1

I want to post here a question that I have posted on IT Security but without answers :(

I have a question about the security of NSKeyedArchiver, a subclass of NSCoder of Apple Foundation.framework

In my Apps, for management of the Apple Leaderboard I used ABGameKitHelper by Alexander Blunck. I have notice that this helper uses AES encryption to save scores in local when the Apple Leaderboard is not accessible (for example there's no network, etc) with the NSKeyedArchiver class.

So, my question: is there a real possibility that an attacker can decode the data written without encryption using NSKeyedArchiver, and understand the key-value pairs? And also modify the score data, reconnect to the network and waiting for automatic Leaderboard update from ABGameKitHelper? Or is useless to encrypt data?

Thanks in advance, Alesanco

Community
  • 1
  • 1
Alesanco
  • 1,840
  • 1
  • 11
  • 13

2 Answers2

0

With NSKeyedArchiver you can get a marshalled representation of your data. Once you get the archived data, you are going to store it into a file system. It is possible to retrieve the data from your sandbox by Jailbreaking iphone. Have a look at this.

Encryption gives you data protection even from such unauthorised access.

Community
  • 1
  • 1
Vignesh
  • 10,205
  • 2
  • 35
  • 73
0

YES it is possible to get the data and decode it. You can copy the file to a computer even without jailbreaking the device using iFunbox or similar software. The file NSKeyedArchiver writes is actually a binary plist. So someone can easily see and modify the contents using Xcode.

Ahmed Mohammed
  • 1,134
  • 8
  • 10