Data encryption with Core Data in iOS

Question

I just need a confirmation on this.

Is it correct to say that, with the iPhone 3GS and above, any data written to the filesystem is encrypted using hardware encryption? By simply creating the XXX.sqlite file on the file system, the data stored in it is already encrypted.

Also for further security NSFileProtectionComplete is provided?

Thanks.

Answer 1

[_persistentStoreCoordinator addPersistentStoreWithType:NSSQLiteStoreType configuration:nil URL:storeURL options:@{ NSPersistentStoreFileProtectionKey : NSFileProtectionComplete } error:&error]

Answer 2

No, your assumption is not correct.

From the NSPersistentStoreCoordinator class documentation:

The default value is NSFileProtectionCompleteUntilFirstUserAuthentication for all applications built on or after iOS v5.0. The default value for all older applications is NSFileProtectionNone.

To enable NSFileProtectionComplete, one would need to add the NSPersistentStoreFileProtectionKey with NSFileProtectionComplete to the options NSDictionary when calling the addPersistentStoreWithType:configuration:URL:options:error: method.

Keep in mind that this file encryption is only enabled when the user has set a passcode.

Answer 3

No, that is not correct. You will need to enable encryption on the sqlite file. Add the following after you create your persistentStoreCoordinator:

// Make sure the database is encrypted when the device is locked
NSDictionary *fileAttributes = [NSDictionary dictionaryWithObject:NSFileProtectionComplete forKey:NSFileProtectionKey];
if (![[NSFileManager defaultManager] setAttributes:fileAttributes ofItemAtPath:[storeURL path] error:&error]) {
    // Deal with the error
}