstUserAuthentication will afford it encryption using a key derived from the user's passcode and the device's UID, the data will still remain accessible under certain circumstances. As such, usages of NSFileProtectionCompleteUnlessOpen or NSFileProtectionCompleteUntilFirstUserAuthentication should be carefully reviewed to determine if further protection with NSFileProtectionComplete is warranted.

Example 1: In the following example, the given file is only protected until the user powers on the device and provides their passcode for the first time (until the next reboot):

...
filepath = [self.GetDocumentDirectory stringByAppendingPathComponent:self.setFilename];
...
NSDictionary *protection = [NSDictionary dictionaryWithObject:NSFileProtectionCompleteUntilFirstUserAuthentication forKey:NSFileProtectionKey];
...
[[NSFileManager defaultManager] setAttributes:protection ofItemAtPath:filepath error:nil];
...
BOOL ok = [testToWrite writeToFile:filepath atomically:YES encoding:NSUnicodeStringEncoding error:&err];
...

Example 2: In the following example, the given data is only protected until the user powers on the device and provides their passcode for the first time (until the next reboot):

...
filepath = [self.GetDocumentDirectory stringByAppendingPathComponent:self.setFilename];
...
NSData *textData = [textToWrite dataUsingEncoding:NSUnicodeStingEncoding];
...
BOOL ok = [textData writeToFile:filepath options:NSDataWritingFileProtectionCompleteUntilFirstUserAuthentication error:&err];
...

The Keychain accessibility constants are designed to let applications declare when items in the Keychain should be accessible. By specifying one of accessibility constants for a given Keychain item, a developer can instruct the underlying file system to encrypt it either using a key derived from both the device's UID and the user's passcode or using a key solely based on the device's UID (as well as when to automatically decrypt it).

The Keychain accessibility constants are meant to be assigned as the value for the kSecAttrAccessible key in the Keychain attribute dictionary. The definitions for the various Keychain accessibility constants are as follows:

-kSecAttrAccessibleAfterFirstUnlock:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.

-kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleAlways:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly:
The data in the Keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device.
This is recommended for items that only need to be accessible while the application is in the foreground. Items with this attribute never migrate to a new device. After a backup is restored to a new device, these items are missing. No items can be stored in this class on devices without a passcode. Disabling the device passcode causes all items in this class to be deleted.
Available in iOS 8.0 and later.

-kSecAttrAccessibleAlwaysThisDeviceOnly:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlocked:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute migrate to a new device when using encrypted backups.
This is the default value for Keychain items added without explicitly setting an accessibility constant.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlockedThisDeviceOnly:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

So, while marking a Keychain item with kSecAttrAccessibleAfterFirstUnlock will afford it encryption using a key derived from the user's passcode and the device's UID, the data will still remain accessible under certain circumstances. As such, usages of kSecAttrAccessibleAfterFirstUnlock should be carefully reviewed to determine if further protection is warranted.

Example 1: In the following example, the given Keychain item is only protected until the user powers on the device and provides their passcode for the first time (until the next reboot):

...
    NSMutableDictionary *dict = [NSMutableDictionary dictionary];
    NSData *token = [@"secret" dataUsingEncoding:NSUTF8StringEncoding];

    // Configure KeyChain Item
    [dict setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id) kSecClass];
    [dict setObject:token forKey:(__bridge id)kSecValueData];
    ...
    [dict setObject:(__bridge id)kSecAttrAccessibleAfterFirstUnlock forKey:(__bridge id) kSecAttrAccessible];

    OSStatus error = SecItemAdd((__bridge CFDictionaryRef)dict, NULL);
...

The Data Protection API is designed to let applications declare when items in the Keychain and files stored on the file system should be accessible. It is available for most file and database APIs, including NSFileManager, CoreData, NSData, and SQLite. By specifying one of four protection classes for a given resource, a developer can instruct the underlying file system to encrypt it either using a key derived from both the device's UID and the user's passcode or using a key solely based on the device's UID (as well as when to automatically decrypt it).

