Reputation: 3777
iOS Data Protection and secure files
I'm building an app where I need to store data in an encrypted format. I've enabled Data Protection under Capabilities and added the completeFileProtectionUntilFirstUserAuthentication options when writing data to disk. (I need to access it from background fetch)
Everything works fine, but when I download the app container from Xcode I can see the data in clear text (plist).
Is this as it should be since I've opened the app after I unlocked my phone? Is there any way to validate that the data actually is encrypted?
Upvotes: 1
Views: 948
Answers (1)
Reputation: 46703
There's no way to realistically validate this since everything is encrypted on disk when it's on the actual device (as long as the device has a device passcode set). They use layers of encryption keys starting at the processor and memory chip level and working up to file and part-of-file level.
Downloading an app bundle to your Mac computer from Xcode isn't the same thing as running an app bundle on an iOS device.
NSFileProtectionCompleteUntilFirstUserAuthentication is the default security setting as of iOS 7, so there's no reason to set it explicitly.
This is the default class for all third-party app data not otherwise assigned to a Data Protection class.
More info from Apple's white paper (page 16): https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Upvotes: 2
Related Questions
- What is the default file protection on iOS and how to change it
- Data encryption in iOS
- Encrypting data in iOS
- File Encryption with NSFileManager
- Data Protection on iOS
- How to protect my application data in Documents directory
- Secure file storage in iOS
- Encrypt an decrypt files in iphone
- Encryption while working with the data on IOS Iphone and Ipad
- Securing files on IPhone