Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to secure NSUserDefaults?

Tags:

iphone

Apple advise using NSUserDefaults to store all your app preferences. However, it seems that NSUserDefaults is very easily editable. Is there a way to secure this. I'm not looking for a way to make it impossible to edit, just making it harder so that users won't be so tempted to change application internal variables.

like image 240
erotsppa Avatar asked Oct 13 '09 15:10

erotsppa


People also ask

How secure is NSUserDefaults?

Because NSUserDefaults stores all data in an unencrypted . plist file, a curious person could potentially view this data with minimal effort. That means that you should never store any type of sensitive data inside NSUserDefaults.

Is iOS UserDefaults secure?

UserDefaults and securityThis storage is not encrypted at all so if an app other than your own obtains access to your user defaults store, your user's data is compromised. For example, simple preferences that can't be used to identify your users are okay to store in user defaults.

How would you store sensitive user data iOS?

If you need to store sensitive data, use Keychain Services. Unlike UserDefaults, the data stored in the keychain is automatically encrypted. With the keychain, you don't need to save encryption keys. Every application has its own isolated keychain section that other applications can't access.


2 Answers

If a piece of data is not sensitive (e.g., default font size), store it in NSUserDefaults.

If it needs to be secure from casual snooping (e.g., user's password), store it in the Keychain.

If it needs to be secure from the user (e.g., registration code), you will need to roll your own encryption, then store the data wherever you like.

like image 120
benzado Avatar answered Sep 20 '22 10:09

benzado


I wrote a simple to use and small category for exactly that purpose. Works on iPhone and Mac OS X, it is free and under MIT license. You can find it at github: SecureUserDefaults

like image 25
Matthias Plappert Avatar answered Sep 19 '22 10:09

Matthias Plappert