How can I make sure the data that people send to GameCenter (like score, and peer data exchange) is not tampered with? That is, the network data comes from securely stored data (e.g. using SQLCiphier), and is not modified midway? Is this impossible without a custom server side implementation?
Asked
Active
Viewed 388 times
2 Answers
2
Invaiarbly you will encounter a CWE-602: Client-Side Enforcement of Server-Side Security violation. So the answer is no, you can't stop this.
rook
- 66,304
- 38
- 162
- 239
1
You can put a checksum in but that can obviously be defeated if the hacker figures it out. You could encrypt the data using a private key, but then you have to go through CCATS to get your app accepted.
Other than that you are pretty much stuck without using a server side validation.
logancautrell
- 8,762
- 3
- 39
- 50
-
It's my understanding that if you use Apple libraries to do encryption, you don't need to have special approval. – Roger Gilbrat Nov 16 '11 at 21:14
-
Keychain only, if you use LibCrypto you have to get certified. Looks like it got changed recently(ish). http://stackoverflow.com/questions/2128927/using-ssl-in-an-iphone-app-export-compliance – logancautrell Nov 16 '11 at 21:57
-
There seems to be some confusion on this. I've read you have to get certified for LibCrypto, but according to this you do not. http://iphonedevelopment.blogspot.com/2009/02/strong-encryption-for-cocoa-cocoa-touch.html – logancautrell Nov 16 '11 at 21:59