Closed hipwelljo closed 4 years ago
@hipwelljo, thanks for reporting the issue. I think this is just how Keychain works on Mac. Does it continue asking for password after you press "Always allow" button?
Thanks for the quick response. I'm trying to replicate the issue in a sample app and do not get a prompt when calling get with a key. 🤔 If I set it then get it, I again don't get any prompts which is what I'd expect because the app created it. If I change it to the identifier of the value for the real app then the prompt appears.
What's especially strange is there should be no value for that key initially in this real app, because this is the first update we shipped that included KeychainSwift, yet customers see it when trying to get that value the first time.
I imagine Always Allow would make it stop bugging but customers are confused what this prompt is for and don't even know what password to input haha.
My best guess is there must be a value for that key, which was put there by what macOS believes was a different application, perhaps because they installed a beta version that was signed with different signing certificates? I'm not sure how macOS determines if the app trying to access it was the one that created it. I do know the bundle identifier has not changed though.
Curious if you have any other thoughts.
I'm not a macOS programmer, I simply don't know how Keychain works on Mac. From my experience, it does ask for permission initially, and then I click "Always Allow" and it never asks for permission again.
Correct me if I'm wrong, unlike iOS, on Mac the keychain storage is shared across all installed apps. So one app can potentially read a keychain item created by another app (if it uses the same key). I think this is the reason why MacOS presents this dialog. This is to prevent malicious apps from getting sensitive information from other apps without user's knowledge. Again, this is just me guessing, I don't really know how it works.
Okay, yes I know macOS will prompt if a different app tries to access it, but only our app created it so we shouldn't be seeing the prompt. I need to figure out why macOS thinks it's not the same app. I'll go ahead and close this because I don't believe it's an issue in this library like I originally suspected. Thanks for the quick response.
Hello! We are encountering an unexpected behavior using this on macOS. Customers are seeing the following prompt, at least when running on macOS 10.13.6 and newer it seems:
This is what we're doing:
The app is not sandboxed, we distributed it via Developer ID signing.
We expected the app would be able to get and set that value without this prompt because the app itself creates it. Do you know why we're seeing this? Thanks!