I understand that NSUserDefaults data is unencrypted and should not be used to store sensitive information. I'm trying to understand how easily someone could get at that information. This thread shows that it's just a plain file on the iphone filesystem.
Will this file be transferred to the user's computer during an iPhone sync (if app sync is enabled)? If so, then it'd be extremely easy for anyone to read information stored in NSUserDefaults
Yes the file will be synced during a backup and it will be just a regular file unless the user has enabled encrypted backups in iTunes, in which case the entire backup contents are encrypted.
I tried this out. Turns out that it's not the same plist file that you can see in the simulator, but it is there in the backup directory after a sync. You can see the contents by running strings.
All the more reason to use the keychain!
Related
I want to sync data between iPhone and iPad. I am using core data and save the data in Documents of Document Container. Since Documents is backed up by both iTunes and iCloud. Since iCloud is deprecated in latest version of Xcode. Do I have to do anything else to sync data between these iOS devices?
Backups are not a sync mechanism. For one thing, backups are device specific. Data that gets backed up from someone's iPhone is not available to their iPad. There is no device-to-device data mixing through backups.
Putting the persistent store file in iCloud (via the iCloud file API) is not workable either. You can't just read/write the file in iCloud directly, you need to download the file first and later upload changes. Core Data isn't designed to work in that scenario. You might write code to do it, but the data would become corrupted almost immediately because Core Data isn't expecting you to mess with the persistent store like that.
If you want to sync data between devices, there are many options. Apple offers CloudKit, which is free and supported by Apple. Firebase is popular. Parse servers are still extremely common even though Parse itself is shutting down. Add to that Microsoft Azure and many, many others.
My app is going to save a flag in the database (core data) saying whether the user is authenticated or not. How easy or difficult is to someone to access the "core data" database and change the information there without going through the App?
I am going to save a flag there saying "this user is authenticated" so he never has to authenticate again. This is a fun app, not a bank app, so I wonder if that's ok.
Putting in other words: Should I assume that a regular iPhone user (not jailbroken of course) will not be able to mess with the "core data" database and this database can only be accessed through its intended iphone app?
This isn't the kind of thing you should use Core Data for anyway. You should instead use NSUserDefaults or the keychain (depending on if you're just storing that flag, or associated user/password information).
The user defaults are there for storing settings, the keychain for private data. Use the right screwdriver for the right screw.
The iOS app sandbox is quite tight on-device. As such other apps won't be able to access your database, nor will the user on-device.
Application data in the app's Documents directory is backed up through iTunes, however. Though I've never tried such a thing, I can imagine a scenario where the user installs and runs your app but is not authenticated. He syncs and the user data is written to his computer. He opens the backed-up resource on his PC (iTunes does encrypt or obfuscate it) and figures out how to change the sqlite database or plist to show himself as authenticated. He then uninstalls the app on his device, then reinstalls it through iTunes, authenticating himself.
If the scenario is possible, you could potentially store the database in the cache directory instead, a directory that's not backed up when the device is synced with iTunes. It means the database would vanish if the user had to restore his device, but that might be an acceptable loss in your scenario, I don't know.
Edit
I agree with jer that the database isn't the best place to store such info, and if you're targeting iOS 3.2 and above, keychain is definitely the better place.
I don't believe a user on a non jailbroken phone would be able to mess with the data.
When does data get restored for an app? What if I save data in the app's document directory. Then they sync with iTunes. Now iTunes has a backup. Will that data be populated to another device when they sync that new device to their iTunes or will they just get a clean install of my app? I'm trying to figure out how to keep track of a subscription in app purchase and was wondering if I could keep record in NSUserDefaults or some other local store.
Backups are per-device. So a backup of your iPod will not be restored to your iPhone. In other words, there is no sync.
Many times iTunes fails to create complete backup of all the iPhone data say it be contacts, message, mails etc. This type of problem may occur due to not installing iTunes properly. So, you should check whether iTunes have been installed correctly or not. In case there is no problem with iTunes then it is possible that you are trying to create backup of the files which can not be backed with the help of iTunes. To overcome with this issue you need to make use of iPhone backup application. By using this tool you will be able to prepare backup of all the files within minutes safely.
If the user backs up to iTunes, and then restores their backup to another device (maybe they lost their original iPhone), the contents of the app Documents directory will be put on the new device. Anything in the tmp folder won't be backed up or restored like this, but the Documents folder will.
However, that's not the best way to store the in-app purchase information. You should be storing that on your own server and keeping a count of the number of times the purchased content has been used. Inform the user that they can use it a certain number of times (say three) and after that they will have to buy it again. I'm not exactly sure of any details beyond that (like how to verify their identity) but it should get you started.
I have an app that lets user record their own audio.
By now I'm saving those files into Documents directory.
My question is: if I will release a new version of that app, will user recorded files get deleted?
Is there a better place to store user generated audio files?
Should I use NSUserDefaults for data that stay even after app upgrade?
thx
NSUserDefaults is used for storing settings (objects of Key-Value Coding compliant classes)
Other data such files you should store in Documents folder, wich survive between updates (if you don't delete it yourself, of course :)
Both the Documents directory and NSUserDefaults survive application updates. Choosing which to use depends on the kind of your data.
if I will release a new version of that app, will user recorded files get deleted?
No.
Is there a better place to store user generated audio files?
No.
Should I use NSUserDefaults for data that stay even after app upgrade?
Only if your data is small.
I have an app that is running in the simulator. I read and write from a sqlite3 data source. However, if i restart the app, then all datg that i had previously wrote to the db is lost.
The data is always in its original state.
Now back when i was developing this app i thought i read somewhere that data can not be persisted via iphone simulator.
Can anybody confirm or deny this?
Thanks!
You need to place your db file in a writable place, e.g. in the Documents folder. All the bundle files are read-only files.
If you are distributing an initial database with the app, you will need to copy it to Documents (or another folder) and use the copy.
You also need to ensure that you close the database connection in your application is closing (i.e. you receive a applicationWillTerminate message).