iOS 10.3 Beta 2 autodeletes keychain items after application uninstall?

In previous versions of iOS, the keychain data persisted even when the app was uninstalled and reinstalled on the device. After upgrading to iOS 10.3 beta 2, it appears as if deleting the app also deletes all associated keychain contents for that app. The code I'm using to interface with the keychain hasn't changed, and works with iOS 10.2. Is anyone else experiencing this behavior? I haven't had a chance to test this with 10.3 beta 1.


I've searched through related threads here:

https://forums.developer.apple.com/message/75464

https://forums.developer.apple.com/message/112523


The conclusion from the Apple staff member is that the persistence of the keychain data across apps re-installs is a side-effect of the implementation rather than a feature, and that the behavior should not be relied upon. Maybe they finally decided to update the implementation?

Accepted Reply

This is an intentional change in iOS 10.3 to protect user privacy. Information that can identify a user should not be left on the device after the app that created it has been removed.


It has never been a part of the API contract that keychain items created by an app would survive when the app is removed. This has always been an implementation detail.


If a keychain item is shared with other apps, it won't be deleted until those other apps have been deleted as well.


There is documentation in the works about this change that should address questions raised in this thread.


--gc

  • Do we have docs for this already? It seems the keychain keeps the items but I couldn't find any documentation around the time it stores before deletion.

Add a Comment

Replies

I'm also experiencing this behavior.
My code hasn't changed and it works in other iOS versions.
It's only in 10.3 that my data seems to be gone after uninstalling the app.

I can confirm this new behaviour.

Seems like the last way to "identify" a device is gone now.


While i'm fine with iOS purging an uninstalled apps keychain content by default (keep it clean), there should be an option for keys to be persistent.

Not fixed for my Xcode 8.3 beta 3 / iOS 10.3 beta 3 (iPhone 7)

Have you (or anyone here) tried turning Keychain Sharing on for your app, does that help the data to persist? If you're sharing your data with more than one of your own apps you would hope it would persist, but then it might get deleted once all of your apps are deleted. Would be interesting to try out if you have a simple test case available.

I am only able to reproduce this issue in 10.3 beta 2 and 3 (didn't try 1) if I have "App Groups" disabled. If I simply have the "App Groups" capability set to "ON" (even with none of the App Groups selected), the keychain data will still persist between deleting and reinstalling the application. I am curious to know if this is working for others.


I don't even need to write the key to the a shared access group or have "Keychain Sharing" enabled to get the data to persist after delete. I hope this helps and I do agree with other posters that a fully supported persistence option is needed.

Another potential workaround is to use the kSecAttrAccessGroupToken access group constant which was added in iOS 10.


Here is the documentation for it:

/*!
     @enum kSecAttrAccessGroup Value Constants
     @constant kSecAttrAccessGroupToken Represents well-known access group
         which contains items provided by external token (typically smart card).
         This may be used as a value for kSecAttrAccessGroup attribute. Every
         application has access to this access group so it is not needed to
         explicitly list it in keychain-access-groups entitlement, but application
         must explicitly state this access group in keychain queries in order to
         be able to access items from external tokens.
*/


After testing with iOS 10.3 beta2, keychain items saved to that access group persist beyond app uninstall.

I am seeing the same behaviour which you mentioned. Simply switching the capability on makes the keychain data persist. Thanks for sharing.

On 10.3 beta 3, having "App Groups" ON does not persist the keychain data for me on my test device (iPhone 5), but it does on the Simulator. What have others tested on? Thank you.

Hi,


When i using the kSecAttrAccessGroupToken the keychain is accesible from other application.


Is this the desired behaviour from Apple ?


Does someone have better documentation on this topic besides the empty API https://developer.apple.com/reference/security/ksecattraccessgrouptoken kSecAttrAccessGroupToken ?


Thanks !

Hey,


Judging from this line in their documentation:


"Every application has access to this access group"


I would say that is the desired behaviour.


I have been trying to figure out ways to securely encrypt/decrypt things placed in that access group such that other apps cannot interpret the data stored there. Please let me know if anyone has any ideas for how to achieve this.

me too

Another interesting side effect of this is that iCloud keychain items seem to get cleared on app deletion also.


In the case where an app is installed on multiple devices logged in with the same iCloud account, any keychain items which were stored in iCloud from either of the apps on the various devices will get cleared when any one of the apps is deleted, even if the others are left in tact on another device.


To me this feels like it is unintentional. It would be nice if someone from Apple could chime in to clarify some of the intended changes to the keychain.

This is an intentional change in iOS 10.3 to protect user privacy. Information that can identify a user should not be left on the device after the app that created it has been removed.


It has never been a part of the API contract that keychain items created by an app would survive when the app is removed. This has always been an implementation detail.


If a keychain item is shared with other apps, it won't be deleted until those other apps have been deleted as well.


There is documentation in the works about this change that should address questions raised in this thread.


--gc

  • Do we have docs for this already? It seems the keychain keeps the items but I couldn't find any documentation around the time it stores before deletion.

Add a Comment

Thanks for the clarification, gc.

I'm not able to reproduce this behavior.


I use Version 8.3 beta 3 (8W132p)

Tested on device 5c:

iOS 10.3 beta 2

iOS 10.3 beta 4



Simulators:

iOS SE

iOS 7 Plus


'App Groups' - disabled