I just wanted to give an update on where we’ve got to with the logout bug that many of you have been experiencing.
First off, a massive apology for the amount of bother this has caused. It’s really tedious having to sign in every time, and isn’t something you should really ever have to do more than about once a year (i.e. when you first sign up or get a new device). This issue has been compounded by email delivery issues, which are being addressed separately.
I also wanted to say a big thanks to everyone who reported the issue, sent bug reports, and even did some in-depth sleuthing (special shout-out to @RichardR)
tl;dr We’ve found a reproducible cause for logouts and are shipping an update to TestFlight today and the App Store next week.
We now believe we’ve found the cause of logouts for the majority of people.
First, TestFlight: as some alpha testers found, the widget (Today Extension) caused a logout. This was due to a mismatched version number between the widget and the app. We use version numbers as part of our database schema versions. When the app attempted to access the database after the widget, it found its schema version was lower than that of the database, causing the database to be cleared, and thus a logout.
For the majority non-TestFlight users, a more subtle issue was present in which we were firing an event that attempted to access our database before it had been migrated for a schema change between version 1.6 and 1.6.1. Normally, this should succeed (if the database is not migrated, access simply returns nothing), but for a subset of users this was causing an exception to be thrown and, again, a logout. We’ll investigate what the conditions are that cause this to fail for only some users, but either way this bug is now squashed
Finally, an issue that @RichardR highlighted with background refresh: whilst we couldn’t reproduce it, background refreshes don’t currently have a guard to check keychain accessibility before running. If a device’s keychain became inaccessible, it could in theory cause loss of access to authentication tokens, leading the app to believe the user should not be logged in and show the login flow. As a precaution, background refresh is now additionally guarded.
We’ve also added a bunch of extra metrics around keychain and database failure modes and lots more tests. We’re shipping an update to TestFlight today (assuming all gets approved in good time) and an update to the App Store next week
Huge thanks again to everyone who got involved in figuring this out, you folks are all awesome