Search code examples
objective-cmacossecuritypromptkeychain

Will the mac prompt the user again to allow access to the keychain after updating the app?


I've noticed something somewhat strange when I ran the Xcode build of my app and then launch the app store build. If I run the xcode build (using development certificates), then run my app through the app store (using production certificates) I get prompted with the following dialog box

MyApp want to use your confidential information stored in "com.myApp in the keychain.

I also get this dialog when I run the app store build first, then the Xcode development build. I believe this dialog appears because both builds have different certificates (could be wrong).

My biggest concern is the user updates the app, will the user see this dialog?

Not sure if this is important, but this is how I save data to the keychain.

 [[A0SimpleKeychain keychain] setString:string forKey:@"key"];

Solution

  • Apple's code signing guide has the answers.

    I believe this dialog appears because both builds have different certificates

    Correct. See Understanding the Code Signature:

    The most important internal requirement is the designated requirement, or DR. This rule tells an evaluating system how to identify a particular piece of code. Any two pieces of code that have (and successfully verify against) the same DR are considered to be the same code.

    ...

    Some parts of macOS do not care about the identity of the signer. They care only whether the app is validly signed and stable. Stability is determined through the DR, and does not depend on the nature of the certificate authority used. The keychain system and parental controls are examples of such usage.

    From Code Signing Tasks:

    Shipping and Updating Your Product

    The user’s system considers the new version of your product to be the same program as the previous version. For example, Keychain Services does not distinguish older and newer versions of your program as long as both are signed and the unique Identifier remains constant.

    Signing your code with a different certificate makes the system consider it a different app. As long as you sign your releases with the same certificate between versions, you will be fine.