Reputation: 806
How to store data for my application securely
I am creating a game for iOS and OSX in Xcode using Objective-C.
A major concern I’m undergoing is finding methods to prevent cheaters from hacking my game.
I’ve recently learnt how to save/read information through property lists. In the OSX version of the app, I can directly access these lists and edit them by right clicking on the app, going to Package Contents and then Resources. My original plan was to store/edit data like high scores, etc. Obviously, a major flaw with this would be that users of this app would be able to cheat easily.
In addition to this, I have played many games for iOS where I have seen users cheat on scoreboards, or sometimes even users who seem to have hacked the game as they have large amounts of money which they definitely could’t have acquired otherwise (the example I’m thinking of is a competitive tower defence game where both players start off with 0 cash and earn a set amount every few seconds. Players have definitely hacked if they acquire 100x the cash than possible in the first few seconds).
Hence I’m worried about the security of data I’m storing in my game, and looking for a solution to this, and the following are ones I’m considering.
I quite like property lists, but would it be more secure to use some other form of data storage method? Or would it be just the same because hackers can still decode these files?
Is there some way to hide these property lists/data inside the application so that hackers cannot access them? Or would they be still eventually find them if they look hard enough?
If the above 2 are not possible or still leave the possibility of cheaters, then would the best solution be to encode the data in these lists so they can only be read with some key? Eg. every score I store would be encoded by dividing by -129, whilst they would be read by the app by multiplying by -129.
Please can someone recommend a solution to this problem for both OSX and iOS?
Upvotes: 2
Views: 944
Answers (1)
Reputation: 12405
I would say the best solution for this would be to store these value on server and these will be only accessible after authentication and on a HTTPS connection.
The disadvantage in the other approach will be that it won't be available offline.
So if you wish to have offline access as well then you can very well use plist as well. The only thing you will have to do is to encrypt the file and write it to the documents directory. You can convert your plists to data and then encrypt and write it. The key can be the user password which you can store in the iOS keychain.
The above method will be pretty secure, in fact very secure but nothing is unbreakable. Hoping this helps.
You can use this library for encryption.
Upvotes: 1
Related Questions
- How do I install pip on macOS or OS X?
- "code ." is not working in on the command line for Visual Studio Code on OS X/Mac
- Xcode - How to fix 'NSUnknownKeyException', Reason: "… this class is not key value coding-compliant for the key X" error?
- Passing data between view controllers
- How can I make a UITextField move up when the keyboard is present - on starting to edit?
- How can I change the name of an iOS app in Xcode?
- How to link to apps on the app store
- How can I Remove .DS_Store files from a Git repository?
- How can I check for an active Internet connection on iOS or macOS?
- How can I disable ARC for a single file in a project?