stackoom
  简体   繁体   中英

How to remove the stored username and password from keychain while uninstalling application in iOS?

 原文  2020-10-20 14:07:38       ios/ objective-c/ xcode/ keychain/ localauthentication

Question

I am pretty new to implement biometric authentication for my application and for my shopping application I am using the following logic to implement the same. Please bear with me if this is not the correct place to post this question. I ask moderators to move to the appropriate forum . As per now we are storing only username as AES encrypted format (not even in keychain) since client wasn't happy with storing password too in application. But since I have to implement the biometry I am following the logic given below: The logic is as follows:

First login:

  1. User authenticates with username/password

  2. If authentication is successful they are asked if they want to use TouchID/FaceID

  3. If they do, the username and password are stored in the keychain , with a requirement of biometric authentication to access the data

    On subsequent logins:

  4. App attempts to retrieve stored username/password triggering biometric authentication

  5. App uses stored username & password to authenticate to the server.

I am able to implement the same successfully , but I have a query if I uninstall the application will they remove the stored credentials in keychain. I have referred many SO questions but I cannot a particular answer. If it remains there still after uninstalling application, how to remove these?

1 answers

solution1
 1 ACCPTED  2020-10-22 13:35:13

There is a post about this on the Apple developer forums. It basically tells us that the KeyChain is persistent even after app removal and reinstall (meaning the application can technically use the old keys again). This behaviour is not really as intended (if you read the thread carefully).

To counter this behaviour, the forums provides a solution by setting a flag in the UserDefault storage (which is deleted when the app is uninstalled). When a user runs the app for the first time, clear the KeyChain and set the flag. That way, you can be almost certain that the keys were removed before first use.

To answer your question directly, there is no way (as of right now) to tell when an app was uninstalled and act upon that uninstall.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can a iOS user remove keychain after uninstalling app Where is Password for iOS Keychain unlock stored How to authenticate username and password using keychain Save username-password with iOS Keychain Services., how and how much safe? iOS: How can I get username/password out of keychain for function “isEqual”? iOS restore password in login box from keychain Unable to pull password from keychain - iOS How to add another password into iOS Keychain? Deleting Keychain when uninstalling iOS app How to use iOS keychain in Oracle MAF application?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM