We're working on an software service that integrates with some of our users' iCloud data. From what I've read the only way to access iCloud on behalf of the user is to have them generate an app-specific password. As far as I know this password is unlimited in scope and duration. We can access all of the user's data for as long as we want unless the user revokes the password. Needless to say, it would be unfortunate for our users if the password fell into the wrong hands. From what I can tell Apple does have aggressive auto-revoke rules, but I couldn't find any documentation about how it works, so it makes me uneasy to rely upon them for security.
How should I store these passwords for my application to use?
Some options I've already considered:
- We can store them in cleartext in the database and rely on the user/Apple to revoke suspicious activity on the app-specific password.
- Hashing isn't really an option here.
- We could encrypt the passwords, but to make this secure we would have to keep the key quite separate from the application and database that the encrypted password is stored in which would complicate the application design/deployment significantly with moderately improved security.
I suppose this is a pretty common problem with iCloud integrated applications. Are there any Apple recommendations on this topic?