I'm also experiencing this behavior.
My code hasn't changed and it works in other iOS versions.
It's only in 10.3 that my data seems to be gone after uninstalling the app.

I can confirm this new behaviour.

Seems like the last way to "identify" a device is gone now.

While i'm fine with iOS purging an uninstalled apps keychain content by default (keep it clean), there should be an option for keys to be persistent.

Not fixed for my Xcode 8.3 beta 3 / iOS 10.3 beta 3 (iPhone 7)

Have you (or anyone here) tried turning Keychain Sharing on for your app, does that help the data to persist? If you're sharing your data with more than one of your own apps you would hope it would persist, but then it might get deleted once all of your apps are deleted. Would be interesting to try out if you have a simple test case available.

I am only able to reproduce this issue in 10.3 beta 2 and 3 (didn't try 1) if I have "App Groups" disabled.   If I simply have the "App Groups" capability set to "ON" (even with none of the App Groups selected), the keychain data will still persist between deleting and reinstalling the application.  I am curious to know if this is working for others.

I don't even need to write the key to the a shared access group or have "Keychain Sharing" enabled to get the data to persist after delete.  I hope this helps and I do agree with other posters that a fully supported persistence option is needed.

Another potential workaround is to use the kSecAttrAccessGroupToken access group constant which was added in iOS 10.

Here is the documentation for it:

/*!
     @enum kSecAttrAccessGroup Value Constants
     @constant kSecAttrAccessGroupToken Represents well-known access group
         which contains items provided by external token (typically smart card).
         This may be used as a value for kSecAttrAccessGroup attribute. Every
         application has access to this access group so it is not needed to
         explicitly list it in keychain-access-groups entitlement, but application
         must explicitly state this access group in keychain queries in order to
         be able to access items from external tokens.
*/

After testing with iOS 10.3 beta2, keychain items saved to that access group persist beyond app uninstall.

Another interesting side effect of this is that iCloud keychain items seem to get cleared on app deletion also.

In the case where an app is installed on multiple devices logged in with the same iCloud account, any keychain items which were stored in iCloud from either of the apps on the various devices will get cleared when any one of the apps is deleted, even if the others are left in tact on another device.

To me this feels like it is unintentional. It would be nice if someone from Apple could chime in to clarify some of the intended changes to the keychain.

This is an intentional change in iOS 10.3 to protect user privacy. Information that can identify a user should not be left on the device after the app that created it has been removed.

It has never been a part of the API contract that keychain items created by an app would survive when the app is removed. This has always been an implementation detail.

If a keychain item is shared with other apps, it won't be deleted until those other apps have been deleted as well.

There is documentation in the works about this change that should address questions raised in this thread.

--gc

I'm not able to reproduce this behavior.

I use Version 8.3 beta 3 (8W132p)

Tested on device 5c:

      iOS 10.3 beta 2

      iOS 10.3 beta 4

Simulators:

      iOS SE

      iOS 7 Plus

'App Groups' - disabled

I tried this behavior, but I couldn't reproduce it.

My test environment is below:

- OS: iOS 10.3 beta 6

- Device: iPhone 6s

- Xcode : 8.3 beta 4

- SDK: iOS 10.3 SDK

- Capabilities: Disabled App Groups, Keychain Sharing

- Configuration : Debug

How can I reproduce it?