Prevent cheating on savedata in iPhone

We can use sqlite, nsuserdefaults or ordinary file system for saving gamedata on iPhone. These data are usually stored in the Documents directory, but files under the Documents directory can be easily modified without JailBreak. (Actually some cheated scores were posted to the server before)

There are some ideas I considered to prevent cheating by modifying save data.

Encrypt file

Simply encrypt data file and decrypt it on reading. It seems secure but the performance will be sacrified if the game need to update gamedata frequently.

SQLite encryption

There are some encrypt extension libraries for sqlite. The problems are the cost and the licenses.

Verifier / Checksum

Store the checksum of saved data and detect cheat by using it. It might cause FALSE POSITIVE result if t开发者_高级运维he saving checksum failed by some reason.

Keychain

Store data into keychain. But we can't use sqlite. And is it okay to store large data in keychain?

Each idea has a flaw. Can you give me any ideas?

One flaw in the design seems to be that you are trusting the local data. Instead I'd recommend that you treat the local data as unsafe user data. That way, a user can manipulate it all they want, but you'll never send it to your server to be published.

When a user completes a game, have the game send the score to the server right away. If you like, your server can send back a signed copy (hashed) that you can save wherever you want in whatever format you want. In your game, you could add a little "verified score" badge next to the scores that took place while they were online. If the verified score is manipulated, then the hash won't work, and (locally anyway) they'll loose their score.

If your user is offline, then their score cannot be verified. You can still save it locally with all the signed scores, but don't have to worry about syncing up bad data at all. Simply never send data to your server that was read from the local filesystem.

From a user experience perspective this may not be ideal, but you can frame it by telling your users "If you are connected to the internet when you get a high score, your score will be verified and published in the global top list" or something to that effect. I'm sure you can figure out a way to handle it.

There are some very light, if darn near unbreakable, ciphers for encoding if you want to go that route. I've used in the past a variation of the substitution cipher where I XORed the values with random numbers. These can be darn near unbreakable (esp. if you change it up each time - nothing more frustrating to a hacker than to get differing results each time :)

The smaller the data, the easier it is to back-hack. Nothing is more frustrating than sniffing a network and finding that 10 digits are encoded in a 4096 digit block of random numbers.

Depending on the size of your data, you could encode different parts with different ciphers - it would be lightweight to encode/decode but a pain to hack.

You can save the data in a sub-folder of NSLibraryDirectory instead of NSDocumentsDirectory. Users cannot see or edit the NSLibraryDirectory through iTunes.