Technical Overview

Originally drafted by Johnathan Sampson

Recent changes involving Brave’s certificate/provisioning-profile 11 have resulted in a need for users upgrading to v1.18.75 or later to grant Brave access to the random 128-bit password 8 it created upon installation, so that encrypted profile data can be read/written by the browser. This doesn’t grant Brave access to anything else on the machine.

We encourage users to “Always Allow” Brave access to Brave Safe Storage.

Great! Can you explain that in English now?

Users of Brave on macOS who recently upgraded to version 1.18.75 saw the prompt below when restarting the browser. Many of you may be wondering what this is, so we'd like to briefly explain. Some of you may recall installing Brave, and having to provide your macOS password at that time as well, and for the same reasons we’ll be covering below.

When you installed Brave for the very first time, a secret key was created. This secret is used to protect files created by Brave, files which store passwords to websites, information about your Brave Rewards profile, and more. This secret was given to macOS to be stored in Keychain. By encrypting files with a secret key stored in Keychain, Brave is able to add an extra layer of security to your data. After all, if somebody were to get access to your files, but not the key with which they were encrypted, they wouldn’t be able to do much.

Version 1.18.75 of Brave included some routine, yet generally infrequent changes to our app which impacted Brave’s access to that secret key. As such, users are prompted to grant Brave access to its own private key stored within Apple’s Keychain application.

What happens if I deny access?

Denying access means Brave will not be able to retrieve its own secret key. This results in Brave’s inability to read/write data to the user’s profile directory, impacting things like stored passwords, Brave Rewards data, and more.

What happens if I Allows access?

Brave has always had access since the application was first installed. Recent changes to the build process yielded the need for users to confirm that Brave should continue to have access to its own private key. When you allow Brave to access the private key stored in Brave Safe Storage, the browser will continue to operate as expected.

Users are encouraged to “Always Allow” Brave access to Brave Safe Storage.

It’s important to note that granting Brave access to the Brave Safe Storage Keychain entry does not give Brave access to other sensitive information stored in your Keychain. Brave is only able to access the random key it generated when you first installed the application.