I was just searching out something else, and I saw that if someone has a jailbroken device, he can easily navigate through my application folder and see all my config.txt where some of my code is stored. Can we hide such files so no one can enter?

No, not without some sort of encryption mechanism. -tM

I'm pretty sure that it would be super difficult to hide it, because you'd have to reprogram all the code to look for the config file in a new place. It's the config file that drives everything in the entire app. Interesting problem for sure, but, like everything else in computers, if somebody really wants to find out your code, they'll get it one way or another.

Sad news absolutely...

Truth be told, it doesn't have to be jailbroken for you to find files on the device. I've been doing this for a loooooong time on my iPad. It is what it is. Cheers! -- Smug

Can we change the permissions at this file through Xcode…Can this protect our files?

Doubtful - even if you could change it so that users couldn't read the file, then probably the app wouldn't be able to either. Probably, you shouldn't be storing sensitive data in the app. What is it that you're worried about out most?

The only way how to protect your success is to be ahead of others. I lost a fortune a few times in my country because everybody copied my texts, nobody bothered creating something, they just copied and pasted what I created. I could not do anything, I do not have money to spend for lawyers. So do not bother in hiding your software, innovate. Every copycat is waiting for you to create it and to steal it. Look at Apple, when the competitors are close, they release a new product, something the competitors have no chance to copy for about a year. It is inevitable that someone will find out how to copy it one day. Cheers! Frogman

I don't have any particularly good skill at implementing my idea, but I've seen on the net different types of iOS code that can update via zip file. It would stand to reason you could use a password enabled zip, have it unzipped in the app on startup, provide your needed data files, and then delete those files before the app quit (hopefully). Again, lots of details I can't answer, but it's a thought... Cheers! -- Smug

@frogman well spoken...keep awake and stay ahead @smugwimp very good idea, but I wonder: is this possible? @chris I don't worry for something specific, but the general thought of stealing

Problem there is that your app wouldn't be available offline. You can change a few lines of code as it is to do the same thing without zips. Just have the app delete the temporary file during run time, so users would have to download it every time. Of course, the hacker could still see what URL you're pulling the file from. But with you're zip example they could see the password just as easily.

the problem with jailbroken iphones is that the user doesn't have to be a hacker to steal the bt_config.txt...with a file browser he can easily enter the folder

Just downloaded one of those tools to see what can be seen on a BT app. Doesn't look like you have access to code - just resources, which makes sense. So, the person stealing would have to be familiar with how Buzztouch works, be comfortable with JSON to do it all manually, have purchased all the same plugins you used in the app, and hope you didn't make any custom mods to any of the code. It's a good reminder that we shouldn't design plugins that require putting sensitive info in the JSON though. If you're really that concerned about your JSON getting out, I would suggest doing as I said above and adding some code to delete the downloaded config file at run time. Keep in mind that if someone really wanted to duplicate your app and sell it themselves, it would be fairly easy to do so without seeing your config file, as long as they were familiar with Buzztouch and all you used were standard plugins with no modification.

Just thought of another option for you - make the app fully offline. Code the JSON in manually in Obj-C using NSDictionaries, and leave the config file blank. Would take the fun out of Buzztouch, but would alleviate your worries.

Just cause you got me thinking, here's another solution. Remove all screens from your bundled config.txt file; host your JSON externally; encrypt the hosted JSON file; and code in a decryption process in obj-c where the app processes the file. That way, it still saves it to cache, but isn't readable via a file manager. Of course, you hope the Apple reviewer doesn't reject your ap for not sending it "complete". :P

thank you so much chris for these info…you are the best…I don't know if they'll work but thanks anyway!