You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Helper guide to help understand when data gets backedup/synced
My use case: Switching from [UIDevice uniqeIdentifier] to a UUID + Keychain approach.
Apple no longer supports [UIDevice uniqueIdentifier] and does not allow app submission to the App store. My requirements are 1) UUID is to persist on the device ONLY 2) UUID is not to be synced or backed up across devices. 3) Works on iOS6 and up
UDID alternative availability
Availability
iOS 2
iOS 3
iOS 4
iOS 5
iOS 6
iOS 7
iOS 8
CFUUID
√
√
√
√
√
√
√
NSUUID
x
x
x
x
√
√
√
OpenUUID
?
√
√
√
x*
x*
x*
IDFV
x
x
x
x
√
√
√
Ad ID
x
x
x
x
√
√
√
UDID
√
√
√
x**
x**
x**
x**
Keychain+CFUUID/NSUUID
√
√
√
√
√
√
√
* OpenUUID deprecated itself in favor of IDforVendor (IDFV) and Advertising Identifier
** UDID deprecated starting in iOS5
UDID replacement Persistance
Persists
AppLaunch
Return from background
Reset Advertising Identifier *
App Re-install **
System Reboot
System Reset
Useful for my use case
CFUUID
x
x
x
x
x
x
x
NSUUID
x
x
x
x
x
x
x
OpenUUID
√
√
√
√
√
x
x
IDFV
√
√
√
x
√
x
x
Ad ID
√
√
x
√
√
x
x
UDID
√
√
√
√
√***
√***
√***
Keychain+CFUUID/NSUUID
√
√
√
√
√
x
√
x - does not persist
√ - persists
* The app must be restarted in order to see the change
** All apps from that vendor must be deleted in order to change the value.
*** Unfortunately, it's also deprecated by Apple in favor of IDforVendor (IDFV) and Advertising Identifier
iTunes device/keychain
Using iTunes, when the device (+keychain) gets backed up, will the keychain items get backed up and restored on the same or different device?
iTunes keychain backup method
iOS 3
iOS 4
iOS 5
iOS 6
iOS 7
iOS 8
encrypted backup *
x
√
√
√
√
√
unencrypted backup *
x
x
x
x
x
x
encrypted backup + ...ThisDeviceOnly **
x
x
x
x
x
x***
unencrypted backup + ...ThisDeviceOnly **
x
x
x
x
x
x***
x - will not backup
√ - will backup
* Migratable keychain items use - kSecAttrAccessibleWhenUnlocked | kSecAttrAccessibleAfterFirstUnlock | kSecAttrAccessibleAlways
** Non-migrateable keychain items use - kSecAttrAccessibleWhenUnlockedThisDeviceOnly | kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly | kSecAttrAccessibleAlwaysThisDeviceOnly
https://devforums.apple.com/message/1089429#1089429
http://useyourloaf.com/blog/2011/05/27/ios-keychain-migration-and-data-protection-part-1.html
http://adcdownload.apple.com//videos/wwdc_2010__hd/session_209__securing_application_data.mov
*** kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly (iOS8 and up)- adds the requirement that a device passcode be set prior to enabling Touch ID (or PIN Code) and prevents the data from getting copied (even encrypted with a device dependent key) to iCloud backups.
The device needs to be unlocked for it to be accessible
The device must have a passcode set (if you turn off your device passcode the data is deleted)
The data cannot be restored to a different device
The data is not included in iCloud backups
https://guides.agilebits.com/kb/security/en/topic/touch-id-pin-code-and-ios-keychain
iCloud vs iTunes backup
Backup method
iOS 6
iOS 7
iOS 8
iCloud keychain sync
x***
√****
√ (** and ****)
iTunes backup/restore
√*
√*
√(* and **)
* Backup is preventable when using the 'ThisDeviceOnly' classes (eg. WhenUnlockedThisDeviceOnly),
** kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly (iOS8 and up) - adds the requirement that a device passcode be set prior to enabling Touch ID (or PIN Code) and prevents the data from getting copied (even encrypted with a device dependent key) to iCloud backups.
The device needs to be unlocked for it to be accessible
The device must have a passcode set (if you turn off your device passcode the data is deleted)
The data cannot be restored to a different device
The data is not included in iCloud backups
https://guides.agilebits.com/kb/security/en/topic/touch-id-pin-code-and-ios-keychain
*** iOS6 doesn't provide iCloud Keychain sync
**** iOS7 is when iCloud Keychain sync was introduced
kSecAttrSynchronizable = kCFBooleanTRUE must be set for sync to iTunes to work, FALSE by default.
limited to password only (kSecClassGenericPassword and )
for shared, syncronized items, use the same kSecAttrAccessGroup name
avoid persistent references to synchronizable items
src: https://developer.apple.com/videos/ios/ -> 2013 -> Security and Privacy in iOS7
Notes:
Some items in the Keychain can be designated for synching via iCloud. But items which are not explicitly labeled as such will not synchronize.