How secure are serialized objects in objective-c when someone has a jailbroken device?
https://stackoverflow.com/questions/4227389
-
26-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a game that I need to save the state of. I am wary that someone with bad intentions could save the game and then edit the saved files to cheat.
I am thinking of using a serial object to store the state data. How safe are serial objects? Would someone be able to edit one easily?
I've been using the keychain to store sensitive data and that works well (although I'm not 100% sure that a good hacker couldn't hack the keychain), would a better idea be to store the objects values in the keychain and then recreate it using them instead of using a serialized object?
Thanks
Solution
A user with a jailbroken device has more control over the device than you do. There is no safe place to hide secrets or keep the data from being modified.
OTHER TIPS
Nothing that happens on a client is secure. He can disassemble and patch your code, modify your savegames, write a bot, fake the packets sent to the server,...
Just assume he can do whatever one can do with the sourcecode of the client.
The only secure things are those happening on the server.
You could always make it more difficult to crack by first serializing the object, create a checksum of the file and then check against that after reloading the save state.
