Delete Keychain Items When an App Is Uninstalled

Delete keychain items when an app is uninstalled

You can take advantage of the fact that NSUserDefaults are cleared by uninstallation of an app. For example:

- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
    //Clear keychain on first run in case of reinstallation
    if (![[NSUserDefaults standardUserDefaults] objectForKey:@"FirstRun"]) {
        // Delete values from keychain here
        [[NSUserDefaults standardUserDefaults] setValue:@"1strun" forKey:@"FirstRun"];
        [[NSUserDefaults standardUserDefaults] synchronize];
    }

    //...Other stuff that usually happens in didFinishLaunching
}

This checks for and sets a "FirstRun" key/value in NSUserDefaults on the first run of your app if it's not already set. There's a comment where you should put code to delete values from the keychain. Synchronize can be called to make sure the "FirstRun" key/value is immediately persisted in case the user kills the app manually before the system persists it.

iOS Keychain Data will persist after app deleted and reinstall?

Keychain data always persist now.

The auto-delete of keychain value was in a beta of 10.3, but for some reason, they removed this possibility. I guess to many applications get used to not droppable keychain.

Check this question.

There is a super simple way trough UserDefaults :

func clearKeychainIfWillUnistall() {
let freshInstall = !UserDefaults.standard.bool(forKey: "alreadyInstalled")
 if freshInstall {
    KeychainKeeper.shared.clear()
    UserDefaults.standard.set(true, forKey: "alreadyInstalled")
  }
}

Call it in AppDelegate

func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
  self.clearKeychainIfWillUnistall()
}

The simplest workaround that I know. I hope it will help.

iphone keychain items persist after application uninstall?

Yes, this is the expected and correct behavior.

Some keychain items may be shared with other apps you control (that share the same keychain item access group).

You should just leave the info alone when your app is removed. You have no callback or method of removing the keychain items on deletion of your app.

Will items in iOS keychain survive app uninstall and reinstall?

I dug around on the Apple developer forums, and a Apple developer (eskimo1, aka Quinn) states at 2012-08-27 that this is the current behaviour but it's a far as he knows not /documented/ behaviour, so this might change in the future. He also says that deleting shared keychain items is always going to be tricky, which is one of the reasons this it hasn't been addressed yet.

So I guess that this leaves the question open: there is no definitive answer. It is not documented and can change at any point in time. Relying on it MAY cause problems in the future.

UPDATE 2017-04-04:

In iOS 10.3 beta, keychain info for an app is removed when the app is uninstalled, but this behaviour seems to have been removed in the final 10.3 version. At Apple Documentation It is suggested that this is about to change and we should NOT rely on keychain access data being intact after an app uninstallation.
See also iOS 10.3 beta 3 doesn't persist data of KeychainItem.

can a user remove a keychain item from his iOS device?

No. Keychain items are in iOS sandbox, users don't have access to remove unwanted keychain item. These are accessible via API's only.

As iOS provides API's to access keychain items from sandbox, applications can use these API's to access keychain items. But an application can access only its own keychain items as per https://developer.apple.com/library/ios/documentation/security/conceptual/keychainServConcepts/02concepts/concepts.html

So they are secure enough if they still remain on the user's device when the app is uninstalled.

---

Related Topics