Geek Answers Handbook

Data Protection / NSFileProtectionComplete - successfully supported through permissions.plist?

I am looking to encrypt user data in an application, and the NSFileProtection mechanism looks perfect for this.

This SO question / answer thread pointed me to a video of WWDC 2011 iOS Application Protection , which gave "too good to be true" to establish data protection through the application through rights (see from 33 minutes).

So, I tried this for my iOS 5.x + application and ran into a problem when it complains about Invalid rights .

I set up data protection for a specific application through the Provisioning Portal and updated the Provisioning application, so theoretically everything should be installed, but I still get an error.

If I remove a specific FileProtectionComplete parameter from a right, the application will work without an Invalid right error.

In researching this, I also saw that some people get their applications rejected (the moment they download the binary), because it is not supported (or is it deprecated?). Please note that I specifically ask about Data Protection, not Passbook.

At this point, I think maybe this is true: "too good to be true." So, I am going to discard this magic rights flag and use the programmatic method of adding NSFileProtectionComplete as a recording parameter instead.

However, before I do this, can anyone confirm that they were able to successfully add data protection only using the "Rights" checkbox? Thanks.

+8
ios entitlements data-protection
source share
4 answers

NSFileProtectionComplete no longer supported through permissions. Instead, it is listed in the grant profile.

I had the same problem as you. When I tried to create and run on the device, I received the following warning:

The executable file was signed with invalid permissions.

The rights specified in your applications Code signing The rights file does not match those specified in your profile settings.

(0xE8008016).

In the console, he showed himself as this error:

May 6 16:18:13 XXXXX installd [54]: the "DataProtectionClass" right has a value that is not allowed when setting up the Profile

In the end, I found the right settings. You must log in to the developer's portal and enable data protection in the application identifier associated with the provisioning profile that you are using. See image below:

enter image description here

+10
source share

I tried to protect the data using rights, and this works fine. The trick is to save the permissions file in the xcode project in the same way as the provisioning profile.

In particular, the following 2 settings in the permissions file and the provisioning profile should be the same: "com.apple.developer.default-data-protection" - I set this to NSFileProtectionComplete. "application-identifier" - I do not use wildcards in the identifier, although I think it should work too.

0
source share

This will not work for me using a wildcard for the profile identifier (for example, my.company.app. *), So I had to create a new fully qualified one. This works for me with my Entitlements.plist as follows:

 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.default-data-protection</key> <string>NSFileProtectionComplete</string> <key>get-task-allow</key> <false/> </dict> </plist>

and the profile section for him looks like this: ....

 <dict> <key>application-identifier</key> <string>xxx.my.company.app</string> <key>com.apple.developer.default-data-protection</key> <string>NSFileProtectionComplete</string> <key>get-task-allow</key> <false/> <key>keychain-access-groups</key> <array> <string>xxxxxxxx</string> </array> </dict>

....

0
source share

To enable data protection, enable it in the Features panel of your goal in Xcode.

Read more: Application Distribution Guide: Add Features

0
source share

More articles:


All Articles