App Store Connect & iOS 18: New Identity APIs, App Signing, and Enterprise Implications

Apple has released a significant update to App Store Connect, coinciding with the launch of the iOS 18 and macOS 15 developer betas. This release introduces new identity and security APIs, improved App Store Connect workflows, and enhanced privacy features that impact both enterprise IT administrators and app developers. Here’s what shipped, what’s coming, and how to respond.
WHAT APPLE JUST SHIPPED
App Store Connect Update: The latest App Store Connect release (June 25, 2024) delivers:
- Support for App Store Connect API v3 endpoints with expanded access to managed Apple ID data and app distribution metadata.
- Improved release notes visibility and workflow for tracking app version changes and entitlement requirements inside App Store Connect.
- Integration with iOS 18 and macOS 15 beta features, including new identity signals for Passkey and Sign in with Apple flows.
- Mandatory app signing using Xcode 16 for submissions targeting iOS 18/macOS 15, which enforces stricter identity validation and notarisation requirements.
Platform requirements:
- iOS 18.x, iPadOS 18.x, macOS 15.x, tvOS 18.x required for new identity and authentication APIs.
- Xcode 16 or later required for building and signing apps with new entitlements.
WHAT’S COMING
Announced at WWDC 2024 and reflected in the developer betas and documentation:
- Sign in with Apple Updates: Enhanced OIDC flows, improved private email relay management, and better integration with Managed Apple IDs.
- Passkeys Expansion: iOS 18/macOS 15 deliver cross-platform passkey sync, third-party identity provider support, and improved FIDO2 credential management via iCloud Keychain.
- App Privacy Reports: App Store Connect now surfaces privacy signals, tracking indicator compliance, and App Tracking Transparency changes for enterprise distribution.
- MDM & Declarative Device Management: New payloads for controlling identity-related features, including SSO extension configuration and passkey enforcement.
- Digital Credentials API: Early support for ISO 18013-5 driver’s license integration in Wallet and Verifiable Credentials for enterprise document workflows.
WHY THIS IS BETTER
- Stronger App Identity: Apps signed with Xcode 16 and targeting iOS 18/macOS 15 benefit from improved Secure Enclave integration, enhanced entitlements, and stricter notarisation checks compared to previous versions.
- Unified Authentication: Passkey and Sign in with Apple updates allow developers to implement passwordless flows that are more secure and privacy-preserving than legacy OAuth or username/password schemes.
- Enterprise Visibility and Control: Managed Apple ID and ABM/ASM integration is now surfaced via the App Store Connect API, enabling automation and compliance monitoring that was previously manual.
- Privacy and Compliance: App Privacy Reports and ATT changes provide granular tracking and enforcement, helping admins comply with GDPR, CCPA, and Apple’s own privacy mandates.
HOW TO IMPLEMENT OR RESPOND
For Developers
To support the new identity APIs, update your authentication flows and app signing processes:
- Upgrade to Xcode 16 and enable the new entitlements for Sign in with Apple and Passkeys:
- Use App Store Connect API v3 to automate Managed Apple ID and entitlement checks:
import AuthenticationServices
// Updated Passkey flow (iOS 18+)
let credentialProvider = ASCredentialProviderExtension()
credentialProvider.beginRequest(with: ASAuthorizationPasswordProvider())
let passkeyRequest = ASAuthorizationSecurityKeyPublicKeyCredentialProvider().createCredentialRegistrationRequest()
let authorizationController = ASAuthorizationController(authorizationRequests: [passkeyRequest])
authorizationController.delegate = self
authorizationController.performRequests()
// Example: Fetch Managed Apple ID metadata
let url = URL(string: "https://api.appstoreconnect.apple.com/v3/managedAppleIds")!
var request = URLRequest(url: url)
request.setValue("Bearer <your_token>", forHTTPHeaderField: "Authorization")
let task = URLSession.shared.dataTask(with: request) { data, response, error in
// Parse response for compliance checks
}
task.resume()
For Enterprise IT Admins
Update your MDM payloads and device policies to enforce the new identity features:
- Configure SSO Extensions and Passkey Enforcement in your MDM profiles:
- Audit App Privacy Compliance using App Store Connect and MDM reports:
<dict>
<key>PayloadType</key>
<string>com.apple.ssoextension</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>com.example.enterprise.sso</string>
<key>PayloadDisplayName</key>
<string>Enterprise SSO Extension</string>
<key>ExtensionIdentifier</key>
<string>com.example.ssoextension</string>
<key>EnforcePasskeyAuthentication</key>
<true/>
</dict>
# Check App Privacy Report status
mdmctl device privacy-report --app com.example.enterprise --output privacy_report.json
WHAT TO CHECK
- Device Audit: On an iOS 18 or macOS 15 beta device, verify that your app is signed with Xcode 16 and includes updated entitlements (using
codesign -dvv). - App Store Connect: Navigate to App Store Connect > My Apps > Privacy to confirm ATT compliance and new privacy signals.
- MDM Console: Ensure SSO Extension and Passkey enforcement payloads are deployed and active for your Apple fleet.
- API Response: Validate that App Store Connect API v3 returns managed Apple ID metadata and entitlement data.
BOTTOM LINE
Enterprise admins and developers must update to Xcode 16, review identity entitlements, and adapt MDM policies for iOS 18 and macOS 15. Test authentication flows, automate privacy compliance checks, and leverage new App Store Connect APIs for managed Apple ID integration. Prioritise these updates before general availability to maintain app distribution and enterprise security posture.