macOS prompts user to use their confidential information

evgenyneu / keychain-swift

Helper functions for saving text in Keychain securely for iOS, OS X, tvOS and watchOS.

MIT License

2.82k stars 345 forks source link

macOS prompts user to use their confidential information #117

Closed hipwelljo closed 4 years ago

hipwelljo commented 4 years ago

Hello! We are encountering an unexpected behavior using this on macOS. Customers are seeing the following prompt, at least when running on macOS 10.13.6 and newer it seems:

App Name wants to use your confidential information stored in "com.company.appname.token" in your keychain To allow this, enter the "login" keychain password.

This is what we're doing:

let keychain = KeychainSwift(keyPrefix: Bundle.main.bundleIdentifier! + ".")
let value = keychain.get("token")

Library setup method: CocoaPods
Version of the library: 16.0.0
Xcode version: 10.3
OS version: Mojave

The app is not sandboxed, we distributed it via Developer ID signing.

We expected the app would be able to get and set that value without this prompt because the app itself creates it. Do you know why we're seeing this? Thanks!

evgenyneu commented 4 years ago

@hipwelljo, thanks for reporting the issue. I think this is just how Keychain works on Mac. Does it continue asking for password after you press "Always allow" button?

hipwelljo commented 4 years ago

Thanks for the quick response. I'm trying to replicate the issue in a sample app and do not get a prompt when calling get with a key. 🤔 If I set it then get it, I again don't get any prompts which is what I'd expect because the app created it. If I change it to the identifier of the value for the real app then the prompt appears.

What's especially strange is there should be no value for that key initially in this real app, because this is the first update we shipped that included KeychainSwift, yet customers see it when trying to get that value the first time.

I imagine Always Allow would make it stop bugging but customers are confused what this prompt is for and don't even know what password to input haha.

hipwelljo commented 4 years ago

My best guess is there must be a value for that key, which was put there by what macOS believes was a different application, perhaps because they installed a beta version that was signed with different signing certificates? I'm not sure how macOS determines if the app trying to access it was the one that created it. I do know the bundle identifier has not changed though.

Curious if you have any other thoughts.

evgenyneu commented 4 years ago

I'm not a macOS programmer, I simply don't know how Keychain works on Mac. From my experience, it does ask for permission initially, and then I click "Always Allow" and it never asks for permission again.

Correct me if I'm wrong, unlike iOS, on Mac the keychain storage is shared across all installed apps. So one app can potentially read a keychain item created by another app (if it uses the same key). I think this is the reason why MacOS presents this dialog. This is to prevent malicious apps from getting sensitive information from other apps without user's knowledge. Again, this is just me guessing, I don't really know how it works.

hipwelljo commented 4 years ago

Okay, yes I know macOS will prompt if a different app tries to access it, but only our app created it so we shouldn't be seeing the prompt. I need to figure out why macOS thinks it's not the same app. I'll go ahead and close this because I don't believe it's an issue in this library like I originally suspected. Thanks for the quick response.