Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can users modify NSUserDefaults key values in an iOS app?

Tags:

ios

nsuserdefaults

in-app-purchase

jailbreak

I have a question about security.

I am making an iOS app with in app purchase following this tutorial, and I store what products were bought in NSUserDefaults. That's why I wonder :

Can a user with a jailbroken device modify NSUserDefaults key and values for an app?

Thank you very much if you know about it.

Jer

like image 582
darksider Avatar asked Oct 09 '12 07:10

darksider

People also ask

Where are the NSUserDefaults values stored?

All the contents saved by NSUserDefaults is saved inside a plist file that can be found under Library -> Preferences -> $AppBundleId. plist as shown in the image below. Open up the plist file and you can easily view the contents of the file.

What is NSUserDefaults in iOS?

Overview. The NSUserDefaults class provides a programmatic interface for interacting with the defaults system. The defaults system allows an app to customize its behavior to match a user's preferences. For example, you can allow users to specify their preferred units of measurement or media playback speed.

What is difference between keychain and UserDefaults in Swift?

A keychain is an encrypted container that holds passwords for multiple applications and secure services. Apple Inc. uses keychains as password management system in Mac OS and iOS. UserDefaults Provides a way for application behavior Customization based on user preferences.

Is NSUserDefaults thread safe?

This method is using a pthread_mutex_t to lock the access to the dictionary containing the values. So NSUserDefaults is thread safe.

2 Answers

Yes, they can. The user defaults are stored relative to your app directory here:

./MyAppName.app
./Library/Preferences/com.mycompany.MyAppName.plist

The plist file is not encrypted or signed, so it can be modified easily:

plutil -convert xml1 com.mycompany.MyAppName.plist
vim com.mycompany.MyAppName.plist

You can look into the iOS keychain, as @rckoenes said, or also something like this open source secure defaults replacement, which offers an interface similar to NSUserDefaults.

Update:

Since iOS 8, the data directory (and thus the preferences plist files) are now under:

/var/mobile/Containers/Data/Application/<GUID>/Library/Preferences/

Apple Reference Docs

like image 82
Nate Avatar answered Oct 12 '22 01:10

Nate

Even users without a Jailbroken device can modify plists...

like image 28
Lefteris Avatar answered Oct 12 '22 01:10

Lefteris
Sign in to Comment

Related questions

Set tab bar item selected image in xcode 6
How to set background color for UIPageViewController?
UIActivityViewController on iPad
awakeFromNib is not getting called in Custom cell class due to which IBOutlets are nil
How does one disable third party keyboards in Swift?
How to convert .ipa to .app file?
UITabBar selectionIndicatorImage height on iPhone X
Round Corners UIView in Swift 4
Unable to add a source with url `https://cdn.cocoapods.org/` named `trunk`
How do I implement a bit array in C / Objective C
iPad launch orientation when flat on surface
How to dismiss UIPopover from a button in the Popover
Get an audio stream from URI and play it on iPhone
iOS Keychain SecItemAdd returns -25243
iOS storyboard - Disable status bar on storyboard once
not implemented delegate method leads to crash
Adding cells programmatically to UITableView
Removing all non wanted characters using the NSCharacterSet
Custom iOS UIDatepicker using UIAppearance
iOS 6 - How to run custom code when orientation changes

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!