Read here: ( https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/AddingCapabilities/AddingCapabilities.html )
Enabling data protection (iOS, WatchKit extension, tvOS)
Data protection adds a layer of security to files stored on disk through your application in the application container. Data protection uses built-in encryption equipment present on certain devices to store files in an encrypted format on disk. Your application must be provided to use data protection.
To enable data protection
In the Features panel, if data protection is not enabled, click go to the Data Protection section.
The default protection level is full protection, in which files are encrypted and inaccessible when the device is locked. You can programmatically set the level of protection for files created by your application, as described in the section Protecting data using disk encryption in the Application Programming Guide for iOS. For files stored in shared containers (described in the "Configuring Application Groups" section), set the protection level programmatically.
The default protection seems to be NSFileProtectionComplete, but I don't think it's true, I think the default is NSFileProtectionCompleteUntilFirstUserAuthentication if you didn't enable this.
Question # 1: What is the default file protection for files written by the application?
Question number 2:
Can I change the default value for all files?
Does "Data Protection" turn it on and set it to NSFileProtectionComplete in the rights file that all files created / saved in the application are encrypted using the NSFileProtectionComplete rule without doing anything else. IE, do you need to enable this, as well as set file protection for each file that you want to protect programmatically?
I tried to check it out. I have included data protection (rights) and security / application. I deployed the application to the device via xcode and grabbed the database file to check its NSFileProtectionKey:
NSURL * database = [NSPersistentStore MR_urlForStoreName: @ "app.sqlite"] id fileProtectionValue = [[[NSFileManager defaultManager] attributesOfItemAtPath: [database path]: NULL] valueForKey: NSFileProtectionKey]; NSLog (@ "file protection value:% @", fileProtectionValue);
However, it still spits out "NSFileProtectionCompleteUntilFirstUserAuthentication."
I tried to uninstall the application and reinstall. It is also verified that all provisioning profiles have been reloaded.
Enabling data protection actually leads to a change in the file protection key in all application files. Is IE a valid test?
If not, how to check if the files are encrypted correctly?