Keychain doesn't retain the data after app gets update from iTunes

Asked 7/2, 2014 at 12:47 Answered 6/8, 2016 at 20:18

ios ios5 uniqueidentifier keychain sskeychain

I have been using SSKeychain open source library for storing the data securely in my iOS app. Yesterday, I face an issue: SSKeychain wasn't able to retain its data when I updated my app from v1.0 to v2.0 from iTunes.

Code for UUID Generation :

- (NSString *)createNewUUID
{
    CFUUIDRef theUUID = CFUUIDCreate(NULL);
    CFStringRef string = CFUUIDCreateString(NULL, theUUID);
    CFRelease(theUUID);
    return (__bridge NSString *)string;
}

Over here, I generated a unique device string and used the keychain to store the same and the app heavily depends on unique string/Device Identifier since from iOS5 to iOS7 there are lots of transformations done by Apple in concerned to Unique Device Identifier, since the methods got deprecated.

Code snippet for Store & Retrieve :

NSString *retrieveuuid = [SSKeychain passwordForService:@"com.name.appname" account:@"AppName"];
if (retrieveuuid == nil) {
    NSString *uuid  = [self createNewUUID];
    
    //Store the password in Keychain
    NSError *error = nil;
    [SSKeychain setPassword:uuid forService:@"com.name.appname" account:@"AppName" error:&error];
    
    if ([error code] == SSKeychainErrorNotFound) {
        NSLog(@"ID not found");
    }
}

So, is this something that keychain won't be able to retain its values/identifier, when the app gets updated from Apple OR am I missing out at some point? Is it possible to store the Identifier permanently in device, without installing, uninstalling, resetting and updating the app?

Alternatively, is there any API, which can provide me the same deviceID/unique string when generated so need to store the Unique String?

Note : the app has to support iOS 4.3 and above.

Stenotype answered 7/2, 2014 at 12:47 Comment(4)

Conceptually, keychain items are persisted after an app upgrade, so it'll probably be a fault in use of SSKeychain. Does it just disappear once after the upgrade, or will the password fail to store every time after upgrade? Where in the code do you perform the Store & Retrieve? – Sosa 7/2, 2014 at 13:13

Why are you checking for the 'NotFound' error code when setting a password? It should return a BOOL for whether it is successful or not. I also cannot find documentation for SSKeychainErrorNotFound, is this an extension you (or someone else) has made? – Sosa 7/2, 2014 at 13:13

What I would also check is the entitlements file. Make sure that <key>keychain-access-groups</key> has the same value in both old App Store build's entitlements file and a new one. – Whosoever 18/8, 2014 at 23:43

The dependence on the provision profile (on iOS) is mentioned in the first note of the Keychain Services Concepts Documentation – Toname 25/8, 2014 at 20:12

You should take a look at this answer. The problem you are facing now is effectively a loss of access to keychain group which is tied to your bundle seed id (10-symbol alphanumeric code before your bundle id), which is your team identifier. So, basically, access to keychain after app updates depends on distribution certificate you use, not on the provisioning profile like @PF1 mentioned.
To prove my point i suggest you to try the following steps:

Add a new version to your app in iTunes Connect.
Make it "ready to upload".
Issue new distribution certificate to yourself in member center.
Create two new appstore provisioning profiles - one with your old / second with your new certificate.
Create two archives like you usually do to submit the app to App Store - one with your old / second with your new certificate.
Validate both. The one with the new certificate will give validation warning that access to keychain groups will be lost for this version.

Mccrae answered 25/8, 2014 at 14:41 Comment(3)

My problems is that the distribution cetificate i used to upload the app to app store is now expired and i have to request a new cert in order to update the app. what can i do now? – Legendre 19/8, 2016 at 8:51

I'm not sure, but i think seed id should get reused. Anyway, you don't have any other variants besides issuing new cert so... try and tell us how it's going. – Mccrae 19/8, 2016 at 9:1

The thing is that i just created an AdHoc .ipa and its bundle identifier is exactly the same as the one i used to upload the app store version. But when i install the app over the app store version keychain is reset. – Legendre 19/8, 2016 at 9:22

I know is an old question but I leave this answer just in case it would be useful for somebody. I fixed it using the same entitlement in both versions.

Fourscore answered 6/8, 2016 at 20:18 Comment(0)

For anyone else running into a similar issue, I experienced this problem when testing locally and attempting to do a manual upgrade of the application. I tried to over-write the version on my device (provisioned with the App Store profile) with my local copy from Xcode (provisioned with my Team Provisioning Profile). As almas noted in the comments, it seems that the keychain is tied to the provisioning profile used for the build. When I submitted to Apple and updated my app, SSKeychain worked just fine.

Acuminate answered 22/8, 2014 at 21:54 Comment(0)

Recommended topics

Hot tags