Skip to main content

iOS Keychain Access Groups and Keychain Cleanup Support

Important: This feature is currently in Beta and may involve changes based on feedback.

Apple defines Keychain as an encrypted database that provides your app a mechanism to store small bits of user data such as passwords, notes, card information, keys or certificates data.

In this guide, you’ll learn about:

  • When we resign your iOS app with BrowerStack’s wildcard provisioning profile to install it on our iOS devices, although the keychain-access-groups entitlement is preserved, the Bundle Seed ID/Team ID component of the keychain access groups is changed. This might lead to some app features or flows which depend on Bundle Seed ID/Team ID to not work on BrowserStack iOS devices.
  • For some iOS apps, it is seen that data such as login data is persisted from previous sessions on our iOS devices. This is because data stored by the iOS app in device’s secure keychain does not get cleared automatically after the app is uninstalled at the end of the session. The app’s keychain data is not available to any other app, and cannot be retrieved, changed, or deleted by any other entity apart from the app itself.

Set the ios-keychain-support app upload parameter

In order to resolve the above-highlighted issues, you need to set the parameter ios_keychain_support during the app-upload stage on BrowserStack. This allows BrowserStack to inject code into your app to handle keychain access groups(changed Bundle Seed ID/Team ID) issues and keychain cleanup issues. The following app upload cURL request demonstrates how to do this:

curl -u "YOUR_USERNAME:YOUR_ACCESS_KEY" \
-X POST "https://api-cloud.browserstack.com/app-automate/upload" \
-F "file=@/path/to/app/file/application-debug.ipa"
-F "ios_keychain_support=true"
Note:
  • This feature is supported only on iOS >= 13 devices. iOS apps built for minOS < 13 will not be able to run sessions on iOS < 13 devices with this feature.
  • iOS apps signed with Enterprise certificates are not supported. This feature needs browserstack.resignApp to be true.

Frequently Asked Questions (FAQs)

1. Can I resolve keychain cleanup issues without code injection by BrowserStack in my app?

  • Yes, Best practices recommend deleting keychain items from the app which are no longer needed in case of events such as logout. Please refer to the following apple documentation for more details : Apple Developer Documentation
  • App developers can also provide an app setting to the testing team to delete keychain data at the end of the session.
  • App itself could reset keychain values when the app is launched for the first time. For more details, refer: Delete keychain items when an app is uninstalled.

2. Can I resolve keychain access groups issues without code injection by BrowserStack in my app?

  • Yes, App developers can ensure that Bundle Seed ID/Team ID component of the keychain access groups are read programmatically from the access group attribute (i.e. kSecAttrAccessGroup) of an existing KeyChain item.

We're sorry to hear that. Please share your feedback so we can do better

Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked






Thank you for your valuable feedback

Is this page helping you?

Yes
No

We're sorry to hear that. Please share your feedback so we can do better

Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked






Thank you for your valuable feedback!

Talk to an Expert
Talk to an Expert