8.8. Storing Files Securely in the App Sandbox
You want iOS to protect the files in your app sandbox from being read without permission, perhaps by iOS file explorers available on the Internet.
Follow these steps:
Follow the steps in this chapter’s Introduction to create a provision profile that is linked to an App ID that has Data Protection enabled.
Sign your app with the provision profile.
Set the Code Signing Entitlements of your app by following the instructions given in Recipe 8.6.
createFileAtPath:contents:attributes:method of an instance of
NSFileManagerto store your file. For the
attributesproperty, pass a dictionary that contains the
NSFileProtectionKeykey. The value of this key can be one of the following:
This dictates that there should be no file protection on the stored file. A file that is stored using this protection will be available to the app that writes it to disk and to any free or commercially accessible file explorer apps on the Internet that can expose the filesystem of an iOS device, even if the user’s device is locked with a passcode. If you specify this key, you will be able to read from and write to your file, even if the user’s device is locked.
This is the strongest protection that you can give to your files. By doing so, your app will be able to read from and write to this file as long as the device is unlocked. As soon as the device is locked, you won’t be able to read from or write to ...