Closed nabla-c0d3 closed 4 years ago
Thanks for the feedback.
The alternate value is not 100% suitable as apps that get started via bluetooth while the device is locked won't be able to get the data from the keychain. But it is probably the only alternative we have.
Yeah it won't work for Apps that are launched at startup. However Apple now expects Apps to not have access to any data (Keychain or Data Protection API) before the first unlock so it is the expected behavior; stock iOS Apps follow the same rule starting with iOS 8.
This hasn't been cleaned up in code properly. Leaving this open.
Hello,
When storing data in the Keychain, the SDK uses the
kSecAttrAccessibleAlways
protection class: https://github.com/bitstadium/HockeySDK-iOS/blob/bfb9101ca8a71bb0f4bd4a9036e61df04fc73b2d/Classes/BITKeychainUtils.m#L126 .It means that although the data is put in the Keychain, it is never actually protected/encrypted. Because of that, Apple deprecated this protection class last year at WWDC 2015 (https://developer.apple.com/videos/play/wwdc2015/706/). Hence, importing the SDK in an Xcode project triggers deprecation warnings and this protection class will eventually be removed anyway.
A more suitable value would be
kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
, which would still allow fetching the data while in the background, and would also prevent the data from being stored in device backups.Also, this is a duplicate of #226 .
Thanks!