[somedudetbh]

There are basically two ways this can work: the old way, and the new way.

In the old way, an implementation detail of the Keychain was that data saved in the Keychain would not be purged on app uninstall. Basically, the Keychain can be thought of as a fancy key-value store where your keyspace is further scoped to your app's bundle ID. It's intended to provide a secure place to generate and store keys, etc., but you can also just stick a bit of data in there.

So, user logs in, save their username to keychain. User deletes app. User reinstalls app. On app start, try to read the key you saved the username under. Is it there? Ok, this is a reinstall. No? Ok, this is a new installation or new phone.

There is no Apple documentation that says that this is the way it works, it's merely a quirk of how it's implemented. Obviously, it's a privacy concern. Apple closed this hole in one of the betas of iOS 10.3, but then restored the old behavior. I don't know why, but it's possible that many user workflows were relying on this behavior, or that it subtly broke something else (e.g. app groups).

The second way is using App Groups: https://developer.apple.com/library/archive/documentation/Mi...

In more recent versions of iOS, Apple introduced support for "app groups", which basically means a bunch of rights and privs that were scoped to the bundle id in the past are now optionally scoped to the bundle prefix (team id) or to a whitelisted set of apps that share a bundle prefix.

This allows for Facebook to share login session with Facebook Messenger, for instance. If you're Google, and you have multiple Google-owned products on the user's device, you can add them all to an app group. If up to all of the apps but one are deleted, and the last maintains user login data in the keychain, reinstallation of the other apps will allow them to recover data shared by other apps in their app group.

I don't know if there's a way a user on a non-jailbroken device can wipe the keychain without resetting the device. (You should also look into iCloud Keychain.)

[petilon]

Any Apple engineers reading this, please give users control over this. This is a privacy hole.

[fhood]

Don't think they can. Keychain is supposed to be a secure storage solution, so I can't imagine they want users to be able to view that data, and it would be hard to manage it without knowing what it was.

That said, I found a post from last year saying that they would like to phase key-chain persistence out at some point, but it was fairly free of actual commitments.

[valleyer]

> Keychain is supposed to be a secure storage solution, so I can't imagine they want users to be able to view that data

This seems at odds with the fact that macOS comes with a built-in app called "Keychain Access" that allows you to view the contents of the keychain (including iCloud keychain).

[jeremy_wiebe]

> so I can't imagine they want users to be able to view that data

Why not? They allow you to see your passwords that are stored in the keychain. And on macOS I can poke around the keychain to my heart’s content.

It would be ralatively easy to provide a way to dump an app’s (or app group’s) keychain values in Settings.app.

[lalos]

You can set some expiration linked back to the app that created that pair and when that app goes away that invalidates that pair, or have app related containers inside the Keychain that also get removed with the app. It is an implementation detail.

[zamalek]

> it would be hard to manage it without knowing what it was.

If you wanted to remove all Google data from your phone, surely it would be enough to just display the app name.

[soared]

How?

[puzzle]

ISTR it's the latter, so that users don't need to enter username and password (and maybe 2FA) five times because they install five different Google apps.