Since I have no idea how to encrypt an entire sqlite-backed SwiftData database on disk, this was the only strategy that made sense to me. I’m not building a bulletproof security system, though, rather, I just want to make access to the raw data harder if someone with enough technical knowledge extracts the app…
Here’s what I currently do:
I download an encrypted JSON file and a nonce from Firebase Storage.
Then I save both to the local file system.
I decrypt the file using AES-GCM with a hardcoded symmetric key (stored in the app).
I decode it and insert the models into a SwiftData container that runs in-memory only, so no .store / sqlite database storage file is ever created on disk.
My questions:
Is this a reasonable approach for a use case where I just want to avoid leaving sensitive app data wide open on disk?
Are there any downsides to using an in-memory SwiftData container in this case (users just read from a database and there are no writes, deletes, or updates)?
Are there any obvious flaws with this (encrypted database saved on disk / decrypted database in memory only)?
As I said, I’m not building some kind of strong protection. I am just making the data harder to access. Otherwise, it’s completely exposed and easy to copy, so somebody could easily just make a copy of an app. That’s the whole purpose of this.
There’s really no need to use SwiftData, just have the decoded data in an object you share in your app. It would just be in memory
Yeah that, make sense. Though, I like using Query/Predicates/Relations and it works nice with SwiftUI, so…
If that is main purpose, I would not do this. The likelihood of that is pretty low and not usually worth someone’s time to do. AND it’s usually not worth your time worrying about