1

I've created a new question for this since this is more linked to Xamarin. I was looking for a way to uniquely identify a device in iOS when I stumbled upon this question in StackOverflow. It took me a while to figure out how to add anything into Keychain and them I stumbled upon this question.

After all the stumbling, I came up with this piece of code for generating the unique token.

var s = new SecRecord(SecKind.GenericPassword)
            {
                AccessGroup = "kSecAttrAccessGroupToken",
                ValueData = NSData.FromString(value),
                Generic = NSData.FromString(key)
            };
            SecKeyChain.Add(s);

Now the problem is that even though I'm adding this entry to keychain I am unable to find it. I'm also interested to know if I am using the kSecAttrAccessGroupToken correctly.

My Enlistments.plist file

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>keychain-access-groups</key>
    <array>
        <string>my app id</string>
        <string>kSecAttrAccessGroupToken</string>
    </array>
</dict>
</plist>
Madhav Shenoy
  • 798
  • 12
  • 32

1 Answers1

1

kSecAttrAccessGroupToken is writable only by CryptoTokenKit smart card drivers. Apps can query the keychain using that attribute in order to find items stored on a particular smart card. This attribute is not for any other use.

There was a bug in 10.3.x beta that would allow any app to also write to it, but that has been patched.

Re: https://forums.developer.apple.com/thread/72271

SushiHangover
  • 73,120
  • 10
  • 106
  • 165
  • Thanks for responding. Did you have a look at the Gist I've posted? I made some changes to it and its working now. So when I uninstall the app and re-install, I am still able to get the Guid. But now that you say this, Am I doing something against Apple policy? – Madhav Shenoy Sep 25 '17 at 04:13
  • @MadhavShenoy 1) You are doing this on iOS 10.2 or below? 2) Are you testing on a physical device? (simulators do not follow the runtime rules) – SushiHangover Sep 25 '17 at 04:26
  • Ok let me test this on a device. So does this mean there is no way to uniquely identify a device on iOS at all........ – Madhav Shenoy Sep 25 '17 at 04:35
  • 1
    @MadhavShenoy As far as Apple is concerned, they do not want you to create a unique identify at the device level that is survivable across app installed as it would be a non-controllable privacy concern ;-) There are items such as `AdvertisingIdentifier` but it changes across reboots and can be null if the user disables ad tracking, Mac addresses were removed in v7, etc, etc... – SushiHangover Sep 25 '17 at 04:53
  • 1
    @MadhavShenoy I have seen app companies do all sorts of things, like creating a "unique" calendar entry, adding unique info to contacts, storing custom EXIF data in Photo library images, etc... and I've also seen App store rejections for them all..., Well almost all, but I can not discuss the ones I seen that work – SushiHangover Sep 25 '17 at 04:55
  • ok so basically, you need to be innovative. I get the gist – Madhav Shenoy Sep 25 '17 at 04:57