NSUbiquitousKeyValueStore Security & Encryption for storing sensitive data

Question

I am using NSUbiquitousKeyValueStore to store player data for my game on iCloud.

• Can iCloud users modify these values without my knowledge/permission, thus "hacking" the game?
• If so, should I encrypt the data before storing it?
• If so, what encryption schema would you recommend, and would I need to set the "uses encryption" flag when submitting to Apple?

Answer 1

See this article: You should be safe

http://developer.apple.com/library/mac/documentation/General/Conceptual/iCloudDesignGuide/Chapters/iCloudFundametals.html

Hey I made a comment up there but wanted to point out...iCloud != Game Center. The point of Game Center is that "other players" can see scores. iCloud is one user only, and will only see his own scores. So other people can't go into User A's iCloud sandbox and get his data out of it.

If you're using iCloud to store game scores, what's the hurt on if they modify it. Devil's advocate, sorry :-)

Also edit:

Read an article not too long ago about an aspiring young dev who was tinkering with the GameCenter SDK and came up with some good hacks for jailbreakers, that could intercept or forge outgoing GameCenter stuff. Not much you can do about that, really. I mean, can't encrypt the data you're sending to GameCenter, it's got to be sent in the raw