3

I created an iOS test app that applies NSFileProtectionComplete for a test file's NSFileProtectionKey attribute. I kill the app, and lock the device with a passcode. I then SSH into the device. In the SSH session, I can still read the test file as if it wasn't encrypted or any protection was put in place.

Using FileDP via SSH on the test file, the protection level shows up as expected which was set to NSFileProtectionComplete.

I tried logging in as both root and mobile via SSH and the results are the same. Is on device encryption disabled if the device is jailbroken?

Or is SSH not a reliable test if the file has been protected? If not SSH, how should file protection be tested?

radj
  • 4,360
  • 7
  • 26
  • 41
  • Do you have a non-jailbroken device to test on? – Nate Sep 26 '14 at 03:13
  • 1
    @Nate Yes, I can revert the device into non-jailbroken. If non-jailbroken, how would I test if the file was encrypted? – radj Sep 26 '14 at 06:32
  • 1
    You can download iExplorer to run on your PC and use that to browse your app's Documents folder. It has a free trial. Note: I see the same behavior as you when sshing in, and viewing in plain text. – Nate Sep 26 '14 at 22:03
  • @Nate I tried iExplorer on a jailbroken device. The supposedly protected Documents folder is still readable as is even when device is locked. I will try again later with a non-jailbroken device. – radj Sep 29 '14 at 12:26
  • @radj - Were you able to get the NSFileProtecitonComplete to work? I am trying to use it for my .sqlite db and can't seem to get it work. I have posted my code at : http://stackoverflow.com/questions/39151959/nsfileprotectioncomplete-doesnt-encrypt-the-core-data-file – EmbCoder Aug 26 '16 at 14:09
  • @EmbCoder I have left the task over a year ago. Unfortunately, I don't think I ever got to find out how to effectively test the protection. – radj Aug 29 '16 at 03:12

1 Answers1

2

Make sure:

  • a passcode lock is set in the Settings app,
  • the device is effectively locked with the passcode (the setting called "Require Passcode" can lead to the screen being off but the lock not being active).

Note that:

  • the protection is only for the content of the file, not its name. So you can get a list of protected files even when the protection is active,
  • prior to iOS 8, marking a folder as NSFileProtectionComplete does not ensure the files it contains are protected (you needed to mark every file).
davidisdk
  • 3,358
  • 23
  • 12
  • Follow up question: How do I tell "the device is effectively locked" and not just screen off? – radj Nov 10 '14 at 09:36
  • Press the home button then slide to the right. If your device is locked you will need to enter your passcode or Touch ID, if it is unlocked the lock screen will simply disappear. – davidisdk Nov 28 '14 at 01:00
  • Hello @davidisdk. I'm looking for definitive evidence in iOS and Foundation release notes that NSFileProtectionKey is inherited by a directory's file since iOS 8, but I just can not find it. Where do you get this information from? I can see it works on iOS 10, but I'd like to know for sure that this is true as well for iOS 8 and 9 as well, because I'm writing documentation about SQLite database protection for [GRDB.swift](http://github.com/groue/GRDB.swift). – Gwendal Roué Jan 18 '17 at 15:15