Does iPad On Disk Encryption affect only one application or whole system

Question

I need my native iPad application to store its data (say .DOC documents downloaded via HTTPS) in an encrypted form. Those .DOC files are to be opened in 3rd party apps on the iPad.

I need to know whether there is a way that data of both my application and those of 3rd party apps can be encrypted? Meaning that my .DOC file will never be stored in unencrypted form on the device. (motivation here being that my app downloads documents with sensitive information and I want those documents to be read on the iPad, but with the layer of disk-encryption protection.)

I was reading through Advanced App Tricks @ apple.com, section "Protecting Data Using On-Disk Encryption", but was unable to find any relevant information.

Answer 1

First, let's get the hardware encryption aspect out of the way:

iOS supports hardware encrpytion of everything on the disk. It's encrypted with a key that has nothing to do with your device pass code. This feature is there to allow quick wiping of the device's data (by overwriting the device encryption key). It doesn't really protect your data from being retrieved by a skilled interloper who can get your device, however; a jailbreak will get around this.

Per-file encryption via the Data Protection API: iOS can be told that certain files are to be encrypted by setting a flag on them. They are then encrypted using the device pass code (if one has been set). Note: if the user hasn't set a passcode, this extra protection isn't applied! Therefore, technically, this protection is out of your control, unless your users work at an organisation that enforces passcode lock policies (using iPhone Configuration Utility or similar).

Encryption using CommonCrypto: you can use encryption APIs such as this to manually do your own encryption/decryption. Note that if you don't know what you're doing it's easily to abuse such APIs and end up with not very secure encryption. However, there are some wrappers such as RNCryptor which make it much harder to abuse these APIs.

Protecting files used by third party apps: Can you clarify how your app will share files with third party apps please?

More info:

• http://support.apple.com/kb/HT4175

• http://www.ilounge.com/index.php/articles/comments/ios-encryption-and-data-protection/

• http://developer.apple.com/library/ios/#documentation/security/Conceptual/cryptoservices/Introduction/Introduction.html#//apple_ref/doc/uid/TP40011172-CH1-SW1

• https://github.com/rnapier/RNCryptor

Update

On using UIDocumentInteractionController:

Once you've handed off your document to another app using this method, the data is out of your hands and the third party app can do what it likes with it. If you're happy with that, and your main concern is just having the document stored on your device in a protected way, then there are a couple of possibilities:

• Rely on Data Protection API to protect the document on-disk (user has to set a passcode and you need to tell iOS that the particular file is to be protected for this to work)

• Using the NSURLProtocol trick mentioned here to decrypt an encrypted file on disk on-the-fly