iOS device data Encryption - Improving the security of the storage

Feature name

At the moment, Bitwarden might not using the best method of storage. I would like to use the best encryption method available for storing the encryption keys. The encryption keys is used to encrypt our data. On iOS, the best encryption available is Class A: Complete Protection and Bitwarden is not using it. This minor modification would seriously hamper unauthorized attempts to access our data.

Feature function

The on device iOS data encryption is dependent of the data Protection class key parameter that the app is using. There are 4 types of Data Protection classes:

  1. Complete Protection (CP - NSFileProtectionComplete): 10 seconds after the device is locked, the keys are discarded.
  2. Protected Unless Open (PUO - NSFileProtectionCompleteUnlessOpen): the keys are only decrypted when the device is unlocked and it’s evicting the private key at device lock.
  3. Protected Until First User Authentication (a.k.a. After First Unlock) (AFU - NSFileProtectionCompleteUntilFirstUserAuthentication) : the keys are decrypted into memory when the user first enters the device at startup and the keys aren’t removed from memory when the device is locked.
  4. No Protection (NP - NSFileProtectionNone): The keys are encrypted by the gardware UID keys only (not the user password).

Since Bitwarden does not specify which one to use it’s using the default one (AFU), the key is decrypted after the first unlock of the device and then stored in the device’s memory endlessly.

Related topics + references

I was not aware of Data Protection classes before reading an article about “How Law Enforcement Gets Around Your Smartphone’s Encryption” (yes that’s a pretty click bait title). This article is based on the report of security researchers at Johns Hopkins University about the critical lack in coverage due to under-utilization of the powerful and compelling security and privacy control tools.

Without stating the entire report, it made me aware that the vast majority of apps available are using “Protected Until First User Authentication (a.k.a. After First Unlock) (AFU)” where the encryption keys are decrypted into memory when the user first enters the device passcode after a reboot, and remain in memory even if the device is locked. This practice is sensible to attacks since everybody, I assume, reboot their phones only rarely and the phones are carried in a locked-but-authenticated state. Since Bitwarden does not select a different protection class, it uses the default class (Protected Until First User Authentication).