An App ID is a two-part string used to identify one or more apps from a single development team.

Posts under App ID tag

10 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

App ID Prefix Change and Keychain Access
DTS regularly receives questions about how to preserve keychain items across an App ID change, and so I thought I’d post a comprehensive answer here for the benefit of all. If you have any questions or comments, or other creative solutions!, please start a new thread here on DevForums, tagging it with Security so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" App ID Prefix Change and Keychain Access The list of keychain access groups your app can access is determined by three entitlements. For the details, see Sharing Access to Keychain Items Among a Collection of Apps. If your app changes its App ID prefix, this list changes and you’re likely to lose access to existing keychain items. This situation crops up under two circumstances: When you migrate your app from using a unique App ID prefix to using your Team ID as its App ID prefix. When you transfer your app to another team. In both cases you have to plan carefully for this change. If you only learn about the problem after you’ve made the change, consider undoing the change to give you time to come up with a plan before continuing. Note On macOS, the information in this post only applies to the data protection keychain. For more information about the subtleties of the keychain on macOS, see On Mac Keychains. For more about App ID prefix changes, see Technote 2311 Managing Multiple App ID Prefixes and QA1726 Resolving the Potential Loss of Keychain Access warning. Migrate From a Unique App ID Prefix to Your Team ID Historically each app was assigned its own App ID prefix. This is no longer the case. Best practice is for apps to use their Team ID as their App ID prefix. This enables multiple neat features, including keychain item sharing and pasteboard sharing. If you have an app that uses a unique App ID prefix, consider migrating it to use your Team ID. This is a good thing in general, as long as you manage the migration process carefully. Your app’s keychain access group list is built from three entitlements: keychain-access-groups, see Keychain Access Groups Entitlement application-identifier (com.apple.application-identifier on macOS) com.apple.security.application-groups, see App Groups Entitlement IMPORTANT A macOS app can’t use an app group as a keychain access group. The first two depend on the App ID prefix. If that changes, you lose access to any keychain items in those groups. WARNING Think carefully before using the keychain to store secrets that are the only way to access irreplaceable user data. While the keychain is very reliable, there are situations where a keychain item can be lost and it’s bad if it takes the user’s data with it. In some cases losing access to keychain items is not a big deal. For example, if your app uses the keychain to manage a single login credential, losing that is likely to be acceptable. The user can recover by logging in again. In other cases losing access to keychain items is unacceptable. For example, your app might manage access to dozens of different servers, each with unique login credentials. Your users will be grumpy if you require them to log in to all those servers again. In such situations you must carefully plan your migration. The key element here is the third item in the list above, the com.apple.security.application-groups entitlement. An app group is tied to your team, and so your app retains access to the corresponding keychain access group across an App ID change. This suggests the following approach: Release a version of your app that moves keychain items from other keychain access groups to a keychain access group corresponding to an app group. Give your users time to update to this new version, run it, and so move their keychain items. When you’re confident that the bulk of your users have done this, change your App ID prefix. Be wary of the following caveats: This approach won’t work on macOS because macOS apps can’t use an app group as a keychain access group. It’s hard to judge how long to wait at step 2. Transfer Your App to Another Team There is no supported way to maintain access to keychain items across an app transfer. This makes it critical that you plan the transfer carefully. Note The approach described in the previous section doesn’t work in this case because app groups are tied to a team. There are three potential approaches here: Do nothing Do not transfer your app Get creative Do Nothing In this case the user loses all the secrets that your app stored in the keychain. This may be acceptable for certain apps. For example, if your app uses the keychain to manage a single login credential, losing that is likely to be acceptable. The user can recover by logging in again. Do Not Transfer Another option is to not transfer your app. Instead, ship a new version of the app from the new team and have the old app recommend that the user upgrade. There are a number of advantages to this approach. The first is that there’s absolutely no risk of losing any user data. The two apps are completely independent. The second advantage is that the user can install both apps on their device at the same time. This opens up a variety of potential migration paths. For example, you might ship an update to the old app with an export feature that saves the user’s state, including