Will items in iOS keychain survive app uninstall and reinstall?

Question

I am looking for documentation about the iOS keychain items. My specific question is if keychain items will survive an app uninstall and reinstall cycle. It seems to work that way since iOS 4 (or maybe even iOS 3), but I cannot find any documentation from Apple stating that this actually is supposed to work this way.

What I am trying to figure out is if I can TRUST (not "hope for" or "guess") that items in the keychain will survive the app uninstall.

EDIT: I realize that the question is a bit unclear as pointed out by Daij-Djan. What I am looking for is official documentation that backs up the well-known behaviour.

UPDATE 2017-04-04: See my answer below, the behaviour change in iOS 10.3 beta. It works as usual in iOS 10.3 but may probably change in future versions.

We know from experience that that is the case, but I failed to find any documentation from Apple on this in the Keychain Services Programming Guide or in session WWDC 2010 209 Securing Application Data. — Jano, Sep 20 '13 at 08:22
I find this pretty interesting, in my tin foil hat moments I imagine that Apple avoid to document this so that they can change (and problably will) this at their wish (which also is strange, they have changed different behaviours in iOS before). It just seems strange that there is no official documentation about a well known behaviour. — Andreas Paulsson, Sep 20 '13 at 08:31
Why the downvote? Please explain so that I can improve the question. — Andreas Paulsson, Sep 20 '13 at 11:48

score 21 · Accepted Answer · edited Aug 14 '17 at 10:45

21

I dug around on the Apple developer forums, and a Apple developer (eskimo1, aka Quinn) states at 2012-08-27 that this is the current behaviour but it's a far as he knows not /documented/ behaviour, so this might change in the future. He also says that deleting shared keychain items is always going to be tricky, which is one of the reasons this it hasn't been addressed yet.

So I guess that this leaves the question open: there is no definitive answer. It is not documented and can change at any point in time. Relying on it MAY cause problems in the future.

UPDATE 2017-04-04:

In iOS 10.3 beta, keychain info for an app is removed when the app is uninstalled, but this behaviour seems to have been removed in the final 10.3 version. At Apple Documentation It is suggested that this is about to change and we should NOT rely on keychain access data being intact after an app uninstallation. See also iOS 10.3 beta 3 doesn't persist data of KeychainItem.

edited Aug 14 '17 at 10:45

Anurag Sharma

4,276
2
28
44

answered Sep 22 '13 at 13:55

Andreas Paulsson

7,745
3
25
31

2

Great find -- just FYI eskimo repeated this guidance in the forums on Oct 15, 2015 ("Indeed. This behaviour is more of an artefact of the implementation rather than a designed-in feature [...] The question you really have to ask is, what is my exposure if this behaviour changed?" – Peter E Jan 07 '16 at 19:10
@sherb That is strange, I just tested the uninstall-install scenario on our app (only app from this vendor) on iOS 11.03, and keychain entries were NOT deleted. We are storing a generic password using kSecAttrAccessibleWhenUnlockedThisDeviceOnly, how do you store your entries? – Andreas Paulsson Oct 19 '17 at 07:05
4

@AndreasPaulsson: You're correct. I incorrectly coded the test and got a false negative. As of iOS 11.0.3 it appears keychain data does persist after deleting the app. I've removed my previous comment to avoid confusing anyone. – sherb Oct 19 '17 at 15:04

score 7 · Answer 2 · edited Aug 14 '17 at 11:24

7

Perhaps this is what you are looking for.
Apple Documentation

Note: On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application.

edited Aug 14 '17 at 11:24

Anurag Sharma

4,276
2
28
44

answered Sep 20 '13 at 08:52

user523234

14,323
10
62
102

1

I have read that and couldn't find anything that states that keychain items will survive an app uninstall. Can You find anything? A quote from the official documentation is exactly what I am looking for. – Andreas Paulsson Sep 20 '13 at 09:34
6

For me the following text indirectly implies that. "Note: On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application." That means, if you delete an older version of the app and install with a later version. So as long as the developer has used the same provisioning profile, the later newly installed version of the app will be abe to access the same keychain data. – user523234 Sep 21 '13 at 03:23
6

@user523234 I confirmed this behavior, but I just have a doubt that what if the provisioning profile is expired and get renewed? Can any one confirm this? – Nimit Pattanasri Feb 09 '15 at 06:59
@NimitPattanasri I can confirm that an expired an renewed provisioning profile will not affect the behaviour, it keychain items will still survive. – Andreas Paulsson Jun 14 '17 at 20:42

score 6 · Answer 3 · edited Aug 14 '17 at 10:33

6

yes they will.

see a correspondinng question of mine:

How to find out WHEN a user bought the app / installed it for the first time (possible without UDID?)

AS I SEE IT:

'Officially' it is implied by the fact that the keychain is for multiple apps.. and that it 'belongs' to the os:

Apple Documentation

A keychain is an encrypted container that holds passwords for multiple applications and secure services.

=> ergo the keychain survives the app

PLUS

a keychain item can be shared between multiple apps

edited Aug 14 '17 at 10:33

Luciano van der Veekens

6,307
4
26
30

answered Sep 20 '13 at 07:47

Daij-Djan

49,552
17
113
135

Yes, I know that it currently works that way, but your answer does not answer my question. I want to know if I can rely on it, and for that I would like to have some kind of documentation from Apple that states that this is the case. – Andreas Paulsson Sep 20 '13 at 07:59
>> I get you but quote: " My specific question is if keychain items will survive an app uninstall and reinstall cycle" :D – Daij-Djan Sep 20 '13 at 08:37
Sorry about that, I have now edited my question to make it a bit more clear. – Andreas Paulsson Sep 20 '13 at 08:41
2

Regarding your addition about sharing between applications: this is defined by access groups (keychain-access-groups) and it is possible that iOS keep a reference count so that keychain items with no apps installed that can access them are removed (similar to persistent UIPasteboard). I agree that it is likely that they are not removed, but I cannot find documentation that says that they are guaranteed to not be removed. Close, but no cigar :-). – Andreas Paulsson Sep 20 '13 at 13:47
I just saw this behavior in my app. What was a little difficult for me is that NSUserDefaults do *not* survive an uninstall/reinstall cycle, while the Keychain items do. – Chris Prince Nov 15 '13 at 20:02
4

5 yrs later - all unchanged - keychain survives app uninstall – Daij-Djan Apr 11 '19 at 15:09
Does anyone know if the Keychain is purged after a set amount of time? Like 24 hours? – jangelsb May 18 '22 at 21:43
I just did a test and even if the app is reinstalled after 32+ hours, the values in the Keychain remained! – jangelsb May 20 '22 at 16:41

Will items in iOS keychain survive app uninstall and reinstall?

3 Answers3

Linked