Data Protection Classes - CraigDonkin/ios-testing GitHub Wiki
| Class A | Complete Protection | NSFileProtectionComplete | Class Key protected with a key derived from the passcode + device UID. When the device locks the class key is discarded. All data is inaccessible until the user authenticate again. |
|---|---|---|---|
| Class B | Protected Unless Open | NSFileProtectionCompleteUnlessOpen | Useful if the app needs to write data while the device is locked |
| Class C (Default) | Protected Until First User Authentication | NSFileProtectionCompleteUntilFirstUserAuthentication | Sames as complete, except the decrypted class key isn't removed from memory when the device is locked. This is default for all 3rd party apps. |
| Class D | No Protection | NSFileProtectionNone | Class key is only protected with the UID . Data is still encrypted though. |
| Availability | File Data Protection | Keychain Data Protection | Notes |
|---|---|---|---|
| When Unlocked (Default) | NSFileProtectionComplete | KSecAttrAccessibleWhenUnlocked | Keychain item is only accessible when the device is unlocked |
| While Locked | NsFileProtectionCompleteUnlessOpen | N/A | |
| After First Unlock | NSFileProtectionCompleteUntilFirstUserAuthentication | KSecAttrAccessibleAfterFristUnlock | Item is accessible after the first unlock from boot |
| Always | NSFileProtectionNone | KSecAttrAccessibleAlways | The item is always accessible |
| Passcode Enabled | N/A | KSecAttrAccessibleWhenPasscodeSetThisDeviceOnly | If the keychain is copied as part of a backup it won't work on another device as it is protected by the device UID |