their secrets, to a suitably encrypted file, and then match that with an import facility on the new app. Finally, this approach offers flexible timing. The user can complete their migration at their leisure. However, there are a bunch of clouds to go with these silver linings: Your users might never migrate to the new app. If this is a paid app, or an app with in-app purchase, the user will have to buy things again. You lose the original app’s history, ratings, reviews, and so on. Get Creative Finally, you could attempt something creative. For example, you might: Publish a new version of the app that supports exporting the user’s state, including the secrets. Tell your users to do this, with a deadline. Transfer the app and then, when the deadline expires, publish the new version with an import feature. Frankly, this isn’t very practical. The problem is with step 2: There’s no good way to get all your users to do the export, and if they don’t do it before the deadline there’s no way to do it after.
0
0
7.0k
May ’22
Unable to upload to store using altool after account transfer
Good morning, recently we had our application migrated to a new account due to company changes. In the old account we were able to notarize and publish the application, using notarytool and altool, both as an external installer dmg and on the App Store. The migration was successful and after signing up for a paid developer program, creating the new certificates and the new application password, we are now able to successfully sign and notarize the application for distributing the dmg package as an external installer. However we have an issue with the altool used to publish the application on the App Store. It seems a credentials rejection. This is unfortunately preventing us to deliver updated version of our software to our clients. Here are the logs for the two commands The USERNAME, TEAM_ID and APPLICATION_PASS are obviously placeholders by me to not show them in the following requests, and are originally the same in both commands This is the notarytool command -> SUCCESS xcrun notarytool history --apple-id "USERNAME" --team-id "TEAM_ID" --password "APPLICATION_PASS" Successfully received submission history. createdDate: 2025-01-21T12:24:28.472Z id: 94e5e0ba-9529-4c38-b36f-1e0369b745ab name: installer.app.zip status: Accepted
2
0
177
4w
Failed Registering Bundle Identifier of watch app
Hi, after 2 years of not updating my app on appstore i wanted to submit an update for my iOS app which also containts a watch app target. When i try to submit it to upload it i get the following errors: Failed registering bundle identifier The app identifier "(myappBundleID).watchkitapp" cannot be registered to your development team because it is nit available. Change your bundle identifier to a unique string to try again. No Profiles for "(myappBundleID).watchkitapp" were found. Xcode culdn't find any iOS App Store provisining profiles matching "(myappBundleID).watchkitapp" Since i have my app already in store with that bundle identifier i don't know why it can not be registered to my team. Also i don't want to change the bundle identifier because then i can not publish it as update to store.
12
0
1.1k
Jan ’25
How Can I create a new App from API
Hi all, I am developing new things on my existing .Net core application. I want to create a new page and with this page, the users will create a new app and write important informations. But I cant create a new app with sending post request with connect API. Here is my Postman requests and body. Sending request to : https://api.appstoreconnect.apple.com/v1/apps Body : { "data": { "type": "apps", "attributes": { "bundleId": "com.test.testtest", "name": "Test Test", "primaryLocale": "en-US", "sku": "test2024", "platform": "IOS" } } } Also I am using a bearer token, and this token has a admin role. When I send a post request, I am getting below error. { "errors": [ { "id": "35f9631f-b8d8-408c-8dfd-adaef043d062", "status": "403", "code": "FORBIDDEN_ERROR", "title": "The given operation is not allowed", "detail": "The resource 'apps' does not allow 'CREATE'. Allowed operations are: GET_COLLECTION, GET_INSTANCE, UPDATE" } ] } How can I fix this. Pls help. Thanks.
1
0
794
Jul ’24
Failed Registering Bundle Identifier after transfer app to another account
At the beginning of the year, I transferred 3 applications from one account to another. Last month, I had to make changes and update two of them without any issues. Now, I need to update the third one, but in Xcode, I'm getting an error saying that the identifier can't be registered to my development team because it's not available. In App Store Connect, I can see all 3 applications perfectly. I have regenerated the certificates, but this third one is not appearing in the provisioning profiles. Any help?
2
0
1.1k
Apr ’24
Identifier (and profiles) management - Developer portal
Hey guys! Please, its not possible to remove or reuse an identifier (new app by removing the old one) through the developer portal? https://developer.apple.com/account/resources/identifiers/list Everytime we try to remove there is a message we can't: There is a problem with the request entity The App ID 'xxxxxxxxxxx' appears to be in use by the App Store, so it can not be removed at this time. But the app has been removed!!! Does anyone knows how to delete/reuse an identifier by doing some action in the portal? NOTE: we are low code - no Xcode (yes, so poor) Thank u guys!
1
0
726
Apr ’24