2

I wanted to do some operation on App's first launch. I have written my code as suggested here: how to detect first time app launch,iphone. It is working well.

I am able to delete and modify the contents in UserDefault plist using iExplorer.So my app is not functioning as expected. Is there any way to restrict app files being modified by external apps(iExplorer)?

Community
  • 1
  • 1
user123456789
  • 81
  • 1
  • 8

2 Answers2

3

If you alter system files using iExplorer, you could make any app not function properly. One way to make it somewhat tamper proof (though not quite as efficient), is to manage the information on a server rather than a local file. For example, your app may make a call to a web service to retrieve and store settings. That's not to say they couldn't tamper with your application bundle rendering it useless.

In a nutshell, you cannot make your app completely tamper proof

Edit

As Zaph has suggested, you can use the keychain. Simply store the [[NSBundle mainBundle] bundlePath] as a key in the keychain. bundlePath is unique for each installation. So, when your app loads, check for bundlePath in the keychain, if not exists, then it is fresh installation/first time load. After app has loaded, save the bundlePath to the keychain.

Jeremy
  • 8,902
  • 2
  • 36
  • 44
1

Create a hash of the values of the items you wan to to protect, encrypt that hash and save it in NSUserDefaults. When the NSUserDefaults are read decrypt the hash, re-compute the hash of the fields and check if hashes match.

If it is a small amount of data, say a single value, save it in the keychain.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • And if hashes don't match, app won't work properly - back where we started. Encryption may be a good idea, but can still be modified to make the app not work properly. – Jeremy Feb 07 '13 at 12:33
  • I tried that too. It is behaving like fresh installation if i delete the field from plist. – user123456789 Feb 07 '13 at 12:35
  • 1
    If it is a small amount of data, say a single value, save it in the keychain. – zaph Feb 07 '13 at 12:36
  • 1
    Keychain reference: [Saving Email/Password to Keychain in iOS](http://stackoverflow.com/questions/5247912/saving-email-password-to-keychain-in-ios) – Jeremy Feb 07 '13 at 12:39
  • Keychain will retain the value even app is uninstalled (http://stackoverflow.com/questions/3671499/iphone-keychain-items-persist-after-application-uninstall) .It fails to check fresh installation if i delete and re-install the app. – user123456789 Feb 07 '13 at 12:52
  • @selva Add a deletion/re-install check. One way is to create a file in the documents folder, if it is missing create it and reset the keychain value. If necessary you can use the value inthe keychain to validate the file. – zaph Feb 07 '13 at 15:08