Security flagship demo — Keychain, biometrics, Secure Enclave signing, and hardening notes mapped to mobile banking needs.
| Tab | API | Revolut-relevant use |
|---|---|---|
| Keychain | Generic password, access flags | Session tokens, refresh secrets |
| Biometrics | LocalAuthentication |
App unlock, confirm payment |
| Secure Enclave | EC P-256 sign challenge | Strong customer auth, device-bound keys |
| Hardening | Stub checks + ATS notes | Risk signals (educational only) |
Private keys inside the Secure Enclave are not available on the iOS Simulator. The Secure Enclave tab shows an explicit message on simulator; use a physical iPhone to generate a key and sign a challenge.
Production apps should enforce HTTPS, TLS 1.2+, and consider certificate or public-key pinning for API endpoints. This repo documents the concept only — no pinning dependency.
open SecureWarrior.xcodeproj → ⌘R
Educational portfolio — not production security advice.