Potenial Loss of Keychain Access Problem

Question

Created Apr ’18

Replies 4

Boosts 0

Views 8.6k

Participants 2

I recently submitted an app to the App Store which was followed by an email from the App Store Team. In part it read:

"Potential Loss of Keychain Access - The previous version of software has an application-identifier value of ['1234ABCD.com.doggonegoodapps.AppName'] and the new version of software being submitted has an application-identifier of ['5678DFGH.com.doggonegoodapps.AppName']. This will result in a loss of keychain access."

I totally understand that the App ID prefixes do not match. I have no idea how this happened. I have changed/upgraded Mac computers four times since I began coding eight or so years ago. Whether that is the problem or not, I have no idea.

I found an Apple Doc that noted the following:

==

To resolve the problem:

You must locate or re-create a provisioning profile that uses the correct App ID prefix on the website.
Click Edit on the profile to be certain the prefix is correct.
Click Download and save the profile to disk.
Optionally double check the App ID Prefix on the downloaded profile using the Terminal command in:
Drag the profile onto the Xcode icon on your Dock to install it.
Re-submit the app and code sign it with the newly restored profile that is associated with the right prefix.

==

I have gone into my developer account and downloaded the provisioning profile with the App ID: 1234ABCD.com.doggonegoodapps to my desktop. However, when I get info on this Developer Provisioning Profile it has an App ID: 5678DFGH.com.doggonegoodapps. Validating the archived app shows the same App ID prefix.

I have no idea what else to try to overcome this problem. I have also double-checked my keychain and a certificate with the correct prefix does not exist. I checked an older Mac computer and its keychain certificates are exactly what my current iMac shows.

If anyone has any suggestions on how to solve this I would be most grateful for the info.

Thanks!

P.S. I did sent an email to Apple about this but have not heard back from them yet.

Boost

Answer 1

patriot OP

Apr ’18

Another thought: Since the distribution/provisioning profile that the app was originally signed with no longer exists in my keychain, I do not understand what the problem would be to re-submit the app with its new certs. Any future upgrades to this app WILL be able to access the keychain normally and that is all that matters?

Am I wrong to make this assumption?

Thanks.

0

Answer 2

PBK OP

Apr ’18

Going forward with the new application-identifier will work fine - except anything the user previously wrote to the keychain will no longer be accessable to the user. If this is a problem, you need to correct it in the app update with the new application-identifier.

I stored consumable IAP credits in the keychain. This same thing happended to me and I couldn't figure out how to resolve it. So in the update I wrote an alert that said - "if you lost any IAP credits updating this app, use the contact us button to request a credits credit (pun intended)". And I created a back door method of granting such credits along with a note to App Review explaining this issue. App Review did not object to the backdoor. More users asked for credits credit than bought credits - but I assume I was making loyal, albeit dishonest, users.

0

Answer 3

patriot OP

Apr ’18

Thank you for the detailed - and much needed, feedback to my query.

I heard back from an Apple Dev Team rep, but the response was not helpful at all. I sent Apple two graphics that depicted what I was doing to correct the problem: the first showed the provisioning profile that I was about to downloaded. This PP had the correct App ID prefix. However, when this PP landed on my desktop, it had the incorrect App ID prefix. How this happened, I have no idea.

All of this was done in an attempt to download the "correct" (original) PP that matched the PP of the originally submitted app eight years ago.

So after a LOT of research on the subject, the only solution I see that is even possible, is to just re-submit the app with the "incorrect" App ID prefix and move on. My app requires nothing of the user in terms of passwords or keychain info, so I see no problem.

I have wondered if deleting the original app would solve this issue? Probably not.

Getting Apple to accept this app is now my concern. Hopefully, they will.

I sincerely appreciate your comments.

0

Answer 4

PBK OP

Apr ’18

If your app doesn't use the keychain then forget about it. It's a tree falling in a forest that no one will ever hear - it makes no noise.

1