Keychain Group

Question

Created 4d

Replies 4

Boosts 0

Participants 2

Dear Apple Developer Support Team, I would like to inquire whether there is a stable and official method to obtain the correct Team ID. When my app attempts to store data in the Keychain on a physical device, the retrieved Team ID is an unknown one and does not match the Team ID of my developer certificate. This issue consistently results in Keychain access failure with error code -34018. Could you please advise the root cause and provide a reliable solution to fix this Team ID mismatch and resolve the -34018 Keychain error?

NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys:
                           kSecClassGenericPassword, kSecClass,
                           @"bundleSeedID", kSecAttrAccount,
                           @"", kSecAttrService,
                           (id)kCFBooleanTrue, kSecReturnAttributes,
                           nil];
    CFDictionaryRef result = nil;
    OSStatus status = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef *)&result);
    if (status == errSecItemNotFound)
        status = SecItemAdd((CFDictionaryRef)query, (CFTypeRef *)&result);
    if (status != errSecSuccess)
        return nil;
    NSString *accessGroup = [(__bridge NSDictionary *)result objectForKey:kSecAttrAccessGroup];
    NSArray *components = [accessGroup componentsSeparatedByString:@"."];
    NSString *bundleSeedID = [[components objectEnumerator] nextObject];
    CFRelease(result);
    return bundleSeedID;

Boost

Answer 1

DTS Engineer OP

Apple

3d

I suspect you’re confused by the various 10-character identifiers used by code signing. I recommend that you have a read of Code Signing Identifiers Explained, and specifically the entries on Team ID, User ID, Team Member ID, and App ID prefix.

the retrieved Team ID is an unknown one and does not match the Team ID of my developer certificate

There are two possibilities here:

Your app uses a unique App ID prefix, which by definition doesn’t match your Team ID.
You’re using your Team ID as the App ID prefix, but you’re misreading the Team ID in your code signing certificate.

It’s hard to tell which of this is correct without more context. What value do you get back in bundleSeedID? Does it match C____2____? If so, that’s your Team ID, which suggests you’ve hit the second case I’ve described above.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

iceboy OP

2d

Thanks for your reply.I'm not sure which ID I'm getting, but this issue only happens on a few individual devices. Could I add an AppIdentifierPrefix entry to info.plist with the value set to $(AppIdentifierPrefix), then retrieve the currently used group by calling [[NSBundle mainBundle] objectForInfoDictionaryKey:@"AppIdentifierPrefix"];? Since the keychain group prefix is formatted as <TeamID>.<GroupName>, I'm having trouble getting the correct TeamID.

0

Answer 3

DTS Engineer OP

Apple

2d

Just to be clear, both U4ALRF5A38 and VELCFRZBHZ are Team IDs.

this issue only happens on a few individual devices.

I’d like to clarify that point. So your app works on most devices? And then fails on some specific ones?

Are the failing devices ones that you control? Or are you investigating this based on reports coming in from your users?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 4

iceboy OP

19h

It’s a device from the testing department, and it cannot be debugged. Currently, I’m exporting the logs by writing them to a file.The error occurs regardless of whether the group is correct or not. The same IPA file is installed on both this problematic device and the normally functioning devices.

0