Understanding data protection

Can anyone expand on this support article for me please?
http://support.apple.com/kb/ht4175

I assume the data protection feature is something more than just preventing casual access to the device through a password. However, the support article does not explain it (to me at least) in sufficient detail.

I feel these sentences need more explanation:

"Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments, and third-party applications."

 

My understanding is that even if passcode is not enabled, data can't be read from flash memory removed from the device because the encryption keys are stored on the device.

So data protection is no different to passcode enabled? Am I missing something?

 

But what I don't understand is there is no independent toggle for the data protection feature. It just turns itself on when passcode is enabled. It does not seem possible to have passcode enabled, with data protection disabled.

Hence, I don't understand how it is different from passcode protection.

Thanks. Can you point me to the point where iOS security is discussed?

 

Thanks, I took a look at that section. It's a bit technical for me, but I think it helped a bit with my understanding.

Expanding the discussion a bit beyond the data protection feature, my main security concerns if I lost my device or had it stolen are 1) access to my data if the flash storage is removed from my device to be read elsewhere, and 2) bypassing the passcode to read the data in situ.

From what I've read, here's my understanding on how iOS mitigates these threats. I'd be grateful if someone could confirm or correct my understanding.

1) All data in flash storage is encrypted by an on-device encryption chip that sits between flash storage and RAM. It uses a device-specific unique encryption key. This happens even if no device passcode is setup. This means that if flash storage is removed from the device, it can not be read by any other device. It also facilitates instant wipe - because all that is needed is a reset of the device specific encryption key.

2) If someone has a functioning device in hand that is pass-code protected, a potential route in would be to bypass the passcode (e.g. via a jailbreak). Potentially this would give them access to everything on the device because the on-device encryption chip is now decrypting data from flash storage on the fly. However, the data protection feature mitigates against this. It's another level of protection that builds upon the hardware encryption key by creating another hidden key (based on some combination of passcode and device-specific key) to control on-device file access. The data protection feature is not something that is enabled/disabled independently of a passcode lock. It's always (and only) enabled if you are using a passcode lock. It's up to developers of individual apps how to use the data protection APIs to store data. Amongst other levels of protection, they could choose to give files complete protection (in which case they would not be readable if someone used a jailbreak to bypass the passcode lock) or they could choose to use no extra protection (in which case they would be accessible if someone used a jailbreak to bypass the passcode lock).