Apple advise using NSUserDefaults to store all your app preferences. However, it seems that NSUserDefaults is very easily editable. Is there a way to secure this. I'm not looking for a way to make it impossible to edit, just making it harder so that users won't be so tempted to change application internal variables.
Because NSUserDefaults stores all data in an unencrypted . plist file, a curious person could potentially view this data with minimal effort. That means that you should never store any type of sensitive data inside NSUserDefaults.
UserDefaults and securityThis storage is not encrypted at all so if an app other than your own obtains access to your user defaults store, your user's data is compromised. For example, simple preferences that can't be used to identify your users are okay to store in user defaults.
If you need to store sensitive data, use Keychain Services. Unlike UserDefaults, the data stored in the keychain is automatically encrypted. With the keychain, you don't need to save encryption keys. Every application has its own isolated keychain section that other applications can't access.
If a piece of data is not sensitive (e.g., default font size), store it in NSUserDefaults.
If it needs to be secure from casual snooping (e.g., user's password), store it in the Keychain.
If it needs to be secure from the user (e.g., registration code), you will need to roll your own encryption, then store the data wherever you like.
I wrote a simple to use and small category for exactly that purpose. Works on iPhone and Mac OS X, it is free and under MIT license. You can find it at github: SecureUserDefaults
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With