Clever Geek Handbook

How can I use file encryption when calling the parent app from the Watch app?

I call the parent app on my iPhone from the Apple Watch app with openParentApplication

and handleWatchKitExtensionRequest

. In my main application I am using CoreData with the following parameters foraddPersistentStoreWithType: 

NSDictionary *options = @{
        NSMigratePersistentStoresAutomaticallyOption : @YES,    //
        NSInferMappingModelAutomaticallyOption : @YES,          //
        NSSQLitePragmasOption : @{@"journal_mode" : @"DELETE"}, //
        NSPersistentStoreFileProtectionKey : NSFileProtectionCompleteUnlessOpen
    };

This threw an exception:

This NSPersistentStoreCoordinator has no persistent stores (device locked). He cannot perform the save operation.

Does this mean that I cannot use NSFileProtectionCompleteUnlessOpen

and NSFileProtectionComplete

?

Should I use NSFileProtectionNone

or NSFileProtectionCompleteUntilFirstUserAuthentication

?

I would like to know a way to protect my data with NSFileProtectionCompleteUnlessOpen

and still be able to access the data when my Watch app is using openParentApplication

.

Possible solutions to the problem (but not a real solution)

  • Have two files (for example SQL databases) where one is encrypted and the other is not. The latter only stores the data required by the Watch app.
+3


source to share


1 answer


NSFileProtectionCompleteUntilFirstUserAuthentication

seems to me the recommended way. It ensures that the user has to unlock the device at least once since the last boot.

This issue was introduced with iOS 7 and background update. This will prevent physical forensic analysis from reading your unencrypted data.

More information from https://security.stackexchange.com/questions/57588/iphone-ios-7-encryption-at-lock-screen :

  • NSFileProtectionNone

    : The file can be retrieved at any time, even if the device is locked;
  • NSFileProtectionComplete

    : access to the file is only possible when the device is unlocked (note the grace period of 10 seconds after the device is locked, during which the files are still available);
  • NSFileProtectionCompleteUnlessOpen

    : the file can be created when the device is locked, but after closing it is only available when the device is opened;
  • NSFileProtectionCompleteUntilFirstUserAuthentication

    : The file can only be accessed if the device has been unlocked at least once since boot.


The guys at Gilt have also explained this behavior in detail here: http://tech.gilt.com/post/67708037571/sleuthing-and-solving-the-user-logout-bug-on-ios

Another idea that came to my mind is to use an application group container. See the question here: WatchKit SDK does not fetch data from NSUserDefaults Thus, it should not only share NSUserDefaults

, but the same keychain. This should work in the same way that iOS apps use the same keychain.

0


source






More articles:


All Articles