Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I protect data using iOS on-disk encryption when the user passcode lock has not been enabled?

Question

How can I ensure data is encrypted when using NSData.writeToFile:options:error: with the NSDataWritingFileProtectionComplete?

Background research: Enabling data encyption

According to Apple documentation:

Data protection is available on most iOS devices and is subject to the following requirements:

  • The file system on the user’s device must support data protection. This is true for newer devices, but for some earlier devices, the user might have to reformat the device’s disk and restore any content from a backup.

  • The user must have an active passcode lock set for the device.

https://developer.apple.com/library/ios/#documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/AdvancedAppTricks/AdvancedAppTricks.html#//apple_ref/doc/uid/TP40007072-CH7-SW11

The requirements state that user must activate passcode lock for the device, this is reinforced by the following end user documentation:

Enable data protection by configuring a passcode for your device:

  1. Tap Settings > General > Passcode.
  2. Follow the prompts to create a passcode.
  3. After the passcode is set, scroll down to the bottom of the screen and verify that the text "Data protection is enabled" is visible.

Passcode lock screen

http://support.apple.com/kb/HT4175

Similar SO Questions:

How can I find out if the iPhone user currently has a passcode set and encryption enabled? seems like the answer to this question is no longer valid.

like image 558
Edward Wilde Avatar asked Apr 21 '13 10:04

Edward Wilde


People also ask

What protection class in iOS provides user data encryption and inaccessible when device is locked?

Complete Protection (NSFileProtectionComplete): A key derived from the user passcode and the device UID protects this class key. The derived key is wiped from memory shortly after the device is locked, making the data inaccessible until the user unlocks the device.

Do iOS devices encrypt data?

iOS and iPadOS devices use a file encryption methodology called Data Protection, whereas the data on an Intel-based Mac is protected with a volume encryption technology called FileVault.

How do I enable full disk encryption on my iPhone?

Full disk encryption is automatically enabled on every iPhone, straight from the manufacturer. Don't stop there, set an alphanumeric passcode to increase your phone's security under Settings>Touch ID & Passcode>Change Passcode. We recommend setting a minimum of 10 characters with letters and numbers.

Does iOS have full disk encryption?

Apple makes use of AES 256-bit encryption for iPhone encryption. 256-bit AES encryption is considered a very strong encryption standard and can provide a great level of security for data stored in your iPhones. Similar to other full-disk encryptions, iPhone encryption also protects data that is at rest.


1 Answers

The requirements state that user must activate passcode lock for the device, this is reinforced by the following end user documentation.

If user doesn't have any passcode enabled the encryption would be useless. The unwanted user can use the app directly then anyway.


A solution for your problem would be to manually implement encryption for app data and use a app specific password which you ask the user on every app launch.

I've seen that system at an online banking software for iOS, but I wouldn't recommend that system since it is very annoying for the user.

like image 167
miho Avatar answered Sep 22 '22 19:09

miho