NEW: Files Protection in Boxcryptor for iOS
When we introduced our new Boxcryptor for iOS app back in May, we also had to deliver some bad news: Due to our exclusive integration with Apple’s Files app and the discontinuation of our own file browser in the Boxcryptor app, the previously existing App Protection (e.g. by an additional passcode or Face ID) could no longer be used.
Today we have good news, as we introduce its successor: Files Protection in Boxcryptor for iOS.
Since the release of our new Boxcryptor for iOS app, we have received a lot of feedback—positive but also negative sometimes. We would like to thank everyone for this! Since particularly the lack of App Protection is a concern for more users than we expected, our development team has been working on a new solution over the past few months. In this article, we explain how you can use the new function and what is different to the old App Protection.
Table of Contents
- App Protection Becomes Files Protection
- Device-wide Access Protection for Your Files
- Easy Setup
- Other Challenges
- Your Feedback is Important to Us
App Protection Becomes Files Protection
We were unable to maintain the previous file protection, as it was implemented by our app, for technical reasons. A highly simplified explanation is that Apple app does not provide for any additional protection measures besides the device password in the Files app. Implementing such a feature means wrestling with the iOS native app all at once. Therefore, it also restricts some features and requires compromises in the security provided. Due to these reasons, we initially decided to remove the App Protection in our new Files app-exclusive Boxcryptor app. Due to high demand and after countless hours of discussions and experiments, we have now found a way to additionally secure the most important information: your data. The former “App Protection”, which was requested when starting the Boxcryptor app became “Files Protection”.
To activate the feature, all you need to do is enable the corresponding switch in the Boxcryptor app and set your own six-digit Boxcryptor passcode. This is independent of your device passcode or Boxcryptor password. Face ID and Touch ID can also be used to unlock your files, depending on your device. When you now open the Files app and try to access the Boxcryptor storage location, you will be prompted to unlock access with the new Boxcryptor passcode.
For additional security, you can set a time frame for which your encrypted data can be accessed. Manual, immediate locking of data—in case you want to spontaneously leave your device—is also possible in the Boxcryptor app.
Device-wide Access Protection for Your Files
Boxcryptor doesn't just protect your files when you access them from the Files app, though. Documents that you want to open in a third-party app (such as Microsoft Word) also require prior identification. The file protection in Boxcryptor for iOS thus works as device-wide access protection even after unlocking your iPhone or iPad.
However, caution is advised: Once a file has been opened or shared with other apps, control over this file is also shared and Boxcryptor can no longer guarantee its security. Documents in Microsoft Word, for example, will still be access-protected once your file lock is active. Documents in Adobe Illustrator for iOS, on the other hand, are automatically uploaded to Adobe Cloud—without encryption. We strongly recommend to only use apps which have your trust.
In some third-party apps, such as Microsoft Word, your files remain protected even after they have been opened and edited for the first time. However, as a general rule, if data is passed on to other apps, Boxcryptor can no longer guarantee security through end-to-end encryption.
Files Protection thus prevents unauthorized access in:
- Your Boxcryptor location within the Files app. Recents, Search and Favorites are also protected and thus can no longer be used for files and folders in the Boxcryptor location with File Protection enabled.
- Third-party apps that want to access files inside your Boxcryptor location.
The Boxcryptor app itself, which only includes settings, is not covered by File Protection. For further information about the advantages and limitations of the new Files Protection, please see our Help pages.
The new file protection can be activated quickly and easily via the Boxcryptor app: Tap the switch, set the Boxcryptor passcode, done! The additional use of Face ID or Touch ID is available on compatible devices. The lock period can also be set individually (up to 30 minutes), so you can perfectly adapt the protection level to your workflow. For spontaneous device handovers, there is, of course, an instant lock function.
After ten unsuccessful login attempts, the Boxcryptor app completely blocks access to your files and folders. To access the data again, you must sign out in the Boxcryptor app itself and sign in again with your email address and your Boxcryptor password.
In addition to the fundamental question of how Files Protection could even be implemented with the Files app without only providing fake security while maintaining the best possible user experience, our developers had to face some other challenges.
Trusted System Time
With Files Protection, files are protected at the moment of the attempted access. However, if an attacker gets hold of the unlocked device, access could be restored by “turning back” the system time to an earlier point in time. If a file had been accessible in Boxcryptor at that time, it could have been accessed this way. How can the time be trusted, if everybody with device access can manipulate it?
This is why Boxcryptor does not simply use the system time. Instead, it uses the boot time, i.e. the time since the device was last rebooted, in combination with a detection of whether the device has been rebooted, is used as the “trusted system time” which cannot be manipulated by an attacker. However, the setup of such a function is not provided for in Apple’s API either, which is why more development work has gone into this.
Save to Files
When Boxcryptor’s Files Protection is active, you are notified in the Files app via an error message that unlocking is necessary. Unfortunately, Apple does not show any error message when sharing a file with the Files app in another app via the “Save to Files” dialogue. We had to find an alternative way to provide the unlock functionality.
In this case, Boxcryptor will notify you of the active Files Protection via a system notification, e.g. when you want to save an image from your Photos app to Boxcryptor, for example. To unlock Files Protection via the notification, you will always be taken to the Boxcryptor app. After you have successfully authenticated yourself, you can use the “Back” button in the navigation bar or swipe gesture to switch back to or the original app.
Your Feedback is Important to Us
Every day we do our best to constantly improve Boxcryptor. For this, we also rely on your feedback, which reaches us in various ways. The Files Protection presented here is just one example of how we incorporate our customers’ feedback into product development. As we are not tracking user behavior and activities in our app, your overwhelming demand for additional authentication caught us simply by surprise. We thank you for your patience and for staying with us. And we look forward to seeing the new feature helping even more people work securely in the cloud.