2 Replies
      Latest reply on Oct 30, 2015 12:55 AM by Emma
      Emma Level 1 Level 1 (0 points)

        I have a couple of questions about how to properly implement data protection for my iOS apps.  I couldn't find very much information about how the AppID Entitlement and it's default then relates to the options that you set when you write a file using NSFileManager or NSData writetofile.

         

        1. If you don't have the data protection entitlement on for your AppID, does this mean that adding NSDataWritingFileProtectionComplete to your code will not provide any protection?
        2. If you do have the data protection entitlement enabled in your AppID, and you have set that entitlement to Protected Until First User Authentication, is this the default level of protection?  Can you still choose a higher level of data protection like NSDataWritingFileProtectionComplete for particular files?

         

        Thanks

        • Re: Implementing Data Protection
          eskimo Apple Staff Apple Staff (9,180 points)

          1. If you don't have the data protection entitlement on for your AppID, does this mean that adding NSDataWritingFileProtectionComplete to your code will not provide any protection?

          No.  The entitlement sets the default value for your container, and hence for anything created within your container.  You can always override that default programmatically (via NSDataWritingFileProtectionComplete or any of the other data protection APIs).

          2. If you do have the data protection entitlement enabled in your AppID, and you have set that entitlement to Protected Until First User Authentication, is this the default level of protection?

          Yes, but see below.

          Can you still choose a higher level of data protection like NSDataWritingFileProtectionComplete for particular files?

          Yes.

          Be aware that the definition of default is more subtle than you might think.  By default the data protection value is inherited from the parent directory when you create an item.  For example, if you have a directory set to NSFileProtectionComplete, any items created within that directory will, by default, be set to NSFileProtectionComplete.  The entitlement controls the data protection value for the root directory of your container, which is then inherited by anything created within that container.  However, if you explicitly set the value for a directory then subsequent items created within that directory will get the new value by default.

          Share and Enjoy

          Quinn "The Eskimo!"
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

          1 of 1 people found this helpful