Can somebody explain iPhone's data protection and encryption to me?

Question

I completely revise my question because I found two excellent sources about iOS's data protection. First one is: Episode 209 of Apple's WWDC 2010 Videos "Securing Application Data" and second is http://anthonyvance.com/blog/forensics/ios4_data_protection/.

This only leaves a few opens about data protection:

• The keychain allows defining a class "available when unlocked, this device only" which prevents a keychain record from getting transferred to another device using backup/restore. To my understanding there is nothing similar for files, or is there? How can I prevent FILE data being restored on another device?
• NSData allows storing files with protection and NSFileManager allows changing the security class of an existing file. In my case, files are downloaded by a webservice and I wonder if there are any disadvantages if I first store the file unencrypted and the use NSFileManager to change the class?
• If the user does not specify a PIN or passcode, there is no real protection, correct?
• Is there evidence that a PIN/or password protected device's content which was protected using the "protect always" has been successfully hacked?
• My device contains files which are stored in encrypted format. If now I make a backup of my device in iTunes and do not select to encrypt and password protect that backup, are my backed up files still in encrypted or are they unencrypted in the backup, meaning iTunes would decrypt them before backing up?

Answer 1

1. You must enforce this yourself, as iTunes doesn't care on what it restore. A good approach may be to check the device's UDID on every app launch and, if it doesn't match with the one saved with the data, just discard them.
   Please note that, with the original UDID and a jailbroken device, you can make the app believe that you're still using the initial iDevice and so circumvent this security measure.
2. Because of the sandboxed environment of the iOS system and because of the very short time that the file is stored unencrypted, storing them this way is pretty secure.
3. Data are still encrypted with the device key. This approach is less safe than with a PIN because it relies only on a key that is available all the time on the device. It can be considered enough safe only on an unbroken device, as on a jailbroken one you can read the key from device memory.
4. iTunes backups file as they are stored on the device (so if they are originally encrypted they are encrypted in the backup, too). If backup encryption is enabled too, files are encrypted one more time before storing them on computer's hard disk.