Transfer FreeOTP secrets to new device using iOS 11 Automatic Setup

The FreeOTP application is typically used as a second factor in two-factor authentication. By design, it does not synchronize the secrets over iCloud or allow exporting them. The only way to get them out of the device and in again has been using an encrypted iTunes backup. Recently however, when setting up a new iPhone using iOS 11's Automatic Setup, I noticed that the FreeOTP secrets were transferred to the new device. What in this new iOS 11 Automatic Setup process made this possible?

It seems that FreeOTP stores the secrets in the iOS keychain, but marks them only for storage on the device (not to be synced across the network using iCloud). So does the new iOS 11 Automatic Setup process somehow also transfer such marked-as-this-device-only keychain entries to the new device?


This answer can help you if your device is jailbroken (I would rather comment, but I am unable to).

Using the Filza app, navigate to the FreeOTP data folder. Copy the .plist file that is in the root of the folder. This contains the (unencrypted) secret and other information necessary to add the secrets to the new device/installation.

Using the FreeOTP QR Code Generator website, use the data from the .plist file to generate QR codes and scan the QR codes with the FreeOTP app on the new device/installation.