iOS Keychain Cleanup and iOS Keychain Access Groups Support
Apple defines Keychain as an encrypted database that provides your app a mechanism to store small bits of user data such as passwords, notes, card information, keys or certificates data.
In this guide, you’ll learn about:
- iOS Keychain Cleanup
- iOS Keychain Access Groups
- How to set the ios_keychain_support app upload parameter
- Frequently Asked Questions(FAQs)
iOS Keychain Cleanup
For some iOS apps, it is seen that data such as login data is persisted from previous sessions on our iOS devices. This is because data stored by the iOS app in device’s secure Keychain does not get cleared automatically after the app is uninstalled at the end of the test session. However, the app’s keychain data is not available to any other app, and cannot be retrieved, changed, or deleted by any other entity apart from the app itself.
iOS Keychain Access Groups
When we resign your iOS app with BrowerStack’s wildcard provisioning profile to install it on our iOS devices, although the keychain-access-groups entitlement is preserved, the Bundle Seed ID/Team ID component of the keychain access groups is changed. This might lead to some app features or flows which depend on Bundle Seed ID/Team ID to not work on BrowserStack iOS devices.
Set the ios-keychain-support app upload parameter
In order to support the above-highlighted use cases, you need to set the parameter ios_keychain_support during the app-upload stage on BrowserStack. This allows BrowserStack to instrument your app to automatically clear keychain data after every test session and handle keychain access groups(changed Bundle Seed ID/Team ID) issues. The following app upload cURL request demonstrates how to do this:
curl -u "YOUR_USERNAME:YOUR_ACCESS_KEY" \
-X POST "https://api-cloud.browserstack.com/app-automate/upload" \
-F "file=@/path/to/app/file/application-debug.ipa"
-F "ios_keychain_support=true"
- This feature is supported only on iOS >= 13 devices. iOS apps built for minOS < 13 will not be able to run sessions on iOS < 13 devices with this feature.
- iOS apps signed with Enterprise certificates are not supported. This feature needs
browserstack.resignAppto betrue.
Frequently Asked Questions (FAQs)
1. Can I resolve keychain cleanup issues without using ios-keychain-support app upload parameter?
- Yes, Best practices recommend deleting keychain items from the app which are no longer needed in case of events such as logout. Please refer to the following apple documentation for more details : Apple Developer Documentation
- App developers can also provide an app setting to the testing team to delete keychain data at the end of the session.
- App itself could reset keychain values when the app is launched for the first time. For more details, refer: Delete keychain items when an app is uninstalled.
2. Can I resolve keychain access groups issues without using ios-keychain-support app upload parameter?
- Yes, App developers can ensure that Bundle Seed ID/Team ID component of the keychain access groups are read programmatically from the access group attribute (i.e. kSecAttrAccessGroup) of an existing KeyChain item.
We're sorry to hear that. Please share your feedback so we can do better
Contact our Support team for immediate help while we work on improving our docs.
We're continuously improving our docs. We'd love to know what you liked
Is this page helping you?
Yes
No
We're sorry to hear that. Please share your feedback so we can do better
Contact our Support team for immediate help while we work on improving our docs.
We're continuously improving our docs. We'd love to know what you liked
Thank you for your valuable feedback!
