1

I want to store a variable that tells me if a user has made an InApp Purchase on the mobile device. NSUserDefaults seems to be accessible from users. Is there a simple and efficient way to do this ?

ElGavilan
  • 6,610
  • 16
  • 27
  • 36
Patrick L.
  • 526
  • 6
  • 24
  • check [similar question](http://stackoverflow.com/q/1560801/2857130) for possible solutions. Also [check tutorial on Keychain](http://code.tutsplus.com/tutorials/securing-and-encrypting-data-on-ios--mobile-21263) – staticVoidMan May 30 '14 at 22:06
  • @staticVoidMan can users access NSUserDefaults without jailbreaking ? – Patrick L. May 30 '14 at 22:23
  • 1
    @Patrick Yes, directory and there several Mac apps that allow access: "IExplorer" and "PhoneView" are two. – zaph May 30 '14 at 22:54

1 Answers1

1

There a couple of options.

  1. Save the data in the Keychain.
  2. Generate a random key, encrypt the data with CommonCrypto, save the encrypted file in Documents directory and the encryption key in the Keychain.

See WWDC13 2013 video "Protecting Secrets with the Keychain". You can access it either on you computer or on an iOS device with the Apple WWDC app.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • As I just want to save/retrieve a `BOOL` and keep things as simple as possible, I came out with an idea, tell me if I'm totally stupid. If I put into a variable the MobileID of the device concatenated with a "private key" and then hash this I would get a `NSString` to store in the `NSUserDefaults`. When I need to check if purchased or not, just hash MobileID+key and check if it matches or not. What do you think ? It would prevent users to modify the `NSUserDefault` without knowing the "private key" and hash function. – Patrick L. May 30 '14 at 23:31
  • That makes it harder to hack but the key is stored somewhere in you app, put it in the Keychain. Watch the video, there is complete simple Objective-C code showing how to save ands recover a key/password. There is another benefit the Keychain provides, if the app is deleted from the device and later restored from the App store the key will still be in the Keychain. – zaph May 30 '14 at 23:36
  • You are right. I'm going to watch the video anyway. I was thinking of this because of the intermediate secured solution needs. If someone can hack this, he deserves the price of this InApp Purchase xD – Patrick L. May 30 '14 at 23:39