iOS 8,9上NSUserDefaults的安全性如何？ [英] How secure is NSUserDefaults on iOS 8,9?

问题描述

应用内购买编程指南建议您可以在 NSUserDefaults 中保留应用内购买here 。但是我发现这篇文章说它不安全，其中的数据很容易被访问和修改：

In-App Purchase Programming Guide suggests you can persist In-App purchase in NSUserDefaults here. However I found this article saying that it is insecure and data in it are easily accessed and modified:

NSUserDefaults以二进制格式存储在plist中，没有加密，存储在应用程序的目录中。这意味着任何用户，甚至是最苛刻的用户，都可以在5分钟的时间内修改你的NSUserDefaults。

NSUserDefaults are stored in plist in binary format, with no encryption, and is stored in your app’s directory. This means that any user, even the "noobiest" one, can tinker with your NSUserDefaults with 5 minutes of their time.

如果是是真正的用户可以轻松获得免费提供的任何内容作为应用内购买，使用 NSUserDefaults 持久保存。

If it is true user can easily get for free anything provided as in-app purchase that is persisted using NSUserDefaults.

文章是否仍然适用于iOS 8,9？如果是这样，你如何坚持你的应用内购买？我更喜欢简单的解决方案。我不（也不想）验证收据等。

Is the article still correct for iOS 8,9? If so how do you persist your in-app purchases? I prefer some simple solution. I do not (nor want to) validate receipts etc.

推荐答案

正如其他人所说，最好不要保存敏感数据在UserDefaults中，例如应用程序内购买或明显的密码等事情。即使是高分也能更好地保存在钥匙串中，这样人们就不会作弊。

As others have said, it's probably better to not save sensitive data in UserDefaults such as in-app purchases or obviously things such as passwords. Even things like high scores are better saved in keychain so people cannot cheat.

我认为Apple文档的一部分已经过时，因为UserDefaults不是这样的存储敏感数据，在应用程序购买中肯定是IMO。

I think that part of the Apple Documentation is outdated and should be changed as UserDefaults are not the way to store sensitive data, which in app purchases definitely are IMO.

只需在UserDefaults中保存基本内容，如语言设置，音量设置等。

Just save basic stuff in UserDefaults like language settings, volume settings etc.

如果您想保存敏感数据，您应该使用Keychain。现在我认为钥匙串API非常棘手但是GitHub上有两个很棒的帮助你可以使用

If you want to save sensitive data you should use Keychain. Now the keychain API I think is very tricky but there are 2 great helpers on GitHub you can use

1） https://github.com/jrendel/SwiftKeychainWrapper

2） https://github.com/matthewpalmer/Locksmith

我个人使用第一个一个更直接，更容易使用。它确实使保存数据的任务与UserDefaults相同。只需将swift文件复制到项目中或使用CocoaPods就可以了。

I personally use the first one as its more straight forward and easier to use. It literally makes the task of saving your data identical to UserDefaults. Just copy the swift file into your project or use CocoaPods and you are ready.

第二个更先进，更复杂但仍然很棒。
这只是您需要的选择以及您对Keychain API的理解程度。

The second one is more advanced and complex but still great. It's just a choice of what you need and how well you understand the Keychain API.

使用钥匙串时要记住的一件事是即使数据仍然存在你删除你的应用程序，我认为这是件好事。

One thing to bear in mind with keychain is that data persists even if you delete your app, which I actually consider a good thing.

所有信用都归他们各自包装的两位作者所有。

All credit goes to both authors of their respective wrappers.

希望这有助于

这篇关于iOS 8,9上NSUserDefaults的安全性如何？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！