Hi, we have an iOS app which we recently decided to add a Watch Extension. The iOS app has Push Notification and Background capabilities enabled. It also contains some sensitive data stored in the Keychain.
The Watch app is intended to let users, upon receive a push notification, get this notification on their paired Apple Watch if your phone is locked. On tap the notification they open the app on watch and have actions to process it. The watch app then send a message to iOS app using WCSession, waking up the iOS on background. Everything works as expected, the iOS app receives the message via WCSession and process it accordingly.
The issue we have is that for a specific action, which need to access the Keychain to retrieve an information. We can access the keychain, the key is retrieved but the value has no data when the iOS app is on the background and locked. The value is retrieved if the iPhone is unlocked and the app is on background.
On our Keychain wrapper we store and query the data using accessibility set to kSecAttrAccessibleAfterFirstUnlock. Which we understand is required to be able to access the data while on background and locked. But as explained above, it is not working as we expected.
Are we missing something which is required in order to access keychain data while the app is on background and locked?
We ending up solving this issue. In fact, the keychain data is available while the app is on background and locked if using kSecAttrAccessibleAfterFirstUnlock. However, our Keychain wrapper also uses the Secure Enclave to encrypt/decrypt the data stored in the Keychain, but the Secure Enclave was not set to kSecAttrAccessibleAfterFirstUnlock.