How to react with iOS Data Protection if a user disables their passcode?

Question

I have an iOS 9 app and I have directory of sensitive files in it I am trying to protect (they are proprietary video files). I need to be able to protect these files even from a malicious user who has jailbroken their device and is trying to read the file. Ideally, I would like to use Data Protection to encrypt the file like so:

NSError *protectionError;
NSDictionary *protection = @{ NSFileProtectionKey : NSFileProtectionCompleteUnlessOpen };
BOOL result = [[NSFileManager defaultManager] setAttributes:protection ofItemAtPath:contentDirectory error:&protectionError];

However, it looks like all a jailbroken user would have to do to gain access to this file is remove the passcode on their device, which renders data protection useless. Is there a way to mark a file as needing to be deleted by the OS in the case where the passcode is removed? I would think this would be similar to how the iPhone and Apple Watch delete Apple Pay cards when a passcode is removed from the device.

Answer 1

I am posting this as answer now..

why not encrypt these files on your own using a a key and AES256 Encryption.

you don't have to hardcode the key in your code, neither you have to store it in sandbox. You can generate it using the method describe in this question I asked.

Random 256bit key using SecRandomCopyBytes( ) in iOS Use iOS keychain to store the key.

If you are worried that key can be obtained from the keychain (which is highly secure by the way), then the best bet for you is to decrypt the files using a password as a key which the user will have to enter and you keep your video in memory. You never store this password anywhere, only when the user wants to see this video, he will have to enter it in order to decrypt it.