开发者

How does iOS store persistent data with encryption?

开发者 https://www.devze.com 2023-04-06 10:41 出处:网络
Can an iPhone app encrypt its stored data? So that even a user with a Jailbroken iOS device cannot access the file. For example, game-center may sync with local data, you do not want the user manipula

Can an iPhone app encrypt its stored data? So that even a user with a Jailbroken iOS device cannot access the file. For example, game-center may sync with local data, you do not want the user manipulating the scores. You do not want your IAP be circumvented either.

Is there a simple way to encrypt your data before w开发者_如何转开发riting to the device?

Maybe my questions are not very clear. Indeed they are:

  1. When I'm using things like: [array writeToFile:path atomically:YES]; is there any auto-encryption that ensures only my app can access the file correctly?

  2. If not, what is the simplest way to achieve it?

PS: now I found NSData can do the job, but the NSDataWritingFileProtectionComplete flag requires #if __IPHONE_4_0 <= __IPHONE_OS_VERSION_MAX_ALLOWED. I wonder what happens on not-supported devices?


More information on iOS encryption in @GrahamLee's answer to this question and on other iOS tagged questions on security.stackexchange.com.

Basic summary is - based on iPhone controls alone:

  • If someone has the device and it isn't locked, they can access all the data
  • If someone has the device and it is locked, they can get most of the data, and possibly all (some exceptions may apply)

You could obfuscate, and use encryption within your app when storing data, but an attacker could reverse engineer that encryption code to decrypt.

You need to work out the value of such DRM techniques and decide whether they are worthwhile in this scenario.


That docs will help you to find more accurate answer:

  • http://sit.sit.fraunhofer.de/studies/en/sc-iphone-passwords.pdf
  • http://sit.sit.fraunhofer.de/studies/en/sc-iphone-passwords-faq.pdf
0

精彩评论

暂无评论...
验证码 换一张
取 消