3

I am making an app that asks the user to enter a pin before they can use the app. My question is: where exactly is it appropriate to store such data (so it can be checked if its correct), NSUserDefaults?, a bundled file ?, apps documents folder ?

pnizzle
  • 6,243
  • 4
  • 52
  • 81

3 Answers3

5

You should definitely store sensitive data in the Keychain. NSUserDefaults stores its data in a plain text file that anyone can read with access to the filesystem.

There are a few open-source classes that ease the use of the Keychain API, you should definitely check them out:

SFHFKeychain access:

SFHFKeychain

futureelite7
  • 11,462
  • 10
  • 53
  • 87
2

You should use keychain services, it saves data in the device's encrypted keychain.

The API can be hard to use, but check out SFHFKeychainUtils, it's an Objective-C wrapper that's easy to use.

kevboh
  • 5,207
  • 5
  • 38
  • 54
  • mhh, have had a look at it and looks very easy. So this SFHFKeychainUtils framework, is it accepted by apple. I understand apple rejects a number of apps because of use of unDocumented APIs – pnizzle Jun 08 '12 at 00:59
  • Yes, it is. I have an app in the App Store that uses it. – kevboh Jun 08 '12 at 01:37
  • cool, I have tried using it, but because my app uses ARC the code gave some problems. There is no updated version for this SFHFKeychainUtils. I have found a similar framework that supports both ARC and non ARC mode: [SSKeychain](https://github.com/samsoffes/sskeychain) for anyone who might need this – pnizzle Jun 08 '12 at 05:17
1

I might go with NSUserDefaults, but it depends on your use case. What are you using this for? Does it have to be regularly accessed/updated? Have you considered storing the hash of the PIN code instead of just the PIN code? How big is the data?

If it's a very simple 4 digit pin code that you only access once every time the app launches, maybe NSUserDefaults is the best option. It's very quick to implement too. Just make sure you know what you're doing and encrypt it if you need to.

Enrico Susatyo
  • 19,372
  • 18
  • 95
  • 156
  • The PIN is just four digits long, and is only checked when the app starts up. I have used NSUserDefaults before yes, but am not sure how to do the encryption part? – pnizzle Jun 07 '12 at 01:32