[英]App Transfer Keychain Loss: Solutions to users logging out
I transferred an app to a new developer account.我将一个应用转移到一个新的开发者帐户。 When I upload a build from the new developer account and deploy it through Testflight, I encounter that my users logged out from the app.当我从新的开发人员帐户上传构建并通过 Testflight 部署它时,我遇到我的用户从应用程序中注销。
I think this is due to the Keychain Loss, because the Team ID
changed.我认为这是由于钥匙串丢失,因为Team ID
发生了变化。 So, I contacted Apple, and they said that there is no way to have access to the old Keychain in the new developer account, but that I could transfer the app back to my old developer account.所以,我联系了苹果,他们说没有办法在新的开发者帐户中访问旧的钥匙串,但我可以将应用程序转移回我的旧开发者帐户。
This is really bad for us, since we have user-created data in the device that gets lost on logout.这对我们来说真的很糟糕,因为我们在设备中有用户创建的数据会在注销时丢失。 We also have anonymous users, and they can't even regain access to their accounts because there are no credentials to login.我们也有匿名用户,他们甚至无法重新获得对其帐户的访问权限,因为没有登录凭据。 This is not acceptable to us because we would be losing user data, but we also need to transfer the app to the new developer account... So we are trying to find possible solutions.这对我们来说是不可接受的,因为我们会丢失用户数据,但我们还需要将应用程序转移到新的开发者帐户......所以我们正在努力寻找可能的解决方案。
Far from ideal: keep using the old developer account for a month, for example, and show an alert saying something like:远非理想:例如,继续使用旧的开发者帐户一个月,并显示一条警报,内容如下:
Please save/backup all your data and signup (if you have an anonymous account) because all unsaved data will be lost on the [todays date + 1 month] due to a migration.请保存/备份您的所有数据和注册(如果您有匿名帐户),因为所有未保存的数据将在 [今天日期 + 1 个月] 由于迁移而丢失。 Sorry for the inconvenience.带来不便敬请谅解。
After a month, we transfer again to the new developer account.一个月后,我们再次转移到新的开发者帐户。 Users that didn't see the message in that month or didn't save data, bye bye data… terrible.当月没有看到消息或没有保存数据的用户,再见数据……太糟糕了。
I'm not sure if Firebase Auth iOS SDK has the APIs to do something like this:我不确定 Firebase Auth iOS SDK 是否具有执行以下操作的 API:
This second solution is kind of insecure, complicated and difficult to test, but from the user point of view, it would be more ideal than the first solution (if everything goes well).第二种解决方案有点不安全、复杂且难以测试,但从用户的角度来看,它会比第一种解决方案更理想(如果一切顺利的话)。
So, specifically my questions are:所以,特别是我的问题是:
We currently only use Anonymous & Email/Password authentication methods.我们目前仅使用匿名和电子邮件/密码身份验证方法。
Thanks!谢谢!
So, I didn't find an ideal solution.所以,我没有找到理想的解决方案。
I ended up doing a mix of solutions #1 and #2:我最终混合了解决方案#1和#2:
I transferred the app back to the old apple account我将应用程序转移回旧的苹果帐户
I uploaded a new build that:我上传了一个新版本:
a. extracts keychain data (which has login credentials and other stuff) b. encrypts this data (I used CryptoSwift) c. saves it into a file in the documents directory
Waited 1-2 months so users can open the app to perform this first part of the migration等待 1-2 个月,以便用户可以打开应用程序来执行迁移的第一部分
While waiting, we sent emails and push notifications asking users to backup their data, saying that a big migration was coming soon, with the excuse that we "grew" a lot lately and we were scaling stuff:P在等待期间,我们发送电子邮件和推送通知,要求用户备份他们的数据,并说即将进行大规模迁移,借口是我们最近“增长”了很多并且我们正在扩展东西:P
Transferred the app to the new apple account将应用转移到新的苹果账户
I uploaded a new build that:我上传了一个新版本:
a. checks if the migration file exists (in the documents directory) b. if exists, read the migration file and decrypts data c. puts this data into the keychain (which is empty after app transfer) d. deletes the migration file from the documents directory
Left this migration code for some more months so people open the app and perform migration将此迁移代码保留几个月,以便人们打开应用程序并执行迁移
Delete code, migration period is over.删除代码,迁移期结束。
I sent logs to the backend to see if migrations were successful or not.我将日志发送到后端以查看迁移是否成功。 So far, users are all migrating correctly.到目前为止,用户都在正确迁移。
There are still cases where users could lose their data, for example, when anonymous users didn't perform the first part of the migration.仍然存在用户可能丢失数据的情况,例如,匿名用户未执行迁移的第一部分时。 But I can't think of a better solution... so far data loss is minimal.但我想不出更好的解决方案......到目前为止,数据丢失是最小的。 But it also took us some time to get things right and do all the proper testing.但我们也花了一些时间来把事情做好并进行所有适当的测试。
If someone in the future has a better solution to this issue, please let me know.!如果将来有人对此问题有更好的解决方案,请告诉我。! I'm curious.我很好奇。
I hope the answer helps someone.我希望答案对某人有所帮助。
I think the Apple rep was wrong.我认为苹果代表错了。 Your keychain is tied to a bundle ID, not a Team ID.您的钥匙串与捆绑 ID 绑定,而不是团队 ID。
Suppose for example that you transferred SomeApp from the original app owner, OldCo, to NewCo.例如,假设您将 SomeApp 从原始应用所有者 OldCo 转移到 NewCo。 The app comprises a custom keyboard, the actual SomeApp app, and an App Group.该应用程序包括一个自定义键盘、实际的 SomeApp 应用程序和一个应用程序组。 You have some Identifiers set up on developer.apple.com:您在 developer.apple.com 上设置了一些标识符:
App ID:
com.OldCo.SomeApp
com.OldCo.SomeApp.keyboard
App Group ID:
com.OldCo.SomeAppGroup
If you change these to start with com.NewCo.
如果您将这些更改为从com.NewCo.
, users will lose their iCloud data. ,用户将丢失他们的 iCloud 数据。 But if you leave them as com.OldCo.
但是,如果您将它们保留为com.OldCo.
, all should be well. ,一切都应该很好。 Note that for you to create these IDs in NewCo's developer.apple.com account, OldCo will have to remove them from their account.请注意,要在 NewCo 的 developer.apple.com 帐户中创建这些 ID,OldCo 必须将它们从其帐户中删除。 It feels weird to have NewCo owning IDs with OldCo in them, but life is weird.让 NewCo 拥有带有 OldCo 的 ID 感觉很奇怪,但生活很奇怪。
If I'm missing some nuance whereby the change in TeamID affects the keychain, please let me know, and I'll do more research.如果我遗漏了一些细微差别,即 TeamID 的更改会影响钥匙串,请告诉我,我会做更多的研究。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.