Hello everyone,
We are currently preparing for an App Transfer to a new Apple Developer account due to a corporate merger. We are trying to figure out the best way to handle Apple Sign-In user migration and would love to get some advice on our proposed fallback plan.
📌 Current Situation
We need to transfer our app's ownership to a new corporate entity.
The app heavily relies on Apple Sign-In.
The Issue: We did not collect the transfer_sub values during our initial development phase. Although we started collecting them recently, we will not have them for all existing users by the time the transfer happens.
🚨 The Risk (The 60-Day Rule) Based on Apple's documentation, even if we provide the transfer_sub, users must log into the app within 60 days of the transfer to successfully migrate their accounts. This means that users who log in after 60 days, or those whose transfer_sub is missing, will fail the Apple migration process. They will be treated as "new users" and will lose access to their existing account data.
💡 Our Proposed Custom Recovery Flow Since we cannot rely entirely on Apple's automated migration, we are planning to build a custom internal account recovery process to prevent user drop-off:
A user (who failed the migration or logged in after 60 days) attempts to use Apple Sign-In on the transferred app. Since the existing account isn't linked, Apple generates a new identifier (sub), and the user enters the new sign-up flow.
During the sign-up process, we enforce a mandatory identity verification step (e.g., SMS phone number verification).
We query our existing user database using this verified information.
If a matching existing user is found:
We interrupt the sign-up process and display a prompt: "An existing account was found. We will link your account."
We then update our database by mapping the new Apple sub value to their existing account record, allowing them to log in seamlessly.
❓ My Questions
App Review Risk: Could this manual mapping approach—overwriting the Apple sub on an existing account based on internal identity verification—violate any Apple guidelines or result in an App Store rejection?
Shared Experiences: Has anyone dealt with missing transfer_sub values or the 60-day migration limit during an App Transfer? How did you mitigate user loss?
Best Practices: Are there any alternative, safer, or more recommended workarounds for this scenario?