1 Reply
      Latest reply on Jan 18, 2017 4:53 AM by JohnGump
      glitch Level 1 Level 1 (0 points)

        Hi everyone, we've been struggling with a bug where a very small number of users are logged out of our app on launch. We're thinking this is either an `NSUserDefaults`/Keychain bug or a misuse of the API.

         

        We use the `kSecAttrAccessibleAfterFirstUnlock` attribute on the data we store in both `NSUserDefaults` and within the keychain.  If the app is launched from the background and the file system is still encrypted, we can't access the data we need. Thus, instead of proceeding we just exit early. On app launch, the first thing we check is `isProtectedDataAvailable` and we try to read a flag we've previously written to `[NSUserDefaults standardUserDefaults]` to make sure we can read from the file system. We don't use any of the Data Protection capabilities/API.

         

        It's possible that the code path passes that check (since it just checks `NSUserDefaults`), but that later it tries to access the keychain to retrieve account/credential data, which returns nil and triggers our logout sequence.

         

        For the end user, they don't see this happen when they launch the app, thus we're convinced the app is being launched in the background (via background push notification, VOIP, etc) when this happens. Thus the next time the user launches the app, they're already logged out.

         

        We were able to repro one specific use case, which we fixed, related to VOIP calls.

        1) Restart device (with passcode enabled).

        2) Once the device is restarted, don't unlock for the first time. The disk and files system should be encrypted.

        3) Force the app to launch via a `content-available` push (easy way is via a VOIP call).

        4) This would force the app to read from `NSUserDefaults`, which is still protected, thus the app thinks data is invalid and it would trigger the logout sequence.

        5) The check we added on app launch (posted above) was to fix this specific use-case, but we still seem to have the bug from other use-cases.

         

        When our users are logged out in this manner, we notice that they were typically logged out of other apps around the same time – such as Gmail, Outlook, etc.