One of the simplest ways to improve security for your app data is to make use of the file data protection APIs
The iOS Security doc is an important document which also talks about other aspects of iOS security. File data protection is simple to understand though.
There are a few options:
- NSFileProtectionComplete — file is only accessible when device is unlocked
- NSFileProtectionCompleteUnlessOpen — file is accessible while the device is unlocked and will remain unlocked while it's open. THis is useful if you want to read/write to it while running in a background task
- NSFileProtectionCompleteUntilFirstUserAuthentication — file is accessible once the device is unlocked and until it is rebooted
- NSFileProtectionNone - file is not encrypted
To set them on a per-file basis:
FileManager.default.setAttributes([FileAttributeKey.protectionKey: NSData.WritingOptions.completeFileProtection], ofItemAtPath: filePath)
If you want to set a default protection class for every file your app creates, you can specify the
com.apple.developer.default-data-protection entitlement in Xcode.
File protection is easy to implement, and hardware-optimized. You should use it.