1. If you don't have the data protection entitlement on for your AppID, does this mean that adding NSDataWritingFileProtectionComplete to your code will not provide any protection?
No. The entitlement sets the default value for your container, and hence for anything created within your container. You can always override that default programmatically (via
NSDataWritingFileProtectionCompleteor any of the other data protection APIs).
2. If you do have the data protection entitlement enabled in your AppID, and you have set that entitlement to Protected Until First User Authentication, is this the default level of protection?
Yes, but see below.
Can you still choose a higher level of data protection like NSDataWritingFileProtectionComplete for particular files?
Be aware that the definition of default is more subtle than you might think. By default the data protection value is inherited from the parent directory when you create an item. For example, if you have a directory set to
NSFileProtectionComplete, any items created within that directory will, by default, be set to
NSFileProtectionComplete. The entitlement controls the data protection value for the root directory of your container, which is then inherited by anything created within that container. However, if you explicitly set the value for a directory then subsequent items created within that directory will get the new value by default.
Share and Enjoy
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"