We're doing some disaster recovery management / risk management and a point-of-failure for our app is if we lose access to our bundle id.
From my understanding, secure keychain items are scoped to your bundle ID as well as iCloud files stored under the app with 'hidden' scope.
Losing our bundle ID is a scenario we want to eliminate completely from our threat/disaster modelling.
Is this a realistic concern we should have?
I’m not sure I understand your question. A bundle ID is a string. How can you lose access to a string?
Are you concerned about some attacker publishing an app with your bundle ID? If so, what platform are you targeting?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Apologies for the late reply @eskimo - missed this.
From my understanding, data stored in the 'hidden' iCloud file system and data stored in your on-device keychain are scoped to your bundle ID/App ID. If you publish the app under a different bundle id (e.g. com.acme.fintechapp1 vs com.acme.fintechapp2) then we will lose access to all the data scoped with that app.
As you may remember from our previous interaction, we're using expo-secure-store and iCloud's app file system (hidden from iCloud Web)
Couple of possible concerns here:
Perhaps my understanding of bundle identifiers is incorrect. Would appreciate you pointing me to the right place to understand if there are any risks here.
