electron/osx-sign

App Groups entitlement prevents iTunes Connect app transfer. Is it really needed?

nikolajvonholck opened this issue · 7 comments

Hi

Thanks for this great package – it makes it very smooth to publish electron apps for macOS! :)

By default, the option 'pre-auto-entitlements' is enabled, which adds an application groups entitlement. However, when an app is compiled with this entitlement, it's not possible to transfer it to another developer team in iTunes Connect.
app transfer
I've looked into my app's group container, and it doesn't contain any files – why is com.apple.security.application-groups added at all (in util-entitlements.js)? What happens if I set 'pre-auto-entitlements' to false?

Thanks in advance! :)

Hi @nikolajholck, thanks for reporting this issue!

Regarding the application group entitlement inserted, it is used to facilitate IPC. Otherwise it may introduce graphics performance glitches with the app. So I would recommend keeping pre-auto-entitlements.

Starting from Electron v1.1.1, a new mechanism was introduced to satisfy IPC (see electron/electron#5601).

I'm not very sure what can be a good solution for this scenario, since it's not very comprehensively documented on https://developer.apple.com/library/content/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Chapters/TransferringAndDeletingApps.html. However, does iTunes Connect allow app transfer of app only historically having an application group? (Then we can probably work our way around it.)

cc: @kevinsawicki

Hi @sethlu, and thanks for your quick response and explanation! :)

I have sent a message to iTunes Connect support and asked if it would become possible to transfer the app if I remove the entitlement in an update. I'll return when I hear from them! :)

@nikolajholck cool! Good luck & do keep us updated! 😸

It appears that it's impossible :( I got the following response from iTunes Connect Support:

I have reviewed your enquiry and found that once the app has the entitlement included, an app transfer will not be possible, even if you submit a new version without the entitlement. However, you can transfer the app via the binary reassigned process.

By completing this process, the app will effectively be a new and separate app on the Mac App Store. This is of course extremely inconvenient for us, but there's not really anything to do about it :)

@sethlu perhaps there is a way to warn future users that using Electron for Mac App Store apps has this drawback? :)

@nikolajholck I'm sorry to hear that. 😢 Yet thanks for letting us know! I will post a notice soon on the README doc so future users can know about this.


I'll close the issue once the notice's posted.

@nikolajholck Just updated the README. Thanks again for reporting this issue! 👍

Thanks @sethlu, looks good 👍 And thanks for your quick responses and for your work on this package! :)