Login/Register
Key Chain Data loss when app distribute through MDM
Asked Answered
iosobjective-ckeychainmdmios12
F

1

8

In our iPad application user has to enter his details for registration. After the user enters his details we save those details in the Device's keychain.

So next time the user launched the app user can use the app without registering again. Since we save it in the keychain even the app reinstall by deleting is also worked fine.

One of our clients uses their MaaS360 MDM to distribute this app to their users. But when the user installs it through the MDM app and after the next day, keychain data got lost and ask the user to do device registration again.

Initially, we thought this is due to one of the policies they have included. But no luck. Can someone please tell me what has happened here and how to solve this issue.

Fluff answered 25/6, 2019 at 14:14 Comment(5)
It can depend on configuration of MDM server and/or profiles. The MDM server can clean-up managed app data during device opt-in, or reinstall managed app at all every time.Experiential
@Experiential Can you give more details like how we can stop this MDM server clean-up policy?Fluff
@Fluff any chance your apps minimum supported version is IOS 8.0?Lustral
Are you sure the bundle ID wasn't changed by MaaS360 even after installing it on the device? maybe your data still exists on the device but since the bundle ID was changed the keychain couldn't find it.Tacmahack
we are experiencing similar issue, weird thing is that data stored in apps sandbox will persist after update but keychain values wont. In our case its sqlite db encrypted with password from keychain. db file is there but password is missing from keychain.Cancroid
C
0

There are two possible scenarios:

First scenario:

It's a configuration issue of MaaS360 MDM server. Please look at these config examples.

Second scenario:

It's not a MaaS360 MDM issue, it's rather a certificate issue. Probably, your client gets the similar error when he/she is distributing an app:

"Could not find a valid private-key/certificate pair for this profile in your keychain."

Apple documentation says the following about that:

This error message indicates that your system’s Keychain is missing either the public or private key for the certificate you are using to sign your application. This often happens when you are trying to sign and build your application from a different system than the one you originally used to request your code signing certificate. It can also happen if your certificate has expired or has been revoked. Ensure that your app’s provisioning profile contains a valid code signing certificate, and that your system’s Keychain contains that certificate, the private key originally used to generate that certificate, and the WWDR Intermediate Certificate.

Please read Code Signing instructions to find out how to get rid of that issue.

Chantry answered 9/1, 2020 at 21:44 Comment(2)
No, we don't have problem in both the scenarios. Actually, They will able to install distributed ipa into the managed devices but after few days, They experience key chain data loss and not at the time of installation.Fluff
Ok, I've got it. I'll try to find the reason.Chantry

© 2022 - 2024 — McMap. All rights reserved.