iCloud backup does not carry over app status.

Question

Created May ’23

Replies 3

Boosts 0

Participants 2

Hi, I would like to be able to carry over the status (login status, etc.) of the previous device to the new device using a keychain with iCloud backup. I have checked the operation multiple times as per the reproduction procedure. We have reproduced two patterns: one is a complete first-time startup, and the other is a case where the state of terminal A is inherited. In my environment, I was able to take over only when the transfer was performed on one terminal, but another engineer tried it and succeeded in taking over between different terminals.

The expected result is that I want the state of terminal A to be taken over, but I don't know the cause why this may not be possible.

attributes[String(kSecAttrSynchronizable)] = kCFBooleanFalse I thought it might be the cause, but it is strange that there is a pattern that can be inherited in that case.

Could you please let me know if there is anything that must or must not be included in the source code to take over the state of the app using keychain?

(I'm not good at English, so please point out any expressions that are difficult to understand.)

[Steps to reproduce]

Install the store-distributed version of the app on device A and take an iCloudBackup while logged in.
On device B in the initialized state, restore the state using the backup you just took, and the app will be downloaded automatically.
Launch the app.

[Platform] iOS

[Hardware] Xcode Version 14.3 (14E222b) iPhone SE (iOS15.6) iPhone SE (iOS15.5)

Boost

Answer 1

DTS Engineer OP

Apple

May ’23

AFAICT your question is about how keychain items are treated with respect to iCloud backups. AFAICT the info in this post is still valid. It does not, however, cover a case that might be relevant to your setup, namely using the Quick Start feature to transfer your state from one iPhone to another. I don’t know how that treats keychain items but it wouldn’t surprise me if it were better at preserving them than, say, iCloud backups.

I thought [kSecAttrSynchronizable] might be the cause

kSecAttrSynchronizable is about iCloud Keychain, not about backups. Setting is to false ensures that your item isn’t synced to iCloud Keychain when the user has enabled that. As to whether you should enable it, there’s no one correct answer to that, but it generally does make sense if your app uses the keychain to store account passwords.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

kmc8776 OP

May ’23

Eskimo,

thanks for your reply.

I had mistakenly thought that the iCloud keychain was something that could not be transferred without an iCloud backup. I see that these work separately.

The current implementation has kSecAttrSynchronizable set to false, so if it can be taken over, it is likely due to the iCloud backup, not the iCloud keychain.

The quick start function is not used when checking the operation.

I have been able to deduce that the iCloud backup is the cause of this issue, but I still don't know why this may or may not take over the app's login status.

If you have any ideas as to the cause, I would appreciate it if you could let me know.

0

Answer 3

DTS Engineer OP

Apple

May ’23

The other things that’s recently changed in this space is Advanced Data Protection, which enables encrypted iCloud Backup. As I said in later posts on the above-mentioned thread, I’ve not yet had a chance to investigate their effect on the keychain.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0