Erase Action
Action Type: ERASE
Securely deletes sensitive data from your application before terminating the process.
Available for: All platforms (Mobile and Desktop)
How It Works
When the Erase action is triggered, the Monitor framework:
- Clears Keychain items containing sensitive credentials
- Removes UserDefaults entries with sensitive data
- Deletes private files and cached data
- Terminates the application process
- Ensures no trace of sensitive information remains
When to Use
Recommended for:
- Financial applications handling payment data
- Applications with personal identifiable information (PII)
- Apps managing health and medical records
- Systems storing encryption keys and tokens
- Any app with proprietary or classified data
Not recommended for:
- Applications without sensitive data
- Scenarios where data preservation is required
Configuration
JSON Configuration
JSON
{
"protections": [
{
"type": "DebuggerDetection",
"action": "erase",
"intervalMs": 3000
},
{
"type": "MemoryDumpDetection",
"action": "erase",
"intervalMs": 3000
}
]
}{
"protections": [
{
"type": "DebuggerDetection",
"action": "erase",
"intervalMs": 3000
},
{
"type": "MemoryDumpDetection",
"action": "erase",
"intervalMs": 3000
}
]
}Code-Based Configuration (Swift)
Swift
import ByteHideMonitor
BHMMonitor.configure { config in
config.enableProtection(
.debuggerDetection,
action: .erase,
intervalMs: 3000
)
config.enableProtection(
.memoryDumpDetection,
action: .erase,
intervalMs: 3000
)
}import ByteHideMonitor
BHMMonitor.configure { config in
config.enableProtection(
.debuggerDetection,
action: .erase,
intervalMs: 3000
)
config.enableProtection(
.memoryDumpDetection,
action: .erase,
intervalMs: 3000
)
}Code-Based Configuration (Objective-C)
OBJC
#import <ByteHideMonitor/ByteHideMonitor.h>
[BHMMonitor configure:^(BHMMonitorConfiguration *config) {
[config enableProtection:BHMProtectionModuleTypeDebuggerDetection
action:BHMActionTypeErase
intervalMs:3000];
[config enableProtection:BHMProtectionModuleTypeMemoryDumpDetection
action:BHMActionTypeErase
intervalMs:3000];
}];#import <ByteHideMonitor/ByteHideMonitor.h>
[BHMMonitor configure:^(BHMMonitorConfiguration *config) {
[config enableProtection:BHMProtectionModuleTypeDebuggerDetection
action:BHMActionTypeErase
intervalMs:3000];
[config enableProtection:BHMProtectionModuleTypeMemoryDumpDetection
action:BHMActionTypeErase
intervalMs:3000];
}];Code Examples
Clearing Keychain Items (Swift)
Before the Erase action terminates your app, implement cleanup for Keychain:
Swift
import Security
func clearKeychainItems() {
let secItemClasses: [CFString] = [
kSecClassGenericPassword,
kSecClassInternetPassword,
kSecClassCertificate,
kSecClassKey,
kSecClassIdentity
]
for secItemClass in secItemClasses {
let query: [String: Any] = [kSecClass as String: secItemClass]
SecItemDelete(query as CFDictionary)
}
}import Security
func clearKeychainItems() {
let secItemClasses: [CFString] = [
kSecClassGenericPassword,
kSecClassInternetPassword,
kSecClassCertificate,
kSecClassKey,
kSecClassIdentity
]
for secItemClass in secItemClasses {
let query: [String: Any] = [kSecClass as String: secItemClass]
SecItemDelete(query as CFDictionary)
}
}Clearing Keychain Items (Objective-C)
OBJC
#import <Security/Security.h>
- (void)clearKeychainItems {
NSArray *secItemClasses = @[
(__bridge id)kSecClassGenericPassword,
(__bridge id)kSecClassInternetPassword,
(__bridge id)kSecClassCertificate,
(__bridge id)kSecClassKey,
(__bridge id)kSecClassIdentity
];
for (id secItemClass in secItemClasses) {
NSDictionary *query = @{(__bridge id)kSecClass: secItemClass};
SecItemDelete((__bridge CFDictionaryRef)query);
}
}#import <Security/Security.h>
- (void)clearKeychainItems {
NSArray *secItemClasses = @[
(__bridge id)kSecClassGenericPassword,
(__bridge id)kSecClassInternetPassword,
(__bridge id)kSecClassCertificate,
(__bridge id)kSecClassKey,
(__bridge id)kSecClassIdentity
];
for (id secItemClass in secItemClasses) {
NSDictionary *query = @{(__bridge id)kSecClass: secItemClass};
SecItemDelete((__bridge CFDictionaryRef)query);
}
}Clearing UserDefaults (Swift)
Swift
func clearUserDefaults() {
guard let bundleId = Bundle.main.bundleIdentifier else { return }
UserDefaults.standard.removePersistentDomain(forName: bundleId)
UserDefaults.standard.synchronize()
}
// Clear sensitive keys only
func clearSensitiveDefaults() {
let sensitiveKeys = ["api_token", "user_session", "encryption_key", "refresh_token"]
for key in sensitiveKeys {
UserDefaults.standard.removeObject(forKey: key)
}
UserDefaults.standard.synchronize()
}func clearUserDefaults() {
