Problem with Data Protection and NSFileProtectionCompleteUntilFirstUserAuthentication

Question

Created Jan ’18

Replies 6

Boosts 1

Views 5.2k

Participants 6

Xcode is doing something strange with our app's entitlements when we have Data Protection set to anything other than Complete Protection. The App ID in the developer portal is set properly to "Protected Until First Authentication", however the entitlement we get in Xcode lists "Complete". When I manually change the value of the entitlement to the desired value, we get a warning symbol under Capabilities. Clicking on "Fix Issue" reverts it back to NSFileProtectionComplete, which isn't what we want. Is there any way to make NSFileProtectionCompleteUntilFirstUserAuthentication work properly?

Answered by DTS Engineer in 290749022

Is this just a problem with the Xcode warning? Or is the resulting app built incorrectly? That is, if you dump the entitlements and embedded provisioning profile of the built app, does it have the

com.apple.developer.default-data-protection

entitlement set correctly in both places?

To can dump these as follows:

$ codesign -d --entitlements :- TestDF95757.app
…
<plist version="1.0">
<dict>
    …
    <key>com.apple.developer.default-data-protection</key>
    <string>NSFileProtectionComplete</string>
    …
</dict>
</plist>
$ security cms -D -i TestDF95757.app/embedded.mobileprovision 
…
<plist version="1.0">
<dict>
    …
    <key>Entitlements</key>
    <dict>
        …
        <key>com.apple.developer.default-data-protection</key>
        <string>NSFileProtectionComplete</string>
    </dict>
    …
</dict>
</plist>

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Jan ’18

Accepted Answer

Is this just a problem with the Xcode warning? Or is the resulting app built incorrectly? That is, if you dump the entitlements and embedded provisioning profile of the built app, does it have the

com.apple.developer.default-data-protection

entitlement set correctly in both places?

To can dump these as follows:

$ codesign -d --entitlements :- TestDF95757.app
…
<plist version="1.0">
<dict>
    …
    <key>com.apple.developer.default-data-protection</key>
    <string>NSFileProtectionComplete</string>
    …
</dict>
</plist>
$ security cms -D -i TestDF95757.app/embedded.mobileprovision 
…
<plist version="1.0">
<dict>
    …
    <key>Entitlements</key>
    <dict>
        …
        <key>com.apple.developer.default-data-protection</key>
        <string>NSFileProtectionComplete</string>
    </dict>
    …
</dict>
</plist>

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

FishOSU OP

Jan ’18

I was so focused on getting Xcode to not have that angry red checkbox that I didn't get to uploading. After ignoring it the app appears to have the correct entitlements. I'll file a radar on Xcode's behavior. Thanks for straightening me out!

0

Answer 3

DTS Engineer OP

Apple

Jan ’18

After ignoring it the app appears to have the correct entitlements.

Excellent news.

I'll file a radar on Xcode's behavior.

Thanks in advance. And please do post the bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 4

Alicknah OP

May ’18

Please step by step - how to ignoring this alert and launch app?

I have some problem with entitlement and can not do anything ((((

0

Answer 5

tobs55 OP

Jan ’19

looks like it is not able to update the entitlement file properly. You can update the entitlements file manually.

Check for your .entitlements file and locate Data protection key value pair. Update the value as needed.

possible values can be found.

https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_default-data-protection

0

Answer 6

ldns_musou OP

Nov ’19

We have encountered the same problem at xcode10.3.

Can this problem be solved?

0