8

In the Keychain Services Programming Guide it states the following:

"On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application."

Which I have no problem with but I would like to test that if I provide an update to my app in the AppStore that it will still be able to access the old values stored in the keychain. I have tried to test by updating the app with a version signed with an ad-hoc distribution profile that contained the same bundle id and product name as the original but it could not access the old value in the keychain.

Is the only option to submit the update to the AppStore and hope that it will work?

Roatin Marth
  • 23,589
  • 3
  • 51
  • 55
Shane Fitzgibbon
  • 926
  • 7
  • 11

4 Answers4

4

This is a good question.

One of the main reason why you might want to store some data in the keychain is to prevent malicious users from accessing it. This is quite a dry sentence on its own so I recommend reading about how someone might access that data.

Another way to access keychain data would be to create a malicious app with the same app ID as the target app. Apple have secured this route by requiring the provisioning profile to be the same.

So, to answer your question, you can only test the keychain data in update from the same provisioning profile, i.e.

  1. Ad hoc to Ad hoc
  2. App store to app store.

App store to app store is not really an option since it will be too late by then (your update will be on the market). So instead you need to delete your app store app and install an ad hoc version. Then recreate your data on the keychain, then update to the latest ad hoc version and test that it worked.

Of course this requires you to have an archived ad hoc version of the app thats currently on the app store. If you don't have this, then its not possible to test an update.

Robert
  • 37,670
  • 37
  • 171
  • 213
-1

Unless I am mistaken, to update an app in the app store you need to use the same provisioning profile. Therefore, since you will be using the same profile, you should have access to the same keychain items.

Simon Goldeen
  • 9,080
  • 3
  • 36
  • 45
-1

It's actually not the provisioning file that matters, but the app ID. Specifically the Bundle Seed ID that you set when creating an App ID. Keychain access is governed by it. So as long as your profile uses an app ID with the same Bundle Seed ID you can continue to access the info in the keychain. I have a few apps that do this.

This allows you to to create a suite of apps that can all access the same keychain items as long as you set them to use the same Bundle Seed ID. So if you do a light and a pro version, they can both access the same keychain info while maintaining separate bundle identifies for things like user defaults.

McCygnus
  • 4,187
  • 6
  • 34
  • 30
  • How do you set your application to use the same application id as the previous version. I have tried the techniques referred to in the GenericKeychain sample code but since the previous version did not make use of the access group security attribute it does not seem to be working. I am still unable to access the password that was set in the keychain from the app that was installed from the app store. – Shane Fitzgibbon Apr 20 '11 at 01:14
  • I have also tried to set the application-identifier key in the Entitlements.plist to ##########.com.companyname.etc but that does not seem to help. – Shane Fitzgibbon Apr 20 '11 at 01:16
  • 2
    This answer directly contradict [apple's docs](http://developer.apple.com/library/ios/#documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html): *On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application.* Which one is right, Provisioning Profile or app ID? – Roatin Marth Nov 09 '12 at 17:27
-3

SFHFKeychainUtils may be your good choice. It's a wrapper to access keychain. More about: SFHFKeychainUtils :http://www.ioslib.com/archives/sfhfkeychainutils/

Wu Guoquan
  • 101
  • 1
  • 6
  • This is not an answer to Shane's question. He wants to know how to test that a new update of an app will still be able to access the old values stored in the keychain. Using a wrapper will not resolve the question. – artberri Jun 17 '20 at 08:18