guard let bundleId = Bundle.main.bundleIdentifier else { return }
UserDefaults.standard.removePersistentDomain(forName: bundleId)
UserDefaults.standard.synchronize()
}
// Clear sensitive keys only
func clearSensitiveDefaults() {
let sensitiveKeys = ["api_token", "user_session", "encryption_key", "refresh_token"]
for key in sensitiveKeys {
UserDefaults.standard.removeObject(forKey: key)
}
UserDefaults.standard.synchronize()
}Clearing CoreData (Swift)
Swift
import CoreData
func clearCoreData(context: NSManagedObjectContext) {
let entityNames = ["User", "Session", "Credential"]
for entityName in entityNames {
let fetchRequest = NSFetchRequest<NSFetchRequestResult>(entityName: entityName)
let deleteRequest = NSBatchDeleteRequest(fetchRequest: fetchRequest)
do {
try context.execute(deleteRequest)
try context.save()
} catch {
print("Failed to clear \(entityName): \(error)")
}
}
}import CoreData
func clearCoreData(context: NSManagedObjectContext) {
let entityNames = ["User", "Session", "Credential"]
for entityName in entityNames {
let fetchRequest = NSFetchRequest<NSFetchRequestResult>(entityName: entityName)
let deleteRequest = NSBatchDeleteRequest(fetchRequest: fetchRequest)
do {
try context.execute(deleteRequest)
try context.save()
} catch {
print("Failed to clear \(entityName): \(error)")
}
}
}Securely Deleting Files (Swift)
Swift
import Foundation
func secureShredFile(at url: URL) {
guard FileManager.default.fileExists(atPath: url.path) else { return }
do {
let data = try Data(contentsOf: url)
// Overwrite with random data
var randomBytes = [UInt8](repeating: 0, count: data.count)
_ = SecRandomCopyBytes(kSecRandomDefault, randomBytes.count, &randomBytes)
try Data(randomBytes).write(to: url)
// Delete the file
try FileManager.default.removeItem(at: url)
} catch {
// Best-effort deletion
try? FileManager.default.removeItem(at: url)
}
}
func clearCacheDirectory() {
guard let cacheURL = FileManager.default.urls(for: .cachesDirectory, in: .userDomainMask).first else { return }
if let files = try? FileManager.default.contentsOfDirectory(at: cacheURL, includingPropertiesForKeys: nil) {
for file in files {
secureShredFile(at: file)
}
}
}import Foundation
func secureShredFile(at url: URL) {
guard FileManager.default.fileExists(atPath: url.path) else { return }
do {
let data = try Data(contentsOf: url)
// Overwrite with random data
var randomBytes = [UInt8](repeating: 0, count: data.count)
_ = SecRandomCopyBytes(kSecRandomDefault, randomBytes.count, &randomBytes)
try Data(randomBytes).write(to: url)
// Delete the file
try FileManager.default.removeItem(at: url)
} catch {
// Best-effort deletion
try? FileManager.default.removeItem(at: url)
}
}
func clearCacheDirectory() {
guard let cacheURL = FileManager.default.urls(for: .cachesDirectory, in: .userDomainMask).first else { return }
if let files = try? FileManager.default.contentsOfDirectory(at: cacheURL, includingPropertiesForKeys: nil) {
for file in files {
secureShredFile(at: file)
}
}
}Erase with Custom Cleanup (Swift)
For maximum control, use the Custom action to implement comprehensive cleanup before termination:
Swift
BHMMonitor.configure { config in
config.registerCustomAction("erase_with_cleanup") { context in
// Clear Keychain
clearKeychainItems()
// Clear UserDefaults
clearUserDefaults()
// Clear cache
clearCacheDirectory()
// Log the security incident
print("Critical threat detected: \(context.threatDescription ?? "unknown")")
// Terminate the process
exit(1)
}
}BHMMonitor.configure { config in
config.registerCustomAction("erase_with_cleanup") { context in
// Clear Keychain
clearKeychainItems()
// Clear UserDefaults
clearUserDefaults()
// Clear cache
clearCacheDirectory()
// Log the security incident
print("Critical threat detected: \(context.threatDescription ?? "unknown")")
// Terminate the process
exit(1)
}
}Best Practices
- Combine with Logging: Log the threat before erasing to preserve incident details
- Test Data Wipe: Regularly test your data cleanup implementation
- Use Secure Methods: Overwrite data with random bytes for critical information
- Document Sensitive Data: Know where all sensitive information is stored (Keychain, UserDefaults, CoreData, files)
- Verify Deletion: Confirm that sensitive data is actually deleted, not just marked for deletion
- Back Up Critical Data: Consider secure backup systems for critical non-sensitive data
- Multiple Overwrites: For extremely sensitive data, overwrite multiple times with random bytes
Related Actions
Close Action
Terminate the application without data cleanup
Custom Action
Execute comprehensive custom cleanup logic
Log Action
Record incidents before taking action