app keychain not getting backed up/restored using iCloud backup

Greetings,

my app adds various items to its keychain and when doing an iTunes backup and restore, it successfully restores the keychain items provided the iTunes backup is encrypted. Works great!


However I can't seem to be able to restore my app's keychain when doing an iCloud backup and then restoring to a different iPhone. Is there a way of specifying that the iCloud backup is encrypted in such a way that apps' keychains are backed up and restored properly when using iCloud backup/restore function?


Is there a iCloud specific attribute that must be provided for keychain items to make this work?


Thanks,


Neal

Up vote post of neal1 Down vote post of neal1
10k views
Posted by
neal1
Reply
Add a Comment

Accepted Reply

Found answer. Must use 

kSecAttrSynchronizable
attribute for iCloud backup of keychain items which are to be deemed as restorable from an iCloud backup.

This is a fine solution but it doesn’t work the way that you think it works. Keychain items are never included iCloud backup. [The striked out sentence is incorrect. See below for more.] When you set 

kSecAttrSynchronizable
the item goes into iCloud Keychain, which is a very different thing.

Be aware that users can opt out of iCloud Keychain, in which case your keychain items will not be available after a restore from an iCloud backup (and, for that matter, a restore from a no-password iTunes backup).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

However according to this Advanced data protection document the update is expected solve the primary issue of not encrypting keychain data when pushed to iCloud is that correct?

No. iCloud Keychain has always used end-to-end encryption. ADP means that iCloud backups benefit from the same protection. In theory that means that it’d be reasonable for the backup system to treat ADP iCloud backups like iTunes encrypted backups. I don’t know whether we made that change because…

Is that an expected behavior and has anyone else tried out this feature?

I have not tried out ADP.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • Hey! Just a quick follow up on this. I have tried the latest production release (Which was iOS 16.3). And the Keychain iCloud backup with ADP still seems to yield the same results of a non encrypted backup. I was wondering if there was anyone who had experienced the same results?

    BuwanekaGal
Add a Comment

Greetings,

I just wanted to follow up on this. I tried out the ADP feature in iOS 16.3 and I'm still seeing the same result of a non encrypted iCloud backup. Has anyone else tried this out and are seeing different results?

Thanks, Buwaneka

Posted by
BuwanekaGal
Up vote reply of BuwanekaGal Down vote reply of BuwanekaGal
Add a Comment