4

When calling addPersistentStoreWithType while the app is in background, my sqlite file sometimes used to be unavailable and i received this error:

[Model createPersistentStoreCoordinatorWithStoreURL:] line 387 $ sqlite encryption state NSFileProtectionCompleteUntilFirstUserAuthentication error : Error Domain=NSCocoaErrorDomain Code=256 "The operation couldn’t be completed. (Cocoa error 256.)" UserInfo=0x1560e540 {NSUnderlyingException=authorization denied, NSSQLiteErrorDomain=23}

I figured out that this is because the file is still protected (default is NSFileProtectionCompleteUntilFirstUserAuthentication so protected data is available after the user unlocked his device the first time after a reboot). I feel like this is not behaving correctly though, since I have a huge amount of crashes, and I can't imagine that that many people still have their device locked after reboot in the wild.

Therefore I am now adding my persistent store coordinator with adjusted config like this

NSDictionary *options = @{
        NSMigratePersistentStoresAutomaticallyOption : @YES,
        NSInferMappingModelAutomaticallyOption : @YES,
        NSPersistentStoreFileProtectionKey : NSFileProtectionNone
    };

Questions:

  1. Will this assure that the file is available also in background if the device is locked?
  2. Can this break the sqlite (/ data within) if I change the NSPersistentStoreFileProtectionKey?
  3. I am not storing sensitive data in the database, nevertheless, do you see security concerns when using NSFileProtectionNone?
MarkHim
  • 5,686
  • 5
  • 32
  • 64

1 Answers1

2
  1. Yes, it will. That's what this key is doing.
  2. No, it won't. I had a persistent store coordinator with default protection key and then added to it NSFileProtectionComplete, and data was OK.
  3. Yes. If someone gains access to your db file, he can easily read it. Check this article: https://github.com/project-imas/encrypted-core-data#strings-comparison
Nikolai Ischuk
  • 125
  • 8