2

I have been all over the web including Apple's dev site but I can't find any instruction on how to set an app's /Documents directory attribute NSFileProtectionKey = NSFileProtectionComplete. I have set the value upon the first time the app runs but is there a way to set it otherwise? Like through some X-Code check box, plist, or other.

Also on a related note: Are any files stored under a directory with the data protection class of NSFileProtectionComplete automatically treated as the same protection class as its directory?

Thanks a bunch,

Fissh

gadildafissh
  • 2,243
  • 1
  • 21
  • 26

4 Answers4

4

To protect files in your application Documents directory, without any code, you have to add an entitlements.plist to your application.

In your entitlements.plist, add the "DataProtectionClass" key, with the "NSFileProtectionComplete" value. Your files will be automatically protected as long as the device is locked.

Here is an example

<?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
    <dict>
      <key>DataProtectionClass</key>
      <string>NSFileProtectionComplete</string>
    </dict>
  </plist>
mmich
  • 171
  • 1
  • 9
  • For a reference to this, see the WWDC 2011 video 208 "Securing iOS Applications". This key is covered at 38:12, but the whole video is worth watching. – Mike Weller Feb 01 '12 at 09:19
  • Any ideas if this entitlements approach is supported in iOS 4.0+? I've search the documentation but can't find it mentioned anywhere except in WWDC 2011 video 208. – Ian Kershaw Feb 08 '12 at 23:03
  • This doesn't work in iOS 9. Could anyone please answer this in case you have already tried it? http://stackoverflow.com/questions/39151959/nsfileprotectioncomplete-doesnt-encrypt-the-core-data-file – EmbCoder Aug 26 '16 at 13:42
0

WWDC session 208 breezed over this, I think you create an entitlements file with that key, and you don't need to write code.

I haven't done this yet so I'm not completely sure it works.

David Dunham
  • 8,139
  • 3
  • 28
  • 41
0

This is the hack I came up with until I figure out how to set the /Documents directory protections correctly.

NSError *error;
NSDictionary *attrs = [self attributesOfItemAtPath:DOCUMENTS_FOLDER error:&error];
if(![[attrs objectForKey:NSFileProtectionKey] isEqual:NSFileProtectionComplete])
{
    attrs = [NSDictionary dictionaryWithObject:NSFileProtectionComplete forKey:NSFileProtectionKey];
    BOOL success = [self setAttributes:attrs ofItemAtPath:DOCUMENTS_FOLDER error:&error];
    if (!success) 
        NSLog(@"Set ~/Documents attr NOT successfull");
}

I just call the above code upon loading of the app, to set the documents directory protection if it is not set already.

Fissh

gadildafissh
  • 2,243
  • 1
  • 21
  • 26
0

http://devforums.apple.com/message/627887 Developer Forums: Apply DataProtectionClass Entitlement

I found this link, and this Entitlements method currently not working and filed for the bug issue, so we would have to do file by file.

Tomohisa Takaoka
  • 885
  • 5
  • 16