diff --git a/crypto/apple_keychain_ios.mm b/crypto/apple_keychain_ios.mm
index 1d61f4cd5576aa..c3e57c52146857 100644
--- a/crypto/apple_keychain_ios.mm
+++ b/crypto/apple_keychain_ios.mm
@@ -41,12 +41,12 @@
   // Set the service name.
   CFDictionarySetValue(
       query, kSecAttrService,
-      StringWithBytesAndLength(serviceName, serviceNameLength));
+      StringWithBytesAndLength(serviceName, serviceNameLength).get());
 
   // Set the account name.
   CFDictionarySetValue(
       query, kSecAttrAccount,
-      StringWithBytesAndLength(accountName, accountNameLength));
+      StringWithBytesAndLength(accountName, accountNameLength).get());
 
   // Use the proper search constants, return only the data of the first match.
   CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne);
@@ -89,12 +89,12 @@
   // Set the service name.
   CFDictionarySetValue(
       keychain_data, kSecAttrService,
-      StringWithBytesAndLength(serviceName, serviceNameLength));
+      StringWithBytesAndLength(serviceName, serviceNameLength).get());
 
   // Set the account name.
   CFDictionarySetValue(
       keychain_data, kSecAttrAccount,
-      StringWithBytesAndLength(accountName, accountNameLength));
+      StringWithBytesAndLength(accountName, accountNameLength).get());
 
   return base::apple::ScopedCFTypeRef<CFDictionaryRef>(keychain_data);
 }
@@ -124,21 +124,21 @@
       MakeGenericPasswordQuery(serviceNameLength, serviceName,
                                accountNameLength, accountName);
   // Check that there is not already a password.
-  OSStatus status = SecItemCopyMatching(query, /*result=*/nullptr);
+  OSStatus status = SecItemCopyMatching(query.get(), /*result=*/nullptr);
   if (status == errSecItemNotFound) {
     // A new entry must be created.
     base::apple::ScopedCFTypeRef<CFDictionaryRef> keychain_data =
         MakeKeychainData(serviceNameLength, serviceName, accountNameLength,
                          accountName, passwordLength, passwordData,
                          kKeychainActionCreate);
-    status = SecItemAdd(keychain_data, /*result=*/nullptr);
+    status = SecItemAdd(keychain_data.get(), /*result=*/nullptr);
   } else if (status == noErr) {
     // The entry must be updated.
     base::apple::ScopedCFTypeRef<CFDictionaryRef> keychain_data =
         MakeKeychainData(serviceNameLength, serviceName, accountNameLength,
                          accountName, passwordLength, passwordData,
                          kKeychainActionUpdate);
-    status = SecItemUpdate(query, keychain_data);
+    status = SecItemUpdate(query.get(), keychain_data.get());
   }
 
   return status;
@@ -160,7 +160,7 @@
 
   // Get the keychain item containing the password.
   base::apple::ScopedCFTypeRef<CFTypeRef> result;
-  OSStatus status = SecItemCopyMatching(query, result.InitializeInto());
+  OSStatus status = SecItemCopyMatching(query.get(), result.InitializeInto());
 
   if (status != noErr) {
     if (passwordData) {
@@ -171,7 +171,7 @@
   }
 
   if (passwordData) {
-    CFDataRef data = base::apple::CFCast<CFDataRef>(result);
+    CFDataRef data = base::apple::CFCast<CFDataRef>(result.get());
     NSUInteger length = CFDataGetLength(data);
     *passwordData = malloc(length * sizeof(UInt8));
     CFDataGetBytes(data, CFRangeMake(0, length), (UInt8*)*passwordData);