File Sharing Prevention
| Plan | Platforms | MASVS |
|---|---|---|
| Team | iOS | MASVS-STORAGE-2, MASVS-PLATFORM-1 |
Overview
File Sharing Prevention disables iOS file sharing capabilities that would otherwise allow users to extract app documents via the Files app or through computer-based file management (iTunes/Finder). When enabled, this control ensures that your app's Documents folder remains inaccessible to end users, preventing data exfiltration through native iOS file sharing mechanisms.
How It Works
This control modifies your app's Info.plist during the build process to enforce two critical restrictions:
- UIFileSharingEnabled: Set to
falseto disable iTunes/Finder file sharing - LSSupportsOpeningDocumentsInPlace: Set to
falseto prevent the Files app from accessing the app's Documents directory
These are standard iOS Info.plist keys that control file sharing behavior. When both are disabled, users cannot:
- Browse app documents through the Files app
- Access app files via iTunes or Finder when the device is connected to a computer
- Export or copy documents out of the app using native iOS sharing features
The build pipeline automatically overrides any existing values, ensuring these protections cannot be bypassed by configuration mistakes.
How to Enable the Control
Navigate to Preventative Controls from the AppTego portal, and expand the Data Sharing Protection section. Under this section you will find the File Sharing Prevention control. Click Enable to enable it for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"FileSharingPrevention": {
"protection": true
}
}| Field | Purpose |
|---|---|
protection | Enables file sharing prevention for protected apps. |
Threats Mitigated
Data Exfiltration via Files App Prevents malicious users or insider threats from using the iOS Files app to extract sensitive documents, databases, or cached data stored in the app's Documents directory.
iTunes/Finder Document Mounting Blocks computer-based file access through iTunes or Finder, which could otherwise allow users to bypass device-level security controls and directly copy app data to external storage.
Unintended Data Exposure Prevents accidental exposure of sensitive files through file sharing features that developers may have enabled during development but forgot to disable for production builds.
Caveats
- User-Facing File Access: Apps that legitimately require users to import/export documents through the Files app must disable this control, as it prevents all file sharing functionality.
- Document-Based Apps: Applications designed around document editing or file management workflows may need to implement alternative secure sharing mechanisms.
- No Runtime Override: These restrictions are baked into the Info.plist at build time and cannot be toggled dynamically based on user roles or contexts.
Support Matrix
| Platform | Minimum Version | Status |
|---|---|---|
| iOS | 9.0+ | ✅ Supported |
| Android | N/A | ⛔ Not Available |
Plan Requirement
TEAM plan or higher required. Not available in FREE tier.