Security researchers have highlighted several potential iCloud Keychain issues you might want to be aware of in iOS 17 and macOS Sonoma.
The first is that an update may enable the feature if you previously had it disabled, and the second occurs if you enabled the feature and then disabled it…
iCloud Keychain goes back to iOS 7 and OS X Mavericks and stores your passwords and card details in your iCloud account so they’re available on Apple devices. Adding or updating any data on one device syncs it with iCloud so changes are reflected on other devices.
All data is, of course, end-to-end encrypted, so Apple doesn’t have access to your credentials or payment cards.
Passkey support was added to iCloud Keychain in iOS 16.
Users report that this feature turns on automatically.
Even with end-to-end encryption, not everyone chooses to use iCloud Keychain, and security researchers from Mysk Please note that a number of users who did not find this feature somehow found that it turned on itself.
If you’re one of the few users who haven’t synced your passwords and Keychain with iCloud and have updated to iOS 17, iPadOS 17, or macOS Sonoma, check your iCloud settings and make sure the Passwords and Keychain sync option is turned on. off. This case was reproduced in our testing, but some iCloud accounts did not change the setting. The reason is not clear.
Disabling iCloud Keychain may not delete your data.
If you disable iCloud Keychain, it can no longer be removed from Apple’s servers.
Here’s how Apple says it works:
When you sign out of iCloud on your device while iCloud Keychain is enabled, you will be prompted to save or delete your Keychain information.
If you choose to store your information, your passwords and passkeys will be stored locally on your device, but will not be deleted or updated when changes are made on other devices. If you do not save this information, your passwords and passkeys will not be available on your device. An encrypted copy of your Keychain data is stored on iCloud servers. If you turn iCloud Keychain back on, your passwords and passkeys are synced back to your device.
Previously, you could force delete from iCloud:
If you don’t save your information to at least one device, your Keychain data will also be deleted from iCloud servers.
One possibility is that this is due to the new Family Passwords feature, which allows you to share credentials with trusted contacts (as long as Apple uses the word “family”, you can share passwords with anyone).
We’ve reached out to Apple for comment and will report any response.