Postmortem 3

2020-11-15 00:00 UTC

Keychain would get erased on new installs on the second cold launch. iOS only.

Relevant Feature:

On iOS, we offer a feature where the user can keep their wallets in the device's keychain even after deleting BlueWallet from said device. This allows the user to restore their wallets on a future install. This feature relies on verifying the value of the NSUserDefaults standard suite's 'RnSksIsAppInstalled'.

Affects version:

5.6.4 and lower

Why did it happen?

NSUserDefaults suite would switch from standard to group. We use NSUserDefaults to have a shared container with data shared across the iOS app, watchOS app, and iOS Widgets. react-native-secure-keystore calls NSUSerDefault's standard suite to look for the key 'RnSksIsAppInstalled's value. On the first cold launch, it would return nil. On the second launch, it would return true and thus clean the keychain.

Solution

Edit our fork of the react-native-secure-key-store to have it look for our NSUserDefaults group suite, rather than the standard suite. This way, the value would be true on the first launch, and then switched to false.

How to prevent this from happening?

Fix was applied and rolled out (a600ea6b0cb3f34d8e41573841d8f1f68d2f9566)