WARNING ITMS-9000: "Potential Loss of Keychain Access" - ios

I've got the following warning while uploading a new version of the application:
WARNING ITMS-9000: "Potential Loss of Keychain Access. The previous version of software has an application-identifier value of ['52T2NMS37N.com.(my-app-id)'] and the new version of software being submitted has an application-identifier of ['FCGA72C62G.com.(my-app-id). This will result in a loss of keychain access. For more information, please consult (url)".
The issue may be because the application was transferred into another account.
The build was uploaded with the warning, but what does it mean?

From Apple's Documentation Archive, on Resolving the Potential Loss of Keychain Access warning
Potential Loss of Keychain Access. The previous version of software has an application-identifier value of 'A1B2C3D4E5.com.company.app' and the new version of software being submitted has an application-identifier of '5E4D3C2B1A.com.company.app'. This will result in a loss of keychain access.
Note: This is a warning, not an error. You have the option of proceeding with the submission regardless of this warning, however this document should be used to determine whether you can safely ignore it.
This warning indicates that the App ID prefix of the pending submission differs from the App ID prefix of the live app in the app store.
Important: The only apps that can safely ignore this warning are those that do not use technologies that rely on the App ID prefix, like keychain access, Handoff, and UIPasteboard sharing.
Note: Apps that are migrating their App ID from an arbitrary Bundle Seed ID to their more-modern Team ID should expect this warning, and proceed with the submission.
For apps that do utilize technologies that rely on the App ID prefix, this warning should not be ignored. The Potential Loss of Keychain Access warning is an indication that the app was code signed with the wrong provisioning profile.
To resolve the problem:
You must locate or re-create a provisioning profile that uses the correct App ID prefix on the Certs IDs & Profiles website.
Click Edit on the profile to be certain the prefix is correct.
Click Download and save the profile to disk.
Optionally double check the App ID Prefix on the downloaded profile using the Terminal command in: How do I check the entitlements associated to my Provisioning Profile?
Drag the profile onto the Xcode icon on your Dock to install it.
Re-submit the app and code sign it with the newly restored profile that is associated to the right prefix.
"Keychain access" refers to all the functions in the Keychain Services Reference.

I think that the prefix is relationship to Apple Id. I migrate my App to other Apple Id and when i re create the App Id, was created a new prefix Id.

This error happened when I tried to submit an update my app. I got this working by setting the Provisioning Profile to a specific one instead of the default 'Automatic' setting which seems to use some default XC one.

If you have transferred your app from once organisation to another :
Note : A one-time loss in keychain data will occur if you switch your App ID prefix
https://developer.apple.com/library/archive/technotes/tn2311/_index.html#//apple_ref/doc/uid/DTS40014135-CH1-A_ONE_TIME_LOSS_IN_KEYCHAIN_DATA_WILL_OCCUR_IF_YOU_SWITCH_YOUR_APP_ID_PREFIX

I had same issue, finally resolved by deleting the provisional profile at ~/Library/MobileDevice/Provisioning Profiles. and then downloading new from developer profile.
Go to the Finder then List item From the “Go” menu navigate down to “Go to Folder”
or Hit Command+Shift+G from the Mac OS X desktop or a Finder window
Search below Path ~/Library/MobileDevice/Provisioning Profiles
Delete the profile which has wrong Bundle ID, if you click on file MacOS X will show details. You can verify the bundle ID.

I had the same warning. In my case I have a wild card application identifier.
So first of all I found this appID '5E4D3C2B1A.com.company.app' and removed it. Then I created new appID, but change teamID to 'A1B2C3D4E5'. As result I got a correct appID like this 'A1B2C3D4E5.com.company.app'.
Then I regenerate all provision profile and everything works well. App didn't have strange behaviour in production.
But, pay attention please, I did it with wild card and I'm not sure if everything will be well with explicit application identifier.

