Swift : Empty password

An empty password may lead to an application compromise.

Eliminating the security risks related to hardcoded empty passwords is extremely difficult. The information that a certain account accepts an empty password is accessible to at least every developer of the application. Moreover, after the application is installed, removing an empty password from its code is possible only via an update. Constant strings are easily extracted from the compiled application by decompilers. Therefore, an attacker does not necessarily need to have an access to the source code to know parameters of the special account. If these parameters become known to an attacker, system administrators will be forced either to neglect the safety, or to restrict the access to the application.

In case of a mobile application, security threat is even higher, considering the risk of the device loss.