I am displaying a list of images in collectionView. Those images are stored in an array of strings and are available only if user previously bought them as an IAP. The next time the user launches an app, newly bought images should be available to the user. I am wondering, what is the appropriate/secure way of saving such an array? It should be secure and hacker proof. Could you guide me in the right direction?
Asked
Active
Viewed 46 times
2
-
You can not achieve: "secure and hacker proof". The best approach is to determine the value of these assets to you and a potential hacker in monetary units ($) and reputation as well as an attackers skill level. Then try to achieve security such that attacking is not worthwhile. – zaph Sep 12 '15 at 21:01
-
Actually, I don't mind if someone could reach the images. The process of getting those images to be displayed as an already bought IAP is what I want to make more secure. Not everybody should be available to manipulate that array f strings. Maybe hacker proof is a bit of exaggeration. Lets just say I don't want that array to be manipulated by the user it self easily. As far as i know, NSUserDefaults is a bad way of sensitive data persistence. – sanjihan Sep 13 '15 at 06:36
-
How do the images get on the iOS device? Downloaded or compiled in? – zaph Sep 13 '15 at 11:43
-
compiled with UIImage(named:) – sanjihan Sep 13 '15 at 12:10
1 Answers
1
Images compiled into the app are part the bundle and as such can not be modified due to permissions and signing. There is no reason to put them in NSUserDefaults and that is a poor storage place for many reasons. On a Jail Broken iDevice most security is bypassed.
It they were to be encrypted the app would need the encrypting key and that is problematic since it needs also to be available to the app.
It is veery difficult to secure anything from the device owner.
zaph
- 111,848
- 21
- 189
- 228
-
dem hackers right.. :D actually I don't mind if user can access images. I am worried about them changing the file I use to load information about IAP being purchased. That file contains strings,arrays, bool values. What is the best way to securely safe those information and where in my app should I put that file? – sanjihan Sep 13 '15 at 16:11
-
You can put arbitrary data in the keychain but it is nor really designed for large amounts. – zaph Sep 13 '15 at 20:34