AWSMobileClient maintains the userstate even after the app is uninstalled and reinstalled.

[Jay2113]

Describe the issue

I understand that the AWSMobileClient manages state by storing credentials in the keychain. So once a user is authenticated and logged into the application, now if the user goes ahead uninstalls and reinstalls the app the state is maintained and he doesn’t have to be authenticated again. Is there a way that everytime a user uninstalls and reinstalls the app he has to be authenticated and doesn’t log in directly?

Steps to reproduce:

This is the delete procedure I tried:

1. I installed the app, logged into the application.
2. Stopped the app from Xcode.
3. Deleted the app in the simulator.
4. Now if I start the app in Xcode again the user is redirected directly to the Landmarks list And the console shows the following message:

Screenshots

Amplify CLI Version 4.16.1

Xcode Version 11.2.1

Desktop:

• OS: Mac
• Node Version: 12.2.0
• NPM Version: 6.9.0

[sebsto]

I confirm the behaviour. This thread on Apple forum explains keychain data are not deleted when an app is deleted. https://forums.developer.apple.com/thread/36442 The thread is mentioning a way to workaround that behaviour, but that should be implemented in the AWSMobileClient SDK, not in the (workshop) app. I am engaging the product team to search for guidance.

[Jay2113]

Thank you for that response. I look forward to hearing what the product team has to say about this.

[sebsto]

Here is the answer I received from the IOS SDK service team :

This behavior is different in versions of iOS. Here is a related issue with a work around: https://github.com/aws-amplify/aws-sdk-ios/issues/1605#issuecomment-502590202

We will consider this as we work on getting Amplify to GA. There are no security risks here since it is stored in the encrypted keychain (the preferred method). A lot of apps do actually work this way as well (if you remove/re-install you’ll be logged in again).

Let me know if the workaround is acceptable.