What is un-secure about NSUserDefaults, is manual encryption safe?

Question

If I understand correctly: NSUserDefaults is an un-secure place to store sensitive data because some settings file can be hacked and the NSUserDefault values can be changed.

What exactly can be hacked and not hacked? Can the Hacker see my app's Swift Code, or do they only see the list of variables and values stored in NSUserDefaults?

Could I create my own "encryption" in my code (where the NSUserDefault values appear like a bunch of meaningless numbers, and the "key" is inside my code with some convoluted mathematical operation to do)? Is this safe?

Note: I don't intend on encrypting anything serious like usernames or passwords, just Highscores and Bool values for whether or not levels/upgrades are unlocked. I don't want to have to learn KeychainsWrappers if my manual solution is safe.

Side-question (though I haven't reached this step yet): How are in-app purchases handled? is there a Bool value that says whether or not an item was paid for, and where is that Bool stored (is it up to you to decide)?

Answer 1

What exactly can be hacked and not hacked?

Most everything you can do can be hacked.

Can the Hacker see my app's Swift Code, do they only see the list of variables

A sophisticated hacker can see the executable binary but not the Swift source code.

values stored in NSUserDefaults?

It is trivial to see the contents of NSUserDefaults. See iExplorer and other similar apps.

Could I create my own "encryption" in my code

Sure, but should you?

"Schneier's Law": "Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break."

Is this safe?

No it is not safe. If you want use encryption you need a standard encryption algorithm such as AES but it is not that easy to create a secure scheme. You can use a wrapper library such as RNCryptor. But this creates a new problem: where to safely save the encryption key, see next point.

I don't want to have to learn KeychainsWrappers if my manual solution is safe.

Only if you want to securely wan to to save keys and small amounts of data. Security is hard.

You need to evaluate the level of security you need, this included the level of attacker and the value of the data. Attackers run from curious students to nation states. Data values run from Tic-Tac-Toe high scores to nuclear arms details. You need to determine these first.

Answer 2

NSUserDefaults is just a plist stored in the device filesystem. Its only 'security' is that people have to go into the device filesystem to get to it, which isn't particularly difficult.

According to the apple docs about in app purchases:

After making the product available, your app needs to make a persistent record of the purchase.

source

You can read more in the section about persisting your purchases for more information, but ignore the parts where it says you can use user defaults to do so.

Also I can't ever recommend rolling your own secure storage system if you don't know what you're doing.

The above is assuming you are talking about in app purchases. If you are talking about stuff local to the user, does it really matter if they hack your app? Say you have a system where you have to beat the previous level to unlock the next level. Who really cares if someone edits their defaults to unlock the next level. Its not something they had to pay for so it doesn't affect your revenue stream. In fact, I would argue it's better to allow people who really want to cheat to do so as long as it doesn't affect your revenue or other players.