2

I have encrypted files downloaded and available for offline view in a folder, I would like to know:

  • how to open them in the appropriate reader as these are ms office docs and prezi format

  • I suppose they will have to be unencrypted so that reader can read them but in this case how to ensure security?

  • which folder to use to avoid iCloud sync, I already read this Disable iCloud sync

  • Does iOS protects documents of the application by encryption based on app key as I read it or am I wrong?

Community
  • 1
  • 1

2 Answers2

2

Speaking extemporaneously, as thoughts occur, Sven is right about UIDocumentInteractionController and that objects are identified by URL.

However, it's possible you don't need to unencrypt your files on disk for this to work. You can probably write your own little URL protocol (subclass NSURLProtocol and implement methods appropriately; you should end up checking that URLs are within the invented scheme you've created — e.g. myApplicationEncrypted:// — then posting data packets to a NSURLProtocolClient) and register it with the device via NSURLProtocol +registerClass.

You'll obviously need to decrypt between disk and protocol client. So you'll be passing unencrypted data on — you'll need to make a trust judgment on UIDocumentInteractionController.

The document interaction controller is documented to work within your app, so there shouldn't be sandbox concerns.

Tommy
  • 99,986
  • 12
  • 185
  • 204
  • I am not sure if the NSURLClient methods are used to get the document data. But even if you decrypt the data on the fly, once the other app has access to the data it isn't protected anymore. You can't force the other app to keep it secure. – Sven Aug 21 '12 at 22:12
  • @Sven I'm pretty confident that the things registered as `NSURLProtocol`s are always the things that handle URL fetches. Though that's what the 'as thoughts occur' is meant to make clear — it's an idea to try, not an idea I've tried. I guess there would be a problem if a user used the interaction controller to attempt to open in another application as your `NSURLProtocol` subclasses are restricted to your sandbox. – Tommy Aug 21 '12 at 22:18
  • 1
    The UIDocumentInteractionController does not go through the custom NSURLProtocol. Nor can you use a non file:// scheme as UIDocumentInteractionController throws an error. I have only had success using a UIWebView and its loadRequest, a custom scheme (mysecurestore://) and a custom NSURLProtocol that responds to that scheme. – Lyndsey Ferguson Nov 14 '15 at 15:37
0

You can send your documents to other apps using an UIDocumentInteractionController object. You initialize it with a file URL pointing to your document and then use one of it’s methods to present it.

This takes care of displaying a preview (if possible) and letting the user select the application the document should be opened in.

The document has to be decrypted for this to work. You then cannot make any guarantees about the security of your file - once it is handed over to another application it is out of your control.

If your app doesn’t explicitly opt-in to use iCloud sync your data will not be synced with iCloud. What will be sent to iCloud are backups of the whole device though (if enabled). There are ways to disable this for single files as you already read in the question you linked.

The iOS file protection is based on a device key, not on a per app key. This also is not necessary because apps are protected from each other by the sandbox, unless your phone is jailbroken. On a jailbroken phone there are no security guarantees.

Sven
  • 22,475
  • 4
  • 52
  • 71