I'm writing an App that involves authentication on the initial screen, and allows access to sensitive data on later screens. When the iPhone is locked, either with the lock button or through auto-lock, I would like the App to close itself as a security measure. Is there a way I can do this?

Your UIApplicationDelegate will receive the

– applicationWillResignActive:

message when the screen locks, and

– applicationDidBecomeActive: 

when it comes back. However, it could also receive these messages in other situations (such as receiving a phone call, the user closes the app on iOS 4.0 and later) and I don't know of a way of distinguishing the reason.

A better user experience in my opinion would be to pop up the authentication again when the app comes back. This way the user won't be confused when the phone unlocks, and the app they had running has mysteriously quit.

To clear up any confusion, I just ran some tests, on a device with iOS 4.3.2:

When you launch your app, your app gets sent: application:didFinishLaunchingWithOptions: applicationDidBecomeActive:

When you hit the home button, your app gets sent:

applicationWillResignActive:
applicationDidEnterBackground:

When you relaunch that same app later, your app gets sent:

applicationWillEnterForeground:
applicationDidBecomeActive:

When you hit the lock button, your app gets sent:

applicationWillResignActive:

When you unlock, your app gets sent:

applicationDidBecomeActive:

When you get a call, your app gets sent a:

applicationWillResignActive:

If you don't answer that call, your app gets sent a:

applicationDidBecomeActive:

When you get a call, your app gets sent a:

applicationWillResignActive:

If you answer that call, your app gets sent a:

applicationDidEnterBackground:

When you hang up that call, your app gets sent:

applicationWillEnterForeground:
applicationDidBecomeActive:

I'd say when you get an applicationWillResignActive: then you should logout, de-authenticate, lock up or discard your confidential info, and when you get an applicationDidBecomeActive: then re-authenticate. That one gets called on launch, return from the background and unlocking of the device.

Also, these two methods may be interesting to you, but they don't really help the specific case that you are interested in:

- (void)applicationProtectedDataWillBecomeUnavailable:(UIApplication *)application 

- (void)applicationProtectedDataDidBecomeAvailable:(UIApplication *)application

If I remember correctly the App is put to sleep when the phone is locked.

Since the introduction of multitasking Apple changed the behavior so that your App is sent a specific message when unlocked/switched to.

I would suggest to just listen for that thing and then ask for authentication again at this point.

I dont think you can just quit your App (nor should you), I dont know any App that just kills itself…

Sorry for being not too specific here, but I hope you will now know where to go…

1. "Closing your app" goes against Apple guidelines. While some apps actually do this, it is one of the things that can get your app rejected. It was against Apple guidelines before multitasking and is now more important because of multitasking. The user experience is when they come back to the phone and your app after a lock or being in another application, your application should still be running. To "Close your app" would lead the user to believe that you app has crashed and they will likely write reviews to that effect.

2. If your desire is to protect the information in the app when the user goes "away" then You should look into UIApplicationDelegate Protocol Reference. Particualrly applicationDidEnterBackground: (where you should log the user out) and applicationDidBecomeActive: (where you should make the user log back in).

As a last note, you may want to default to "auto logout" but give the user a settings option to keep them logged in if they wish. Not that hard, and the few who want it can take advantage of the setting.