I have a question about security.
I am making an iOS app with in app purchase following this tutorial, and I store what products were bought in NSUserDefaults. That's why I wonder :
Can a user with a jailbroken device modify NSUserDefaults key and values for an app?
Thank you very much if you know about it.
Jer
Yes, they can. The user defaults are stored relative to your app directory here:
./MyAppName.app
./Library/Preferences/com.mycompany.MyAppName.plist
The plist file is not encrypted or signed, so it can be modified easily:
plutil -convert xml1 com.mycompany.MyAppName.plist
vim com.mycompany.MyAppName.plist
You can look into the iOS keychain, as @rckoenes said, or also something like this open source secure defaults replacement, which offers an interface similar to NSUserDefaults.
Since iOS 8, the data directory (and thus the preferences plist files) are now under:
/var/mobile/Containers/Data/Application/<GUID>/Library/Preferences/
Apple Reference Docs
Even users without a Jailbroken device can modify plists...
Yes a user with a jailbroke device can easily modify the NSUserDefault since it's just a plist file in the library directory of your app's sandbox.
You might want to store secure stuff in the keychain, which is a little more secure then the NSUserDefault.
