How does encryption of keychain differ between IOS on device vs IOS Simulator

What’s the background to this question? What does the security characteristics of the simulator matter to you?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Building an application that uses both keychain and SE, we found that trying to access SE crashes the simulator, but keychain works fine. This led to the question of whether SE encryption of keychain items needs to be enabled, since the simulator has keychain (and supposedly is using SE encryption also) but not crashing. We're trying to understand why that is, and whether that means our device use of keychain requires any additional setup to ensure it is actually encrypted by SE. Thanks

The simulator does not try to faithfully replicate the security architecture of iOS. Its focus is on supporting, or not supporting, APIs. Specifically:

• It supports the keychain API in general.

• It does not support the Secure Enclave aspects of that API.

So, it acts like an iOS device that has no SE.

As to how that’s actually implemented, that’s not something I think you should spend a lot of time worrying about. The implementation can change from release-to-release of the simulator, and we don’t document it in the same way we do for a real device. If you’re storing stuff in the keychain that’s so secret that you need these sorts of security guarantees, I recommend that you not use the simulator and do all of your testing on a real device.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

thanks!