Data encryption with Core Data in iOS

Question

I just need a confirmation on this.

Is it correct to say that, with the iPhone 3GS and above, any data written to the filesystem is encrypted using hardware encrypti

Answer 1

[_persistentStoreCoordinator addPersistentStoreWithType:NSSQLiteStoreType configuration:nil URL:storeURL options:@{ NSPersistentStoreFileProtectionKey : NSFileProtectionComplete } error:&error]

Answer 2

No, that is not correct. You will need to enable encryption on the sqlite file. Add the following after you create your persistentStoreCoordinator:

// Make sure the database is encrypted when the device is locked
NSDictionary *fileAttributes = [NSDictionary dictionaryWithObject:NSFileProtectionComplete forKey:NSFileProtectionKey];
if (![[NSFileManager defaultManager] setAttributes:fileAttributes ofItemAtPath:[storeURL path] error:&error]) {
    // Deal with the error
}

Answer 3

No, your assumption is not correct.

From the NSPersistentStoreCoordinator class documentation:

The default value is NSFileProtectionCompleteUntilFirstUserAuthentication for all applications built on or after iOS v5.0. The default value for all older applications is NSFileProtectionNone.

To enable NSFileProtectionComplete, one would need to add the NSPersistentStoreFileProtectionKey with NSFileProtectionComplete to the options NSDictionary when calling the addPersistentStoreWithType:configuration:URL:options:error: method.

Keep in mind that this file encryption is only enabled when the user has set a passcode.