We are looking into Protecting Data Using On-Disk Encryption for our AIR for iOS iPad apps. An article on the adobe site (Protecting content on an iOS device with DPS | Adobe Developer Connection) mentioned this can be achieved by generating Data Protection enabled AppID/provisioning profile to pacakage in the app.
After we packaged and published the app using the appropriately configured provisioning profile (Complete protection), we run an analysis on the iPad files. It's reporting that the files are using an encryption class, but the wrong one.
We run into two kinds of scenarios -
1. For App ID that "complete" data protection service is specified, the class utilized should be NSFileProtectionComplete. Instead, the class being utilized in the files is NSFileProtectionCompleteUntilUserAuthentication
2. for App ID without any data protection service selected, the files saved in the app documentDirectory is utilizing "NSFileProtectionCompleteUntilUserAuthentication".
We cannot find why is it using the wrong class when specified with another class, and why are other apps utilizing the class when they weren't designed to any data protection? Could something in Adobe AIR be overriding it or setting a default to use "NSFileProtectionCompleteUnitlUserAuthentication"?
Any feedback is greatly appreciated. We cannot find much information on this issue but data encryption has become more and more critical now. Thank you very much.
AdChoices