iOS File Provider

Version 3.0 adds an iOS File Provider extension to Disk Decipher. This feature adds transparent encryption and decryption when working with your encrypted containers in other apps on your device. You can use your favorite apps (like iOS Files, Microsoft Word, ...), while all your files stay securely inside the Disk Decipher app and are decrypted and encrypted automatically in the background when you read resp. write a file.

To start using this feature, just add a local disk to the Disk Decipher app, and it will automatically be availble to other apps through the iOS File Provider as shown here:

Just tap a disk and the familiar dialogue will popup to enter the disk password, after which the content of the disk will be available.

Limitations

The initial 3.0 has some limitations, which will gradually be lifted during the 3.x series. The ultimate goal is to make all of Disk Decipher's features available to the iOS File Provider. To align features as much as possible, all backend code (disk formats, crypto, filesystems, storage providers, ...) is shared between the app and the extension.

The limitations of the iOS File Provider extension are:

  • Local disk

  • Read-only

  • No thumbnail file icons

  • No Touch ID / Face ID recognition to unlock the passcode protection screen

  • No persistent references to files

  • No "Confirmation required" popup (if that decrypted data security policy setting is enabled)

Do let me know which specific features are most important to you! That helps me prioritize which limitations to address first.

Security considerations

There are some things you need to be aware of when working with your encrypted containers using this new feature:

  • When you mount an encrypted container using the iOS File Provider, the files inside the container will be available through the iOS File Provider extension until you either unmount the container or the extension is stopped by iOS. The latter is not predictable, which is different from using your containers inside the Disk Decipher app since the event of leaving the app automatically triggers unmounting the container or activating the passcode. To remind you that a disk has been mounted in the iOS File Provider a different icon will be shown for the mounted disk. The disk can be unmounted via the context menu as shown to the right.

  • When you mount an encrypted container using the Disk Decipher app, the contents of the encrypted container will only be available inside the app. The iOS File Provider cannot access an encrypted container mounted in the app.

  • Other apps (including the iOS Files app) can only access the contents of a mounted (by using the iOS File Provider) encrypted container through the iOS File Provider, i.e. by presenting the familiar File Picker dialogue. You control which app accesses which file.

  • While working with files inside an encrypted container, the decrypted file will be saved to your device (inside the Disk Decipher app which will act as host) to allow the other app to use the file. The iOS File Provider will delete the decrypted file as soon as you are done working with it, and also on unmounting the disk. Also, iOS file level encryption is used to increase the security of the decrypted file.

  • The "Allow save to disk" setting in the Disk Decipher app is honoured: if you disable this setting, the iOS File Provider will be unable to provide any file inside the disk (since iOS requires the file to be written to disk decrypted). The iOS File Provider will present an alert that the "Allow save to disk" setting must be enabled if you want to use the iOS File Provider.

  • If the passcode protection is enabled, the iOS File Provider will prompt for the passcode. Access to the iOS File Provider will remain unlocked until iOS terminates the iOS File Provider (which is not predictable). A possible improvement could be to include an inactivity timer that automatically re-enables the passcode protection after a certain amount of not using the iOS File Provider. Please let me know if you would like this option, or have another suggestion for further improving the passcode lock.