MASTG-BEST-0068: Secure Data Sharing Between App Extensions and Containing Apps

When an app and its extensions share data through an App Group, the shared container is readable and writable by every member of the group, with no per-item access control between members (see App Extensions). Choose the sharing channel based on the sensitivity of the data, and protect what you store.

Prefer a Shared Keychain for Secrets

Store credentials, tokens, and keys that both the app and an extension need in a shared Keychain Access Group (the keychain-access-groups entitlement), not in shared UserDefaults or a shared file container. The Keychain provides dedicated, access-controlled key storage with its own accessibility class. Set an appropriate accessibility attribute such as kSecAttrAccessibleWhenUnlockedThisDeviceOnly.

Protect Sensitive Files in the Shared Container

When sensitive data must live in the shared file container, apply Data Protection so its contents are encrypted while the device is locked. Write files with the NSFileProtectionComplete class:

try data.write(to: sharedContainerURL, options: .completeFileProtection)

This applies to all shared storage, in the same way it applies to the app's private storage (see Data Protection Classes for Files in Private Storage).

Minimize What You Share

Limit the shared container to the data each extension actually needs. Avoid placing whole datasets or secrets there when an extension only needs a subset, and grant each extension only the App Group identifiers required for its functionality.

Tests

MASTG-TEST-0388: References to Sensitive Data Stored Unprotected in Shared App Group Containers