Overview › Persistence & Storage

Persistence & Storage

Storage SPM abstraction + UserDefaults + Keychain wrappers; verify CoreData migrations.

0 findings in this category · iOS
70
SCORE

Summary

Persistence is abstracted by the Storage SPM package. The actual backing depends on the type: Keychain for tokens, UserDefaults for prefs, CoreData for structured data, FileManager for blobs.

Findings

PASS

Keychain wrappers in place

Sensitive tokens use Keychain via the Storage abstraction. Ensure access groups are configured for App Group + Notification Service Extension sharing.
MEDIUM

CoreData migrations need verification

CoreData model versions and lightweight/heavyweight migration paths must be tested across upgrades.
Recommendation: Add migration tests that load fixtures from each shipped schema version and assert the migration path completes.
MEDIUM

UserDefaults for sensitive data

Audit all UserDefaults writes; nothing membership-sensitive or tokens should live there. Email persisted in DataStore on Android — confirm iOS does the equivalent in Keychain instead.
Recommendation: Custom protocol wrapping UserDefaults with type safety; lint rule banning direct standard access for sensitive keys.
LOW

Backup behavior

Mark sensitive Keychain items with kSecAttrAccessibleWhenUnlockedThisDeviceOnly; mark cache files with NSURLIsExcludedFromBackupKey.
Recommendation: Audit backup posture; document policy.
No findings logged in this category yet for iOS.
‹ Previous07 · Networking & Data Layer
Costco iOS · Code Review Report · Generated 2026-05-07 · 88 machine-curated findings