11

I'm interested in using data protection in my iOS app. There seem to be three places I can do this:

  1. In the App ID in the developer centre.
  2. In the entitlements plist
  3. By using [-NSFileManager setAttributesOfItemAtPath:error:]

I've read the documentation that I can find, but none of it tells me which of these I need to do. If I do 1, does that turn it on for the whole app? Can I do 3 without doing 1? Do I need to do 2 at all?

Simon
  • 25,468
  • 44
  • 152
  • 266

1 Answers1

7

I've had the following answers from Apple:

If I do 1, does that turn it on for the whole app?

Yes. It becomes the default data protection for all file system objects your app creates.

Can I do 3 without doing 1?

Yes. This is useful if you want protect just one file.

You can also do 1 and 3, that is, use 1 to set the default and 3 to override that default for certain files.

Do I need to do 2 at all?

No. Once you do 1, the value ends up in your provisioning profile, which is then merged into your code signing entitlements at build time.

Simon
  • 25,468
  • 44
  • 152
  • 266
  • 1
    The exceptions that I have seen for 1 are: `NSURLCache` and Core Data stores (which need the `NSPersistentStoreFileProtectionKey` option set). – Ben Lings Sep 11 '15 at 16:07