This question already has an answer here:
How secure is NSUserDefaults on iOS 8,9?
(1 answer)
Closed 6 years ago.
I'm working with one of my first iPhone apps. I have made simple login for the users. I want to store variable in NSUserDefaults which will keep track of if user is logged in. If user is logged in than it will be 1, otherwise it will be 0. And of course in other variable user username.
My question is: Is NSUserDefaults secure for keeping information like that? Is there any way in which somebody or user could manipulate with this variables and login without knowing password?
If you need security you should use Key Chains. It encodes values and is best way to save some security information. One thing that you should know is that you should not store there a lot of data as this storage is related to whole device not just to your application, so if your application will be deleted, stored data still will be alive. For example using User Defaults stored data would immediately become deleted(same with using Core Data).
Related
This question already has answers here:
Secure keys in iOS App scenario, is it safe?
(3 answers)
Closed 3 years ago.
I am working on a simple iOS app in Swift that uses an API that I pay for. I do not have a ton of resources and have yet to find a simple/up to date solution to this issue. I want to protect my API key and not put the key directly in my code where I make requests (I have heard this is best practice).
What would be the simplest way to protect my API key from someone taking apart my code and using it.
I've heard something about using Keychain but I'm unsure if this is the best route.
class APIService {
static let shared = APIService()
private let token = "(my token goes here)"
//...various API request functions
}
There is no easy way, nor is there a way to completely protect them from attackers. You can always do some simple key obfuscation or store them in a server but if a hacker can reverse-engineer your code they can likely reverse-engineer your obfuscation.
It'd be good to develop safety measures to take if someone does get your keys (database backups, etc.. ).
This link helped me when I was originally looking into this topic for one of my apps.
NSUserDefaults:
NSUserDefaults is simple and effective for saving small datas like NSNumbers or NSStrings, or even saving remember me option for saving ur state of UserName. NSUserDefaults is no way stored securely as it's easily gets Hacked.
KeyChain:
Best place to save tokens, api keys. Find the below apple documentation which describes more,
**βAn encrypted container that securely stores small chunks of data on behalf of apps and secure services.β "Simply a database stored in the file system.β**
KeyChain Documentation
And here is the example of Swift Version with simple way to store and retrieve data using KeyChain
https://stackoverflow.com/a/37539998/1244403
This question already has answers here:
What is the right time for ViewData, ViewBag, Session, TempData
(3 answers)
Closed 6 years ago.
Which mechanism will be suitable for storing temporary data in Asp.net MVC? I dont want to hit to database everytime customer adds the product to cart.I read some of the articles and i am little bit confused. I want to know which mechanism would be better or any other options?
1) Cookies
2) Session
3) Text File
Sessions and cookies will be what you'll be introduced to in such a case.
Technically cookies will long more time but this is a bit less understandable.
So what a session is? It is something that starts when your user enter your site and follows him until he shuts its browser down.
To provide such a functionality the browser and the server share a token.
That's what's behind the concept of "session".
Basically session storage has a "key=>value" format so to achieve session storage you will have to use a dictionary-like interface:
HttpContext.Current.Session.Add("The Key",the_value);
the_value can be anything serializable.
This question already has answers here:
Do NSUserDefaults persist through an Update to an app in the Appstore?
(6 answers)
Closed 7 years ago.
I have an app that stores user info in the NSUserDefaults *
and when the application loads and runs it reads this data.
If I understand correctly when a user upgrades the app to a new version it's basically like delete and re-install the app which means all the user data is lost.
Is there a way to save this data somewhere on the user device a memory area that is accessible to number of apps and is not deleted in the update process?
If I understand correctly when a user upgrades the app to a new version it's basically like delete and re-install the app which means all the user data is lost.
This is not correct. An upgrade is fundamentally different from a delete and reinstall because it DOES NOT delete anything stored in NSUserDefaults, files stored on the file system, information in a local database, etc...
In a nutshell, you should be fine doing nothing at all - the data will persist between updates.
Interesting question, and I have searched through and came across the following.
Referring to the following SOF post that has high upvoted answer by SOF community,
They are usually not reset unless the user deletes the app. For basic data, NSUserDefaults is the best way to save data such as preferences, dates, strings etc. If you are looking to save images and files, the file system is a better bet.
However, if you want to delete prior NSUSerDefault settings, then you could use
[NSUserDefaults resetStandardUserDefaults]
Further detail information could be found here.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm new to iOS and have just started leaning it. I want to develop a small app for bus passengers where-in all users in the bus must login using the app.
If user is using the app for 1st time, he must sign up . User must enter all details like Name,Age,Emergency Contact,Address,Source,Destination,Phone number etc.
If user already exist, then login with existing user name and password.
All details must be stored somewhere (not sure) and retrievable format.
Here comes all my question and doubts based on above app requirements :
do i need to follow client-server architecture ?(mobile app being client )
where all user details will be stored ( on mobile or server )
when user tries to login, how check if user already exists or not ?
if any communication protocol to be used for mobile app communication then which will be good considering the performance of app should be fast.
mobiles internet data should be available ?
which database to use to store user details ?
considering all above things i need to design my app.
thanks
I will try to give some points to start from.
1) I think yes (its really depends what you want to achive but if you only want to get/pos resources to/from server, http request should be enough to start from).
2,6) Depends which details.
For simple details which no need in protection NSUserDefaults Sqlite or Core data can fit. (also there are some nice wrappers for them for instance TMcache, you will need to investigate it).
If you need to save private details you will probably need to use keychain.(honestly I would avoid saving important details on the device everything can be hacked so try to limit it).
3) One of the common ways which come to my mind is to check in run time if the user already logged in is by saving login status in NSUserdeFaults and check it in - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions. If you need to check Existence of user in your system than probably some server help will be need.
4) Please refer to apple Docummentation NSURLSession should fit.Also AFNetworking is really good library.
Edit:
5) Usually IOS will use Current Internet Connection which is available and more efficient for the system it will start with WIFI then CellularData (Check Reachability for testing availability of internet connection its also included in AFNetworking library) .
-All those questions/answers can be found on stack.Hope I helped.
List of common IOS frameworks
I am storing secure data in the keychain that should be maintained only within my app. During app running this data is retrieved to some variable. It seems like it is possible to crack my app in order to read that value or even dump the whole keychain, but my question is it possible to the "hacker" modify that data i.e. modify at runtime area of RAM that holds this variable and make my app to update keychain with new value? And I also have setter method for that property, which saves it to keychain, is it possible to investigate the address of that function and force call my method with custom value?
I already looked here and here for best practices, read answer at Quora, that and that articles, looked for ios-keychain-analyzer project at GitHub but there is no mention about changing data, only about reading