Sign in with Apple user mapping after App Store app transfer when legacy sub values were not stored

Hello,

We are preparing to transfer an App Store app from one Apple Developer account/team to another.

Our iOS app uses Sign in with Apple. However, in our legacy implementation, we did not store the Apple user subject identifier (sub) for many existing Apple login users. Our service primarily matched users by email.

After reviewing Apple’s app transfer and Sign in with Apple migration documentation, we understood that we should generate a transfer identifier for each Sign in with Apple user before transferring the app. We have now started collecting and storing the sub value, but many legacy Apple login users still do not have their original sub value stored in our database.

We are concerned about two main cases:

1. Legacy users whose original Apple sub value was never stored

For these users, we may not be able to generate the required transfer identifier before the app transfer. If the user uses Private Relay, we are also concerned that the email address we receive after the transfer may not match the email address we previously stored.

In that case, our backend may not be able to match the post-transfer Sign in with Apple login to the user’s existing account, and the user may be treated as a new account.

1. Users whose sub value is stored, but who do not sign in during the migration period

For some users, we do have the Apple sub value and may be able to generate the transfer identifier before the app transfer.

However, we are not sure what happens if those users do not sign in during the available Sign in with Apple migration period after the app transfer. If they sign in only after that period has ended, will the post-transfer Sign in with Apple user still be reliably mapped to the original pre-transfer user?

The scenario we are worried about is:

1. A user originally signed in with Apple before the app transfer.
2. The app is transferred to another Apple Developer account/team.
3. The user does not sign in during the Sign in with Apple migration period.
4. After the migration period has ended, the same user signs in with Apple again.
5. Our backend receives a new Apple user identifier and/or a different Private Relay email address.
6. Our backend cannot correlate that login with the user’s original service account.
7. The user may be treated as a new user and may lose access to their existing profile, activity history, chats, purchases, or other account data.

Could someone confirm the expected behavior?

Questions:

1. If we have a legacy sub value and generate the transfer identifier before the app transfer, can the user still be mapped to the original account if they do not sign in during the Sign in with Apple migration period?

2. After the migration period has ended, does Apple provide any identifier, token claim, API response, or other mechanism that allows us to correlate the post-transfer Sign in with Apple user with the pre-transfer user?

3. For legacy users whose original sub value was never stored, is there any Apple-provided way to recover or map those users after the app transfer?

4. Can a Private Relay email address change as part of or after an App Store app transfer? Should we avoid using email as a stable identifier for this migration?

5. Should we delay the app transfer until we implement our own account recovery and account re-linking flow for all Sign in with Apple users?

Environment:

• Platform: iOS
• Development environment: Xcode
• Runtime: iOS
• Framework: AuthenticationServices
• Feature: Sign in with Apple
• Context: App Store Connect app transfer between Apple Developer teams/accounts

This issue does not appear to be specific to a particular iOS or Xcode version. We expect the development and runtime environments to be using the latest available versions of Xcode, macOS, and iOS at the time of submission.

Any guidance on the correct migration behavior and the recommended implementation approach would be greatly appreciated.