8.6. Sharing Keychain Data Between Multiple Apps


You want two of your apps to be able to share keychain storage.


When storing your keychain data, specify the kSecAttrAccessGroup key in the dictionary that gets passed to the SecItemAdd function. The value of this key has to be the access group, which you can find in the Entitlements section of your provision profile, as explained in this chapter’s Introduction.


Multiple apps from the same developer portal can share a keychain area. To avoid complications, we are going to limit our thoughts to only two apps for now, but this same technique applies for any number of apps.

In order for two apps to be able to share a keychain area, the following criteria must be met:

  1. Both apps must have been signed using a provision profile originated from the same iOS Developer Portal.

  2. Both apps have to have the same Group ID in their provision profile. This is usually the Team ID as selected by Apple. I suggest that you don’t change this group ID when you create your own provision profiles.

  3. The first app that stores the value in the keychain must specify the kSecAttrAccessGroup attribute for the keychain item that is getting stored. This access group must be the same access group that is mentioned in your provision profile. Have a look at this chapter’s Introduction to learn how to extract this value from your provision profiles.

  4. The value stored in the keychain should have been stored with the kSecAttrService attribute set to a value ...

Get iOS 7 Programming Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.