Secure way to unlock full version via In-App Purchase

Question

I\'m planning to use In-App Purchases to unlock some features in my app. What is the most secure way to do this?

Originally I planned to set a Bool in the NSUs

Answer 1

I came across some problem and found two common ways for secure storing of In-App Purchases:

1) Using secure version of NSUserDefaults:

a) "Secure NSUserDefaults". This version of NSUserDefaults generate hash for any saved secret item and provide to you validation of this hash for item after. So, you can easily deal this situation of "hack" defaults .plist by user.

Check here: https://github.com/matthiasplappert/Secure-NSUserDefaults

b) "SecureNSUserDefaults". NSUserDefaults with AES encryption. My advise here not just storing secure bool values for purchases, but rather some obfuscated string for indication of payment done or not.

Check here: https://github.com/nielsmouthaan/SecureNSUserDefaults

2) Using KeyChain

a) "RSSecrets" Simple class to store key-value items in KeyChain. See also discussion here: Storing In App Purchase receipts in the application Keychain

And check project: https://github.com/jeffargast/RSSecrets

b) "STKeychain" Mostly this class used for storing login/pass in KeyChain, but in project of MKStroreKit (popular In-App Purchases StoreKit for iOS devices) they actually use this class for storing In-App Purchases.

Check here: https://github.com/ldandersen/STUtils/blob/master/Security/STKeychain.h

P.S. I am not yet used any of this classes in my project, but think to use "RSSecrets"