Files Protection in Boxcryptor for iOS
When we introduced our new Boxcryptor for iOS app, we also had to deliver some bad news: Due to our exclusive integration with Apple’s Files app and the discontinuation of our own file browser in the Boxcryptor app, the previously existing App Protection (e.g. by an additional passcode or Face ID) could no longer be used.
Files Protection in Boxcryptor for iOS is the successor of App Protection.
Since the release of our new Boxcryptor for iOS app, we have received a lot of feedback—positive but also negative sometimes. We would like to thank everyone for this! Since particularly the lack of App Protection is a concern for more users than we expected, our team has developed a new solution to offer this feature once again. In this article, we explain how you can use the new function and what is different to the old App Protection.
App Protection Becomes Files Protection
We were unable to maintain the previous file protection, as it was implemented by our app, for technical reasons. A highly simplified explanation is that Apple app does not provide for any additional protection measures besides the device password in the Files app. Implementing such a feature means wrestling with the iOS native app all at once. Therefore, it also restricts some features, and compromises also have to be made in operability. Due to these reasons, we initially decided to remove the App Protection in our new Files app-exclusive Boxcryptor app. Due to high demand and after countless hours of discussions and experiments, we have now found a way to additionally secure the most important information: your data. The former “App Protection”, which was requested when starting the Boxcryptor app became “Files Protection”.
To activate the feature, all you need to do is enable the corresponding switch in the Boxcryptor app and set your own six-digit Boxcryptor passcode. This is independent of your device passcode or Boxcryptor password. After enabling Files Protection, you can lock the Boxcryptor location at any time from the Start tab of the Boxcryptor app. When you now open the Files app and try to access the Boxcryptor location, you will be prompted to unlock access with the new Boxcryptor passcode. Face ID and Touch ID can also be used to unlock your files, depending on your device.
When Files Protection is enabled, the Boxcryptor location is removed from the Files app. Encrypted files and folders can thus not be found via the Files app or any other app. Immediate locking of data—in case you want to spontaneously let your device out of your hands—is possible by the touch of a finger in the Boxcryptor app.
Unfortunately, we can no longer provide automatic locking after a specified time because the function led to frequent errors and problematic behavior (e.g., locking a file while editing is in progress) due to iOS. The manual Files Protection now works absolutely reliably and device-wide.
Device-wide Access Protection for Your Files
Boxcryptor doesn't just protect your files when you access them from the Files app. When Files Protection is enabled on your iOS device, documents that you want to open in a third-party app (such as Microsoft Word) also require unlocking first. Because the Boxcryptor code and the device code are independent of each other, this applies even if your iPhone or iPad itself is already unlocked.
However, caution is advised: Once a file has been opened or shared with other apps, control over this file is also shared and Boxcryptor can no longer guarantee its security. Documents in Microsoft Word, for example, will still be access-protected once Files Protection is active. Documents in Adobe Illustrator for iOS, on the other hand, are automatically uploaded to Adobe Cloud—without encryption. We strongly recommend to only use apps which have your trust.
Removing the Boxcryptor location from the Files app protects your data reliably from access even through third-party apps and works immediately when Files Protection is activated in the Boxcryptor app. Please note, however, that it takes a short time until the files are available again in the Files app after unlocking.
Files Protection thus prevents unauthorized access in:
- Your Boxcryptor location within the Files app. Recents, Search and Favorites are also protected and can no longer be used with Files Protection enabled.
- Third-party apps that want to access files inside your Boxcryptor location.
The Boxcryptor app itself, which only includes settings, is not covered by File Protection. For further information about the advantages and limitations of the new Files Protection, please see our Help pages.
The new Files Protection can be activated quickly and easily via the Boxcryptor app: Tap the switch, set the Boxcryptor passcode, done! The additional use of Face ID or Touch ID is available on compatible devices. Immediate locking of your files is then possible via the "Lock" button in the Boxcryptor app.
After ten unsuccessful login attempts, the Boxcryptor app completely blocks access to your files and folders. To access the data again, you must sign out in the Boxcryptor app itself and sign in again with your email address and your Boxcryptor password.
In addition to the fundamental question of how Files Protection could even be implemented with the Files app without only providing fake security while maintaining the best possible user experience, our developers had to face some other challenges.
Trusted System Time
With Files Protection, files are protected at the moment of the attempted access. However, if an attacker gets hold of the unlocked device, access could be restored by “turning back” the system time to an earlier point in time. If a file had been accessible in Boxcryptor at that time, it could have been accessed this way. How can the time be trusted, if everybody with device access can manipulate it?
This is why Boxcryptor does not simply use the system time. Instead, it uses the boot time, i.e. the time since the device was last rebooted, in combination with a detection of whether the device has been rebooted, is used as the “trusted system time” which cannot be manipulated by an attacker. However, the setup of such a function is not provided for in Apple’s API either, which is why more development work has gone into this.
Save to Files
When Boxcryptor’s Files Protection is active, you are notified in the Files app via an error message that unlocking is necessary. Unfortunately, Apple does not show any error message when sharing a file with the Files app in another app via the “Save to Files” dialogue. We had to find an alternative way to provide the unlock functionality.
In this case, Boxcryptor will notify you of the active Files Protection via a system notification, e.g. when you want to save an image from your Photos app to Boxcryptor, for example. To unlock Files Protection via the notification, you will always be taken to the Boxcryptor app. After you have successfully authenticated yourself, you can use the “Back” button in the navigation bar or swipe gesture to switch back to or the original app.
Your Feedback is Important to Us
Every day we do our best to constantly improve Boxcryptor. For this, we also rely on your feedback, which reaches us in various ways. The Files Protection presented here is just one example of how we incorporate our customers’ feedback into product development. As we are not tracking user behavior and activities in our app, your overwhelming demand for additional authentication caught us simply by surprise. We thank you for your patience and for staying with us. And we look forward to seeing the new feature helping even more people work securely in the cloud.