NSFileProtection
Also known as: file protection ios, data protection classes, ios nsfileprotection
NSFileProtection is iOS's Data Protection API that assigns each file an encryption class controlling when its contents are readable, typically tied to whether the device is unlocked, so files stay encrypted at rest until the right key is available.
- NSFileProtection assigns each file an encryption class that controls when its contents are readable.
- Classes range from NSFileProtectionComplete (locked when device locks) to NSFileProtectionNone.
- Complete-protected files cannot be read while the device is locked, affecting background access.
How Data Protection classes work
Every file on iOS is encrypted at rest, and NSFileProtection chooses which key wraps a given file's per-file key. The protection class is set with attributes like NSFileProtectionComplete, NSFileProtectionCompleteUnlessOpen, NSFileProtectionCompleteUntilFirstUserAuthentication, and NSFileProtectionNone.
With Complete, the file's key is evicted shortly after the device locks, so the contents are unreadable until the user unlocks again. CompleteUntilFirstUserAuthentication (the common default) keeps the key available from the first unlock after boot until reboot. CompleteUnlessOpen lets a background task keep writing to an already-open file even after lock, and None leaves the file readable whenever the device is on.
Setting and reading the class
Developers apply protection by passing options such as .completeFileProtection to `Data.write(to:options:)`, or by setting the FileAttributeKey.protectionKey value via FileManager. An app-wide default can be requested with the Data Protection capability entitlement in Xcode's Signing & Capabilities.
The practical consequence: code that tries to read a Complete-protected file while the device is locked, for example from a background fetch or a notification handler, gets an error rather than the data. That is why caches and files needed in the background often use a less strict class while sensitive user data uses Complete.
Why it matters for managed files
File protection is about confidentiality, not size, so it does not change how much storage a file uses. It does shape what an app, including a cleaner, can read and when: a file under NSFileProtectionComplete is simply inaccessible while the screen is locked, regardless of permissions.
Cleanor works within the standard PhotoKit and document permissions the user grants and respects each file's protection class, so encrypted-at-rest data stays protected. The takeaway for users is reassuring: managing or deleting redundant photos and files does not weaken iOS's underlying at-rest encryption.