This is a warning not an issue, when i got this error my build was
published to test flight by the way.
Scenario - When you transfer app from one account to another and then publish a build to appstore you get this error

Related

app store submit success but loss of keychain warning

I received this notification from app store team after submit app.(it's updated version)
Dear developer,
We have discovered one or more issues with your recent delivery for "XXX". Your delivery was successful, but you may wish to correct the following issues in your next delivery:
Potential Loss of Keychain Access - The previous version of software has an application-identifier value of ['EZQ6M662W5.11211'] and the new version of software being submitted has an application-identifier of ['XLHNTWNU3H.11211']. This will result in a loss of keychain access.
If you would like to update your binary for this app, you can redeliver your binary.
Regards,
The App Store team
any idea?
Apple have an answer for you here: https://developer.apple.com/library/content/qa/qa1726/_index.html
Q: How do I resolve the Potential Loss of Keychain Access warning?
A:
Potential Loss of Keychain Access. The previous version of software has an application-identifier value of 'A1B2C3D4E5.com.company.app' and the new version of software being submitted has an application-identifier of '5E4D3C2B1A.com.company.app'. This will result in a loss of keychain access.
Note: This is a warning, not an error. You have the option of proceeding with the submission regardless of this warning, however this document should be used to determine whether you can safely ignore it.
This warning indicates that the App ID prefix of the pending submission differs from the App ID prefix of the live app in the app store.
Important: The only apps that can ignore this warning without consequences are those that do not use technologies that rely on the App ID prefix, like keychain access, Handoff, and UIPasteboard sharing.
Apps that should expect this warning and proceed with the submission regardless are:
Those that are migrating their App ID prefix from an arbitrary Bundle Seed ID to their more-modern Team ID as documented in Technical Note TN2311 - Managing Multiple App ID Prefixes.
Those that are submitting the first update for a recently acquired app via App Transfer.
Note: Apps receiving this warning due to App Transfer should read TN2311 > A one-time loss in keychain data will occur if you switch your App ID prefix and understand that it's not possible for a transferred app to maintain access to the prior keychain associated with the App ID prefix of the previous owner.
For apps that do utilize technologies that rely on the App ID prefix, this warning should not be ignored. The Potential Loss of Keychain Access warning is an indication that the app was code signed with the wrong provisioning profile.
To resolve the problem:
You must locate or re-create a provisioning profile that uses the correct App ID prefix on the Certs IDs & Profiles website.
Click Edit on the profile to be certain the prefix is correct.
Click Download and save the profile to disk.
Optionally double check the App ID Prefix on the downloaded profile using the Terminal command in: How do I check the entitlements associated with my Provisioning Profile?
Drag the profile onto the Xcode icon on your Dock to install it.
Re-submit the app and code sign it with the newly restored profile that is associated with the right prefix.
"Keychain access" refers to all the functions in the Keychain Services Reference.

Application Identifier Entitlement Value has Changed?

