Keychain values preserved even when using ksecattraccessibleafterfirstunlockthisdeviceonly

Question

Created 2w

Replies 3

Boosts 0

Participants 2

Hello,

I’m storing some values in the Keychain with the attribute ‘ksecattraccessibleafterfirstunlockthisdeviceonly’ (https://developer.apple.com/documentation/security/ksecattraccessibleafterfirstunlockthisdeviceonly).

When I migrate user data between iPhones via iCloud, this behaves as expected and the keys are not preserved.

However, when I migrate using a direct connection between two devices, the keys are preserved, which seems to contradict the attribute’s intent.

Is this a known behavior, and if so, is there a workaround?

Boost

Answer 1

DTS Engineer OP

Apple

2w

I also find that surprising. I’m gonna do some research and get back to you about this.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1

Answer 2

DTS Engineer OP

Apple

2w

Are you able to actually use the migrated keychain items?

I’ve seen cases where items are migrated but, because of the way that they’re protected, you can see the item but, when you go to use it, the unwrap fails with an error.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 3

mylastggeast OP

1w

I will need to investigate this further, as so far we have only received reports from users who were able to log in after a direct device restore, which suggests that the keys were preserved.

I will get back to you with more details.

0