Sign in with Apple" broke after update–losing data for a third of users

38 points

a year ago

We run ASO.dev, a tool helping developers manage their App Store metadata and visibility. On May 3, 2025, we faced a critical issue: “Sign in with Apple” stopped working properly for all users, resulting in the complete loss of access for one-third of our users—specifically, those using Apple’s private relay emails.

What exactly happened?

• Apple began returning a completely new userIdentifier for existing Apple IDs, without users initiating any changes. This effectively made user authentication impossible, as we can no longer match users to their existing data. • The email field now always returns null. Although this behavior is typical for subsequent sign-ins, it’s irrelevant in this case because the userIdentifier itself changed, leaving no way to identify existing accounts. • Previously issued relay emails (@privaterelay.appleid.com) no longer accept emails—we verified this with bounce tests. • Users also report that our app has disappeared from their Apple ID’s authorized apps list.

Important context:

• We migrated our Apple Developer account from Individual to Organization about a year ago. • Everything worked perfectly until the May 3, 2025 update. • The incident occurred precisely on the day Apple released updates to the Developer Console (Accounts, Profiles, etc.). We strongly believe these internal changes at Apple triggered the issue.

Consequences:

• Every user received a new userIdentifier, meaning our system sees returning users as entirely new, breaking the link to their historical data. • One-third of our users, who registered via Apple’s private relay email, are now completely unreachable: • We can’t contact them (emails bounce). • We can’t restore their access (new IDs don’t match old accounts). • We have sent three support requests to Apple via email—no reply or acknowledgment yet, with no escalation path or live chat available.

⸻

We were fortunate because ASO.dev also supports an alternative sign-in method (email with a one-time login code). Without this alternative, we would’ve permanently lost access for every user who originally signed in with Apple.

⸻

We’re openly sharing this story to:

• Warn developers who rely solely on Apple Sign-In and relay email addresses. • Connect with others who’ve faced similar issues—let’s share experiences. • Draw Apple’s attention to this critical problem—currently, there is no documented solution and no available support.

Never rely solely on Apple ID authentication. Always implement a fallback method, as even major ecosystems can fail unpredictably.

aso.dev