Keychain doesn't retain the data after app gets update from iTunes

Question

I have been using SSKeychain open source library for storing the data securely in my iOS app. Yesterday, I face an issue ,SSKeychain wasn't able to retain its data when I updated my app from v1.0 to v2.0 from iTunes.

Code for UUID Generation :

- (NSString *)createNewUUID
{
    CFUUIDRef theUUID = CFUUIDCreate(NULL);
    CFStringRef string = CFUUIDCreateString(NULL, theUUID);
    CFRelease(theUUID);
    return (__bridge NSString *)string;
}

Over here, I generated a unique device string and used the keychain to store the same and the app heavily depends on unique string/Device Identifier since from iOS5 to iOS7 there are lots of transformations done by Apple in concerned to Unique Device Identifier, since the methods got deprecated.

Cope snippet for Store & Retrive :

NSString *retrieveuuid = [SSKeychain passwordForService:@"com.name.appname" account:@"AppName"];
if (retrieveuuid == nil) {
    NSString *uuid  = [self createNewUUID];

    //Store the password in Keychain
    NSError *error = nil;
    [SSKeychain setPassword:uuid forService:@"com.name.appname" account:@"AppName" error:&error];

    if ([error code] == SSKeychainErrorNotFound) {
        NSLog(@"ID not found");
    }
}

So, is this something that keychain won't be able to retain its values/identifier, when the app gets updated from Apple OR am I missing out at some point. Please help out if its possible to store the Identifier permanently in device, irrelevant of Installing, uninstalling ,reset and updating the app.

Alternatively, is there any API, which can provide me the same deviceID/unique string when generated so need to store the Unique String?

Note : App has to support iOS 4.3 and above.

Answer 1

You should take a look at this answer. The problem you are facing now is effectively a loss of access to keychain group which is tied to your bundle seed id (10-symbol alphanumeric code before your bundle id), which is your team identifier. So, basically, access to keychain after app updates depends on distribution certificate you use, not on the provisioning profile like @PF1 mentioned.
To prove my point i suggest you to try the following steps:

1. Add a new version to your app in iTunes Connect.
2. Make it "ready to upload".
3. Issue new distribution certificate to yourself in member center.
4. Create two new appstore provisioning profiles - one with your old / second with your new certificate.
5. Create two archives like you usually do to submit the app to App Store - one with your old / second with your new certificate.
6. Validate both. The one with the new certificate will give validation warning that access to keychain groups will be lost for this version.