Hi Apple team, Our app stores a private key in keychain services (kSecClassGenericPassword) via expo-secure-store. We need urgent help in recovering an item stored in the keychain AFTER an iCloud Restore has happened. The private key is specifically stored with the kSecAttrAccessible trait of kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly. STEPS TO REPRODUCE (iPhone 14 Pro, iOS 16.7) Write an item to the keychain via expo-secure-store using the described attributes (on an app that's dispatched via Testflight) await SecureStore.setItemAsync("private_key", private_key, { requireAuthentication: true, authenticationPrompt: "Unlock your private key", keychainAccessible: SecureStore.WHEN_UNLOCKED_THIS_DEVICE_ONLY, }), Create an iCloud Backup for the device. Factory Reset the iPhone (Erase all content, apps, and settings) Restore the iOS backup from earlier and then attempt to retrieve the keychain item. Is there any way at all of retrieving this keychain item after an iCloud backup has been restored? Note. Our app has only been deployed via Testflight and there is no store listing. After restoring the device from an iCloud backup, our app icon has a small "download"/cloud icon beside it. When tapped, we get an error saying "Unable to install " because the app is not listed in the App Store. Is it possible that being on TestFlight is causing the keychain items to be wiped?

We're doing some disaster recovery management / risk management and a point-of-failure for our app is if we lose access to our bundle id. From my understanding, secure keychain items are scoped to your bundle ID as well as iCloud files stored under the app with 'hidden' scope. Losing our bundle ID is a scenario we want to eliminate completely from our threat/disaster modelling. Is this a realistic concern we should have?

Hey Apple team (and eskimo 🙏), Our FinTech app uses iCloud Keychain shared web credentials to store a secure encryption password in iCloud Keychain. Some of our new users seem to run into an issue where the app fails to successfully create a shared web credential. All users are required to have the following two settings enabled: Settings --> Passwords --> Password Options --> Autofill from iCloud Passwords & Keychain Settings --> Apple D - -> iCloud - -> Passwords and Keychain --> 'Sync this iPhone' The issue appears to resolve itself when the user restarts their iPhone. We've had this bug 3 times now and would like to understand the root cause. We have a couple hypotheses: iOS is failing to verify that the domain for the shared web credential is valid via <domain>/.well-known/apple-app-site-association (and then restarting triggers reverification) Users were on a version of iOS where it was bugged (and then restarting finally completed an update to a new version). We've verified that the bug happened on 17.0.2 with one user (until they updated and it fixed itself)