Keychain return error code -25308 even with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly

Hello all I am currently working on a app, which have to access the keychain during the Bluetooth Connection setup to load a public key, which will be exchanged later.

What I observed is that I get the OSError -25308 if I try to access the data, even if I have the Keychain Access set to kSecAttrAccessibleAfterFirstUnlock

This actually happens on my iPhone 8 with iOS 15.1 I enabled already background processing, background scanning and connection for the app. But yeah without any success.

I am not sure if this is a bug on iOS at all.

The problem happens if the app will be put to background from the OS.

Up vote post of IPrototypeI Down vote post of IPrototypeI
1.2k views
Posted by
IPrototypeI
Reply
Add a Comment

Replies

I enabled already background processing, background scanning and connection for the app. But yeah without any success. I am not sure if this is a bug on iOS at all. The problem happens if the app will be put to background from the OS.

If your app is being pre-warmed in the background then this could possibly explain what you are seeing. The pre-warm behavior was enhanced in iOS15 to wakeup apps on a more regular basis and in some cases can execute functions in the AppDelegate. If this is the case for your app you will see something like the following in your logs:

default  10:33:14.663970+0800  runningboardd  Executing launch request for 
application<com.your.app.bundle.id> (DAS Prewarm launch)

To resolve this the Keychain needs to handle these access attempts in the background and if an error is thrown for `errSecInteractionNotAllowed``, or something similar, it will need to be handled gracefully. I would also encourage you to open a bug report if this is the case for your app.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton

  • Hi meaton thanks for your response.

    I will try to do some tests about it and create a bug report.

    Can you give me maybe a suggestion about your statement.

    "To resolve this the Keychain needs to handle these access attempts in the background and if an error is thrown for `errSecInteractionNotAllowed``, or something similar, it will need to be handled gracefully"

    Do you mean that this should be handled by the app or by the Keychain Implementation itself? If it should be handled by the app then there is no option I can think about only if I store the data encrypted as a kind of cache in a file or local database, because any retries would lead to no result.

    IPrototypeI
Add a Comment