SDMPersistence

The SDMPersistence library provides APIs to persist data to the device's physical storage.

List of Features

SDMPersistence Public APIs

+ (id) instance
- (void) clear
- (NSString*) storeCache:(id<SDMCaching>)cache_in 
- (id<SDMCaching>) loadCache:(NSString*) uid_in
- (NSString*) storeData:(NSData*) data_in withId:(NSString*)uid_in
- (NSData*) loadData:(NSString*) uid_in
- (NSString*) storeSerializable:(id<NSCoding>) serializable_in withId:(NSString*)uid_in 
- (id<NSCoding>) loadSerializable:(NSString*) uid_in 
- (StoragePolicy) storagePolicy
- setStoragePolicy:(StoragePolicy)policy_in

Technical Details

The common methods are defined by the SDMPersisting protocol. For builds targeting iOS 4.0+ the default is FullProtectionStoragePolicy. (See also: SDMPersistence default implementation.)

Consider using the SDMPersistence default implementation rather than implementing a custom persistence functionality.

Encryption, Secure Storage

Starting with iOS 4.0 (iOS 4.2 for iPad devices), data can be persisted in secure form. For builds targeting iOS 4.0+, the default storage policy is fully protected. In older iOS versions, data can only be persisted in unprotected form.

All data is stored in the app’s dedicated filesystem, the so-called sandbox. The app’s sandbox can be accessed exclusively by the app it belongs to. As the sandbox is bound to the app, deleting the app also removes its persisted data. Accessing data on iOS devices is fast and reliable, even when encryption is used.

For encryption, we rely on the Security framework and the dedicated cryptographical hardware available in the supported versions of iPad, iPad 2 and iPhone. Due to the lack of the cryptographical hardware, former iPhone models are not supported. The RSA keys required for the asymmetric key algorithm are retrieved from the app’s keychain; if it is not available, they are generated and stored in the keychain during the first API call requiring the keys. For RSA key generation and keychain management, the iOS Security framework APIs are used.

A generic approach for secure data storage has been made available with iOS 4.0. Encryption and decryption of the device’s filesystem is managed automatically by the operating system. This behavior is disabled by default, but can be enforced via corporate policy. It is possible to leave out the secure APIs from the library and solely rely on this approach.

Related reading: http://support.apple.com/kb/HT4175

WWDC video about secure data storage: http://developer.apple.com/videos/wwdc/2010/