Storing Data Securely on iOS

Question

I want to store data in my iPhone app locally; in this case the data would be a high score in a game. I want to store the high score in the property list of the app but I have a concern. Would a jailbroken device be able to hack the property list and change the high score? I don't want people to change their high score and then having that score synced to Game Center. Thank You in advance!

Answer 1

Yes, since a jailbreak provides access to filesystem, user can easily change anything. One way to solve this issue is encrypting the score, using something like AES, or just securing the data with a checksum.

There is a nice tool that stores in a secure way your data, Secure-NSUserDefaults, by Matthias Plappert, a library that saves data inside NSUserDefaults (I suppose it should be ok to save high score there) forbidding the user to edit it.

It does not encrypt data, however it should be enough for an high score.

As an example (from the project README, with a few edits to fit the question):

// Configuring user defaults. It is recommended that you do this
// immediately after the app did launch.
[NSUserDefaults setSecret:@"My Game Secret Key"];

// Write secure user defaults
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
[defaults setSecureInteger:4000 forKey:@"HighScore"];

// Read secure user defaults
BOOL valid = NO;
BOOL registered = [defaults secureBoolForKey:@"HighScore" valid:&valid];
if (!valid) {
    // the property has been modified, handle this situation
} else {
    // Valid property, do whatever you need to do
}

Just to say. You can find more on the project page.