app keychain not getting backed up/restored using iCloud backup

Question

neal1 OP

Created Dec ’17

Replies 17

Boosts 0

Views 11k

Participants 8

Greetings,

my app adds various items to its keychain and when doing an iTunes backup and restore, it successfully restores the keychain items provided the iTunes backup is encrypted. Works great!

However I can't seem to be able to restore my app's keychain when doing an iCloud backup and then restoring to a different iPhone. Is there a way of specifying that the iCloud backup is encrypted in such a way that apps' keychains are backed up and restored properly when using iCloud backup/restore function?

Is there a iCloud specific attribute that must be provided for keychain items to make this work?

Thanks,

Neal

Answered by DTS Engineer in 282490022

Found answer. Must use
kSecAttrSynchronizable
attribute for iCloud backup of keychain items which are to be deemed as restorable from an iCloud backup.

This is a fine solution but it doesn’t work the way that you think it works. Keychain items are never included iCloud backup. [The striked out sentence is incorrect. See below for more.] When you set

kSecAttrSynchronizable

the item goes into iCloud Keychain, which is a very different thing.

Be aware that users can opt out of iCloud Keychain, in which case your keychain items will not be available after a restore from an iCloud backup (and, for that matter, a restore from a no-password iTunes backup).

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Jan ’23

However according to this Advanced data protection document the update is expected solve the primary issue of not encrypting keychain data when pushed to iCloud is that correct?

No. iCloud Keychain has always used end-to-end encryption. ADP means that iCloud backups benefit from the same protection. In theory that means that it’d be reasonable for the backup system to treat ADP iCloud backups like iTunes encrypted backups. I don’t know whether we made that change because…

Is that an expected behavior and has anyone else tried out this feature?

I have not tried out ADP.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

BuwanekaGal OP

Mar ’23

Greetings,

I just wanted to follow up on this. I tried out the ADP feature in iOS 16.3 and I'm still seeing the same result of a non encrypted iCloud backup. Has anyone else tried this out and are seeing different results?

Thanks, Buwaneka

0