The Data Protection classes are defined for NSFileManager as constants meant to be assigned as the value for the NSFileProtectionKey key in an NSDictionary associated with the NSFileManager instance, and files can be created or have their data protection class modified through use of NSFileManager functions including setAttributes:ofItemAtPath:error:, attributesOfItemAtPath:error:, and createFileAtPath:contents:attributes:. In addition, corresponding Data Protection constants are defined for NSData objects as NSDataWritingOptions that can be passed as the options argument to NSData functions writeToURL:options:error: and writeToFile:options:error:. The definitions for the various Data Protection class constants for NSFileManager and NSData are as follows:

-NSFileProtectionComplete, NSDataWritingFileProtectionComplete:
The resource is stored in an encrypted format on disk and cannot be read from, or written to, while the device is locked or booting.
Available in iOS 4.0 and later.
-NSFileProtectionCompleteUnlessOpen, NSDataWritingFileProtectionCompleteUnlessOpen:
The resource is stored in an encrypted format on disk. Resources can be created while the device is locked, but once closed, cannot be opened again until the device is unlocked. If the resource is opened when unlocked, you may continue to access the resource normally, even if the user locks the device.
Available in iOS 5.0 and later.
-NSFileProtectionCompleteUntilFirstUserAuthentication, NSDataWritingFileProtectionCompleteUntilFirstUserAuthentication:
The resource is stored in an encrypted format on disk and cannot be accessed until after the device has booted. After the user unlocks the device for the first time, your app can access the resource and continue to access it even if the user subsequently locks the device.
Available in iOS 5.0 and later.
-NSFileProtectionNone, NSDataWritingFileProtectionNone:
The resource has no special protections associated with it. It can be read from, or written to, at any time.
Available in iOS 4.0 and later.

Even though all files on an iOS device, including those without an explicitly assigned Data Protection class, are stored in an encrypted form, specifying NSFileProtectionNone results in encryption using a key derived solely based on the device's UID. This leaves such files accessible any time the device is powered on, including when locked with a passcode or when booting. As such, usages of NSFileProtectionNone should be carefully reviewed to determine if further protection with a stricter Data Protection class is warranted.

Example 1: In the following example, the given file is not protected (accessible anytime the device is powered on):

...
filepath = [self.GetDocumentDirectory stringByAppendingPathComponent:self.setFilename];
...
NSDictionary *protection = [NSDictionary dictionaryWithObject:NSFileProtectionNone forKey:NSFileProtectionKey];
...
[[NSFileManager defaultManager] setAttributes:protection ofItemAtPath:filepath error:nil];
...
BOOL ok = [testToWrite writeToFile:filepath atomically:YES encoding:NSUnicodeStringEncoding error:&err];
...

Example 2: In the following example, the given data is not protected (accessible anytime the device is powered on):

...
filepath = [self.GetDocumentDirectory stringByAppendingPathComponent:self.setFilename];
...
NSData *textData = [textToWrite dataUsingEncoding:NSUnicodeStingEncoding];
...
BOOL ok = [textData writeToFile:filepath options:NSDataWritingFileProtectionNone error:&err];
...

The Keychain accessibility constants are designed to let applications declare when items in the Keychain should be accessible. By specifying one of the accessibility constants for a given Keychain item, a developer can instruct the underlying file system to encrypt it either using a key derived from both the device's UID and the user's passcode or using a key solely based on the device's UID (as well as when to automatically decrypt it).

The Keychain accessibility constants are meant to be assigned as the value for the kSecAttrAccessible key in the Keychain attribute dictionary. The definitions for the various Keychain accessibility constants are as follows:

-kSecAttrAccessibleAfterFirstUnlock:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.

-kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleAlways:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly:
The data in the Keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device.
This is recommended for items that only need to be accessible while the application is in the foreground. Items with this attribute never migrate to a new device. After a backup is restored to a new device, these items are missing. No items can be stored in this class on devices without a passcode. Disabling the device passcode causes all items in this class to be deleted.
Available in iOS 8.0 and later.

-kSecAttrAccessibleAlwaysThisDeviceOnly:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlocked:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute migrate to a new device when using encrypted backups.
This is the default value for Keychain items added without explicitly setting an accessibility constant.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlockedThisDeviceOnly:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

Even though all files on an iOS device, including those without an explicitly assigned Keychain accessibility constant, are stored in an encrypted form, specifying kSecAttrAccessibleAlways results in encryption using a key derived solely based on the device's UID. This leaves such files accessible any time the device is powered on, including when locked with a passcode or when booting. As such, usages of kSecAttrAccessibleAlways should be carefully reviewed to determine if further protection with a stricter Keychain accessibility level is warranted.

