4

Basically I'm developing an application containing several copyrighted images (those images belong to the society I'm working for) and I'm looking for a way to protect or prevent users to access those images (for instance: via iFunBox or iFile on jailbroken devices). I've been reading about "TexturePacker" and that was exactly what I was looking for: a kind of content protection with encryption in order to make data difficult to steal. Unfortunately I'm using simple SpriteKit for my develop and I cannot use this framework. Any clue?

user3582537
  • 414
  • 6
  • 20
  • You can use TexturePacker with SpriteKit. – trojanfoe Sep 22 '15 at 10:48
  • @trojanfoe I know, but the content protection is available only for Cocos2D (according to the TexturePacker website). – user3582537 Sep 22 '15 at 10:50
  • Ah, so TexturePacker doesn't offer the option to encrypt when packaging for SpriteKit? – trojanfoe Sep 22 '15 at 10:57
  • @trojanfoe Unfortunately is not possible at the moment. – user3582537 Sep 22 '15 at 11:10
  • 1
    Well you could always just bundle encrypted images in with your app and decrypt them on the fly. – trojanfoe Sep 22 '15 at 11:33
  • I'm pretty sure the xcassets file encodes the images so that you can't simply view the assets via a file browser. I'm sure someone could find a way to decode the assets file though because I doubt it is encrypted. Regardless someone can always find a way to access your assets if they really wanted to (i.e. reading directly from memory). Less tech-savvy users could even just record the screen to get your assets (albeit not the original files). So you need to ask yourself if it is really worth the effort doing this. – Epic Byte Sep 22 '15 at 23:37
  • @epicByte Nice answer! You made my day ;) – user3582537 Sep 24 '15 at 17:40
  • @user3582537 Awesome, I'll add it as an answer to this question. – Epic Byte Sep 24 '15 at 18:42
  • 1
    The problem with encrypting the assets is that the key to decrypt them must be in the program and there is no secure way to do that. But, it does increase the work factor and protect from many attacks but not from a persistent knowledgable attacker. You need to determine who the attacker is, how much value the attacker places on the assets and balance that against the protection. Not that all traditional protections are available: copyright and the court system, that's all that protects Micky Mouse, one very valuable asset. – zaph Sep 25 '15 at 04:20

1 Answers1

6

The xcassets file encodes the images in a binary file so that you can't simply view the assets via a file browser. However, doing a quick Google search for "Assets.car extraction" shows there are numerous tools to decode the file available. Regardless someone can always find a way to access your assets if they really wanted to (i.e. reading directly from memory). Less tech-savvy users could even just record the screen to get your assets (albeit not the original files). So you need to figure out how much development time you really want to spend minimizing this.

Epic Byte
  • 33,840
  • 12
  • 45
  • 93
  • It is not as easy as a zip file but it is possible, I've done it and there are now programs such as [iOS-Asset-Extractor](https://github.com/Marxon13/iOS-Asset-Extractor) that will easily provide the assets. Oh, it took me less than a minute to find iOS-Asset-Extractor so don't bother going that way, the work factor increase is minimal. – zaph Sep 25 '15 at 04:23
  • @zaph OP really just needs a way of obscuring the data so that ordinary users who run jail broken devices won't see the assets in plain sight. My suggestion solves enough of his issue. The Assets file works very nice with Sprite Kit and gives the benefit of having all your assets in a "hidden" binary file. Any user who is going to use external tools to extract the .car file is going to use any means to get to the assets. For a game trying to protect against this case is generally a waste of development time. – Epic Byte Sep 25 '15 at 04:59
  • The issue was the previous answer that alluded that the .car file provided more security than it does. The current answer addresses these issues. – zaph Sep 25 '15 at 11:43