It used to. They have largely changed that now - all data is deleted once the last app from a given vendor has been deleted (though it's not instant, and seems to apply weirdly on TestFlight + ad-hoc builds)

I delete Facebook a few times and every time I installed the app the first screen I got prompted with was "Hello Josh, would you like to sign in with your stored details?" Not all data is scrubbed. This persisted to even today running on iOS 17 Public Beta.

Did you also delete Messenger, Instagram, Whatsapp and Threads?

Yes.

I have experienced the same thing. Even when Apple made changes in Keychain policy to try to combat fingerprinting, “I never got the memo.” That sounds nuts, but I’m in the same boat.

I’ve had a few apps I’ve redownloaded months later, the only one from the developer, and my auth state was preserved.

I keep hearing that the Keychain data should be deleted, but my iCloud Keychain is filled with long-dead data

It's most probably keychain.

Probably keychain, but maybe just iCloud?

On the app I'm writing, keychain info remains.

I have a specific debug setting to wipe the keychain.

Sign in with Apple also generates a persistent ID with each app. That could be used to fingerprint the user, but not the device.

I think this behavior hasn’t changed: https://developer.apple.com/forums/thread/36442

Everything in this space is so muddled. Deleting the last app from a vendor should erase that data. On the other hand, if you restore your phone from another device, that should never require relogging into anything.

I used to go out of my way to take encrypted iTunes backups because it restored app state perfectly.

After some iOS release though, every app started doing "new phone, who dis" regardless of the restoration strategy, so I stopped wasting my time.

Yeah, last I checked, encrypted itunes backups would keep the "this device only" keychain data. Which would only work when restored to the same device - it needs the UID key from the secure enclave to decode. (I wrote code a few years ago to decrypt the rest of the keychain.)

At one point, google authenticator started marking its entries as "this device only". I don't know if they've backed off on that since then.

This does not align with my experience. I see Uber automatically log me in on a fresh install after I've uninstalled the app for months.

No, I tried to completely delete Tiktok. It's impossible.