iOS Dev Nugget 216 File Data Protection


Need to run a code review on your codebase? Hire me

One of the simplest ways to improve security for your app data is to make use of the file data protection APIs

The iOS Security doc is an important document which also talks about other aspects of iOS security. File data protection is simple to understand though.

There are a few options:

  • NSFileProtectionComplete — file is only accessible when device is unlocked
  • NSFileProtectionCompleteUnlessOpen — file is accessible while the device is unlocked and will remain unlocked while it's open. THis is useful if you want to read/write to it while running in a background task
  • NSFileProtectionCompleteUntilFirstUserAuthentication — file is accessible once the device is unlocked and until it is rebooted
  • NSFileProtectionNone - file is not encrypted

To set them on a per-file basis:

FileManager.default.setAttributes([FileAttributeKey.protectionKey: NSData.WritingOptions.completeFileProtection], ofItemAtPath: filePath)

If you want to set a default protection class for every file your app creates, you can specify the entitlement in Xcode.

File protection is easy to implement, and hardware-optimized. You should use it.

Your feedback is valuable: Do you want more nuggets like this?   Yes   or   No



Like this and want such iOS dev nuggets to be emailed to you, weekly?

Sign Me Up! or follow @iosdevnuggets on Twitter


View archives of past issues