iOS: stored values are persisted even after app was removed

[rexmihaela]

trafficstars

Repro steps:

1. Make sure you have only one bundle/flavor of the app on the device.
2. Store some key-value pair, like authToken
3. Remove the app
4. Install a fresh copy of the app
5. The stored value is somehow accessible

[vicenterusso]

Check here: https://github.com/mogol/flutter_secure_storage/issues/125

[kevtechi]

It's the expected behavior of iCloud Keychain. It's kind of like a password manager where each app has its own private space.

If you want to delete, you can run a delete function from the app which deletes everything.

[lyio]

Going by this StackOverflow answer https://stackoverflow.com/questions/42903633/store-item-in-ios-keychain-without-icloud-sync/42903918#42903918 and this block of code in the iOS plugin code:

let update: [CFString: Any?] = [
  kSecValueData: value.data(using: String.Encoding.utf8),
  kSecAttrAccessible: attrAccessible,
  kSecAttrSynchronizable: synchronizable
]

anything stored via FlutterSecureStorage should not be synchronized with iCloud (by default). As the flag defaults to false.

Maybe I'm reading this wrong or maybe it't not working as intended. The "solution" to manually remove all keys depending on some arbitrary flag seems rather hacky.

[juliansteenbakker]

Since this is still default behavior, i am closing this issue.