> The class key is protected with a key derived from the user passcode or passwo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		_1tem on Nov 18, 2024 \| parent \| context \| favorite \| on: Reverse Engineering iOS 18 Inactivity Reboot > The class key is protected with a key derived from the user passcode or password and the device UID. Shortly after the user locks a device (10 seconds, if the Require Password setting is Immediately), the decrypted class key is discarded, rendering all data in this class inaccessible until the user enters the passcode again or unlocks (logs in to) the device using Face ID or Touch ID.

happytoexplain on Nov 18, 2024 [–]

This means it can't be read from storage, but AFAIK anything you've read into your app's memory sandbox is still sitting there decrypted until your app releases it or is closed or has its memory wiped by system housekeeping.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact