Recently, I faced this warning with one of the app store upload. It’s always bit mysterious with iOS application errors and warnings. You never know until you face the issue. So I think it’s very important to understand the background and get to the bottom of it.
Why, you Must ? COZ
Quoting from app store review guidelines :We will reject Apps for any content or behavior that we believe is over the line. What line, you ask? Well, as a Supreme Court Justice once said, “I’ll know it when I see it”. And we think that you will also know it when you cross it.
Anyways, It started with transferring all the apps from one Apple developer account to another. So, I ended up creating all new certificates, APP IDs and provisioning profile to upload a new version of the existing app. So I am gonna use these new certificates and APP ID for existing app which was uploaded using different certificate and app id.
Hence the below warning :
The application identifier entitlement value has changed. the previous version of the software has an application identifier value of [‘423Y43FF434D.com.mycompany.myapp’] and the new version of the software being submitted has an identifier [‘3434323423YS.com.mycompany.myapp]. This will result in loss of keychain access.
If you compare the application identifier in existing app version (423Y43FF434D) and new app(3434323423YS) both are different. so will it create a problem ? To understand that, let’s find out what an APP ID is :
Quoting from apple docs: “An App ID prefix is a unique identifier used to group a collection of apps so they can share keychain and UIPasteboard data.“
It means, all apps with same APP ID(In this case, 423Y43FF434D) can share the keychain data if new version is uploaded with same APP ID. How’s that ?
Quoting from apple docs: “Every keychain item in iOS contains an attribute called the keychain access group. An iOS app can only access those keychain items it has permission to. This permission comes from the code signing entitlements stamped into the app when it is signed (using your current App ID prefix).”
Hmm…Interesting isn’t it ? So it was APP ID which was making sure that even if I upgrade to a new version of the app, I don’t have to enter my login details again. Pretty useful right. BUT,
Quoting from apple docs again: A one-time loss in keychain data will occur if you switch your App ID prefix.
It means new APP ID will have new keychain access group but the keychain access group used by previous version of app will be ABANDONED. Doesn’t really sound that good, is it ?
But it also mentions, This may have only minor implications in some cases. For example, if your keychain usage is modest it might not be a big deal for you to make a change: apps that simply store a user password in the keychain for convenience, may decide to change their App ID prefix to their Team ID based App ID prefix at the small cost of requiring the user to re-enter their password one more time.
Basically, If existing app in app store uses and store any data in the keychain will not accessible to the new version of the app with new APP ID. So, the new version of the app has to store or collect all the data again and store in new keychain access group. That’s it.
So, the implications are completely depended upon the usage of keychain in your app. At worst, App just needs to collect and store data in the keychain again. Sounds good right, at least we know that our app won’t get rejected or crash for some mysterious reason.
Hope this helps to all other iOS geeks out there. Happy coding!!
iPhone/iPad geeks world 