Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

iOS: Is it secure to store sensible user information in [NSUserDefaults standardUserDefaults]?

Tags:

ios

objective-c

iphone

I understand that, besides some general settings, an iOS app can only see the contents in the [NSUserDefaults standardUserDefaults] that itself created. I guess the OS is looking at the app's identifier to ensure this, right? What I want to know is if there is any way another applications could gather information that my app stored in the user defaults.

like image 515
Marc-André Weibezahn Avatar asked Jan 03 '12 19:01

Marc-André Weibezahn

People also ask

Is NSUserDefaults secure?

Because NSUserDefaults stores all data in an unencrypted . plist file, a curious person could potentially view this data with minimal effort. That means that you should never store any type of sensitive data inside NSUserDefaults.

How would you store sensitive user data in iOS?

Keychain. The iOS keychain is ideal for storing small secrets like account information and access tokens. The keychain is an encrypted database managed by the system. Apps can create, read, update, and delete keychain items using a query-based API provided in the Security framework.

Is NSUserDefaults thread safe?

Thread SafetyThe UserDefaults class is thread-safe.

Is iOS UserDefaults secure?

UserDefaults and securityYou should never store any sensitive data in user defaults. This storage is not encrypted at all so if an app other than your own obtains access to your user defaults store, your user's data is compromised.

1 Answers

Other apps would not be able to access information saved in your user defaults for your app. But this doesn't mean the information can't be obtained. You can plug your device into Xcode and run your app. Under devices, you can view your own app's information, and the information saved in user defaults will be listed there.

It generally isn't a good idea to save sensitive user data there, while not that easy to access, it is still accessible. For general non-personal data or settings, it really isn't a big issue. You can always use the built-in keychain access to store username and password information and use user defaults for anything else you might need.

In one of my apps, I salt and hash the username and password together to create a unique token. I save that in user defaults. It is worthless by itself, but that is just my way of doing things. Good luck.

like image 138
Bill Burgess Avatar answered Nov 14 '22 23:11

Bill Burgess
Sign in to Comment

Related questions

uiimagepickercontroller - get the name of the image selected from photo library
iphone - Focus effect (just like UIAlertView)
How to make a checkmark UIButton in iOS?
new xib in xcode4
Can UILongPressGestureRecognizer be used together with touch events like touchesMoved?
Basic AVAssetReader problems reading video samples
TCP hole punching on iPhone
viewDidUnload ,viewWillDisappear not called in tabBarContoller
UITabBarItem.title vs. UINavigationController.title
Change Navigation bar Background image on each navigation
Is there an SDK to draw lines on iOS with touch?
Private properties and methods in Objective-C
Using @property and @synthesize with ivar implicit creation
How to distinguish is it a SOAP or REST webservice?
XMLRPC-iOS for iOS project
NSNumber stored in NSUserDefaults
What is the infoDictionary key to get the copyright defined in the bundle?
How to do vignette effect on iOS?
How to POST an object to rails using RestKit?
Access the data of AVPlayer when playing video from HTTP Live Streaming

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!