Claude repeatedly assured keychain code was correct despite fundamental flaw

Resolved 💬 2 comments Opened Apr 13, 2026 by BSKapps Closed Apr 14, 2026

What happened

During development of a macOS app (Quicker IP), Claude was asked to implement keychain storage for license keys. Claude wrote the keychain code without kSecUseDataProtectionKeychain, which means every time the app binary changes (i.e. every update), macOS shows a password prompt dialog to the user — multiple times per launch.

The user asked Claude three separate times across the development process whether the keychain migration was solid. Each time Claude confirmed it was fine without considering what happens when the app's code signature changes between builds.

This resulted in:

  • A shipped build (v2.1.0) that prompted users for their macOS password 5+ times on launch
  • The password dialog wording ("Quicker IP wants to use your confidential information") looked like the app was harvesting credentials
  • The update had to be pulled from both Sparkle (auto-update) and LemonSqueezy (distribution)
  • A GitHub release had to be deleted
  • The developer lost hours re-archiving, re-signing, re-notarizing

The core problem

Claude was asked multiple times to verify the keychain implementation. Rather than deeply researching macOS keychain ACL behaviour (per-app code signing vs Data Protection keychain), Claude gave surface-level "looks good" assurances. This is basic macOS keychain knowledge — the default keychain uses per-app ACLs tied to code signatures, and kSecUseDataProtectionKeychain: true is the standard way to avoid password prompts across app updates.

Expected behaviour

When a user asks Claude to verify critical code multiple times, Claude should actually research and think deeply rather than rubber-stamping its own earlier work. "I already looked at it" is not verification.

---
Filed by the developer via Claude Code.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