Skip to main content

Support for iOS keychain cleanup and access groups

Apple’s Keychain offers a secure system for apps to store sensitive information like passwords, certificates, authentication tokens, and other small data pieces.
LambdaTest now offers enhanced Keychain management on real iOS devices, enabling you to test app flows that rely on secure storage and Keychain-specific use cases more effectively.

Keychain Cleanup After Sessions

Certain iOS apps may retain user data such as login details across different test sessions.
This happens because when an app is uninstalled, any Keychain data associated with it remains on the device, as iOS does not automatically clear it.
While this data is isolated from other apps, it can persist unless specifically removed.

To prevent data from carrying over across sessions, LambdaTest offers an option to automatically clear all Keychain entries after your test ends — ensuring a clean environment for every run.

Keychain Access Groups During App Resigning

When LambdaTest resigns your iOS application using a wildcard provisioning profile (to enable installation on real devices), the app’s keychain-access-groups entitlement is preserved.
However, the Bundle Seed ID (also known as Team ID) — a critical part of access groups — gets replaced during resigning.

As a result, app functionalities that depend on the original access group may break if not handled properly.
By enabling Keychain support, LambdaTest takes care of these changes, allowing your app to continue using Keychain securely even after resigning.

This feature is currently in Beta. We are actively refining it based on real-world usage and feedback.

How to Enable iOS Keychain Support During App Upload

To activate Keychain cleanup and access group handling, simply pass the ios_keychain_enabled parameter during app upload.

Example using cURL:

curl -u "USERNAME:ACCESS_KEY" \
-X POST "https://manual-api.lambdatest.com/app/upload/realDevice" \
-F "appFile=@/path/to/your-app.ipa" \
-F "name=YourAppName" \
-F "ios_keychain_enabled=true"

Enabling ios_keychain_enabled=true will

  • Clear Keychain data after each test session.
  • Preserve Keychain access across resigning.
note
  • Supported on iOS 13 and above only. Apps targeting earlier iOS versions are not compatible.
  • Requires app resigning (resignApp=true). Apps signed with Enterprise certificates are not supported. LT framework needs to be injected in this case.

Frequently Asked Questions (FAQs)

1. Can Keychain cleanup be managed without ios_keychain_enabled?

Yes. Developers have the following options:

  • Proactively delete Keychain entries during user logout or similar app events.
  • Reset all Keychain data during the app's first launch after installation.

You can refer to Apple's guide for best practices: Manage Keychain Data.

Additionally, apps can provide an in-app setting to manually clear Keychain data if needed during testing.

2. Can Keychain access groups be handled without ios_keychain_enabled?

Yes. Developers can dynamically retrieve the access group information (kSecAttrAccessGroup) from existing Keychain entries instead of hardcoding Bundle Seed IDs.

This approach ensures your app remains functional even if the Team ID changes after resigning.

Last updated on

Test across 3000+ combinations of browsers, real devices & OS.

Book Demo

Help and Support

Related Articles