I am writing an application which reads information from am xml plist in the bundle upon startup. The information in the plist has been compiled through many days of work and I would like to ensure that it cannot be extracted easily from the app bundle by another party after distribution. Is there any way to secure or encrypt xml plists that one includes within your app bundle?
Any help would be greatly appreciated please.
There is no built-in encryption function in plist. Many people treats the compression as encryption.
Here is what I would do,
- Make up an encryption key.
- write a tiny program to encrypt the plist into a binary file using
SecKeyEncrypt()
.
- Put the binary file in the bundle.
- In the app, hide the key somewhere. For example, store them as pieces so it's not easy to find from a dump.
- When you startup the app, read the binary file from bundle, decrypt it using
SecKeyDecrypt()
using the key and store the cleartext in memory.
- The cleartext is the plist and load the plist from the memory.
This is still considered obfuscating because key is available in your bundle but it will be hard enough to deter most casual hackers.