From 7b31edcd6e5e81e719212e9d220c6644decc8d3e Mon Sep 17 00:00:00 2001 From: akshayverma Date: Sat, 26 Apr 2025 15:28:29 +0530 Subject: [PATCH] origin --- docs/ios-keychain-cleanup.md | 136 +++++++++++++++++++++++++++++++++++ sidebars.js | 1 + 2 files changed, 137 insertions(+) create mode 100644 docs/ios-keychain-cleanup.md diff --git a/docs/ios-keychain-cleanup.md b/docs/ios-keychain-cleanup.md new file mode 100644 index 000000000..2637a13f0 --- /dev/null +++ b/docs/ios-keychain-cleanup.md @@ -0,0 +1,136 @@ +--- +id: ios-keychain-cleanup +title: Support for iOS keychain cleanup and access groups +sidebar_label: iOS Keychain Cleanup +description: Secure and clean iOS testing with LambdaTest's iOS Keychain cleanup and seamless access group handling support. +keywords: + - appium + - manual testing + - keychain + - access group + - cleanup + - app testing + - real devices +image: /assets/images/og-images/appium-testing-og-image.jpg +url: https://www.lambdatest.com/support/docs/ios-keychain-cleanup/ +site_name: LambdaTest +slug: ios-keychain-cleanup/ +--- + +import CodeBlock from '@theme/CodeBlock'; +import {YOUR_LAMBDATEST_USERNAME, YOUR_LAMBDATEST_ACCESS_KEY} from "@site/src/component/keys"; +import RealDeviceTag from '../src/component/realDevice'; +import VirtualDeviceTag from '../src/component/virtualDevice'; + + + +Apple’s [Keychain](https://developer.apple.com/documentation/security/keychain_services) offers a secure system for apps to store sensitive information like passwords, certificates, authentication tokens, and other small data pieces. +LambdaTest now offers enhanced Keychain management on real iOS devices, enabling you to test app flows that rely on secure storage and Keychain-specific use cases more effectively. + +## Keychain Cleanup After Sessions + +Certain iOS apps may retain user data such as login details across different test sessions. +This happens because when an app is uninstalled, any Keychain data associated with it **remains on the device**, as iOS does not automatically clear it. +While this data is isolated from other apps, it can persist unless specifically removed. + +To prevent data from carrying over across sessions, LambdaTest offers an option to automatically clear all Keychain entries after your test ends — ensuring a clean environment for every run. + +## Keychain Access Groups During App Resigning + +When LambdaTest resigns your iOS application using a wildcard provisioning profile (to enable installation on real devices), the app’s **keychain-access-groups** entitlement is preserved. +However, the **Bundle Seed ID** (also known as Team ID) — a critical part of access groups — gets replaced during resigning. + +As a result, app functionalities that depend on the original access group may break if not handled properly. +By enabling Keychain support, LambdaTest takes care of these changes, allowing your app to continue using Keychain securely even after resigning. + + +>This feature is currently in **Beta**. We are actively refining it based on real-world usage and feedback. + +## How to Enable iOS Keychain Support During App Upload + +To activate Keychain cleanup and access group handling, simply pass the `ios_keychain_enabled` parameter during app upload. + +Example using **cURL**: + +```bash +curl -u "USERNAME:ACCESS_KEY" \ +-X POST "https://manual-api.lambdatest.com/app/upload/realDevice" \ +-F "appFile=@/path/to/your-app.ipa" \ +-F "name=YourAppName" \ +-F "ios_keychain_enabled=true" +``` +Enabling `ios_keychain_enabled=true` will +- Clear Keychain data after each test session. +- Preserve Keychain access across resigning. + + +:::note +- Supported on **iOS 13 and above** only. Apps targeting earlier iOS versions are not compatible. +- Requires app resigning (`resignApp=true`). Apps signed with **Enterprise certificates** are not supported. LT framework needs to be injected in this case. + +::: + +## Frequently Asked Questions (FAQs) + +### 1. Can Keychain cleanup be managed without `ios_keychain_enabled`? + +Yes. Developers have the following options: +- Proactively delete Keychain entries during user logout or similar app events. +- Reset all Keychain data during the app's first launch after installation. + +You can refer to Apple's guide for best practices: [Manage Keychain Data](https://developer.apple.com/documentation/security/keychain_services). + +Additionally, apps can provide an in-app setting to manually clear Keychain data if needed during testing. + +--- + +### 2. Can Keychain access groups be handled without `ios_keychain_enabled`? + +Yes. +Developers can dynamically retrieve the access group information (`kSecAttrAccessGroup`) from existing Keychain entries instead of hardcoding Bundle Seed IDs. + +This approach ensures your app remains functional even if the Team ID changes after resigning. + + + + diff --git a/sidebars.js b/sidebars.js index 549950722..03f5e1191 100644 --- a/sidebars.js +++ b/sidebars.js @@ -2584,6 +2584,7 @@ module.exports = { "appium-ip-geolocation", "appium-app-performance", "appium-ios-app-settings", + "ios-keychain-cleanup", "adb-commands-support", "login-google-android", "disable-screenshot-block",