8

This is from Apple docs:

When you design a game that reports scores to Game Center, you should also consider the security needs of your game. You want scores reported to Game Center to be an accurate accounting of how players are doing. Here are two suggestions:

Store your game’s preferences and saved games in a secure format, rather than in clear text. If your game’s data is stored in clear text, a player can download the saved game data using iTunes, modify it, and resync it back to the device. This may allow the player to achieve a higher score than you intended. Always set reasonable minimum and maximum values for a leaderboard.

I know that data can be stored into .plist file or .xml or .json, even in a database. But all of that is non-encrypted plain text. What is considered as a secure format ? And what else methods/classes/techniques can be used to store sensitive data ?

Whirlwind
  • 14,286
  • 11
  • 68
  • 157

2 Answers2

7

If a hacker is determined enough and has the proper skill set, your stored data can be usually compromised regardless of storage method. It boils down to what your app's real-world applications are and the time and effort you are willing to put into keeping the data safe. Below are some options for you to consider:

NSUserDefaults

One of the most common and simplest ways to store data. Data is not encrypted.

Save string to the NSUserDefaults?

Plist Files

Also a common way to store data. Data is not encrypted.

Storing and Retrieving from a Plist

CoreData

Creates a model, manage relationship between different types of objects. By default, data is not encrypted.

http://www.appcoda.com/introduction-to-core-data/

http://www.raywenderlich.com/85578/first-core-data-app-using-swift

Keychain

Arguably the most secure way to store data on a non-jailbroken device. Data is encrypted.

https://stackoverflow.com/questions/16459879/how-to-store-a-string-in-keychain-ios

NSCoding

As Whirlwind pointed out, this is yet another storage method.

http://www.raywenderlich.com/1914/nscoding-tutorial-for-ios-how-to-save-your-app-data

http://nshipster.com/nscoding/

CommonCrypto Apple Framework

Low-level C coding. Data is encrypted.

https://developer.apple.com/library/ios/documentation/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html

https://developer.apple.com/library/ios/samplecode/CryptoExercise/Listings/ReadMe_txt.html

Custom approaches

Store the data in the cloud thereby eliminate having it on the device altogether. Use the touch ID feature to authenticate the user and download the cloud data.

http://code.tutsplus.com/tutorials/ios-8-integrating-touch-id--cms-21949

https://developer.apple.com/library/ios/samplecode/KeychainTouchID/Introduction/Intro.html

Nazim Kerimbekov
  • 4,712
  • 8
  • 34
  • 58
sangony
  • 11,636
  • 4
  • 39
  • 55
  • You can add a comment, if you like, for this method too (NSCoding) to improve answer quality more http://www.raywenderlich.com/1914/nscoding-tutorial-for-ios-how-to-save-your-app-data – Whirlwind Feb 08 '15 at 15:35
  • 1
    @Whirlwind - Excellent addition. I have included it in the answer. – sangony Feb 08 '15 at 15:43
0

The safest place to store your data is in the keychain, however it's still not 100% secure if users are on jailbroken devices. Follow Apple's guidelines on setting minimum and maximum values for a leaderboard.

Here's another SO post describing how you can store the information in an NSDictionary as NSData which is then encrypted and decrypted by your app.

Community
  • 1
  • 1
ozz
  • 1,137
  • 7
  • 9
  • Hi huhitschris, thanks for the quick reply. It's not about just highscore and leaderboard. It's about many values i.e. virtual money, players upgrades etc. So defining min/max values is not suitable. I will read about NSData method with encryption and try it to see the results. Can you post some code for keychain implementation if that's not a problem? – Whirlwind Feb 07 '15 at 23:47
  • 1
    Keychain is as secure as your passcode, jailbreak or not. Using a longer passphrase is the way to gain more security. – zaph Feb 08 '15 at 00:02