1

What is the best practice to store sensitive(not secure) data on iOS devices? Where should I store information that user bought something in app? For example where should I store BOOL showAds variable if user bought "Remove Ads"? I do understand that everything breakable, especially on jailbroken devices, I just asking what is the best practice.

My variants:

  1. .plist in App Documents -- Editable using iFunBox, for example
  2. NSUserDefaults -- Same here, I guess
  3. Keychain -- best variant in my opinion so far
Amar
  • 13,202
  • 7
  • 53
  • 71
user1561346
  • 502
  • 3
  • 13
  • 28
  • 1
    You question attracts opinion based answers and I am inclined towards keychain storage. Read more for [security best practices on iOS](http://stackoverflow.com/questions/9448632/best-practices-for-ios-applications-security) – Amar Apr 11 '14 at 12:44

2 Answers2

1

You can store you data in NSUserDefaults using base 64 encoding data to keep safe it.

The code is very simple:

NSUserDefaults *persistValues;
persistValues = [NSUserDefaults standardUserDefaults];

To set data (encoding it using base 64):

// Create NSData object
NSData *nsdata = [@"iOS Developer Tips encoded in Base64" dataUsingEncoding:NSUTF8StringEncoding];

// Get NSString from NSData object in Base64
NSString *base64Encoded = [nsdata base64EncodedStringWithOptions:0];
[persistValues setObject:base64Encoded forKey:@"some_key"];

To get data:

base64Encoded = [persistValues stringForKey:@"some_key"];
NSData *nsdataFromBase64String = [[NSData alloc]
initWithBase64EncodedString:base64Encoded options:0];

// Decoded NSString from the NSData
NSString *base64Decoded = [[NSString alloc] 
initWithData:nsdataFromBase64String encoding:NSUTF8StringEncoding];

And if you data is bigger I suggest you uses web services and store it in a web server

hcarrasko
  • 2,320
  • 6
  • 33
  • 45
0

Keychain is best option to store sensitive data.

Other than sensitive data below are 2 options :

Small data can be stored in NSUserDefault as its best way as physical file will not be available for changing data.

Bigger data can be stored in database with encryption

Community
  • 1
  • 1
Paresh Navadiya
  • 38,095
  • 11
  • 81
  • 132
  • Can you please explain why NSUserDefault variables not accessible for anyone like variables in .plist file? Where does it stored? – user1561346 Apr 11 '14 at 12:40
  • 4
    First part of your answer is not true. `NSUserDefault`s are saved in a physical `.plist` file. This file can be found in `{App_Root_Dir}/Library/Preferences` and the file is usually named `com...plist`. So on a jailbroken device this file can be easily accessed. – Amar Apr 11 '14 at 12:57
  • @Amar you could edit it even without jailbrake. I just checked it using iFunBox. – user1561346 Apr 11 '14 at 13:14
  • @user1561346 Thats make my point even stronger, `NSUserDefaults` is not the correct place to store sensitive data. Check out the Q&A I mentioned in my comment below your question. – Amar Apr 11 '14 at 13:36