How to reset user preference for crypto token kit access

What platform?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

This is on iOS. We are using CryptoTokenKit Extension as a mechanism to perform XPC communication between 2 iOS apps. Mainly, we want only 1 app on the iPhone to have access to a key in secure enclave and all other apps communicate with it to get signed data/decrypted data from it. This popup is kind of acting as a blocker for us from adopting it because of the uncertainty of where the preference selected by user is stored.

This is how it looks:

1. Is there any way to not show the pop-up if for example both apps share same publisher/app group?
2. How can user recover if they had chosen "Don't Allow" but now want to change their preference to allow? Would re-creating new keychain entry help?
3. How can we detect that user chose Don't allow? The keychain query result for 'com.apple.token' access group if user had chosen 'Don't Allow' only returns 0 elements instead of an error even when identity added by cryptotokenkit exists on the device.

To add, this user consent popup appears only for the 1st time an app is trying to access an identity via CTK appex. Re-installing either the calling app or CTK appex containing app doesn't seem to re-trigger the app. Maybe it is tied to bundleid?

No.

More on this below.

No.

You can’t. This is pretty common paradigm for privacy related restrictions like this.

As to how a user can change their mind, the standard pattern is:

• There’s a setting under Settings > Privacy & Security.

• And in the app-specific settings, under Settings > App.

• And, as a last resort, you can always delete the app.

However, none of these seem to apply here, which is… odd. I’m going to dig into this and get back to you.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

OK, so there’s definitely a bug in play here. Well, more than one bug )-:

The way this is currently supposed to work is that deleting the app and restarting the device should clear the state. When you re-install the app, it should prompt again.

I see a number of problems with this:

• It forces the user to restart, which is less than ideal.

• It forces you to delete the app, which is problematic if the app has other state that you want to preserve.

• It doesn’t actually work as specified )-:

IMO this situation is most definitely bugworthy. I’m going to discuss my specific recommendations about that below. However, right now I want to discuss the workaround.

It is possible to clear this state on the current system [1] but it’s tricky. The process is:

1. Delete your app from the device.

2. Restart.

3. Install a completely different app that triggers the token access alert. It doesn’t matter how you respond here, just triggering the alert is sufficient.

4. Re-install and run the origina app. This will now trigger the alert.

This works because step 3 causes the system to rebuild its view of the world, and thus clean up the state of the deleted app.

Clearly this is more of a developer-level workaround than a user-level one, which brings us back to the subject of bug reports.

[1] I’m testing on iOS 18.1 but AFAIK this problem has been around for a while and it’s not fixed in 18.1.1 or the current 18.2 beta.

I think you should file at least two bugs here:

• A short-term bug requesting that we fix the problem discussed above. The current behaviour is broken, and even the expected behaviour, which requires a restart, is very inconvenient.

• A longer-term bug against for a UI that lets the user control this in Settings. This seems pretty reasonable given that it’s there for most other user data protection privileges, like camera and local network access.

Finally, you might want to file an enhancement request for an API to detect whether you have access, per point 3 in your earlier post.

When you go to file your bugs:

• See Bug Reporting: How and Why? for hints and tips and how to do that.

• Please post your bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks for looking into it! Per your suggestion I have filed 3 feedback items:

Feedback for consent prompt not reappearing after app re-install : https://feedbackassistant.apple.com/feedback/16052660

Feedback asking user consent preference be mutable in Settings app: https://feedbackassistant.apple.com/feedback/16058654

Feedback asking for API that tells if user had consented access to Token : https://feedbackassistant.apple.com/feedback/16058772

In addition, I came across another unexpected behavior. If there is a crash in the CTK extension, the calling app is blocked for 30 seconds before getting a response. I assume there is some logic that keeps retrying for 30 seconds to see if XPC connection returned a response. As a developer it would be nice to at least have the timeout configurable. Feedback: https://feedbackassistant.apple.com/feedback/16060769

Thanks for filing those!

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

FB16052660, FB16058654, FB16058772, FB16060769