Secure App Data on iPhone

Question

EDITED

Ok, putting aside that voting negative doesn't really help in solving the problem. If you don't have anything helpful to say and you are not interested in the problem, just change page. If you instead have ideas or you are simply interested in knowing different approaches, then your comment is welcome even if it is not perfect or it is simply an idea to experiment

Problem:

I need to store application data in an iPhone app.

We were initially storing the data using the classic NSDocumentDirectory path... but how "secure" is this method?

Without considering jailbroken devices (I am not interested in fighting this at the moment), it seems that any user (on any genuine device) can, using a simple iPhone browsing software, navigate into this folder and mess up the content, hacking it effectively.

If this is the case, what is the best "place" or "method" to use in order to store secure generic data (that are not necessarily passwords in this case).

Is it KeyChain a correct way even in these cases or is there a better/alternative way?

Note and Core Question:

I know about encrypting and securing data with keys etc. I not talking about "obfuscating or protecting their content"

Here the problem is different. So let put it in this way:

"How do you avoid that the user can access the folder where the files (data, encrypted, sql files, anything you like) are stored, and just mess them up in any way (this could be removing them, copying them, accessing them with an hex editor and modifying values, whatever).

It is not what they do with it the point, but instead an even more restrictive how be sure that the user cannot reach them at all"

Thanks

Answer 1

You can used encryption algorithm to secure the data and save in sqlite db or files in document dictionary.

Please have look at this application, this application explain AES algorithm to encrypt or decrypt the data by using secure key.

Use Helper classes from repository AES256AndBase64 in your application, #import "NSString+AESCrypt.h" in your required file.

Use AES256EcryptWithKey: and AES256DecryptWithKey: method to encrypt/decrypt the data:

NSString* dummyString=@"Steve Job";

NSLog(@"Normal String- %@",dummyString);

NSString* encrypt_decrypt_Key=@"apple";

NSString *encryptString = [dummyString
                              AES256EncryptWithKey:encrypt_decrypt_Key];

NSLog(@"Encrypt String- %@",encryptString);

NSString *decryptString = [encryptString
                           AES256DecryptWithKey:encrypt_decrypt_Key];

NSLog(@"Decrypt String- %@",decryptString);

Or if you are using iOS 5 and above have look at this blog.