Is it fair to store sensitive data in NSUserDefaults ?
I have read that this is a big issue because, NSUserDefaults are stored in plist in binary format, with no encryption, and is stored in your app’s directory. This means that any user, even the “noobiest” one, can tinker with your NSUserDefaults with 5 minutes of their time.
Any user can edit, see, share, move and whatever they please with it. Jailbreak users can simply install iFile, navigate to your app directory, play with the file, and move on with their day.
So, what is the best way to store user sensitive information ? Should I use Coredata and store encrypted information ?
To store user credentials I'd use Keychain (also it would help if server-side could accept some kind of hash instead of plain password). I'd say that users with JB probably know what they are doing and can protect themselves too, so I think it's not so big deal that Keychain is much easier to hack with JB than without it.
To store things like address etc I'd use transformable attributes if you use CoreData (This post may help).
Additional protection from iOS side can be file protection attribs(if user has passcode set up).
UserDefaults are not meant to store sensitive info since it's basically "plain text".