I just got this warning when submit my app to app store, it is just warning, not error. This app was transferred from another developer account to my account before, so the prefix of the App ID is changed.. I think this should be unavoidable, but since I got this warning, what does it affect my app actually? What Keychain access would be lost?
Have you transferred the app from another developer account to your one? The previous provisioning ID will obviously be different.
UPDATE - For clarification
I have noticed that this answer is getting a lot of views so I will just edit it to include my further explanation from the comments below.
Basically the previous version of your application will NO longer be able to access keychain in order to save secure strings such as passwords (if it contains this functionality). This is because the distribution/provisioning profile it was signed with contains a different ID than the one you are using in your new distribution/provisioning profile because you have transferred your app from a previous account to your new one.
However any NEW versions of your app which are signed with the latest distribution/provisioning profile WILL be able to access keychain as normal in order to save secure data if they need this functionality because they are signed with a distribution/provisioning profile which contains the latest App ID for that app.
The warning informs you that your updated app will not be able to access items previously saved in the keychain. The old version of your app can still access and store items in the keychain, just like the new version. However the two versions cannot share information in the keychain.
In summary, all data saved in the keychain will be lost once a user updates to the new version. All information stored in UIPasteboard will also be lost.
You can see this message if:
The app was transferred to your account and you are updating it for the first time. In this case there is nothing you can do to prevent the warning (and side effects).
Your app was added to iTunes Connect before June 2011 and you recently updated the provisioning profile used by the app. Either your old provisioning profile was using a wildcard (*) App ID and the new one is now using a specific App ID, or the opposite (less likely). In the later case you can switch back and avoid the warning (choose the correct provisioning profile in Xcode). In the other case, chances are your app needs access to services like Game Center, Push Notifications (or anything that a wildcard App ID will not let you use) and you cannot avoid the warning.
If you want more details, the warning is related to the fact that App ID prefixes are attributed by Apple and cannot be changed. Check the "App IDs" section in Apple's "Certificate, Identifiers & Profiles" page (https://developer.apple.com/account/ios/identifiers/bundle/bundleList.action - you need to sign in), press on an ID and look at the "Prefix" field. You can also check Apple's Technical Note 2311 https://developer.apple.com/library/ios/technotes/tn2311/_index.html
Lastly, you might thing you could avoid the warning by changing the Keychain Access Groups (keychain-access-groups) field of your provisioning profile. This will not work as Apple will not let you have different prefixes for the App ID and for the Keychain Access Groups.
As of the stricter security in iOS 8.1.3, this is much more serious than the warning suggests; see https://developer.apple.com/library/ios/technotes/tn2319/_index.html#//apple_ref/doc/uid/DTS40013778-CH1-ERRORMESSAGES-UPGRADE_S_APPLICATION_IDENTIFIER_DOES_NOT_MATCH_THE_INSTALLED_APP. It seems like the mismatch causes a failure to upgrade to the new version. When I try to update via Xcode, it fails with an error to the device console like that in the Tech Note: “Upgrade's application-identifier entitlement string [....] does not match installed application's application-identifier string [....]; rejecting upgrade.” Trying to update via iTunes seems to fail silently.
I hope that the answer is simply “this error is simply an indication that Xcode has chosen the wrong provisioning profile,” verified as in https://developer.apple.com/library/ios/technotes/tn2318/_index.html#//apple_ref/doc/uid/DTS40013777-CH1-TNTAG65. But I last submitted my app many Xcode versions ago, and finding the right one may be a challenge.
Note the phrasing “Xcode has chosen the wrong provisioning profile”; to make sure that it chose the profile you thought you chose, click on the arrow next to the chosen profile’s truncated name in the archive verification dialog. To double-check this, submit to the App Store with a known error (I inadvertently used a missing icon), so that you see whether the warning appears.

Creating a Provisioning Profile for my IOS App that will enable 3rd party to test my app

I keep getting my App rejected by a 3rd party, (Nuance), because I evidently haven't been able to create a correct provisioning profile. Their install log says
"Application fails to install. Error says that a valid provisioning file was not found for this executable."
Now this is just a guess, but I'm thinking that when I create the provisioning profile, I am selecting the wrong App ID. The interface on the Apple developer site looks like this
https://developer.apple.com/ios/manage/provisioningprofiles/index.action
I select the Distribution tab, and then New Profile. My doubt comes when I need to pick from the drop down list of App Id's it offers. Some of them are probably bogus, but without just serial guessing and submission, I don't definitively know which is the right one. Is there a way to verify my choice by looking in Xcode somewhere?
You could look at your project target summary tab and check the bundle identifier.
Your app id should be created for that bundle (unless its with a wildcard).

