On an iOS 8 device, I installed Google Hangouts and upon first launch, it pre-populated an account that was previously associated with a different, and long ago deleted, Google app.
Since I had just Reset Advertising Identifier, I assumed it must be the Vendor ID (there was another Google app installed on the device). So, I deleted both (all) Google apps on the device, which should reset the Vendor ID.
I then re-installed Google Hangouts and launched it. It STILL had the old account active. This is not only mysterious behavior, but is also a pretty serious security and privacy vulnerability. When an app is deleted, and especially when all apps from a vendor are deleted, there should be no active accounts or data left on the device.
Any ideas on how Google Hangouts knows about the old account?
Best Answer
Apple advises developers to store app login credentials in the encrypted iOS Keychain. When you delete an app from your phone it doesn't delete the related records from the Keychain.
https://developer.apple.com/library/ios/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html