Link to this headingObjective C Link to this headingDeserialization Insecure Code: id obj = [decoder decodeObjectForKey:@"myKey"]; if (![obj isKindOfClass:[MyClass class]]){ //fail } Secure Code: id obj = [decoder decodeObjectOfClass:[MyClass class] forKey:@"myKey"];