I'm interested in using data protection in my iOS app. There seem to be three places I can do this:
[-NSFileManager setAttributesOfItemAtPath:error:]
I've read the documentation that I can find, but none of it tells me which of these I need to do. If I do 1, does that turn it on for the whole app? Can I do 3 without doing 1? Do I need to do 2 at all?
Data protection is an iOS feature that you use to secure your app's files and prevent unauthorized access to them. Data protection is enabled automatically when the user sets an active passcode for the device. You read and write your files normally, but the system encrypts and decrypts your content behind the scenes.
If you need to store sensitive data, use Keychain Services. Unlike UserDefaults, the data stored in the keychain is automatically encrypted. With the keychain, you don't need to save encryption keys. Every application has its own isolated keychain section that other applications can't access.
I've had the following answers from Apple:
If I do 1, does that turn it on for the whole app?
Yes. It becomes the default data protection for all file system objects your app creates.
Can I do 3 without doing 1?
Yes. This is useful if you want protect just one file.
You can also do 1 and 3, that is, use 1 to set the default and 3 to override that default for certain files.
Do I need to do 2 at all?
No. Once you do 1, the value ends up in your provisioning profile, which is then merged into your code signing entitlements at build time.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With