Downsides of Storing Hundreds of Values in iOS using KeyChain

Question

I'm looking to develop a game in Swift with the following potential requirements:

1. It can be played offline
2. It offers the ability to save and reload from other devices
3. Boolean data values can be accessed by the game to determine whether the player has unlocked the levels in the game, as well as what they purchased (how much gold they have, items unlocked, etc).
4. The data cannot be tampered with (I wouldn't want someone to give themselves gold or unlock strong weapons without rightfully purchasing them)

I believe KeyChain is a good approach for this for the following reasons:

1. I can store data as key/value pairs and access them offline (great for my true/false values for what levels/items are unlocked)
2. The entire collection of data can be exported as a name/value pair, thus I can send the entire dictionary (in just a few lines of code) to the user's account using CloudKit/GameCenter, and then have it synchronize to other user devices (by importing that data).
3. It offers very robust security

It feels weird for me to use KeyChain as a poor man's database but for the above reasons I listed I think it could work.

The problem is I could see the name/value pairs being somewhere in the 200-300 range. Would you say storing this many values in KeyChain is a bad decision? It doesn't seem particularly slow (yet).

An alternative to me is to use a database, however many of these values are simply true/false (what levels are unlocked, sword-1 unlocked, armor-3 unlocked, total gold acquired, etc). I suppose the game could grow where it suddenly becomes too robust to manage all of this using KeyChain (and instead I encrypt the database using SQLCipher) but I wanted to ask the community's opinion on storing this many values in KeyChain.

Thanks!

Answer 1

You can just store your info in a plist, csv or database or any other kind of file in the documents directory and encrypt. Store the key in the keychain and use they key to decrypt the file. There are plenty of cryptography pods that will do this part for you so you don't have to deal with the joys of C interop with common crypto.