Strange items found in keychain access

[wirewick]

Hello all,
I recently bought a 2020 MacBook Air that I have been setting up the last couple days. This is not my first Mac. I setup the 2020 Air as new machine without migrating any files, but I did sign in with my Apple ID and setup iCloud.

I found myself looking around in Keychain Access and noticed some things that seemed odd. Im not an expert user and Im very new to keychain access so I was hoping to get some help here.

The first thing I noticed was an item in login, Certificates.

Im confused as to how this got here since I did not transfer any files. Did this come from iCloud? I was under the impression that iCloud keychain access only saved Safari passwords. Also it is in the "login" keychain not the "iCloud" keychain.
Since Mac says that the certificate is not trusted, I copied it on to the desktop and tried to delete it from keychain access but I received this message:

The next strangeness I noticed were 16 separate "application password" entered for Tencent, in my "iCloud keychain." I don't ever recall using a Tencent service in my life. How can I found out where these came from? Is there any risk, should I simply delete?

Thanks in advance for any help. Im trying to learn as I go.

 

[Taz Mangus]

It appears that you probably had keychain saved in iCloud.

 

[Honza1]

Keychain stores mainly computer related passwords and lots of other stuff. Safari passwords are quite relatively newish thing.
That tencent password was saved by you in June 2019 (and one in July). May be you read Wallstreet journal that day and it saved this stuff?
Anyway, this came from iCloud Keychain, possibly originated on iphone, ipad or Mac. Keychain is basically garbage collector.
And yes, you can delete that stuff safely. I do it when I am bored and want to do something mindless but useful.

 

[wirewick]

Is WSJ owned by Tencent or something? Still it seems strange that so many "application password's" were created all at once. When I open each one they don't contain any passwords I created.

And what about that Verizon one?

 

[DoctorApple]

Keychain is abused by lots of developers as a fingerprinting mechanism to identify users across devices and reset. As long as you're logged into the same iCloud account on your iPhone, you can be identified when you re-download the same app that previously saved a unique identifying string to your iCloud keychain. You can be identified as the previous user even if it's a different iPhone / iPad and have been fully reset as the fingerprinting info is saved in your iCloud. The two examples I can think of are Lyft and Foursquare. Even if you purchase a brand new iPhone and set it up as a new iPhone with no restored data from a backup, as long as you're signed into the same iCloud account and you download these apps again, they'll recognize you as their previous users. For Lyft, you would not be able to get any sign up bonus even if you use a brand new phone number to register as this new device has been linked to an existing user. For Foursquare, since you're identified, they would not even ask you to enter your password again to log in.

I see Facebook's apps do this too. PayPal app also leaves a lot of keychain data for risk mitigation (tracking). Same goes for Tinder.

I'm unsure if Tencent uses keychain to re-prawn previous data. The name of the iCloud keychain entries suggest they're used as crypto keys for authentication purposes, but I wouldn't be surprised that they're used to track users across devices as well. You must have used one of Tencent's apps. They operate a lot of popular games in case you were unaware. The other possibility is that you used someone else's phone without fully resetting the device. They simply logged out of their Apple ID from iCloud and you logged in again with your own. In this case, the iCloud keychain data from the previous Apple ID would be spliced with your own. I'm not sure if a developer is allowed to access iCloud keychain data originally saved by a different Apple ID when it's accessing from another Apple ID instance.

 

[gtsorby]

Keychain is abused by lots of developers as a fingerprinting mechanism to identify users across devices and reset. As long as you're logged into the same iCloud account on your iPhone, you can be identified when you re-download the same app that previously saved a unique identifying string to your iCloud keychain. You can be identified as the previous user even if it's a different iPhone / iPad and have been fully reset as the fingerprinting info is saved in your iCloud. The two examples I can think of are Lyft and Foursquare. Even if you purchase a brand new iPhone and set it up as a new iPhone with no restored data from a backup, as long as you're signed into the same iCloud account and you download these apps again, they'll recognize you as their previous users. For Lyft, you would not be able to get any sign up bonus even if you use a brand new phone number to register as this new device has been linked to an existing user. For Foursquare, since you're identified, they would not even ask you to enter your password again to log in.

I see Facebook's apps do this too. PayPal app also leaves a lot of keychain data for risk mitigation (tracking). Same goes for Tinder.

I'm unsure if Tencent uses keychain to re-prawn previous data. The name of the iCloud keychain entries suggest they're used as crypto keys for authentication purposes, but I wouldn't be surprised that they're used to track users across devices as well. You must have used one of Tencent's apps. They operate a lot of popular games in case you were unaware. The other possibility is that you used someone else's phone without fully resetting the device. They simply logged out of their Apple ID from iCloud and you logged in again with your own. In this case, the iCloud keychain data from the previous Apple ID would be spliced with your own. I'm not sure if a developer is allowed to access iCloud keychain data originally saved by a different Apple ID when it's accessing from another Apple ID instance.

Is there anyway to access and delete this "fingerprint" keychain data? Is it viewable from a Mac?

 

[DoctorApple]

Is there anyway to access and delete this "fingerprint" keychain data? Is it viewable from a Mac?

Yes, you can view and delete them on Mac in Keychain Access. Keep in mind that it will not delete anything stored on your phone, they can only be removed from a full reset. Also every time you launch an app that writes into iCloud Keychain, it will write again after you’ve delete them. So if you really want a clean set up you’ll wanna make sure to set up a new phone (hardware) while there’re no entries of those keychain data on your iCloud.

 

[gtsorby]

Yes, you can view and delete them on Mac in Keychain Access. Keep in mind that it will not delete anything stored on your phone, they can only be removed from a full reset. Also every time you launch an app that writes into iCloud Keychain, it will write again after you’ve delete them. So if you really want a clean set up you’ll wanna make sure to set up a new phone (hardware) while there’re no entries of those keychain data on your iCloud.

Will this procedure work?

1) Factory reset phone. Set up as new.
2) Wipe all keychain data using a mac.
3) Factory reset phone. Restore from cloud.

 

[DoctorApple]

Will this procedure work?

1) Factory reset phone. Set up as new.
2) Wipe all keychain data using a mac.
3) Factory reset phone. Restore from cloud.

You don’t have to reset the phone twice. As long as your phone is set up when there’s no iCloud Keychain entires, you should be fine.