i have an app that has an inapp purchase.
in this store i can download 1 item that consost in 10 special bullets.
now, as i download i make:
FILE *pFile=fopen("bullets.dat", "wb");
rewind(pFile);
fprintf(pFile, "%d",numberOfBullet);
fclose(pFile);
the question is:
this solution is easily hackable? (i think so)
do i need more secure way to store data or no?
what is the best way to store information? (i store only one integer but perhaps there is more convenient way to do it)
thanks
Indeed that approach is not very secure. Someone with a jailbroken iPhone could just simply create or change that file on the phones filesystem and you’re app would be non the wiser.
A better approach is to use the Keychain service to store this info, which will then be securely stored and not accessible to end users (at least easily). This does not fully protect you from in-app piracy (as someone could try and manipulate your binary to not call the checking functionality you have within your app). But its a good approach to protect against all but the most determined pirates.
For more info on Keychain services have a look at http://developer.apple.com/library/ios/#documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html
A lot of people use the SFHKeychainUtils wrapper to make working with the Keychain easier. You can grab it from GitHub at https://github.com/ldandersen/scifihifi-iphone/tree/master/security