By the end of October, all Lumi Wallet users using iOS devices will be logged out of their wallets because of the legal restructuring of the Lumi company. It might lead to thousands of users losing access to their funds forever.
Sound ridiculous? Let me explain in detail.
In February 2020, our company incorporated a new legal entity in Cyprus due to a strategic decision to be fully incorporated in Europe. Previously we had a legal entity in Hong Kong that was enrolled in the Apple Developer Program.
(Disclaimer: The author is the CEO at Lumi Wallet)
As we have already started the restructuring of the company and the liquidation process of the HK entity, we needed to change the legal entity in the AppStore too.
After reaching out to Apple Developer Support, Lumi was advised to create a new Apple Developer account using the Cyprus company and to transfer the Lumi app to the newly created account.
We decided that everything was fine and did strictly as advised. It took us about several weeks and $99, everything was done, and we had transferred our apps.
While preparing a new app version release we received an email from App Store Connect saying:
“We identified one or more issues with a recent delivery for your app, "Lumi Crypto Wallet" ...Your delivery was successful, but you may wish to correct the following issues in your next delivery: ITMS-90076: Potential Loss of Keychain Access - The previous version of software has an application-identifier value ['TeamID-XXX.com.lumiwallet.HD'] and the new version of software being submitted has an application-identifier of ['Team ID-YYY.com.lumiwallet.HD']. This will result in a loss of keychain access.”
That definitely surprised us (in a negative way), as in different words it says that ALL our users will be logged out from the application if we release a new version from the new account because our Team ID has changed and the Lumi app will no longer have access to the Keychain as the keychain pass includes the Team ID in its string.
Lumi is a client-side crypto wallet with no access to users' private keys. They are generated on users' devices and kept in iOS encrypted storage - the Keychain. Every time a user opens the Lumi application, it uses private keys held in the iOS keychain to run the wallet.
Put simply, by making the transfer the Lumi app will no longer be able to retrieve users’ private keys from encrypted storage because the new keychain pass doesn’t match. It has basically led to a huge disaster for both users and the Lumi company.
A lot of users may lose significant or even huge amounts of money and they will definitely blame Lumi for it.
So, we were not ready to accept it and transferred the apps back to the old account to release new updates, meanwhile we started to beat off Apple Support thresholds looking for help.
We had two scenarios in mind that could help:
The first obviously seems more realistic as far as it can be done almost manually, while the Team ID is a part of the dev system and its change might lead to unpredictable consequences (frankly - no idea, maybe it is easier).
The first support manager gave me the already-known answer, so they just cited their documentation: “A one-time loss in keychain data will occur if you switch your App ID prefix”, he was even highlighting that it will only one-time, pretending that “once” is not that bad...
I repeated clearly that we needed to find a solution, so the call was transferred to Senior Support manager Samantha.
Let me summarize the discussion:
Waited for two more weeks with no update.
Now we are preparing to inform our users that they will be logged out and are trying to aggressively insist on writing down their private keys to restore access later.
BTW this is a disaster for Lumi‘s reputation!
Crypto adoption is one of the most difficult things for a product creator, it is so hard to create a trustful product, to explain how extremely important it is to backup crypto private keys (keep an additional copy of it) in order not to lose access to funds, and here we are, facing the AppStore leaving users without access to their private keys with no attempt to help!
There might be some commentators who would suggest something like:
But let’s please keep these great ideas out of this discussion.
To sum up, I, Diana, CEO of Lumi Wallet, am writing this article to draw the attention of Apple Support to solve this quite trivial issue. I totally understand that most support managers don’t have much authority and follow strict guidelines, but when they face a case that they are not capable of solving, they must send it up to higher management and not to harm businesses that work hard to come up with the best solutions on the market, that are distributed through their store.
If we proceed with no answer from Apple, we will definitely deal with hundreds or even thousands of users that will lose their crypto. Unfortunately, we have no responsibility over that, as we have zero control over users’ private keys, but Apple will definitely hold part of the blame.
That is not the first case showing that Apple does not care about crypto business interests. Why are Lumi, Trust, and Coinbase confined to adding dApp browsers inside their applications, but Metamask is fully allowed to provide access to even dices and casinos?
(Disclaimer: The author is the CEO at Lumi Wallet)