ApplicationTokens changing

Question

Created Jun ’23

Replies 4

Boosts 4

Views 1.1k

Participants 5

We persist ApplicationTokens in a storage container that ShieldConfigurationExtension has access to. In rare, cases all the ApplicationTokens for a user seem to change.

We know this because the Application parameter passed into configuration(shielding application: Application) -> ShieldConfiguration function has a Token that does not match (using == ) any of the ones we are persisting in storage.

Interestingly, the persisted ones still work, so I don't believe storage has gotten corrupted or anything. We can use them to add or remove shields, we can use them to display labels of the apps they represent, etc. But they don’t match what’s passed into the ShieldConfiguration extension. If the user goes into the FamilyPicker at this point and selects an app of a token that we are already persisting, the FamilyPickerSelection will have a token matching the new one that is passed into ShieldConfigurationExtension, not the one we persisted when they last selected that app.

This leads me to believe the tokens are updated/rotated in some cases. When and why does this happen, and how can we handle it gracefully?

Boost

Answer 1

leopoldot OP

Nov ’23

We have the same issue. is there any update on this?

1

Answer 2

Holdom OP

Feb ’24

Did you ever solve this problem?

1

Answer 3

thomas_maht OP

Apr ’24

One situation where this can occur is if you join an iCloud family. I suppose that since tokens are intended to be shared among family members in some manner, they will be updated at this moment. I hope this helps!

1

Answer 4

Quappi OP

2w

For further reference, this is the same issue that has been reported on here:

https://forums.developer.apple.com/forums/thread/758325

It has been reported to Apple by multiple different App Developers after the bug was introduced in iOS 17.5 early 2024.

As of today, the bug has not been acknowledged by Apple. They haven’t shared any workaround either, nor did they provide a roadmap for the bug fix.

When this regression was introduced, I would’ve expected a bug fix to be shipped in iOS 17.6 or iOS 18 – but here we are on iOS 18.1 beta 4 and that weird behavior still reproduces just fine.

I did some additional debugging and provided a sample project to Apple:

As an example, the ApplicationToken that is provided from the FamilyActivityPicker looks like this:

{
  "data": "AAAAAAAAAAAAAAAAKkToQ2HBrz\\/mb1b5nBgxUGvTxFdokb1dbbM9w8aRhfFTiSv2eMY\\/G6E\\/apO4whQ2nUhLdje0YZngcsi7bysG1HGeSwLQsEgVsJEgzXWMpej7eFdLMOJPPU3+8s61R0MljkHltNcE1JVek59MD9V3+5M4MOQ="
}

The ApplicationToken that is then later provided to my ShieldConfigurationDataSource and ShieldActionDelegate looks like this however:

{
  "data": "AAAAAAAAAAAAAAAA0vp9A47itDEtRFJBo1qTIcnqhPUqGPgXo9lsfUwtJznfeI8C0\\/mKPRCjuNlXw7Vv4fUbglMx+A4I6v7MKZvmIfWMbR+ufOy14e6SZMsvPd6k76Mu3dmMv98QAKDKwNEKJv7aLpH2JT7RPEqttrv1vBhHKPs="
}

In simple words, a completely different token.

So far I wasn’t able to dig any forther to figure out if there is actually a way to connec these two Tokens together, but I thought I’d share this nonetheless.

0