I am implementing device authentication for a macOS app. Our iOS app uses App Attest, but App Attest is not available on macOS, so we are evaluating StoreKit's AppTransaction plus AppStore.deviceVerificationID as the macOS equivalent signal.
The issue: in a macOS app installed through TestFlight, AppStore.deviceVerificationID is available, but AppTransaction.shared throws StoreKitError code=2.
I reproduced this in a focused standalone macOS test app with no backend and no custom dependencies.
Environment:
-
Platform: macOS
-
Distribution: TestFlight
-
App Store Connect app ID: 6769568350
-
Bundle ID: com.soundcity.AppTransactionProbe
-
App version: 1.0
-
Build: 1
Observed output from the TestFlight-installed app:
Bundle ID: com.soundcity.AppTransactionProbe
App version: 1.0
Build: 1
deviceVerificationID available: true
deviceVerificationID prefix: CA91ED5D...
AppTransaction.shared threw
error: StoreKitError; domain=StoreKit.StoreKitError; code=2
The relevant code path is essentially:
import StoreKit
let deviceVerificationID = try? AppStore.deviceVerificationID
let appTransaction = try await AppTransaction.shared
In the TestFlight-installed build:
-
AppStore.deviceVerificationID succeeds.
-
AppTransaction.shared throws StoreKitError code=2.
Questions:
-
Is AppTransaction.shared expected to work for macOS apps distributed through TestFlight?
-
If yes, what does StoreKitError code=2 indicate in this context, and what setup might be missing?
-
If no, is there an Apple-supported way to obtain an AppTransaction JWS, or equivalent signed App Store/TestFlight app-install assertion, for macOS TestFlight builds?
-
For macOS apps that need a device-bound trust signal comparable to iOS App Attest, is AppStore.deviceVerificationID intended to be used without AppTransaction.shared, or should these APIs be used together?
I have a focused Xcode test project that demonstrates the issue and can share it if helpful.