24

I could have sworn this worked differently in previous versions of iOS, but as of iOS 4.0 it looks like my app's keychain items are not removed when the app is removed. However, it looks like some are cleared when the app is upgraded without first removing?

Can someone provide a clear explanation of when iOS keychain items are removed?

thrusty
  • 864
  • 1
  • 8
  • 18
  • For what it's worth, I remember this being the case in iPhone OS 3.x. I think it was likewise for 2.x. – Aidan Steele Oct 08 '10 at 05:39
  • I am also running into this issue. I also swear the keychain used to behave differently. I remember that deleting the application from my device also erased the keychain values. But it's not the case in my testing after iOS 4.0. I'm noticing that my credentials are persisting across application deletes and subsequent reinstalls. Have you success in finding a proper way to clear this data? None of suggested links here and else where resolves this and I don't want to open up a duplicate question for this issue. – Shiun Nov 30 '10 at 00:53
  • From what I've seen keychain items under 4.0+ are not removed when the app is removed. – thrusty Dec 06 '10 at 19:05
  • I assume it is cleared when the user choses "Reset all contents and settings". Can anyone confirm this? How about when you perform a not-over-the-air system update, and setup as 'new device' (instead of restoring from backup)? – Nicolas Miari Jun 26 '12 at 06:47

4 Answers4

19

As answered here, and somewhere else (I can't remember where I read it), the keychain will persist even after the app is removed. I am almost positive that the keychain isn't cleared unless you explicitly delete an item in it.

Community
  • 1
  • 1
jps
  • 11,347
  • 3
  • 23
  • 19
  • 1
    I am not sure here but I think you can reset the keychain (as a user) by using one or several of the Reset buttons in Settings. That will likely wipe a lot of other stuff as well, but could maybe be used. This needs to be confirmed however :-) – Jonny Aug 01 '14 at 01:54
  • 3
    Just confirmed the above: You can reset your keychain by tapping the "Reset All Content and Settings". However just doing "Reset All Settings" does not suffice. – Jonny Aug 01 '14 at 02:12
  • 2
    OMG wow. So even though Apple has the device reset the advertising identifier, all an app needs to do is generate a unique key and stick it in the keychain? Then every time it runs, get the key out, and send it to the server as an identifier? Then boom we know we're on the same device?! That's a crazy exploit that breaks the whole "anonymity" thing they act like they are ensuring users. – CommaToast Aug 19 '16 at 19:23
0

If you do a secure wipe of the device, then you may get a fresh keychain.

hotpaw2
  • 70,107
  • 14
  • 90
  • 153
0

I was sad to found out that this is not the case anymore, the keychain won't persist anymore since 10.3.

See my reply here.

ForceMagic
  • 6,230
  • 12
  • 66
  • 88
  • Just noting here that these keychain changes were reverted in the end. So 10.3+ still does not delete keychain items post-uninstall. – Max G J Panas Jul 03 '20 at 09:23
-1

It persists even after app uninstall. For an enterprise scenario, you may configure n use MDM solution to control the device keychain.

Ocelot
  • 1,733
  • 4
  • 29
  • 53