Reputation: 2228
SpriteKit Level Data Security
I have been reading many different posts, threads, etc. regarding the best practices to store level data to be used throughout a game application (level boundary data, images, characters, time, etc.).
- Many have suggested that using a
Property List (.plist)is appropriate, as it is quite simple to store the game info then read it when needed. While this is easy to create and refer to,plistfiles are not exactly secure in any way, aside from simple AES encrypting the string contents. - Another method would be perhaps to hard code this data into a separate class file, titled
LevelData.mand refer directly to the class to read the level data, as storing it this way should be "safer", as (from what I am aware of) users do not have direct or any access at all to these class files once an application has been packaged and distributed through, say the iOS App Store. - I have also read to use SpriteKit's built in NSCoding, where the data can be archived into a file (or NSData object) and later unarchived from that archive.
My question, can anyone suggest the best approach, or perhaps one that I haven't mentioned? YES, I understand they are all perfectly valid methods to saving big data, particularly non-trivial, and somewhat repetitive data that just needs to be read, and all have their pros and cons in terms of security measures. I am merely just trying to find the safest way to store this data without the user being able to tamper it in any way from other people who may have encountered a similar issue and have found the ideal solution.
NOTE: I'm sure that hosting this data server side and retrieving the data upon application launch would be the ideal secure approach. However, I am just looking to see which method should be the best practice in terms of security strictly through storing data on the device. Thanks!
Upvotes: 0
Views: 89
Answers (2)
Reputation: 10674
I know you got an answer already but I personally use a GameData Singleton class with NSCoding. I than save the encoded/archived data into iOSs Keychain (instead of NSUserDefaults, NSBundlePath etc).
To save into keychain you can use this helper
https://github.com/jrendel/SwiftKeychainWrapper
which is the one I use for my apps. Its works very similar to NSUserDefaults and is therefore very easy to use.
You can also get a more complex and feature rich one here.
https://github.com/matthewpalmer/Locksmith
Upvotes: 1
Reputation: 4596
If you are distrusting the users, how about signing the data which's integrity you distrust and validate the signature using public key encryption (with a pinned certificate in the binary)?
Thus, only data with a valid signature from you can be used.
Yet, after all, if a user dissembles your binary and modifies the public key, that doesn't work either.
As always with those problems, the question is: how hard are you making it for an adversary to break your security meassures - and what hardness is useful?
Upvotes: 1
Related Questions
- Passing data between view controllers
- Transport security has blocked a cleartext HTTP
- Secure hash and salt for PHP passwords
- Xcode process launch failed: Security
- Best way to store encryption keys in .NET C#
- iTunes Connect: How to choose a good SKU?
- How should I ethically approach user password storage for later plaintext retrieval?