How does a Google iOS app save and restore active accounts across app deletion?

On an iOS 8 device, I installed Google Hangouts and upon first launch, it pre-populated an account that was previously associated with a different, and long ago deleted, Google app.

Since I had just Reset Advertising Identifier, I assumed it must be the Vendor ID (there was another Google app installed on the device). So, I deleted both (all) Google apps on the device, which should reset the Vendor ID.

I then re-installed Google Hangouts and launched it. It STILL had the old account active. This is not only mysterious behavior, but is also a pretty serious security and privacy vulnerability. When an app is deleted, and especially when all apps from a vendor are deleted, there should be no active accounts or data left on the device.

Any ideas on how Google Hangouts knows about the old account?


Apple advises developers to store app login credentials in the encrypted iOS Keychain. When you delete an app from your phone it doesn't delete the related records from the Keychain.

Keychains are secure storage containers, which means that when the keychain is locked, no one can access its protected contents. In OS X, users can unlock a keychain—thus providing trusted applications access to the contents—by entering a single master password. In iOS, each application always has access to its own keychain items; the user is never asked to unlock the keychain. Whereas in OS X any application can access any keychain item provided the user gives permission, in iOS an application can access only its own keychain items.

https://developer.apple.com/library/ios/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html


It probably uses iCloud as a method, possibly the iCloud Key-Value Store.

As far as that storage goes…

The total space available in your app’s iCloud key-value storage is 1 MB per user. The maximum number of keys you can specify is 1024, and the size limit for each value associated with a key is 1 MB. For example, if you store a single large value of exactly 1 MB for a single key, that fully consumes your quota for a given user of your app. If you store 1 KB of data for each key, you can use 1000 key-value pairs. The maximum length for a key string is 64 bytes using UTF8 encoding. The data size of your cumulative key strings does not count against your 1 MB total quota for iCloud key-value storage; rather, your key strings (which at maximum consume 64 KB) count against a user’s total iCloud allotment.

(Source: Apple Developer Conceptual Reading for iCloud Key-Value Storage's Data Limits, see link above)

In short, developers can access data through iCloud's KV pairs through NSUbiquitousKeyValueStore, store objects storable in an NSDictionary (up to 64K per item, up to 1024 keys, and the total size must be less than 1 MB), and retrieve them later.


Edit: iCloud Key-Value storage isn't as secure as Keychains. Google might use Keychains, but they might also store encrypted data on the Key-Value store, considering iCloud has security issues. Maybe use the device's name as a way to de-encrypt?