Submitting an App to the App Store that uses iCloud, invalid entitlements

I have an app I tried to submit to the app store. Like many others I'm getting the following e-mail from the app store approval process. The answer to the other questions seems to be, uncheck iCloud from the App ID, but my app uses iCloud and I wouldn't want to lose that functionality. Has this been solved yet?
I did double check that my App ID's Bundle Identifier matches the value of the items that are entered in the Entitlements area of the Target Project. Thanks for your help!
Dear Developer,
We have discovered one or more issues with your recent binary
submission for "XXXXXX". Before your app can be reviewed, the
following issues must be corrected:
Invalid Code Signing Entitlements - The signature for your app bundle
contains entitlement values that are not supported. For the
com.apple.developer.ubiquity-container-identifiers entitlement, the
first value in the array must consist of the prefix provided by Apple
in the provisioning profile followed by a bundle identifier suffix.
The bundle identifier must match the bundle identifier for one of your
apps or another app that you are permitted to use as the iCloud
container identifier.
Specifically, value "XXXXXXX.com.xxxx.xxxxxx" for key
"com.apple.developer.ubiquity-container-identifiers" in WeHeartApps is
not supported.
Once these issues have been corrected, go to the Version Details page
and click Ready to Upload Binary. Continue through the submission
process until the app status is Waiting for Upload and then use
Application Loader to upload the corrected binary.
Regards,
The iTunes Store Team
Found the answer, it seems as though my Provisioning and Distribution Profiles were out of sync. When in doubt;
delete your provisioning and distribution profiles on the iOS provisioning portal
recreate them on the iOS provisioning portal
Delete the old ones locally.
Download the new ones from the portal.
Clean the project
Drag the new profiles onto the xcode app
Do a fresh "Build for Archiving." ( Make sure iOS device is selected for this to be enabled )
Finally archive
Go to the organizer and Validate the Archive
Submit to the app store!
Cheers
For others who have apps sharing data between both Mac and iOS devices via iCloud, you will also run into this problem if you try to submit the platform which depends on the other's bundle identifier first. This is because the bundle identifier you're trying to share data with has not yet been registered as an app.
The solution is simply to submit the app whose bundle identifier you're using as the com.apple.developer.ubiquity-container-identifiers entitlement first.
For example, if you're sharing data between a Mac app with a bundle identifier of com.mycompany.osx, and an iOS app with a bundle identifier of com.mycompany.ios, you will likely choose one as the mutual data store. If you choose the iOS version, the your Mac app will have the value "com.mycompany.ios" set as your ubiquity storage and iCloud key-value storage. In this case you just need to submit the iOS app first so that the "com.mycompany.ios" bundle identifier registers as a valid app on Apple's side.

contains entitlement values that are not supported

Have created an app-id as normal.
Then created an app-store distribution profile...as normal.
Set up the game in itunes connect
Installed the profile
Built the game with GS...all goes fine.
But when I upload my binary is rejected with that error : Invalid Code Signing Entitlements
Invalid Code Signing Entitlements :
The signature for your app bundle contains entitlement values that are not supported. For the com.apple.developer.ubiquity-container-identifiers entitlement, the first value in the array must consist of the prefix provided by Apple in the provisioning profile followed by a bundle identifier suffix.
The bundle identifier must match the bundle identifier for one of your apps or another app that you are permitted to use as the iCloud container identifier.
Specifically, value "(my team bundle seed id is here).*" for key "com.apple.developer.ubiquity-container-identifiers" in basejumpxl is not supported.
Really not sure what I have done wrong...as I have done this loads of times, and never had this issue
Anyone point me in the direction of what my obvious mistake might be??
I finally successfully submitted the app, and it's now "Waiting for Review" status.
The problem is with the new "Enable for iCloud" configuration in App ID's.
Here's what I did to fix it. Hopefully this will help anyone who's having this issue.
In iOS dev portal:
Save yourself some time and just go ahead and delete the provisioning file you previously made for the new app you're trying to submit. (you may have luck by simply renewing it, but probably not.)
Go to your App ID, and click on configure. Once in configure, UNCHECK "Enable for iCloud" and click "DONE". iCloud configuration is what's causing the error. (This option had disappeared earlier, but is back again.)
Make a brand new provisioning file for Appstore distribution, and select the proper app id.
Download this new provisioning file.
Add this newly downloaded provisioning file into Xcode's organizer. Easiest way is to just drag and drop the file overtop Xcode's app icon.
Re-publish your game in Gamesalad, making sure to choose the NEW provisioning file you just created. (I went ahead and deleted the problematic provisioning file so I didn't get confused and accidentally choose the wrong one when publishing.)
Re-submit through Application Loader.
Hope this helps. :)

Resources