First, a timeline:IMPORTANT
This was most definitely an implementation detail of the original iOS keychain. Our keychain documentation has never specified what would happen in this case.
10.3 beta included a change that deleted such items.
That caused compatibility problems (apps were relying on the existing behaviour, even though it wasn’t documented), so it was rolled back before 10.3 GM.
iOS 11 introduced the DeviceCheck framework, which provides a forward path for one of the most common legitimate use cases of this behaviour. For more info on this, see WWDC 2017 Session 702 Privacy and Your Apps.
Second, preserving keychain items on delete is an obvious privacy concern. As far as I know Apple has not made any specific announcements as to how we intend to resolve this issue (1). However, I don’t think it would surprise anyone if the 10.3 behaviour returned at some point in the future. I would hope
that we’d be more proactive about announcing such a change — for example, talking about it at WWDC — but, as always, I can’t make any promises about The Future™.
Third, my specific advice:
If you want a keychain item to be deleted when your app is deleted, entangle it with a random key you store on disk, as described in my earlier post (11 Feb 2016). This is guaranteed to work regardless of how the OS behaves.
If you want the item to be preserved, start by looking at the DeviceCheck framework. If that allows you to achieve your high-level goal, you can adopt it on iOS 11 and later and then stop worrying about this issue.
You can continue to use your existing techniques on earlier systems because they’re not going to change.
If the DeviceCheck framework doesn’t meet your needs, please file an enhancement request explaining your situation and why DeviceCheck doesn’t work for you. I’d appreciate you posting your bug number here, just for the record.
If you continue to rely on the current behaviour, I strongly encourage you to write your app so that it acts reasonably if that behaviour changes.
I realise that the above is still “ambiguous”. Alas, I can’t answer with 100% clarity until Apple formally announces our future plans here.
Share and Enjoy
Quinn “The Eskimo!” @ Developer Technical Support @ Applelet myEmail = "eskimo" + "1" + "@" + "apple.com"
(1) Although there was a slide in WWDC 2017 Session 702 Privacy and Your Apps
with bullet points like:
Will continue to remove entropy
Will continue to provide user control of entropy sources
Will continue to remove functionality that is being abused to uniquely identify users
which is a good overall summary of Apple’s position here.