Open Radar

 
22-Sep-2011 09:52 AM Craig Fields:
Summary: The Data Protection APIs allow files to be marked as protected. However, there are no API calls to determine if Data Protection is enabled on a device, and therefore no way to verify that a file marked as protected is indeed protected. For applications which fall under regulations such as HIPAA which require certain information to be protected, this makes it impossible to use the Data Protection APIs in compliance with those regulations. If an application could be marked as requiring Data Protection to be enabled, and setting a file as protected returned an indicator to verify that protection was enabled then these APIs could be used while retaining compliance with industry regulations.

Steps to Reproduce: 

1. Create a file and set the NSFileProtectionKey attribute to NSFileProtectionComplete

Expected Results:
1. Either the file creation would send an error and/or fail if the file was not protected, and the NSFileProtectionKey attribute would not be set to NSFileProtectionComplete if the file is not protected.

Actual Results:
1. The file is created without error and the attribute is set whether data protection is enabled or not.

Regression:
N/A

Notes:
Note, if Data Protection is required by an application and it is not enabled on the device the application may not be able to function. This case should be considered since there is no current provision within the app store review guidelines to allow an application to behave in this fashion.