What's happen to data stored in keychain when user update his iOS version to new system ? i.e user have ios 6 and stored some information from my App in Keychain, are those information will be still avaiable after install ios 7 ??
BR
Kivu
Nothing will happen to data in KeyChain, keychain persists even after the app is removed, it is linked to AppID and the access rights depend on the provisioning profile used when signing your application.
On iPhone, Keychain rights depend on the provisioning profile used to
sign your application. Be sure to consistently use the same
provisioning profile across different versions of your application
After my customers upgraded to a new version of my App using KeyChain.... under iOS7 they lost all the information.
Related
Apologies if this has been asked before. I am new to iOS mobile app development. I am further developing an iOS app that has been developed by another person. They sent me the source code and told me that all the signing keys/certificates/provisioning profiles are stored against the Apple Developer's Account (which I have access to). When I try to build/run the app through XCode it complains about Code Sign error (not having a matching certificate in my keychain) . How can I fix this error please? is the a way to download the.p12 file from the app's Apple Developer Account? Since the app provisioning profile and signing identity is only needed for running the app on actual devices (at least in my understanding), is there away of getting xcode to ignore about it just for the purpose of running the app on the simulator?
If you have a developer account add it to Xcode Preferences -> Accounts , then click Automatically manage signing
If you want to distribute the app, make sure you have a distribution private key in your keychain, from the old mac or create the new one
I am working in project which is already in Appstore submitted by different developer. Now I am trying to submit updated version of the app with different version and build number. I can't able to access previously stored keychain values.
Here is the steps I did
Revoked the old Distribution certificate created by another person and created a new one with my machine.
Regenerated Provisioning Profile which is used by previous developers
Code signed and submitted to App Store
Downloading old build from App Store
Installing the updated build from test flight
Now I can't able to access keychain values already stored.
Now what can I do to retrieve the old keychain value? I have also checked the team ID for Keychain group access it is same as old one. Is there any way I can retrieve the old keychain values.
Here is brief answer which may help you to resolve your issue :
keychain group which is tied your team identifier. So, basically,
access to keychain after app updates depends on distribution
certificate you use, not on the provisioning profile
So if you are saying you revoke all old certificate and the one with the new certificate ( that you created ) that access to keychain groups will be lost for this version.
Finally I got a solution from apple guides
Note: In iOS, Keychain rights depend on the provisioning profile used
to sign your application. Be sure to consistently use the same
provisioning profile across different versions of your application.
https://developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html
I have inherited an iOS project that has an app currently submitted to the App Store. I want to release a new beta version of an app. After I Archive the app in the Xcode and try to Validate it, it shows the following message shown on the screenshot:
Failed to locate or generate matching signing assets. Your account already has a valid iOS Distribution certificate.
I don't have the distribution certificate locally and don't have access to the computer that had it. As far as I understood form other questions, one option is to click the "Reset" button. What are the implications of reseting the distribution certificate? Will it affect the current app in the App Store? Will other services like Push notifications and in-app purchases continue to work in the current app?
I have reseted the distribution certificate and it did not affect the published version of the app. Push notifications continue to work.
Resetting Certificates Using Xcode
If Xcode detects an issue with a signing identity, it displays an appropriate action in Accounts preferences. If Xcode displays a Create button, the signing identity doesn’t exist in your developer account or on your Mac. If Xcode displays a Reset button, the signing identity is not usable on your Mac—for example, it is missing the private key. If you click the Reset button, Xcode revokes and re-creates the corresponding certificate.
https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html
As per my experience, according to Apple support revoking certificate will not have any effect on the uploaded build on iTunes or on live.
https://developer.apple.com/support/certificates/
iOS Distribution Certificate (App Store)
If your Apple Developer Program membership is valid, your existing apps on the App Store will not be affected. However, you will no longer be able to submit new apps or updates to the App Store.
Just came across this on apple Keychain Services Concepts
Note: On iPhone, Keychain rights depend on the provisioning profile
used to sign your application. Be sure to consistently use the same
provisioning profile across different versions of your application.
I also know that provisioning profiles can change for many reasons, including adding a new functionality like push notification, adding watch support, or even adding a new team member.
Now am I correct to assume that whenever above changes occur, new versions of my app will no longer be able to access keychain items that were created with previous versions?
Thanks!
I don't think your assumption is right. The Keychain Acces only depends on the bundle identifier of your application and the profile which was first used to create the app. If it would depend of your code-provisioning profiles changes, indeed what you said would be correct, but if so, the bussinesses and the enterprises would be totally unable to develop updates for their applications, which would have also included the old info stored in the Keychain. That's because in a bussiness, people come and leave often!
Note: On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application.
You can add a team member, configure a push notification services and so on, as long as the provisioning profile stays the same.
Note: If you change the provisioning profile just to add a team member, yes, your assumption is right, but it just isn't the best way of doing this. Rather, I recommend reading this tutorial (on how to add a team member to a provisioning profile).
keychain directly depepds on Bundle id , if bundle id remain same then your app can acess keychain , so provisioning profile should map the same bundle id if app needs to acccess keychain.
I have a test version of an app on my phone which has stopped working last week when its team provisioning profile expired. The profile is now update in Xcode and on the developer portal but not yet on the phone. Is there any way of forcing an update on the phone which our reinstalling the app and overwriting its [slightly changed Core Data] data store?
If you've set up your core data version correctly, it should not overwrite the data store. If you are currently developing it, and the core data data store version hasn't been incremented, can you not increment the version to force iOS to migrate the data to the new structure?
Barring that, you have 2 or 3 options to install it, depending on how the profile is set up.
If you are using a wildcard app ID in your provisioning profile, you can get the new version onto the phone by simply creating a new dummy app (or use one of Apple's sample apps) and sign it with the new profile / cert. This will get the new profile onto the device without touching the existing app (just make sure you don't use the same bundle ID for the dummy app.
If you have an explicit app ID, you can try to add the provisioning profile manually through the Xcode Devices window. Right click on the device on the left and select "Show provisioning profiles..." In the window with the provisioning profiles, click the little "+" below the list, browse to your provisioning profile and open it. If it is valid for the device, it will get added on the device.
Finally, if you have MDM (Mobile Device Management) managing the device, you can use that to push the profile to the device.
Once you get the profile on the device, you should be able to run the app again.
Unfortunately, Apple no longer allows you to simply email the provisioning profile to the email account on the device and let the user open it. I believe starting with iOS 8 you haven't been able to do that and you need to install it either with an app, through Xcode, or with MDM.