3

I am calling a parent app on my iPhone from an Apple Watch app using openParentApplication and handleWatchKitExtensionRequest. In the main app, I use CoreData with the following options for addPersistentStoreWithType:

NSDictionary *options = @{
        NSMigratePersistentStoresAutomaticallyOption : @YES,    //
        NSInferMappingModelAutomaticallyOption : @YES,          //
        NSSQLitePragmasOption : @{@"journal_mode" : @"DELETE"}, //
        NSPersistentStoreFileProtectionKey : NSFileProtectionCompleteUnlessOpen
    };

This caused an exception:

This NSPersistentStoreCoordinator has no persistent stores (device locked). It cannot perform a save operation.

Does this mean that I can neither use NSFileProtectionCompleteUnlessOpen nor NSFileProtectionComplete?

Do I have to use NSFileProtectionNone or NSFileProtectionCompleteUntilFirstUserAuthentication?

I would like to know a way to protect my data by using NSFileProtectionCompleteUnlessOpen and still be able to access the data when my Watch app uses openParentApplication.

Possible ways to deal with the problem (but not a real solution)

  • Have two files (e.g., SQL data bases), where one is encrypted and the other one is not. The latter one would store only the data required by the Watch app.
John
  • 8,468
  • 5
  • 36
  • 61

1 Answers1

0

NSFileProtectionCompleteUntilFirstUserAuthentication seems to be the recommended way for me. It makes sure the user has to unlock the device at least once since the last boot.

This problem was introduced with iOS 7 and background refresh. It's to prevent physical forensic analysis to read your unencrypted data.

Additionaly information from https://security.stackexchange.com/questions/57588/iphone-ios-7-encryption-at-lock-screen:

  • NSFileProtectionNone: file can be accessed any time, even if device is locked;
  • NSFileProtectionComplete: file can accessed only when device is unlocked (note there's ~10 seconds grace period after device is locked during which files are still accessible);
  • NSFileProtectionCompleteUnlessOpen: file can be created while device is locked, but once closed, can only be accessed when device is unlocked;
  • NSFileProtectionCompleteUntilFirstUserAuthentication: file can be accessed only if device has been unlocked at least once since boot.

The guys from Gilt also explained a lot about this behaviour here: http://tech.gilt.com/post/67708037571/sleuthing-and-solving-the-user-logout-bug-on-ios

Another idea which just came into my mind is to use an app group container. See the question here: WatchKit SDK not retrieving data from NSUserDefaults This way it should not only share NSUserDefaults but also the same keychain. This should work the same way to iOS Apps share the same keychain.

Community
  • 1
  • 1
Fabio Poloni
  • 8,219
  • 5
  • 44
  • 74