fix(ios): remove erroneous keychain cleanup causing data loss on upgrade

The clearAllKeychainEntriesSync() function was incorrectly wiping all Keychain entries when upgrading from v1.2.0 to v1.3.0+.

The function's premise was flawed:
  - v1.2.0 used kSecAttrAccessibleWhenUnlockedThisDeviceOnly, which is NOT
    biometric protection (just "accessible when unlocked")
  - Biometric auth in v1.3.0+ uses LAContext, a completely separate API
  - There were no "old biometric prompts" to prevent

Only users upgrading FROM v1.2.0 were affected. In-between version upgrades (e.g., v1.3.0→v1.4.0→v1.4.1) were safe because the cleanup tracked its execution via NSUserDefaults BIOMETRIC_CLEANUP_KEY flag, running only once on first launch after the v1.2.0 upgrade.

The legitimate cleanupOrphanedKeychainEntries() function (for handling app reinstalls) remains unchanged.

Author: ioannisa

CHANGELOG.md

@@ -2,6 +2,25 @@
 
 All notable changes to KSafe will be documented in this file.
 
+## [1.4.2] - 2025-01-26
+
+### Fixed
+
+- **Critical iOS data loss on upgrade from v1.2.0** - Removed erroneous `clearAllKeychainEntriesSync()` function that was wiping all Keychain entries on first launch
+  - **Root cause**: The function was based on a flawed premise that v1.2.0 stored "biometric-protected" Keychain entries that needed cleanup
+  - **Reality**: v1.2.0 used `kSecAttrAccessibleWhenUnlockedThisDeviceOnly` which is NOT biometric protection—it simply means "accessible when device is unlocked"
+  - **Impact**: Users upgrading from v1.2.0 to v1.3.0+ lost all their encrypted data unnecessarily
+  - **Fix**: Removed the one-time cleanup that ran on startup. The legitimate `cleanupOrphanedKeychainEntries()` function (which removes Keychain keys without matching DataStore entries after app reinstall) remains intact
+  - **Who was affected**: Only users who upgraded FROM v1.2.0 TO any version between v1.3.0–v1.4.1. Users who started fresh on v1.3.0+ or upgraded between v1.3.x/v1.4.x versions were NOT affected
+  - **Why in-between upgrades were safe**: The cleanup used NSUserDefaults to track execution via `BIOMETRIC_CLEANUP_KEY`. Once it ran (on first launch after upgrading from v1.2.0), the flag was set and subsequent version upgrades (e.g., v1.3.0→v1.4.0→v1.4.1) skipped the cleanup entirely. The damage only occurred on that single first upgrade from v1.2.0
+
+### Removed
+
+- `clearAllKeychainEntriesSync()` - iOS function that unnecessarily deleted all Keychain entries
+- `BIOMETRIC_CLEANUP_KEY` constant - No longer needed without the erroneous cleanup
+
+---
+
 ## [1.4.1] - 2025-01-21
 
 ### Performance Improvements

README.md

@@ -53,8 +53,8 @@ That's it. Your data is now AES-256-GCM encrypted with keys stored in Android Ke
 
 ```kotlin
 // commonMain or Android-only build.gradle(.kts)
-implementation("eu.anifantakis:ksafe:1.4.1")
-implementation("eu.anifantakis:ksafe-compose:1.4.1") // ← Compose state (optional)
+implementation("eu.anifantakis:ksafe:1.4.2")
+implementation("eu.anifantakis:ksafe-compose:1.4.2) // ← Compose state (optional)
 ```
 
 > Skip `ksafe-compose` if your project doesn't use Jetpack Compose, or if you don't intend to use the library's `mutableStateOf` persistence option

ksafe-compose/build.gradle.kts

@@ -11,7 +11,7 @@ plugins {
 
 // Set the same group and version as your main library
 group = "eu.anifantakis"
-version = "1.4.1"
+version = "1.4.2"
 
 kotlin {
     androidLibrary {

ksafe/build.gradle.kts

@@ -10,7 +10,7 @@ plugins {
 }
 
 group = "eu.anifantakis"
-version = "1.4.1"
+version = "1.4.2"
 
 kotlin {
     androidTarget {

ksafe/src/iosMain/kotlin/eu/anifantakis/lib/ksafe/KSafe.ios.kt

@@ -124,7 +124,6 @@ actual class KSafe(
         @PublishedApi
         internal const val KEY_PREFIX = "eu.anifantakis.ksafe"
         private const val INSTALLATION_ID_KEY = "ksafe_installation_id"
-        private const val BIOMETRIC_CLEANUP_KEY = "ksafe_biometric_cleanup_done"
 
         /**
          * Checks if running on iOS Simulator (no biometric hardware available).
@@ -386,55 +385,13 @@ actual class KSafe(
         registerAppleProvider()
         forceAesGcmRegistration()
 
-        // CRITICAL: Clear ALL keychain entries synchronously on startup.
-        // This ensures old biometric-protected entries are removed before any property access.
-        // Data encrypted with old keys will be lost, but this is necessary to prevent
-        // biometric prompts from old library versions.
-        clearAllKeychainEntriesSync()
-
         // HYBRID CACHE: Start Background Preload immediately.
         // If this finishes before the user calls getDirect, the cache will be ready instantly.
         if (!lazyLoad) {
             startBackgroundCollector()
         }
     }
 
-    /**
-     * Synchronously clears ALL keychain entries for this KSafe instance (ONE TIME ONLY).
-     * This prevents old biometric-protected entries from triggering unwanted prompts.
-     * Uses NSUserDefaults to track if cleanup has been performed.
-     */
-    @OptIn(ExperimentalForeignApi::class)
-    private fun clearAllKeychainEntriesSync() {
-        val userDefaults = platform.Foundation.NSUserDefaults.standardUserDefaults
-        val cleanupKey = fileName?.let { "${BIOMETRIC_CLEANUP_KEY}_$it" } ?: BIOMETRIC_CLEANUP_KEY
-
-        // Check if cleanup has already been done
-        if (userDefaults.boolForKey(cleanupKey)) {
-            return
-        }
-
-        // Delete all keychain entries for our service
-        memScoped {
-            val query = CFDictionaryCreateMutable(
-                kCFAllocatorDefault,
-                0,
-                null,
-                null
-            ).apply {
-                CFDictionarySetValue(this, kSecClass, kSecClassGenericPassword)
-                CFDictionarySetValue(this, kSecAttrService, CFBridgingRetain(SERVICE_NAME))
-            }
-
-            SecItemDelete(query)
-            CFRelease(query as CFTypeRef?)
-        }
-
-        // Mark cleanup as done
-        userDefaults.setBool(true, forKey = cleanupKey)
-        userDefaults.synchronize()
-    }
-
     private fun startBackgroundCollector() {
         CoroutineScope(Dispatchers.Default + SupervisorJob()).launch {
             dataStore.data.collect { updateCache(it) }