snej
commented
3 years ago After unlocking the device, the file becomes accessible at all times
...by your app. It's worth noting that your files still aren't available to other apps, due to their sandboxes. Short of an OS bug, there's no way for an attacker to access that file without unlocking your device first.
The "Complete" level is attractive, but beware that it gets in the way of background tasks. Let's say the user backgrounds your app, you start a download or file cleanup or something, and then the user locks the device. Suddenly the app can't access files anymore, so it has to cleanly abort what it was doing.
"Complete Unless Open" is more flexible, but you have to have the foresight to open the file(s) before locking. Also watch out that some high level APIs open/close files for you at unexpected times. For example, when you open a SQLite database, it doesn't actually cause the file to be opened until the first time you issue a query.
Simpler File Encryption on iOS • Andy Ibanez
https://www.andyibanez.com/posts/simpler-file-encryption-ios/?utm_campaign=iOS%2BDev%2BWeekly&utm_medium=email&utm_source=iOS%2BDev%2BWeekly%2BIssue%2B470