8

I have been using SSKeychain open source library for storing the data securely in my iOS app. Yesterday, I face an issue ,SSKeychain wasn't able to retain its data when I updated my app from v1.0 to v2.0 from iTunes.

Code for UUID Generation : 

- (NSString *)createNewUUID
{
    CFUUIDRef theUUID = CFUUIDCreate(NULL);
    CFStringRef string = CFUUIDCreateString(NULL, theUUID);
    CFRelease(theUUID);
    return (__bridge NSString *)string;
}

Over here, I generated a unique device string and used the keychain to store the same and the app heavily depends on unique string/Device Identifier since from iOS5 to iOS7 there are lots of transformations done by Apple in concerned to Unique Device Identifier, since the methods got deprecated.

Cope snippet for Store & Retrive : 

NSString *retrieveuuid = [SSKeychain passwordForService:@"com.name.appname" account:@"AppName"];
if (retrieveuuid == nil) {
    NSString *uuid  = [self createNewUUID];

    //Store the password in Keychain
    NSError *error = nil;
    [SSKeychain setPassword:uuid forService:@"com.name.appname" account:@"AppName" error:&error];

    if ([error code] == SSKeychainErrorNotFound) {
        NSLog(@"ID not found");
    }
}

So, is this something that keychain won't be able to retain its values/identifier, when the app gets updated from Apple OR am I missing out at some point. Please help out if its possible to store the Identifier permanently in device, irrelevant of Installing, uninstalling ,reset and updating the app.

Alternatively, is there any API, which can provide me the same deviceID/unique string when generated so need to store the Unique String?

Note : App has to support iOS 4.3 and above.

Ajay Sharma
  • 4,509
  • 3
  • 32
  • 59
  • 3
    Conceptually, keychain items are persisted after an app upgrade, so it'll probably be a fault in use of SSKeychain. Does it just disappear once after the upgrade, or will the password fail to store every time after upgrade? Where in the code do you perform the Store & Retrieve? – WDUK Feb 07 '14 at 13:13
  • 1
    Why are you checking for the 'NotFound' error code when setting a password? It should return a BOOL for whether it is successful or not. I also cannot find documentation for `SSKeychainErrorNotFound`, is this an extension you (or someone else) has made? – WDUK Feb 07 '14 at 13:13
  • 1
    What I would also check is the entitlements file. Make sure that keychain-access-groups has the same value in both old App Store build's entitlements file and a new one. – almas Aug 18 '14 at 23:43
  • The dependence on the provision profile (on iOS) is mentioned in the first note of the [Keychain Services Concepts Documentation](https://developer.apple.com/library/mac/documentation/security/conceptual/keychainServConcepts/02concepts/concepts.html#//apple_ref/doc/uid/TP30000897-CH204-TP9) – thelaws Aug 25 '14 at 20:12

3 Answers3

5

You should take a look at this answer. The problem you are facing now is effectively a loss of access to keychain group which is tied to your bundle seed id (10-symbol alphanumeric code before your bundle id), which is your team identifier. So, basically, access to keychain after app updates depends on distribution certificate you use, not on the provisioning profile like @PF1 mentioned.
To prove my point i suggest you to try the following steps:

  1. Add a new version to your app in iTunes Connect.
  2. Make it "ready to upload".
  3. Issue new distribution certificate to yourself in member center.
  4. Create two new appstore provisioning profiles - one with your old / second with your new certificate.
  5. Create two archives like you usually do to submit the app to App Store - one with your old / second with your new certificate.
  6. Validate both. The one with the new certificate will give validation warning that access to keychain groups will be lost for this version.
Community
  • 1
  • 1
Petro Korienev
  • 4,007
  • 6
  • 34
  • 43
  • 1
    My problems is that the distribution cetificate i used to upload the app to app store is now expired and i have to request a new cert in order to update the app. what can i do now? – Rashid Aug 19 '16 at 08:51
  • I'm not sure, but i think seed id should get reused. Anyway, you don't have any other variants besides issuing new cert so... try and tell us how it's going. – Petro Korienev Aug 19 '16 at 09:01
  • The thing is that i just created an AdHoc .ipa and its bundle identifier is exactly the same as the one i used to upload the app store version. But when i install the app over the app store version keychain is reset. – Rashid Aug 19 '16 at 09:22
2

I know is an old question but I leave this answer just in case it would be useful for somebody. I fixed it using the same entitlement in both versions.

enter image description here

enter image description here

Silvi
  • 103
  • 5
1

For anyone else running into a similar issue, I experienced this problem when testing locally and attempting to do a manual upgrade of the application. I tried to over-write the version on my device (provisioned with the App Store profile) with my local copy from Xcode (provisioned with my Team Provisioning Profile). As almas noted in the comments, it seems that the keychain is tied to the provisioning profile used for the build. When I submitted to Apple and updated my app, SSKeychain worked just fine.

individualtermite
  • 3,615
  • 16
  • 49
  • 78