Enabling Data Protection in iOS 4

For all of my friends and readers with existing iPhone/iPod Touch hardware, today is an exciting day: iOS 4 is now available via iTunes. But before you go rushing to update your phone, let me give you one small piece of advice:
Apple has done a great job bringing some of the enterprise security features (complex passcodes, wipe on 10 failures, etc) to regular users as part of the upgrade. One of the new features in iOS 4 that has been underreported on is called “Data Protection“. From my understanding, Data Protection is meant to correct some of the issues with the original hardware encryption method introduced last year on the 3GS and 3rd Gen iPod Touch. It also provides developers with better APIs for encrypting your data, so that if you’re carrying around your financial data or health information, you can get an additional level of security. Additionally, there’s no discernible performance hit.
Sounds great, right? There’s a tiny catch: if you’re upgrading from iOS 3, the filesystem needs to be rebuilt from scratch to enable this feature. So if you have an iPhone 3GS or iPod Touch 3rd Gen, you need to do a backup-factory restore-data restore installation of iOS 4. To break this into discrete steps:

  1. Plug in your iPhone.
  2. Let it backup through iTunes.
  3. Rather than clicking “Upgrade”, click “Restore”.
  4. Let iTunes download the installer and do a complete restore.
  5. When the installation is done, iTunes will prompt you about restoring from the backup you just took. Do so.
  6. Wait the somewhat lengthy amount of time as all your data is put back onto your phone.

You can confirm this has been done by going to Preferences -> General -> Passcode Lock and scrolling to the very bottom, where you should see “Data Protection is enabled.”
That’s it. You will need to set a passcode to get the benefit of this (but you should have that anyhow); iPhone 4 users will automatically have this out of the box. You are certainly allowed to just do a regular upgrade, but you won’t get data protection (and if you’re in an enterprise, know that configuration profiles can check against this as a pre-requisite.) And for those on earlier hardware – sorry, you lack the hardware chip to do the encryption.
Developers who are interested in the technical details or in leveraging Data Protection should check out Session 209, “Securing Application Data”, in the WWDC 10 videos.
Enjoy the upgrade.


Apple’s Other Great OS: OS X Server

Most everyone’s well familiar with OS X by now, be it from daily use over the last five years, or from hatred or jealousy. Speaking as to the powers of OS X would be silly; they’re well advertised, well known, and would only act as filler.

But not everyone has used Apple’s other OS, the server version of OS X. This is largely due to price – for consumers, it can be up to over seven times more expensive with no real benefits for end users. As such, it is often only those of us in institutions that have already invested in it that get to enjoy its perks.

So this post goes out to all the geeks toiling away in IT departments but haven’t looked at Apple’s offerings yet. Below the fold, you’ll find the five reasons I heart OS X Server and its related products – and why you should integrate it into your deployments.