Login/Register
ios unique identifier across installs
Asked Answered
iosswiftkeychain
C

2

12

We need to uniquely identify the device and it has to be same across installs (reinstall). We have been using identifier stored in keychain till now so it persists across installs. Now with 10.3 beta the key chain is auto deleted when the app is uninstalled. Ref: https://forums.developer.apple.com/thread/72271

Can we use AdIdentifier as unique identifier. We have ads served and we are at the moment using it for the same.

Christalchristalle answered 8/3, 2017 at 13:34 Comment(1)
Unfortunately, there is nothing better now. identifierForVendor works the same as a shared keychain. It also changes when app (all apps from the same vendor) is uninstalled. Start identifying users instead of devices. Make them log in using facebook for example.Slyviasm
S
2

There seems to be a workaround. It's actually mentioned in the forum you linked.

By making the keychain item available to other apps you can ensure it won't be deleted when your app is deleted.

To do that, you can add the item to kSecAttrAccessGroupToken access group on iOS 10. See https://gist.github.com/Raztor0/34ad0e23a410c33526c9fa1b6e8d281c

If you set the access group to this well-known group, your keychain item will be readable by all installed apps:

Every application has access to this access group so it is not needed to explicitly list it in keychain-access-groups entitlement, but application must explicitly state this access group in keychain queries in order to be able to access items from external tokens.

That makes the item unsuitable for any sensitive or secret data (e.g. passwords, user names etc). For a unique identification of devices this shouldn't matter.

Slyviasm answered 8/3, 2017 at 20:27 Comment(8)
But that workaround works only if there are other apps which share the keychain item and remain installed (if I understand it correctly).Obtrude
@MartinR No, this means you are adding the item to a "well-known access group" not dependent on your app. Every application has access to this access group so it is not needed to explicitly list it in keychain-access-groups entitlement, but application must explicitly state this access group in keychain queries in order to be able to access items from external tokens.Slyviasm
I see, I mixed things up. – Does that mean that the item is visible to all applications? So that would not be suitable for sensitive information like passwords?Obtrude
@MartinR Exactly but if we are talking only about uniquely identifying a device than I think it's suitable.Slyviasm
OK, thanks for the clarification. (It might still be useful to add a notice about sensitive information to the answer, since storing passwords in the keychain is so often recommended. I'll leave that up to you.)Obtrude
In different post in apple forum it said there has to be atleast one app belonging to group, else keychain gets auto deleted.I checked with Xcode 8.3 beta 4 and iOS 10.3 beta 5, i added token to kSecAttrAccessGroup. On uninstall keychain is auto deleted.Christalchristalle
@Christalchristalle it seems that apple didnt apply this feature for 10.3 public release. forums.developer.apple.com/message/210531#217194Zambia
@Slyviasm does this work in devices which are < iOS 10?Stealth
Z
1

Do you mean AdIdentifier as adverting identifier, aka IDFA? https://developer.apple.com/reference/adsupport/asidentifiermanager/1614151-advertisingidentifier

This value can be easily replaced by device holder from settings application. And also this value is all zeroes when the user has limited ad tracking.

Came up with the idea that using Cookie in the web browser (e.g. check cookie when first app launching and store unique string if it doesn't exist), but it can also be modified by users.

After all, I have no idea how completely identify unique user.

Zambia answered 8/3, 2017 at 13:56 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.