What is this about?

When a user migrates to a new phone the MM app will automatically install and prompt the user to login. This is misleading because no app data is transferred to the new phone (for security reasons). We should handle this case by presenting the user with the onboarding flow instead of the login screen.

The current resolution for this is to have the user to Reset Wallet or uninstall/reinstall.

Below are a list of considerations we should review when starting this ticket:

📱 iOS

🚫 Disable iCloud backup for app data (this is already done):

Use the NSURLIsExcludedFromBackupKey flag to exclude files from iCloud backup.

var url = URL(fileURLWithPath: filePath)
do {
    var resourceValues = URLResourceValues()
    resourceValues.isExcludedFromBackup = true
    try url.setResourceValues(resourceValues)
} catch {
    print("Failed to exclude \(url.lastPathComponent) from backup")
}

🧼 Store minimal persistent data in UserDefaults, Keychain, or documents — and clear everything on reinstall or reinstall+restore if necessary.

• Be cautious with Keychain — it's persisted even after uninstall.
• Consider storing a flag in a non-persisted location (e.g., temporary directory) that indicates first install.

🧼 Key considerations:

• Like iOS, EncryptedSharedPreferences, Room, or Jetpack DataStore will persist across reinstalls if backups are enabled.
• With backups disabled, everything starts fresh unless you're syncing from your own backend.

2. Detect a Restored State (Optional Advanced Pattern)

If disabling cloud backup isn’t sufficient (e.g., you suspect a system restore is restoring data anyway), you could:

• Store a device identifier or first install token in local storage or a secure backend.
• When a user logs in, check if the device is the same one — if not, prompt them to re-authenticate and wipe local data.

3. Avoid Keychain (iOS) long-lived sessions

These survive uninstalls, so if you use them, your app may “magically” restore sessions on a new device. You may need to explicitly clear them or gate access with device binding.

🧪 Test It:

1. Install your app on one device.
2. Log in, set some local state.
3. Backup or don't
   a. Option 1: Backup that device (iCloud or Google Drive).
   b. Option 2: Do not back up.
4. Restore to a new phone.
5. Download app again. Check:

• Is the user still logged in?
• Are previous settings still there?
• If yes, identify where they were saved (Keychain? Cloud backup? Secure preferences?).

Scenario

No response

Design

No response

Technical Details

No response

Threat Modeling Framework

No response

Acceptance Criteria

• When upgrading to a new phone users are not prompted to login

Stakeholder review needed before the work gets merged

• Engineering (needed in most cases)
• Design
• Product
• QA (automation tests are required to pass before merging PRs but not all changes are covered by automation tests - please review if QA is needed beyond automation tests)
• Security
• Legal
• Marketing
• Management (please specify)
• Other (please specify)

References

No response