search

mogol / flutter_secure_storage

A Flutter plugin to store data in secure storage
https://pub.dartlang.org/packages/flutter_secure_storage
BSD 3-Clause "New" or "Revised" License
1.09k stars 340 forks source link

[macOS] Read always return null with signed and notarized app #686

Open jdk-21 opened 4 months ago

jdk-21 commented 4 months ago

I encountered an issue on Mac with this package. When I debug my app, I can read from secure storage just fine, even in flutter release mode. But after building, singing and notarizing the app secure storage stops working and only returns null, when you try to read from it. The app has hardened runtime enabled. I already tried adding the entitlements in debug and release:

<key>keychain-access-groups</key>
    <array>
        <string>$(AppIdentifierPrefix)*</string>
    </array>

Before I noticed this issue, I had the entitlement configured like this:

<key>keychain-access-groups</key>
    <array/>

Is it possible that the keychain already exists on the development Mac but the notarized app hasn't access? Is there a way to delete all data added by the secure storage package, to check this hypothesis? Has someone encountered a similar issue?

I'm using version 9.0.0

rydmike commented 3 months ago

Hi @jdk-21,

Very interesting and good to know there are even more issues with macOS. I am curious though, how on earth did you get it this package to work at all on macOS?

Even just in debug mode with self signed dev builds? I cannot get it to read the data when app starts. If keep running same app, reset all reads and then try to read, the securely stored data is there and read nicely, but if I build it again or even just hot-restart the app, the data previously stored is not there. Like starting from an empty file every time.

Link with more info https://github.com/mogol/flutter_secure_storage/issues/532#issuecomment-1987279333

Any insights you might have on getting it to work at all with macOS would be welcome 😄

EDIT: Got it working now! (The link above has the details)

jdk-21 commented 3 months ago

Ok, great. I basically followed the instructions in the Readme. Does it work for you with Hardened Runtime enabled after Notarization?

AndreiMisiukevich commented 1 month ago

@jdk-21 did you manage to make it working?

jdk-21 commented 1 month ago

I couldn't get it to work yet.

techouse commented 1 month ago

@jdk-21 it could be related to keychain accessibility.

What sort of restrictiveness have you set up in production?

You might want to check if it works with v9.2.2, now that #718 and #719 have been merged.

werner-scholtz commented 1 month ago

Hi I had the same issue after upgrading to flutter 3.19.6 the app would work fine in debug/release, but as soon as I signed it for notorization the app would stop working.

After upgrading to v9.2.2 and adding this to my Release.entitlements it seems to work again.

<key>keychain-access-groups</key>
    <array>
        <string>$(AppIdentifierPrefix)*</string>
    </array>
techouse commented 1 month ago

After upgrading to v9.2.2 and adding this to my Release.entitlements it seems to work again.

Cool 😎

jdk-21 commented 3 weeks ago

@techouse I updated to 9.2.2 and tried the example app. In debug everything works fine like before, but after signing and notarizing the app stops working again.

werner-scholtz commented 3 weeks ago

Maybe check what the output of codesign -d --entitlements - YourApp.app is before and after signing the .app