问题
I have a question about security.
I am making an iOS app with in app purchase following this tutorial, and I store what products were bought in NSUserDefaults. That's why I wonder :
Can a user with a jailbroken device modify NSUserDefaults key and values for an app?
Thank you very much if you know about it.
Jer
回答1:
Yes, they can. The user defaults are stored relative to your app directory here:
./MyAppName.app
./Library/Preferences/com.mycompany.MyAppName.plist
The plist file is not encrypted or signed, so it can be modified easily:
plutil -convert xml1 com.mycompany.MyAppName.plist
vim com.mycompany.MyAppName.plist
You can look into the iOS keychain, as @rckoenes said, or also something like this open source secure defaults replacement, which offers an interface similar to NSUserDefaults.
Update:
Since iOS 8, the data directory (and thus the preferences plist files) are now under:
/var/mobile/Containers/Data/Application/<GUID>/Library/Preferences/
Apple Reference Docs
回答2:
Even users without a Jailbroken device can modify plists...
回答3:
Yes a user with a jailbroke device can easily modify the NSUserDefault since it's just a plist file in the library directory of your app's sandbox.
You might want to store secure stuff in the keychain, which is a little more secure then the NSUserDefault.
来源:https://stackoverflow.com/questions/12795120/can-users-modify-nsuserdefaults-key-values-in-an-ios-app