iOS 10.3 Beta 2 autodeletes keychain items after application uninstall?

In previous versions of iOS, the keychain data persisted even when the app was uninstalled and reinstalled on the device. After upgrading to iOS 10.3 beta 2, it appears as if deleting the app also deletes all associated keychain contents for that app. The code I'm using to interface with the keychain hasn't changed, and works with iOS 10.2. Is anyone else experiencing this behavior? I haven't had a chance to test this with 10.3 beta 1.


I've searched through related threads here:

https://forums.developer.apple.com/message/75464

https://forums.developer.apple.com/message/112523


The conclusion from the Apple staff member is that the persistence of the keychain data across apps re-installs is a side-effect of the implementation rather than a feature, and that the behavior should not be relied upon. Maybe they finally decided to update the implementation?

Accepted Reply

This is an intentional change in iOS 10.3 to protect user privacy. Information that can identify a user should not be left on the device after the app that created it has been removed.


It has never been a part of the API contract that keychain items created by an app would survive when the app is removed. This has always been an implementation detail.


If a keychain item is shared with other apps, it won't be deleted until those other apps have been deleted as well.


There is documentation in the works about this change that should address questions raised in this thread.


--gc

  • Do we have docs for this already? It seems the keychain keeps the items but I couldn't find any documentation around the time it stores before deletion.

Add a Comment

Replies

As others have mentioned above, this doesn't repro in the simulator, but _does_ on devices. Beta4 seems unchanged from Beta3 from what I can see on the 5C I've been playing around with.

yes, cannot reproduce on real device as well (5c iOS 10.3 beta 4)

In my case: iOS 10.3 beta 3 and iOS 10.3 beta 4 on iPhone 6S and iPhone 6S Plus - confirmed and able to reproduce.

Hello gc,


Thanks for responding here. There is a serious data loss issue with the current implementation. I've filed it as rdar://30983606 - Deleting an app deletes keychain items stored in the iCloud Keychain.


All the best,

Michael Fey

AgileBits, makers of 1Password

I have reproduction Apps and Non-reproduction Apps.

But, I don't know the reason for the difference.


*Confirmed with Non-reproduction App

  1. I'm using real device (iPhone 5 / iOS 10.3 beta 4, 5).
  2. Keychain is autodeleted if it is an App of Development or AdHoc.
  3. Keychain is NOT autodeleted if it is an App of AppStore.
  4. The App does not use "App Groups".
  5. All Apps in the same "Access Group" are uninstalled.


I'm wondering why the keychain is not deleted. (And it is strange that keychain will be deleted in the case of 2)

So, I want to know why the difference is occurring.

 (Are there elements other than "App Groups" and "Access Group" to avoid deleting keychain? And does it only work for App Store apps?...)


Thanks,

When I tried with iOS 10.3 beta 6, keychain data is not deleted.

(When trying the App with iOS 10.3 beta 5, the keychain data was deleted.)


What is the final specification of the keychain in iOS 10.3?

I tried this behavior, but I couldn't reproduce it.


My test environment is below:


- OS: iOS 10.3 beta 6

- Device: iPhone 6s

- Xcode : 8.3 beta 4

- SDK: iOS 10.3 SDK

- Capabilities: Disabled App Groups, Keychain Sharing

- Configuration : Debug


How can I reproduce it?

I'm seeing the same behaviour. Beta 6 does not seem to clear the keychain on app delete.

The behaviour seems to have been put back to normal in beta6. Try it with beta2, 3, 4, or 5

Rozzle


Thank you for your reply.

I tried again under iOS 10.3 beta 7 (14E5277a) device with both of Development and AppStore(TestFlight) build, but I couldn't reproduce it.

I hope this change will not include in public release.

Hello huin,


I also confirmed that this issue does not reproduce with iOS 10.3 beta 7.


>I hope this change will not include in public release.

I feel the same.

Like others, we found that keychain persitence after app removal is still ocurring on iOS 10.3 beta 7. As Apple typically provides more frequent beta updates approaching the GM and that appears to be occuring now does this mean that keychain persistence will still be possible on the final GM?


We're already working on an alternate solution to provide the features our users will need, but it will be good to be informed of Apple's plans since these changes are quite costly, and even if the change will be imminent but simply postponed then we could schedule our work accordingly. You also mentioned that some documentation was in the works, and I hope you might update this thread with that once it's available.


Thank you gc.!

kSecAttrAccessGroupToken – A workaround for the keychain autodelete behaviour found in iOS 10.3

10.3 was released publicly today and it seems the behaviour experienced in the betas is not reflected in the public version. In my testing, keychain items continue to persist beyond app delete.

Thanks for testing