问题描述

我对安全性有疑问。

我正在按照，我存储了在NSUserDefaults中购买的产品。这就是为什么我想知道：

I am making an iOS app with in app purchase following this tutorial, and I store what products were bought in NSUserDefaults. That's why I wonder :

拥有越狱设备的用户可以修改NSUserDefaults键和应用值吗？

Can a user with a jailbroken device modify NSUserDefaults key and values for an app?

非常感谢你，如果你知道的话。

Thank you very much if you know about it.

Jer

推荐答案

Yes, they can. The user defaults are stored relative to your app directory here:

./MyAppName.app
./Library/Preferences/com.mycompany.MyAppName.plist

plist文件未加密或签名，因此它可以是轻松修改：

The plist file is not encrypted or signed, so it can be modified easily:

plutil -convert xml1 com.mycompany.MyAppName.plist
vim com.mycompany.MyAppName.plist

您可以查看iOS钥匙串，如@rckoenes所说，或者，提供类似 NSUserDefaults 。

You can look into the iOS keychain, as @rckoenes said, or also something like this open source secure defaults replacement, which offers an interface similar to NSUserDefaults.

自iOS 8起，数据目录（以及首选项plist文件）现在位于：

Since iOS 8, the data directory (and thus the preferences plist files) are now under:

/var/mobile/Containers/Data/Application/<GUID>/Library/Preferences/