- 23 Oct 2024
- 1 Minute to read
- DarkLight
- PDF
Device-unique data on iOS
- Updated on 23 Oct 2024
- 1 Minute to read
- DarkLight
- PDF
iOS devices use the identifierForVendor data, which is retrieved on the first application launch and stored encrypted in the iOS device keychain. This identifierForVendor data is then encrypted before being used as the device-unique data. Keychain data is protected using a class structure similar to the one used in file data protection. These classes, however, use different keys and are part of other APIs.
The keychain used by the Mobile Authenticator Studio application uses the NSFileProtectionComplete class.
The random data is set in the keychain with the kSecAttrAccessibleWhenUnlockedThisDeviceOnly attribute.
For more information, refer to https://developer.apple.com/documentation/security/keychain_services.
On iOS, if two versions of Mobile Authenticator Studio do not use the same Bundle Seed ID, they will not share the device-unique data. Keychain access can be restricted to the application or a group of applications on iOS. The Mobile Authenticator Studio application using the same Bundle Seed ID will be part of the same group and shares the same device-unique data.