If I put some information into the keychain, my app is the only one who is able to have access to that data, correct?
The keychain data are shared across a developer's applications.
From the apple documentation:
Keychain data for an app is stored outside of the app’s sandbox. When
the user backs up app data using iTunes, the keychain data is also
backed up. Before iOS 4.0, keychain data could only be restored to the
device from which the backup was made. In iOS 4.0 and later, a
keychain item that is password protected can be restored to a
different device only if its accessibility is not set to
kSecAttrAccessibleAlwaysThisDeviceOnly or any other value that
restricts it to the current device. Upgrading an app does not affect
that app’s keychain data.
Here is an example of sharing keychain information between applications.
The data an app puts into the Keychain is restricted to a single developer's apps. It can be shared by multiple apps by the same developer if desired or restricted to that app.
See WWDC13 2013 video "Protecting Secrets with the Keychain". You can access it either on you computer or on an iOS device with the Apple WWDC app.
Related
I'm really confused and hence asking this - does every iOS app has it's own keychain on device(iPhone) or there is only one keychain on device (iPhone) which is used by the different apps ?
Thanks
As mentioned in Apple docs. For the iPhone, there is only one keychain and apps can store their keychain items in it.
In iOS, apps have access to a single keychain (which logically
encompasses the iCloud keychain). This keychain is automatically
unlocked when the user unlocks the device and then locked when the
device is locked. An app can access only its own keychain items, or
those shared with a group to which the app belongs. It can't manage
the keychain container itself.
Reference: https://developer.apple.com/documentation/security/keychain_services/keychains
I need to be able to identify an iOS device across uninstalls/reinstalls.
To do so, I plan to store the identifierForVendor in the keychain at first install, and retrieve it on following installs.
Is there any risk of being rejected of the AppStore by doing so?
I've seen several questions about that so I guess it would be allowed, but the Developer Program License Agreement states that:
Further, neither You nor Your Application will use any permanent,
device-based identifier, or any data derived therefrom, for purposes
of uniquely identifying a device.
I could also use a NSUUID instead, would it be safer?
Edit: add some context for answers suggesting to implement a login.
My app already has an identification system (with a login). It allows the user to connect to his account, and he should be able to see a list of the devices linked (i.e. from which he did connect at some point) to its account, in order to monitor or to unlink them.
The problem is that the identifierForVendor changes after an uninstall/reinstall of the app, leaving a "ghost" device in the user's list. Storing and retrieving it would allow a reinstall of the app not to be considered as a new device. It would only be used for this, and not for advertising or tracking in any way.
TL;DR:
Storing UUID in phone's Keychain will not get your app rejected. So don't worry.
The UUID you're trying to use is NOT a permanent identifier as we know, and storing them does not violate the licensing term that you quoted. Apple deprecated UDID's, MAC addresses, IMEI number etc. to prevent developers from tracking/spamming users based on their unique ID's. This is a privacy problem. Since UUID is a temporary ID, we are free to store them and use them later on, which does not do harm to the user.
I am quoting this from the link from Apple's resources here: Using identifierForVendor
The value in this property remains the same while the app (or another app from the same vendor) is installed on the iOS device. The value changes when the user deletes all of that vendor’s apps from the device and subsequently reinstalls one or more of them. The value can also change when installing test builds using Xcode or when installing an app on a device using ad-hoc distribution. Therefore, if your app stores the value of this property anywhere, you should gracefully handle situations where the identifier changes.
-----****UPDATE IN IOS 10.3:****-----
It seems that Apple has made some changes to how Keychain works in iOS 10.3+. Keychain items stored in the Keychain will be deleted when the all the apps from the specific vendor are uninstalled. According to Apple, the residence of sensitive information of an app even after the app is gone from the device may lead to security risks, so they decided to forbid this kind of behavior.
Developers relying on Keychain storage even after an uninstall for their apps can make use of this WORKAROUND to continue with the intended functionality. According to this workaround, any app can access the information stored in that specific Keychain Access Group, so it is recommended that adding an extra layer of encryption to your data will protect it with even more security, although keychain encrypts items by default.
You may generate a device-id(->similar to UUID) on the server and store that in Keychain of iOS. If your app is reinstalled on the device and you find that device-id in the keychain, then you will be able to identify the device.
I use KeychainItemWrapper to store an identifier of my users in keychain of iOS. I noticed that when we uninstall the app, the identifier persist in the keychain yet; but I'm wonder Does iOS will clean the items automatically when the keychain goes so big? or some other applications can remove or access the items?
It will be deleted if the device is wiped or restored, whatever that resets your device.
Access to the keychain is tied to the provisioning profile used to sign the app. Consequently no other apps would be able to access that app's keychain info. This answers your question about some other App being able to access your App's keychain items or not.
For reference: Same Question on Apple Developer Forum
I have been reading the document, but I am getting confused.
There is iOS Keychain here.
And there is iCloud Keychain here.
They both called keychain and both able to store locally and sync to other devices.
Are they just the same thing?
Or iOS keychain service doesn't require iCloud account for local storage at all?
iOS Keychain is a service which allows you to persist user-sensitive information in your application.
iCloud Keychain is a service provided by Apple which syncs your Safari passwords as well as Mail, Contacts, Calendar, and Messages synced across all of the devices signed in with a specific Apple ID.
Our iOS app is transfer from Account A to B, Earlier we had used the certificates which was created in Account A and upload a build on iTunes Connect using certificates of Account A.
Now when we uploading app on iTunesconenct for Beta Testing that time we have used the certificates which was created in Account B(Due to Transfer App Account).
So, Now application identifier of the live app is different from the application identifier of the Beta TestFlight Testing App on App Store. And we have got the warning potential loss of keychain access.
Right Now, We are using SSKeychain Wrapper for Store UUID to track user.
[SSKeychain setPassword:UUID forService:#"com.example.appname” account:#“appname” error:&error]
If App ID Prefix changed then SSKeychain loss it’s access?
Because We track UUID in database for further use using SSKeychain. My doubt is if APPID Prefix changed then it is also effect the SSKeychain and it is generate new UUID for all devices?
So, How we can solve this issue ? Please let us know about solutions of this issue.
The keychain access is tied to the App(s) ID Prefix(s). They must have the same prefix. We had a case where different Apps in the same Developer Account and different Prefix(s) and they would not share the same keychain access. Had to have Apple fix so all were the same.
In your case, if you move the app to account B, the App ID will have a different prefix and would not be able to access the "old" keychain.
As far as I know there is NO workaround for this if the App Prefix has changed.
Yes, all devices would get a new keychain store for data and would not be able to access the "old" keychain data.