Link to this headingObjective C
Link to this headingDeserialization
Insecure Code:
id obj = [decoder decodeObjectForKey:@"myKey"];
if (![obj isKindOfClass:[MyClass class]]){
//fail
}
Secure Code:
id obj = [decoder decodeObjectOfClass:[MyClass class] forKey:@"myKey"];