Safe Way To Open Full Version Through In-App Purchase

Question

Safe Way To Open Full Version Through In-App Purchase

I plan to use the in-app purchase to unlock some features in my application. What is the safest way to do this?

I originally planned to install Bool in NSUserDefaults :

[[NSUserDefaults standardUserDefaults] setBool:YES forKey:@"isPro"];

But I'm not sure if it is possible to set this value using a “hack” (since NSUserDefaults controlled by iOS and not directly by the application), so the user does not need to perform an in-app purchase to get the full version.

What's the best way to handle this?

+6

ios in-app-purchase

Patrick Jan 03 '13 at 12:13

source share

4 answers

Jim · Answer 1 · 2013-01-03T12:31:42+0000

Yes, it’s relatively easy to change application settings. But does it really matter? I would promise that anyone who wants to hack into the iPhone file system and change the configuration files to save quid or two is not the kind of person who would be inclined to spend money if they could not do it.

No grabbing · Answer 2 · 2013-01-03T12:53:22+0000

Security through Obfuscation is the easiest way to go here (for example, don't name your var “isPro” and maybe not let this value be a simple BOOL, but instead it will be some kind of “magic” integer. Not sure, but another speed hack for hacking.

As an alternative to using NSUserDefaults you can save the file to the file system of the application, and then check its contents when the application starts.

Not sure if it is worth the time and problems.

Edwin vermeer · Answer 3 · 2013-01-03T12:21:50+0000

You can save it in a keychain, but then on a jailbreak device it is also easy to read and change. Therefore, you must encrypt the data. Make sure the encryption password cannot be easily found in your application by scanning the binary.

Anton Malmygin · Answer 4 · 2014-07-02T01:17:49+0000

I ran into some kind of problem and found two common ways to securely store In-App purchases:

1) Using the secure version of NSUserDefaults:

a) "Safe NSUserDefaults". This version of NSUserDefaults generates a hash for any stored secret item and provides you with a check for that hash for the item after. Thus, you can easily cope with this situation by “hacking” the default .plist by the user.

Check here: https://github.com/matthiasplappert/Secure-NSUserDefaults

b) "SecureNSUserDefaults". NSUserDefaults with AES encryption. I can advise here not only to store safe bool values for purchases, but also some obfuscation of the line to indicate payment or not.

Check here: https://github.com/nielsmouthaan/SecureNSUserDefaults

2) Using KeyChain

a) "RSSecrets" A simple class for storing key value elements in KeyChain. See also discussion here: Storage in app Purchasing receipts in Keychain app

And check out the project: https://github.com/jeffargast/RSSecrets

b) "STKeychain" This class is mainly used to store login / password in KeyChain, but in the MKStroreKit project (the popular In-App Purchase StoreKit for iOS devices) they actually use this class to store purchases in applications.

Check here: https://github.com/ldandersen/STUtils/blob/master/Security/STKeychain.h

PS I haven’t used any of these classes in my project yet, but I’m thinking of using RSSecrets.

Safe Way To Open Full Version Through In-App Purchase

More articles: