8 Replies
      Latest reply: Apr 18, 2017 2:41 AM by Ash_Day RSS
      eddiekim Level 1 Level 1 (10 points)

        Will iOS clear an application's Keychain after the app is uninstalled? I seem to recall that an app's keychain items would be deleted by iOS some X days/hours/minutes after an app is deleted, however I can't find any reference to this behavior.

         

        Edit:

         

        So based on the thread below, it seems that the keychain survives an app uninstallation as a side effect of implementation. If so, it would seem that auto-deleting keychain items after app removal wouldn't be documented.

         

        Re: iOS Keychain values survive to app uninstall

         

        Out of curiousity, does anyone have insight into the observed behavior?

        • Re: iOS autodelete Keychain items after uninstall?
          KMT Level 8 Level 8 (8,405 points)

          It will survive an app delete.

           

          Access to the keychain is tied to the provisioning profile used to sign the app. Consequently no other apps would be able to access that app's keychain info.

           

          It will be deleted if the device is wiped.

          • Re: iOS autodelete Keychain items after uninstall?
            eskimo Apple Staff Apple Staff (6,765 points)

            Out of curiousity, does anyone have insight into the observed behavior?

            Questions about this are usually asked from one of two perspectives:

            • The developer wants the keychain item to persist and is seeking reassurance that things will continue to work that way.

            • The developer wants the keychain item to be deleted and is grumpy that it doesn’t work that way.

            If you fall into the first category, I can’t give you any reassurances.  IMO it’s fine to use this feature for the moment but I strongly encourage you to write your app so that it acts reasonably if this behaviour changes.

            If you fall into the second category, you can effectively implement an auto delete feature by entangling the secret you store in the keychain with a key that you store on disk.  If the app gets deleted that on-disk key goes away and you effectively lose access to the keychain item.

            Share and Enjoy

            Quinn “The Eskimo!”
            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
            let myEmail = "eskimo" + "1" + "@apple.com"

              • Re: iOS autodelete Keychain items after uninstall?
                sharker_ratul Level 1 Level 1 (0 points)

                "If you fall into the second category, you can effectively implement an auto delete feature by entangling the secret you store in the keychain with a key that you store on disk.  If the app gets deleted that on-disk key goes away and you effectively lose access to the keychain item."

                 

                My query is, are you suggesting to encrypt data which are stored in keychain ? In that case data will persist in the keychain but as the key is lost with disk data, data is considered also lost. Is this the idea ?

                 

                If you meant something else, please elaborate some more about it.

                 

                Thanks in advance.

                • Re: iOS autodelete Keychain items after uninstall?
                  Ash_Day Level 1 Level 1 (0 points)

                  I have over 200 keychain simulations from iOS 10.3, 10.3..1,  and the last 3 BETAS across all devices 5C onwards. I have complete logs from boot to system crash's etc. With and without accounts and third party apps. The security sysdiagnose is brilliant as well and gives you all the information you'll need.. If this will be any use too you I'll pop then into text files and Into a tempory iCloud Drive using a tempory none personal iCloud.. Cheers