0

According to https://support.apple.com/en-ca/guide/security/secb010e978a/web:

If a file isn’t assigned a Data Protection class, it is still stored in encrypted form (as is all data on an iPhone, iPad, and Apple Vision Pro).

My question is, why use the data protection classes, especially as the data is stored encrypted automatically? Is the risk that some entity can trick the system into thinking that it’s my app to gain access? And How does one even go about evaluating what file needs what protection?

It seems like Apple created these classes but never explained what they protect the app from.

Improve this question
12
  • 3
    Did you read the whole page? It explains each protection class and the exact differences between them.
    – Ja1024
    CommentedMar 30 at 3:00
  • Yes I did. But I am asking whats the point if all files are already stored encrypted by default.
    – ArcticMeltdown
    CommentedMar 30 at 3:18
  • 3
    There mere act of encryption doesn't magically protect the files against all possible attacks. You have to consider a) where the key is stored and b) when it can be accessed. If no protection class is chosen, then the key is permanently stored on the device and can be accessed at any time by anybody with physical access, even if the device has never been unlocked. In comparison, Complete Protection means the key is derived from the user password/passcode when the user unlocks the device, and the key immediately gets wiped from memory after the device has been locked again. See the difference?
    – Ja1024
    CommentedMar 30 at 3:46
  • My impression is that any hacker would first need to steal the class key and then figure out how to access the data and decrypt that. So even if there were no class key, they would still have to figure out how to decrypt the file. Unless the issue is, someone can pose as my app and just get access to everything as me. And the class keys are only to limit the windows of opportunity available.
    – ArcticMeltdown
    CommentedMar 30 at 4:02
  • 3
    "...what they protect the app from" - they don't protect the app, they protect data. ".... created these classes but never explained ..." - The documentation you refer to describes clearly what protection these classes offer and what protection they fail to offer and when they should be used. But you might need to read it with the right mindset. Basically security is a trade-off and while you ideally would get maximum security (complete protection) it is not always possible since the data need to be available for processing when the device is locked or no users are logged in.
    – Steffen Ullrich
    CommentedMar 30 at 4:23

1 Answer 1

Reset to default
-1

For files, you have one security class when the file is stored and another class when it is being downloaded. This allows iOS to finish downloading a file or creating a large file even when the app is in the background and should not be allowed to access any files usually.

There are also two security classes that require the passcode and two that don’t. The code that lets you enter your passcode must be readable without a passcode obviously. You can take photos without a passcode etc. So these photos have a different security class.

So these security classes are not really about security, they are about usability.

Improve this answer
4
  • 1
    And why do you think some security classes require a passcode and some don't? Do you think Apple did that by accident? Or to annoy its users? I have a hint: It has something to do with ... security.
    – Ja1024
    CommentedMar 30 at 11:25
  • @Ja1024 All files have exactly the same security.
    – gnasher729
    CommentedMar 30 at 12:36
  • 2
    No, they do not. Each class provides a different level of security which is determined by where the key is stored and how long. With Complete Protection, the key is only kept in memory while the device is unlocked. After this, the key is immediately wiped from memory, making the encrypted files unreadable. With No Protection, the key is permanently stored on the device, which means the files can be attacked even on a locked device. Don't you see this is a fundamental difference in terms of security?
    – Ja1024
    CommentedMar 30 at 12:50
  • Maybe I’m hard of a reader but the no protection keys mention that the class keys are protected by the Uid. So it’s confusing when you say they can be attacked. But when it says the encryption only affords the benefit of fast remote wipe it does sound like it’s easy to attack.
    – ArcticMeltdown
    CommentedMar 30 at 21:45

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.