Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Secure way to unlock full version via In-App Purchase

I'm planning to use In-App Purchases to unlock some features in my app. What is the most secure way to do this?

Originally I planned to set a Bool in the NSUserDefaults:

[[NSUserDefaults standardUserDefaults] setBool:YES forKey:@"isPro"];

But I'm not really sure whether there is a possibility to set this value via a "hack" (as NSUserDefaults are managed by iOS and not directly by the app) so that the user doesn't have to perform the In-App Purchase in order to get the full version.

What's the best practice to handle this?

like image 252
Patrick Avatar asked Jan 03 '13 12:01

Patrick


3 Answers

Yes, it's relatively easy to modify application preferences. But does it really matter? I would wager that anybody who is willing to crack open their iPhone filesystem and modify config files to save a quid or two is not the type of person who would be inclined to spend the money if they were unable to do so.

like image 124
Jim Avatar answered Oct 23 '22 08:10

Jim


Security through Obfuscation is the simplest way to go here (e.g. don't name your var "isPro" and perhaps don't have it's value be a simple BOOL but instead have it be some "magic" integer. Not foolproof but another speed bump to cracking.

As an alternative to using NSUserDefaults you could save a file to the app filesystem and then check it's contents at app launch.

Not sure it is worth the time and trouble though.

like image 3
spring Avatar answered Oct 23 '22 07:10

spring


You could save it in the keychain, but then on a jailbroken device it's also easy to read and change that. So you should encrypt the data. Make sure that the encryption password can not be found easily in your app by scanning the binary.

like image 1
Edwin Vermeer Avatar answered Oct 23 '22 08:10

Edwin Vermeer