8.8. Storing Files Securely in the App Sandbox

Problem

You want iOS to protect the files in your app sandbox from being read without permission, perhaps by iOS file explorers available on the Internet.

Solution

Follow these steps:

  1. Follow the steps in this chapter’s Introduction to create a provision profile that is linked to an App ID that has Data Protection enabled.

  2. Sign your app with the provision profile.

  3. Set the Code Signing Entitlements of your app by following the instructions given in Recipe 8.6.

  4. Use the createFileAtPath:contents:attributes: method of an instance of NSFileManager to store your file. For the attributes property, pass a dictionary that contains the NSFileProtectionKey key. The value of this key can be one of the following:

    NSFileProtectionNone

    This dictates that there should be no file protection on the stored file. A file that is stored using this protection will be available to the app that writes it to disk and to any free or commercially accessible file explorer apps on the Internet that can expose the filesystem of an iOS device, even if the user’s device is locked with a passcode. If you specify this key, you will be able to read from and write to your file, even if the user’s device is locked.

    NSFileProtectionComplete

    This is the strongest protection that you can give to your files. By doing so, your app will be able to read from and write to this file as long as the device is unlocked. As soon as the device is locked, you won’t be able to read from or write to ...

Get iOS 7 Programming Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial