iOS 10.3 Beta 2 autodeletes keychain items after application uninstall?

In previous versions of iOS, the keychain data persisted even when the app was uninstalled and reinstalled on the device. After upgrading to iOS 10.3 beta 2, it appears as if deleting the app also deletes all associated keychain contents for that app. The code I'm using to interface with the keychain hasn't changed, and works with iOS 10.2. Is anyone else experiencing this behavior? I haven't had a chance to test this with 10.3 beta 1.


I've searched through related threads here:

https://forums.developer.apple.com/message/75464

https://forums.developer.apple.com/message/112523


The conclusion from the Apple staff member is that the persistence of the keychain data across apps re-installs is a side-effect of the implementation rather than a feature, and that the behavior should not be relied upon. Maybe they finally decided to update the implementation?

Up vote post of DustMan Down vote post of DustMan
49k views
Posted by
DustMan
Reply
Add a Comment

Accepted Reply

This is an intentional change in iOS 10.3 to protect user privacy. Information that can identify a user should not be left on the device after the app that created it has been removed.


It has never been a part of the API contract that keychain items created by an app would survive when the app is removed. This has always been an implementation detail.


If a keychain item is shared with other apps, it won't be deleted until those other apps have been deleted as well.


There is documentation in the works about this change that should address questions raised in this thread.


--gc

Posted by
gc.
Up vote reply of gc. Down vote reply of gc.
Post marked as solved

  • Do we have docs for this already? It seems the keychain keeps the items but I couldn't find any documentation around the time it stores before deletion.

    henrique
Add a Comment

Replies

Rozzle


Thans for your information.

Posted by
huin
Up vote reply of huin Down vote reply of huin
Add a Comment

Rozzle


Thanks for testing.

I also confirmed the same result.

Posted by
shougayugokugoku
Up vote reply of shougayugokugoku Down vote reply of shougayugokugoku
Add a Comment

Hi Zevik,


This is a bug in the beta that should already be fixed by the time you read this.


kSecAttrAccessGroupToken is writable only by CryptoTokenKit smart card drivers. Apps can query the keychain using that attribute in order to find items stored on a particular smart card. This attribute is not for any other use.


--gc

Posted by
gc.
Post not yet marked as solved Up vote reply of gc. Down vote reply of gc.
Add a Comment