I’m slightly confused about how are CloudKit containers supposed to handle app transfers. I’m seeing some strange too-permissive security behavior, and I am not sure whether this is a feature or a bug 🙂
Here’s the setup:
I had an app with bundleID com.example.something, talking to a CloudKit container also called com.example.something, all under the same developer account A. All was well.
I then transferred the app from developer account A to developer account B. The bundle ID or anything else about the app did not change, just the ownership. Must now also sign new builds of the app with credentials for account B, as expected. HOWEVER: the CK container also did not change at all, and remained under development account A.
What I am seeing now: the app signed by developer account B can still access the CK container under developer account A. No bundle IDs or CK ID-s changed, so I can sort of understand this, but at the same time, it seems strange.
There is no security risk to my data, as this app only uses "read" operation of the public database. I didn’t try any other operations or private databases.
Is this a bug and could it stop working? Or is this a feature which will remain working? This tells me that under certain conditions, any app can read the CK container of any other app from any developer account, if they know the correct CK container ID to talk to. Is this expected? (Or maybe it only keeps working because they were previously under the same developer account, and the system knows to keep this connection? And if I were try to randomly read any other app’s container, it would fail?) Any docs or guidance from Apple?