Hi,
We're encountering an intermittent issue where certain users are unexpectedly logged out of our app and unable to log in again.
We believe we've narrrowed down the issue to the Keychain due to the following reasons:
- We use a keychain item to determine if the member is logged in or not. Failure to retrieve the value leads the app to believe the member is logged out.
- API error logs on the server show 3 missing values in fields that are each populated from items stored in the keychain.
Additional Notes:
- The issue is hard to reproduce and seems to affect only a subset of users.
- In some cases, uninstalling and reinstalling the app temporarily resolves the problem, but the issue recurs after a period of time.
- The behavior appears to have coincided with the release of iOS 18.
- We’re using the “kSecAttrAccessibleWhenUnlocked” accessibility attribute. Given that our app doesn’t perform background operations, we wouldn’t expect this to be an issue. We’re also considering changing this to "kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly" to see if this might resolve the issue.
- We're the keychain-swift library to interact with the keychain.
- We are currently adding extensive logging around our keychain implementation to confirm our findings but are looking for any additional input.
Questions:
- Has anyone encountered similar keychain behavior on iOS 18?
- Are there known changes or stability issues with the keychain in iOS 18 that might lead to such intermittent “item not found” errors?
- Any recommended workarounds or troubleshooting steps that could help isolate the problem further?
Thanks for any help you can provide.
They keychain has a long history of problems that only show up in the field. Some of them are actual bugs in the keychain, but my experience is that many of them are caused by incorrect keychain code [1]. The trick is telling these apart.
I have a post, Using a Sysdiagnose Log to Debug a Hard-to-Reproduce Problem, that explains my general process for dealing with such issues. And it’s no coincidence that the specific example in that post in the keychain!
Finally, I’m not aware of this being worse in iOS 18 than it previous releases.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] The SecItem API is very hard to use correctly, something I explain in: