1 Reply
      Latest reply: May 27, 2016 2:47 AM by eskimo RSS
      wc2008 Level 1 Level 1 (0 points)

        If I did not explicitly enable Data Protection entitlement in my iOS app, are all stored data / files still encrypted automatically since iOS 7?  The iOS Security guide (https://www.apple.com/business/docs/iOS_Security_Guide.pdf) seems to imply that with the following statement:

         

        In addition to the hardware encryption features built into iOS devices, Apple uses a technology called Data Protection to further protect data stored in flash memory on the device. Data Protection allows the device to respond to common events such as incoming phone calls, but also enables a high level of encryption for user data. Key system apps, such as Messages, Mail, Calendar, Contacts, Photos, and Health data values use Data Protection by default, and third-party apps installed on iOS 7 or later receive this protection automatically.

         

        • Re: Question about Data Protection and automatic data encryption
          eskimo Apple Staff Apple Staff (8,150 points)

          Yes.  Starting with iOS 7 the default data protection for apps is NSFileProtectionCompleteUntilFirstUserAuthentication.

          I went into this in detail in a thread on the old DevForums.  However, re-reading that now I see that my attempt to fix the messed up table is still messed up.  [I’m feeling pretty dumb at this point )-: ]  I can’t fix it because the old DevForums is now read-only, so I’ve included a correct version here.


                    iOS 4...6                iOS 7..
                    ---------                -----------------
          Explicit1 NSFileProtectionComplete NSFileProtectionComplete
          Explicit2 NSFileProtectionNone     NSFileProtectionCompleteUntilFirstUserAuthentication
          

          That is, if you set a value in your App ID / provisioning profile (Explicit1), you get that value.  If you don't (Explicit2), you get NSFileProtectionNone on iOS 6 and earlier and NSFileProtectionCompleteUntilFirstUserAuthentication on iOS 7 and later.


          Let me know if I’ve messed up the table again (-;

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"