Bug in iOS Keychain Sharing

Consider a scenario: There are two iOS apps, App1: com.example.app1 App2: com.example.app2

App1 has no keychain access groups, other than its default group that is <TeamID>.com.example.app1 However, App2 has keychain access groups added which is bundle identifier of App1 i.e. <TeamId>.com.example.app1, So App2 access groups are as follows: [<TeamId>.com.example.app1, <TeamID>.com.example.app2]

This way App2 has access to App1’s private access group. Which means App2 can Create, Read, Update and Delete ALL the keychain items inside App1’s private group.

But, Apple’s Developer documentation says otherwise.

Referring to this document: https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps

In section “Establish your app’s private access group” (https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps#2974916), it says that “Because app IDs are unique across all apps, and because the app ID is stored in an entitlement protected by code signing, no other app can use it, therefore no other app is in this group”.

Focus on “therefore no other app is in this group”. But as proved from above scenario, App2 can be part of App1’s private access group.

I think that documentation is trying to say that “no app from another team can use it”. In general, iOS doesn’t prevent you from attacking your own apps (-:

Feel free to file a bug to request clarification there.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@eskimo Thanks for the reply. As you mentioned, it might be trying to say that "no app from another team can use it”, but it doesn't clarify that. Secondly, title says, "Establish your app’s private access group", it never says, "Establish your team’s private access group". Also, is there no way to establish app's private access group for an app ? I believe it bad design decision, if taken consciously. As, generally app should have its own private space, irrespective whether its signed by same developer cert. I have filed feedback / bug for this via Feedback Assistant, Feedback ID: FB13416574. Do you think anything else needs to be done ?

Bug in iOS Keychain Sharing
 
 
Q