Example 1: In the following example, the given file is not protected (accessible anytime the device is powered on):

...
    NSMutableDictionary *dict = [NSMutableDictionary dictionary];
    NSData *token = [@"secret" dataUsingEncoding:NSUTF8StringEncoding];

    // Configure KeyChain Item
    [dict setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id) kSecClass];
    [dict setObject:token forKey:(__bridge id)kSecValueData];
    ...
    [dict setObject:(__bridge id)kSecAttrAccessibleAlways forKey:(__bridge id) kSecAttrAccessible];

    OSStatus error = SecItemAdd((__bridge CFDictionaryRef)dict, NULL);
...

Application files can be accessed by other applications on rooted devices or in unencrypted backups. Because a user could decide to jailbreak their device or perform unencrypted backups, it is a best practice to encrypt databases that contain sensitive data.

Example 1: The following code establishes a connection to an unencrypted Realm database:

    Realm realm = Realm.getDefaultInstance();

Files saved to iOS's photo album are world-readable and can be accessed by any application on the device. This could allow an attacker to steal sensitive photos, such as those of checks used for mobile check deposits.

Example 1: The following code uses UIImageWriteToSavedPhotosAlbum to save images to the photo album:

- (void) imagePickerController:(UIImagePickerController *)picker didFinishPickingMediaWithInfo:(NSDictionary *)info
{
	// Access the uncropped image from info dictionary
	UIImage *image = [info objectForKey:UIImagePickerControllerOriginalImage];

  // Save image
  UIImageWriteToSavedPhotosAlbum(image, self, @selector(image:didFinishSavingWithError:contextInfo:), nil);

	...
}

The Keychain accessibility levels define when the Keychain items are decrypted and made available for apps. The possible accessibility levels include:

-kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleAlways:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly:
The data in the Keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device.
This is recommended for items that only need to be accessible while the application is in the foreground. Items with this attribute never migrate to a new device. After a backup is restored to a new device, these items are missing. No items can be stored in this class on devices without a passcode. Disabling the device passcode causes all items in this class to be deleted.
Available in iOS 8.0 and later.

-kSecAttrAccessibleAlwaysThisDeviceOnly:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlocked:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute migrate to a new device when using encrypted backups.
This is the default value for Keychain items added without explicitly setting an accessibility constant.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlockedThisDeviceOnly:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

If the Keychain items are stored with a reasonably secure policy such as kSecAttrAccessibleWhenUnlocked, then if your device gets stolen and a passcode is set, the theft will need to unlock the device in order for the Keychain items to be decrypted. Failing to enter the right passcode will block the theft from decrypting the Keychain items. However, if the passcode is not set, the attacker just needs to slide his finger to unlock the device and get the Keychain to decrypt its items. Therefore, failing to enforce a passcode in the device may weaken the Keychain encryption mechanism.

Example 1: In the following example the Keychain item is protected at all times, except when the device is powered on and unlocked, but also available if a passcode is not set on the device:

...
    NSMutableDictionary *dict = [NSMutableDictionary dictionary];
    NSData *token = [@"secret" dataUsingEncoding:NSUTF8StringEncoding];

    // Configure KeyChain Item
    [dict setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id) kSecClass];
    [dict setObject:token forKey:(__bridge id)kSecValueData];
    ...
    [dict setObject:(__bridge id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly forKey:(__bridge id) kSecAttrAccessible];

    OSStatus error = SecItemAdd((__bridge CFDictionaryRef)dict, NULL);
...

Named pasteboards enable developers to share data with other parts of an application or with other applications that have the same team ID. Configuring named pasteboards as persistent is a deprecated feature that can lead to sensitive data exposure. When a pasteboard is marked persistent, data stored in the pasteboard can be saved unencrypted to local storage, and it persists across application and device restarts.
Example 1: In the following example, a named pasteboard is created and configured as persistent by invoking setPersistent:YES.

  ...
  UIPasteboard *pasteboard = [UIPasteboard pasteboardWithName:@"myPasteboard" create:YES];
  [pasteboard setPersistent:YES];
  ...

