How can I ensure data is encrypted when using NSData.writeToFile:options:error: with the NSDataWritingFileProtectionComplete?
According to Apple documentation:
Data protection is available on most iOS devices and is subject to the following requirements:
The file system on the user’s device must support data protection. This is true for newer devices, but for some earlier devices, the user might have to reformat the device’s disk and restore any content from a backup.
The user must have an active passcode lock set for the device.
https://developer.apple.com/library/ios/#documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/AdvancedAppTricks/AdvancedAppTricks.html#//apple_ref/doc/uid/TP40007072-CH7-SW11
The requirements state that user must activate passcode lock for the device, this is reinforced by the following end user documentation:
Enable data protection by configuring a passcode for your device:
http://support.apple.com/kb/HT4175
How can I find out if the iPhone user currently has a passcode set and encryption enabled? seems like the answer to this question is no longer valid.
Complete Protection (NSFileProtectionComplete): A key derived from the user passcode and the device UID protects this class key. The derived key is wiped from memory shortly after the device is locked, making the data inaccessible until the user unlocks the device.
iOS and iPadOS devices use a file encryption methodology called Data Protection, whereas the data on an Intel-based Mac is protected with a volume encryption technology called FileVault.
Full disk encryption is automatically enabled on every iPhone, straight from the manufacturer. Don't stop there, set an alphanumeric passcode to increase your phone's security under Settings>Touch ID & Passcode>Change Passcode. We recommend setting a minimum of 10 characters with letters and numbers.
Apple makes use of AES 256-bit encryption for iPhone encryption. 256-bit AES encryption is considered a very strong encryption standard and can provide a great level of security for data stored in your iPhones. Similar to other full-disk encryptions, iPhone encryption also protects data that is at rest.
The requirements state that user must activate passcode lock for the device, this is reinforced by the following end user documentation.
If user doesn't have any passcode enabled the encryption would be useless. The unwanted user can use the app directly then anyway.
A solution for your problem would be to manually implement encryption for app data and use a app specific password which you ask the user on every app launch.
I've seen that system at an online banking software for iOS, but I wouldn't recommend that system since it is very annoying for the user.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With