top | item 39636158

(no title)

It's not specific to iCloud Keychain--it applies to on-device Keychain on iOS devices, too, even if you don't use iCloud. Any developer can store data there with no way for the user to know or see what it's saving, and it's shared among all apps from the same developer. Keychain is quite a misnomer here--it's really "store any (short) data you want on a user's device without them ever being able to see or remove it". It transfers when you restore backups on new devices, too, even if you haven't had the developer's apps installed in the last decade.

This is an issue because if you ever use an app by a company, uninstall all their apps, and then install one of the developer's apps years later, they can tell it's the same iOS profile (even restored on a different device), profile what you do across those apps/installs/decades, and associate any accounts you log in with. Essentially they can put a permanent cookie that you can't even see on your iOS profile that's shared between their apps. If you use iCloud Keychain, they can probably profile you across all your devices regardless of whether you reset one.

Apple has said this isn't intended functionality and they were going to address the issue many years ago in iOS 10.3 by removing Keychain data when the last app from a developer was uninstalled [1], but they got cold feet. If I recall correctly, the reason was that some app developers were relying on this unintended functionality to ensure free trials couldn't be used more than once. Apple was going to introduce a service that could store only 2 bits of data to enable that use case and then revisit Keychain deletion when the last app from a developer is uninstalled, but it appears they haven't.

It would be great if they'd finally fix this.

[1] https://developer.apple.com/forums/thread/72271

discuss

miki123211|2 years ago

This is also used heavily for abuse / spam / fraud prevention.

If you detect that a user is abusing your service, the ability to put a permanent cookie on their device is very useful.

This isn't effective against organized crime groups (they can just get Macs / use the web / whatever), but works well against your average troll or internet racist.

Still tracking, but a very different kind of tracking.

discostrings|2 years ago

The "store 2 bits of information" approach Apple was moving exploring would solve at least a lot of that case. You could effectively store 3 pieces of information: 00 = default state, 01 = used free trial, 10 = banned, 11 = something else the developer wants to store about the iOS profile. You don't need to be able to uniquely identify it to ban it.

alexsereno|2 years ago

You’re right, I could have specified that even if you don’t use iCloud you have a keychain on iOS