Storing game preferences and saved games in a secure format

Question

This is from Apple docs:

When you design a game that reports scores to Game Center, you should also consider the security needs of your game. You want scores reported to Game Center to be an accurate accounting of how players are doing. Here are two suggestions:

Store your game’s preferences and saved games in a secure format, rather than in clear text. If your game’s data is stored in clear text, a player can download the saved game data using iTunes, modify it, and resync it back to the device. This may allow the player to achieve a higher score than you intended. Always set reasonable minimum and maximum values for a leaderboard.

I know that data can be stored into .plist file or .xml or .json, even in a database. But all of that is non-encrypted plain text. What is considered as a secure format ? And what else methods/classes/techniques can be used to store sensitive data ?

Answer 1

If a hacker is determined enough and has the proper skill set, your stored data can be usually compromised regardless of storage method. It boils down to what your app's real-world applications are and the time and effort you are willing to put into keeping the data safe. Below are some options for you to consider:

NSUserDefaults

One of the most common and simplest ways to store data. Data is not encrypted.

Save string to the NSUserDefaults?

Plist Files

Also a common way to store data. Data is not encrypted.

Storing and Retrieving from a Plist

CoreData

Creates a model, manage relationship between different types of objects. By default, data is not encrypted.

http://www.appcoda.com/introduction-to-core-data/

http://www.raywenderlich.com/85578/first-core-data-app-using-swift

Keychain

Arguably the most secure way to store data on a non-jailbroken device. Data is encrypted.

https://stackoverflow.com/questions/16459879/how-to-store-a-string-in-keychain-ios

NSCoding

As Whirlwind pointed out, this is yet another storage method.

http://www.raywenderlich.com/1914/nscoding-tutorial-for-ios-how-to-save-your-app-data

http://nshipster.com/nscoding/

CommonCrypto Apple Framework

Low-level C coding. Data is encrypted.

https://developer.apple.com/library/ios/documentation/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html

https://developer.apple.com/library/ios/samplecode/CryptoExercise/Listings/ReadMe_txt.html

Custom approaches

Store the data in the cloud thereby eliminate having it on the device altogether. Use the touch ID feature to authenticate the user and download the cloud data.

http://code.tutsplus.com/tutorials/ios-8-integrating-touch-id--cms-21949

https://developer.apple.com/library/ios/samplecode/KeychainTouchID/Introduction/Intro.html