oPass Personal

iPhone Password Manager

​​​​​Data Protection

Account data and passwords are stored using the Data Protection feature built into the iPhone and iOS. More information is available at:




Account data and passwords are encrypted at rest by the iPhone's hardware AES256 DMA encryption engine.

Account Data 

Account data (including photos and PDFs) are stored using NsFileProtectionComplete. This ensures account data can be accessed only when the phone is powered on and unlocked. 


Passwords are stored in the keychain with kSecAttrAccessibleWhenUnlocked. This  ensures passwords can be accessed only when the phone is powered on and unlocked, and it ensures Apple's protections are applied to passwords in backups.   kSecAttrSynchronizable is not set by default, and is set only if you enable the app's option to "Allow iCloud Keychain".

App Lock

The app allows you to use biometric and passcode authentication to guard access to the app. 

Authentication is handled by iOS through a call to canEvaluatePolicy using LAPolicy.deviceOwnerAuthentication.

No third party software libraries
The app is built entirely on native Apple iOS APIs. Open source or third party software libraries are not used. SDKs for mobile analytics or collecting usage data are not used.

Background screenshot suppression
The app suppresses the screenshot taken when an iOS app goes into the background. The view is a white screen. This prevents the app deck from disclosing passwords or account information. The app deck is displayed when the iPhone's Home button is double-clicked.

Phone dictionary prevention
The app disables autocorrect for input fields, so account data and passwords are kept out of the phone’s word dictionary.

Custom keyboard prevention
The app does not use custom keyboards or keyboard extensions. These can contain malware or spyware, which could steal passwords or collect information.

Last account display and last password change information
The Display Account screen provides two system fields:

  • "Last Account Display”  - the last date and time the account information was displayed
  • “Last Password Change” - the last date and time the password was changed in the app

These values are initialized to the current date and time when an account is created.

No use of Advertising identifier (IDFA)
The app does not use Apple’s iPhone Advertising Identifier (IDFA).

Swift programming language
The app is written in Swift, providing a higher level of security than Objective-C. There are no bridging headers to Objective-C.

Foreign language characters
The app uses the Swift String and Character objects, allowing the app to be Unicode-compliant. A wide range of languages and characters can be used for account data and passwords. More information about Unicode support in Swift is available at:


See the FAQ here

See the app in the App Store