2

I just wanted to do a quick sanity check with StackOverflow to confirm my suspicion. I'm creating an app and was tempted to use FMDB in Swift to store some data.I am treating this data as public in the sense that I assume it can be tampered with (and thus untrusted). This is because, after all, unlike a web app, this app runs on a user's device and thus they can access the .sql file and alter the database.

If I wanted to store information like if a user purchased something, unlocked certain weapons, or other data that I do not want to be altered in any way, I should not use a local database on the user's device.

Would you say this is correct and safe to proceed under this assumption? If I was looking to use the database to persist something important that took place, what would be a good approach? encryption with the key in the app, or maybe a hash or something?

Rob
  • 415,655
  • 72
  • 787
  • 1,044
NullHypothesis
  • 4,286
  • 6
  • 37
  • 79
  • Of the key/hash is stored on the device, what do you gain? – CL. Dec 27 '16 at 21:06
  • @CL I can store that using iOS KeyChain, which I was told is rather hard to crack but I guess at the end of the day anything can be gotten. You could even look in memory. http://stackoverflow.com/questions/18326846/sqlcipher-how-safe-is-sqlcipher-has-it-been-hacked seems to address this a lot. What do you think? – NullHypothesis Dec 27 '16 at 21:46
  • hey @Rob do you want to answer and i'll mark this as answered to give you credit? Thank you. – NullHypothesis Dec 27 '16 at 21:49

1 Answers1

2

If you want to secure your database, FMDB includes hooks for SQLCipher, which you have to obtain separately. See the various FMDB Encryption Methods that you can use once you have SQLCipher included in your project.

Rob
  • 415,655
  • 72
  • 787
  • 1,044