Granting full anonymous access to a bucket or object allows attackers to read the content or replace it with malicious content.

Example 1: The following code sets an Access Control Policy that grants full anonymous access to the foo bucket.

    GetBucketAclRequest bucketAclReq = GetBucketAclRequest.builder().bucket("foo").build();
    GetBucketAclResponse getAclRes = s3.getBucketAcl(bucketAclReq);
    List<Grant> grants = getAclRes.grants();

    Grantee allusers = Grantee.builder().uri("http://acs.amazonaws.com/groups/global/AllUsers").build();
    Permission fc_permission = Permission.fromValue("FullControl");
    Grant grant = Grant.builder().grantee(allusers).permission(fc_permission).build();
    grants.add(grant);

    AccessControlPolicy acl = AccessControlPolicy.builder().grants(grants).build();

Granting anonymous permission to read a bucket or object Access Control Policy (ACP) allows attackers to discover which objects can be retrieved or overwritten.

Example 1: The following code sets an Access Control Policy that grants anonymous read ACP access to the foo bucket.

    GetBucketAclRequest bucketAclReq = GetBucketAclRequest.builder().bucket("foo").build();
    GetBucketAclResponse getAclRes = s3.getBucketAcl(bucketAclReq);
    List<Grant> grants = getAclRes.grants();

    Grantee allusers = Grantee.builder().uri("http://acs.amazonaws.com/groups/global/AllUsers").build();
    Permission fc_permission = Permission.fromValue("READ_ACP");
    Grant grant = Grant.builder().grantee(allusers).permission(fc_permission).build();
    grants.add(grant);

    AccessControlPolicy acl = AccessControlPolicy.builder().grants(grants).build();

Granting read anonymous access to a bucket or object will allow attackers to read its contents.

Example 1: The following code sets an Access Control Policy that grants anonymous read access to the foo bucket.

    GetBucketAclRequest bucketAclReq = GetBucketAclRequest.builder().bucket("foo").build();
    GetBucketAclResponse getAclRes = s3.getBucketAcl(bucketAclReq);
    List<Grant> grants = getAclRes.grants();

    Grantee allusers = Grantee.builder().uri("http://acs.amazonaws.com/groups/global/AllUsers").build();
    Permission fc_permission = Permission.fromValue("Read");
    Grant grant = Grant.builder().grantee(allusers).permission(fc_permission).build();
    grants.add(grant);

    AccessControlPolicy acl = AccessControlPolicy.builder().grants(grants).build();

Granting anonymous permission to write a bucket or object Access Control Policy (ACP) allows attackers to read or write any content to that bucket.

Example 1: The following code sets an Access Control Policy that grants anonymous write ACP access to the foo bucket.

    GetBucketAclRequest bucketAclReq = GetBucketAclRequest.builder().bucket("foo").build();
    GetBucketAclResponse getAclRes = s3.getBucketAcl(bucketAclReq);
    List<Grant> grants = getAclRes.grants();

    Grantee allusers = Grantee.builder().uri("http://acs.amazonaws.com/groups/global/AllUsers").build();
    Permission fc_permission = Permission.fromValue("WRITE_ACP");
    Grant grant = Grant.builder().grantee(allusers).permission(fc_permission).build();
    grants.add(grant);

    AccessControlPolicy acl = AccessControlPolicy.builder().grants(grants).build();

Granting anonymous write access to a bucket or object allows attackers to replace the content or upload malicious content.

Example 1: The following code sets an Access Control Policy that grants anonymous write access to the foo bucket.

    GetBucketAclRequest bucketAclReq = GetBucketAclRequest.builder().bucket("foo").build();
    GetBucketAclResponse getAclRes = s3.getBucketAcl(bucketAclReq);
    List<Grant> grants = getAclRes.grants();

    Grantee allusers = Grantee.builder().uri("http://acs.amazonaws.com/groups/global/AllUsers").build();
    Permission fc_permission = Permission.fromValue("Write");
    Grant grant = Grant.builder().grantee(allusers).permission(fc_permission).build();
    grants.add(grant);

    AccessControlPolicy acl = AccessControlPolicy.builder().grants(grants).build();

The identified function writes data to the general pasteboard without excluding it from Universal Clipboard synchronization across devices via Handoff.

