I am trying to protect sensitive data stored in NSURLCache. My app's files and Core Data sqlite files are set to NSFileProtectionComplete. However, I am unable to change the NSURLCache files data protection level to anything other than NSFileProtectionCompleteUntilFirstUserAuthentication. This leaves any sensitive data in the cache exposed when the device is locked.
I need to have the responses cached so repeated requests return 304 responses to prevent data from being re-processed multiple times when not necessary to do so. Also, I need the cache to be protected at rest when the device is locked.
Does anyone have any suggestions for protecting NSURLCache data?
The default NSURLCache does not support changing the protection level of its store. I've solved my issue by creating a custom NSURLCache subclass that stores URL responses in a custom SQLite database with file protection set to NSFileProtectionComplete. This seems to be the only solution next to disabling URL caching.