How does the Parse Local Database store its data?

Question

Is it using core data?

Is the data encrypted in any way? Is there a way a user could maliciously modify it easily?

I have been trying to look for this answer since LDB was announced for iOS, and have not found any information regarding this other than 'it is just like our android implementation'. If this information is stored in plaintext I cannot store sensitive information in it, which is why I would like to know.

Answer 1

I've just created an app that uses the local database, and here's what I've found.

Inside <app sandbox directory>/Library/Private Documents/Parse there is a file called ParseOfflineStore. This is a sqlite database. There are 2 relevant tables inside (ParseObjects and Dependencies), and pinned objects are stored inside ParseObjects.

To answer your questions:

1) No, it does not use CoreData, but it is sqlite (the same db backing store as CoreData).

2) No, it is not encrypted. It's in the clear, stored in the ParseObjects table, in the json column as cleartext json.

It would be relatively trivial for anyone who can hook up iExplorer to the app to download, change, and upload the local database. However, if you have a user who can do that, it's likely they could proxy your app with Charles anyway ;-)