iphone keychain items persist after application uninstall?

iphone objective-c ios keychain

25,977

Solution 1

Yes, this is the expected and correct behavior.

Some keychain items may be shared with other apps you control (that share the same keychain item access group).

You should just leave the info alone when your app is removed. You have no callback or method of removing the keychain items on deletion of your app.

Solution 2

Edit: They finally reverted the behavior described in my answers, so until everybody move away from that range of versions, this should not happen anymore.

Unfortunately, this is not the case anymore. It has been changed since iOS 10.3.

This is an intentional change in iOS 10.3 to protect user privacy. Information that can identify a user should not be left on the device after the app that created it has been removed.

It has never been a part of the API contract that keychain items created by an app would survive when the app is removed. This has always been an implementation detail.

See the reference here.

25,977

Author by

Vladimir

iPhone developer Support English-Russian Area 51 proposal

Updated on June 24, 2020

Comments

Vladimir almost 4 years
I am playing with idandersen's scifihifi-iphone code for keychain and came across the following behavior - I set the password using, say
```
[SFHFKeychainUtils storeUsername:@"User" andPassword:@"123"
                  forServiceName:@"TestService" updateExisting:YES error:&error];
```
Then delete test application from device and install it again - the previously set password appears to remain in keychain...
Is it the expected behavior? And is there a way to make sure that password I set will be deleted with the application?
Vladimir over 13 years

So the fact that I don't want info stay in the keychain after app uninstall might imply that keychain is simply wrong place to store it, right?
James about 13 years

@Mihai Damian items can be shared between apps, but are not by default; you have to set access groups.
Qamar Suleiman over 12 years

Its like how UIPasteboard is implemented.Private yet shared
Zennichimaro about 11 years

"In iOS, each application always has access to its own keychain items; the user is never asked to unlock the keychain. Whereas in OS X any application can access any keychain item provided the user gives permission, in iOS an application can access only its own keychain items." Please correct your answer, it is misleading! source: developer.apple.com/library/ios/#documentation/security/…
Steve about 11 years

@Zennichimaro Despite what the passage you quoted says, you can share a keychain between two applications you write, if you specify the same keychain group id in the keychain-access-groups in the entitlements file. See Apple's documentation for SecItemAdd() for more details. Apple's GenericKeychain sample code demonstrates how to do this.
Sulthan almost 6 years

Actually, this has been reverted and the information is not valid any more as far as I know.
ForceMagic almost 6 years

@Sulthan Indeed, unless some people are still on those versions of iOS. :) I added a note. thanks for the update.
Sulthan almost 6 years

I think it was only in 10.3 Beta 2 till Beta 5. Therefore normal people shouldn't actually see that behavior at all
ForceMagic almost 6 years

@Sulthan My client has 1.5 Millions of mobile users and we had reports of several of them having the issue, so it definitively went live at some point. I agree it wasn't the vast majority though.
Sulthan almost 6 years

A lot of people in IT install beta versions even if its very unwise. My crashlogs are already polluted by iOS 12 crashes caused by beta bugs. The best course of action is to ignore problems on betas.