App protection and app groups in iOS and iPadOS
In iOS and iPadOS organisations can protect apps securely by using the iOS SDK and by joining an App Group at the Apple Developer Portal.
Adopting Data Protection in apps
The iOS Software Development Kit (SDK) for iOS and iPadOS offers a full suite of APIs that make it easy for third-party and in-house developers to adopt Data Protection and help ensure the highest level of protection in their apps. Data Protection is available for file and database APIs, including NSFileManager, CoreData, NSData and SQLite.
The Mail app database (including attachments), managed books, Safari bookmarks, app launch images and location data are also stored through encryption, with keys protected by the user’s passcode on their device. Calendar (excluding attachments), Contacts, Reminders, Notes, Messages and Photos implement the Data Protection entitlement Protected Until First User Authentication.
User-installed apps that don’t opt in to a specific Data Protection class receive Protected Until First User Authentication by default.
Joining an App Group
Apps and extensions owned by a given developer account can share content when configured to be part of an App Group. It’s up to the developer to create the appropriate groups on the Apple Developer Portal and include the desired set of apps and extensions. Once configured to be part of an App Group, apps have access to the following:
A shared on-volume container for storage, which stays on the device as long as at least one app from the group is installed
Shared keychain items
The Apple Developer Portal helps ensure that App group IDs (GIDs) are unique across the app ecosystem.