iOS File Provider¶
Version 3.0 adds an iOS File Provider extension to Disk Decipher. This feature adds transparent encryption and decryption when working with your encrypted containers in other apps on your device. You can use your favorite apps (like iOS Files, Microsoft Word, ...), while all your files stay securely inside the Disk Decipher app and are decrypted and encrypted automatically in the background when you read resp. write a file.
To start using this feature, just add a disk to the Disk Decipher app, and it will automatically be availble to other apps through the iOS File Provider as shown here:
Just tap a disk and the familiar dialogue will popup to enter the disk password, after which the content of the disk will be available.
Limitations¶
The initial 3.0 has some limitations, which will gradually be lifted during the 3.x series. The ultimate goal is to make all of Disk Decipher's features available to the iOS File Provider. To align features as much as possible, all backend code (disk formats, crypto, filesystems, storage providers, ...) is shared between the app and the extension.
Just one limitation of the iOS File Provider extension remains:
- No "Confirmation required" popup (if that decrypted data security policy setting is enabled)
Do let me know if you like this limitation resolved! That helps me prioritize which requests to address first.
Thumbnails¶
Since version 3.4.2 the iOS File Provider supports displaying thumbnails of images and PDF documents. This is very convenient e.g. when browsing your encrypted container using the iOS Files app.
By default, the thumbnails feature is switched OFF. The reason behind this default is that iOS caches provided thumbnails for performance reasons, which is understandable from iOS perspective, but might be a huge security issue from your perspective.
If you want to enable the thumbnails feature, you can simply switch it on from the Settings menu
The thumbnails feature is supported on iOS/iPadOS 13 and higher.
Security considerations¶
There are some things you need to be aware of when working with your encrypted containers using this new feature:
- When you mount an encrypted container using the iOS File Provider, the files inside the container will be available through the iOS File Provider extension until you either unmount the container or the extension is stopped by iOS. The latter is not predictable, which is different from using your containers inside the Disk Decipher app since the event of leaving the app automatically triggers unmounting the container or activating the passcode. To remind you that a disk has been mounted in the iOS File Provider a different icon will be shown for the mounted disk. The disk can be unmounted via the context menu as shown to the right.
- When you mount an encrypted container using the Disk Decipher app, the contents of the encrypted container will only be available inside the app. The iOS File Provider cannot access an encrypted container mounted in the app.
- Other apps (including the iOS Files app) can only access the contents of a mounted (by using the iOS File Provider) encrypted container through the iOS File Provider, i.e. by presenting the familiar File Picker dialogue. You control which app accesses which file.
- While working with files inside an encrypted container, the decrypted file will be saved to your device (inside the Disk Decipher app which will act as host) to allow the other app to use the file. The iOS File Provider will delete the decrypted file as soon as you are done working with it, and also on unmounting the disk. Also, iOS file level encryption is used to increase the security of the decrypted file.
- The "Allow save to disk" setting in the Disk Decipher app is honoured: if you disable this setting, the iOS File Provider will be unable to provide any file inside the disk (since iOS requires the file to be written to disk decrypted). The iOS File Provider will present an alert that the "Allow save to disk" setting must be enabled if you want to use the iOS File Provider.
- If the passcode protection is enabled, the iOS File Provider will prompt for the passcode. Access to the iOS File Provider will remain unlocked until iOS terminates the iOS File Provider (which is not predictable). A possible improvement could be to include an inactivity timer that automatically re-enables the passcode protection after a certain amount of not using the iOS File Provider. Please let me know if you would like this option, or have another suggestion for further improving the passcode lock.
- Thumbnails caching - see the Thumbnails section above