Hi Apple team,
Our app stores a private key in keychain services (kSecClassGenericPassword) via expo-secure-store. We need urgent help in recovering an item stored in the keychain AFTER an iCloud Restore has happened.
The private key is specifically stored with the kSecAttrAccessible trait of kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly.
STEPS TO REPRODUCE (iPhone 14 Pro, iOS 16.7)
- Write an item to the keychain via
expo-secure-storeusing the described attributes (on an app that's dispatched via Testflight)
await SecureStore.setItemAsync("private_key", private_key, {
requireAuthentication: true,
authenticationPrompt: "Unlock your private key",
keychainAccessible: SecureStore.WHEN_UNLOCKED_THIS_DEVICE_ONLY,
}),
-
Create an iCloud Backup for the device.
-
Factory Reset the iPhone (Erase all content, apps, and settings)
-
Restore the iOS backup from earlier and then attempt to retrieve the keychain item.
Is there any way at all of retrieving this keychain item after an iCloud backup has been restored?
Note. Our app has only been deployed via Testflight and there is no store listing. After restoring the device from an iCloud backup, our app icon has a small "download"/cloud icon beside it. When tapped, we get an error saying "Unable to install <app>" because the app is not listed in the App Store.
Is it possible that being on TestFlight is causing the keychain items to be wiped?