Content written to the general pasteboard is persistently stored across device restarts, app uninstalls, and app restores. Using the general pasteboard with the Universal Clipboard feature enabled increases the risk of stolen or modified pasteboard data as part of a Clipboard Hijacking attack by a malicious application running on another device.

Furthermore, because Universal Clipboard is compatible with devices running either iOS 10 and later or macOS Sierra and later, an increased threat is introduced by compatible devices running an older operating system that does not contain more recent privacy and security updates aimed to protect unauthorized clipboard access.

Example 1: In the following code, data is written to the general pasteboard setting the items property that shares pasteboard content between the user's devices by default via Universal Clipboard.

...
UIPasteboard *pasteboard = [UIPasteboard generalPasteboard];
NSDictionary *items = @{
    UTTypePlainText : sensitiveDataString,
    UTTypePNG : [UIImage imageWithData:medicalImageData]
};
[pasteboard setItems: @[items]];
...

Example 2: In the following code, data is written to the general pasteboard by calling the setObjects:localOnly:expirationDate: method with Universal Clipboard behavior explicitly enabled by setting the localOnly parameter to NO.

...
UIPasteboard *pasteboard = [UIPasteboard generalPasteboard];
[pasteboard setObjects:@[sensitiveDataString, [UIImage imageWithData:medicalImageData]] 
            localOnly:NO 
            expirationDate:[NSDate distantFuture]];
...

When storing data into the Keychain, an accessibility level needs to be set up which defines when it will be possible to access the item. The possible accessibility levels include:

-kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly:
The data in the Keychain item cannot be accessed after a restart until the device has been unlocked once by the user.
After the first unlock, the data remains accessible until the next restart. This is recommended for items that need to be accessed by background applications. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleAlways:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute migrate to a new device when using encrypted backups.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly:
The data in the Keychain can only be accessed when the device is unlocked. Only available if a passcode is set on the device.
This is recommended for items that only need to be accessible while the application is in the foreground. Items with this attribute never migrate to a new device. After a backup is restored to a new device, these items are missing. No items can be stored in this class on devices without a passcode. Disabling the device passcode causes all items in this class to be deleted.
Available in iOS 8.0 and later.

-kSecAttrAccessibleAlwaysThisDeviceOnly:
The data in the Keychain item can always be accessed regardless of whether the device is locked.
This is not recommended for application use. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlocked:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute migrate to a new device when using encrypted backups.
This is the default value for Keychain items added without explicitly setting an accessibility constant.
Available in iOS 4.0 and later.

-kSecAttrAccessibleWhenUnlockedThisDeviceOnly:
The data in the Keychain item can be accessed only while the device is unlocked by the user.
This is recommended for items that need to be accessible only while the application is in the foreground. Items with this attribute do not migrate to a new device. Thus, after restoring from a backup of a different device, these items will not be present.
Available in iOS 4.0 and later.

When Keychain protections were first introduced, the default value was kSecAttrAccessibleAlways, which created a security problem since someone that can get access or steal your device will be able to read the contents of the Keychain. Currently, the default attribute is kSecAttrAccessibleWhenUnlocked, which is a reasonably restrictive default. However, Apple's public documentation disagrees about what the default attribute is supposed to be, so just in case, you should set this attribute explicitly on all Keychain items.

Example 1: In the following example the Keychain item is stored without clearly specifying an accessibility level which may behave differently on different iOS versions:

...
    NSMutableDictionary *dict = [NSMutableDictionary dictionary];
    NSData *token = [@"secret" dataUsingEncoding:NSUTF8StringEncoding];

    // Configure Keychain Item
    [dict setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id) kSecClass];
    [dict setObject:token forKey:(__bridge id)kSecValueData];
    ...

    OSStatus error = SecItemAdd((__bridge CFDictionaryRef)dict, NULL);
...

A common development practice is to add "back door" code specifically designed for debugging or testing purposes that is not intended to be shipped or deployed with the application. When this sort of debug code is accidentally left in the application, the application is open to unintended modes of interaction. These back door entry points create security risks because they are not considered during design or testing and fall outside of the expected operating conditions of the application.

The most common example of forgotten debug code is a main() method appearing in a web application. Although this is an acceptable practice during product development, classes that are part of a production J2EE application should not define a main().