Search code examples
iosin-app-purchasensuserdefaultsjailbreak

Can users modify NSUserDefaults key values in an iOS app?


I have a question about security.

I am making an iOS app with in app purchase following this tutorial, and I store what products were bought in NSUserDefaults. That's why I wonder :

Can a user with a jailbroken device modify NSUserDefaults key and values for an app?

Thank you very much if you know about it.

Jer


Solution

  • Yes, they can. The user defaults are stored relative to your app directory here:

    ./MyAppName.app
    ./Library/Preferences/com.mycompany.MyAppName.plist
    

    The plist file is not encrypted or signed, so it can be modified easily:

    plutil -convert xml1 com.mycompany.MyAppName.plist
    vim com.mycompany.MyAppName.plist
    

    You can look into the iOS keychain, as @rckoenes said, or also something like this open source secure defaults replacement, which offers an interface similar to NSUserDefaults.


    Update:

    Since iOS 8, the data directory (and thus the preferences plist files) are now under:

    /var/mobile/Containers/Data/Application/<GUID>/Library/Preferences/
    

    Apple Reference Docs