Xcode: hide / protect resource files in final iOS app?

Question

I plan to develop an app for iOS and want to use HTML5, CSS and Javascript. The final app should be implemented as a native app using Xcode and UIWebView.

Answer 1

There's many ways to protect your data, depending on how good you want the protection to be. For very minimal protection against only casual hackers, you could use a string obfuscation algorithm to obfuscate and de-obfuscate the HTML content as NSStrings. Here's an example of doing that. I haven't used that particular code, but I'm also not really recommending obfuscation as a technique, unless the data really isn't very sensitive.

The better solution is to encrypt the HTML content, although that's more work, and may involve some export control issues, depending on where you are, and where you're distributing your app.

For encryption, you have lots of options.

1) Here is an open source implementation that provides a secure version of something like NSUserDefaults. I don't see an equivalent to registerDefaults: in that code, though, so it's possible that the first time your app runs, you may have to download the content from the web. But, then you could encrypt and store it in PDKeychainBindings as a string value. On subsequent runs, you could then extract stored HTML "files" like this:

NSString* webPageContent = 
    [[PDKeychainBindings sharedKeychainBindings] valueForKey: @"index.html"];

2) Here's another open source project that provides AES encryption wrappers. You would write some non-production code before releasing your app to encrypt the HTML content into encrypted data files that would be bundle resources. When your app runs, it opens the files and decrypts them into NSString objects which can be given to your UIWebView via loadHTMLString: baseURL:.

3) Finally, here's another example of using the underlying CommonCrypto APIs to protect bundle resources. This example uses a custom build step to automatically encrypt resources in a particular folder, which would save you some time if your protected HTML content is going to change reasonably often.