Skip to content

IR-0005: Missing dSYM Upload Due to Premature Archive Deletion – Ziraat Teknoloji (IR-2026-0224-1059)

Field Detail
Document ID IR-2026-0224-1059
Classification Confidential – Customer & Internal Use Only
Version 1.0
Date Issued 2026-02-24
Prepared By burako@appcircle.io
Reviewed By cagkan@appcircle.io
Approved By cagkan@appcircle.io

1. Incident Overview

Field Detail
Incident Date 2026-02-20
Detection Date 2026-02-24
Resolution Date 2026-02-24
Duration ~2 hours (active investigation); ~8 hours including customer follow-up
Customer Ziraat Teknoloji
Deployment Model Self-Hosted
Severity SEV-1 – Critical
Status Resolved
Incident Reference Ticket #1059

2. Executive Summary

On February 20, 2026, a build was generated and distributed via phased rollout through the Appcircle platform. During the build process, the "Delete Archive" option was enabled in the Xcodebuild for Devices workflow step for storage optimization purposes.

This configuration resulted in the deletion of the .xcarchive file immediately after IPA creation. Consequently, the required dSYM (debug symbol) files were not available for upload to Firebase Crashlytics.

The Firebase Upload dSYM step completed with a success status despite the absence of the required artifact, producing a false-positive result. This prevented crash report symbolication for approximately four days until the issue was detected.

When the phased rollout reached approximately 10% of the target user base (~100,000 downloads), the release was proactively halted by the customer in coordination with Appcircle.

The application itself remained fully operational throughout the incident. The impact was limited exclusively to crash diagnostics observability.


3. Impact Assessment

3.1 Service Impact

Dimension Assessment
Service Availability No impact – application remained fully operational
Data Integrity No impact – no data loss or corruption occurred
Data Confidentiality No impact – no unauthorized data access or exposure
Crash Observability Degraded – crash reports were generated but could not be symbolicated
Affected Users ~100,000 (10% of target user base during phased rollout)
Duration of Impact ~4 days (2026-02-20 – 2026-02-24)

3.2 Business Impact

  • Reduced observability during a critical phased rollout window.
  • Temporary loss of actionable crash diagnostics, preventing proactive quality assessment.
  • Customer required to halt the release until crash visibility could be restored.

3.3 Platform Impact

  • Identified a validation gap in artifact lifecycle management within the build pipeline.
  • Identified missing fail-fast behavior in the Firebase Upload dSYM workflow step.

4. Root Cause Analysis

4.1 Primary Cause

The "Delete Archive" configuration option in the Xcodebuild for Devices step removed the .xcarchive artifact immediately after IPA generation. This occurred before the Firebase Upload dSYM step could extract and upload the required debug symbols from the archive.

4.2 Contributing Factor

The Firebase Upload dSYM step did not perform artifact existence validation before execution. When the required .xcarchive was absent, the step completed with a success status rather than failing or producing a warning. This false-positive result masked the issue and prevented early detection.

4.3 Systemic Gap

There was no pipeline-level safeguard to prevent destructive artifact cleanup before downstream dependency validation. This represents a pipeline design control gap, not a runtime or infrastructure failure.


5. Timeline

All times are UTC+3 (Istanbul).

Time Date Event
Feb 20, 2026 Build generated and distributed via phased rollout. "Delete Archive" was enabled in the Xcodebuild for Devices step.
Feb 20–24, 2026 Phased rollout progressed. Crash reports were generated but were unsymbolicated due to missing dSYM files.
09:25 Feb 24, 2026 Customer reported urgent issue regarding crash visibility to Appcircle support.
09:27 Feb 24, 2026 Initial investigation confirmed Firebase Upload dSYM step showed "success" status.
09:30 Feb 24, 2026 Appcircle CSM investigation initiated – artifact paths and build configuration reviewed.
10:07 Feb 24, 2026 Discovery: .xcarchive file was not retained for the affected build.
10:10 Feb 24, 2026 Escalation meeting initiated between customer and Appcircle CSM team.
11:40 Feb 24, 2026 Root cause identified: "Delete Archive" option was enabled, causing premature artifact deletion. Active investigation concluded.
13:13 Feb 24, 2026 Follow-up: Retention configuration reviewed and guidance provided to the customer.
18:06 Feb 24, 2026 Customer confirmed retention configuration updated. Issue formally closed.

6. Containment & Resolution

6.1 Immediate Containment

  • The phased rollout was proactively halted by the customer to prevent further exposure without crash visibility.
  • Investigation confirmed permanent deletion of the archive during the build lifecycle; manual dSYM recovery was not possible.

6.2 Resolution

  • Root cause was identified and communicated to the customer.
  • The "Delete Archive" configuration was corrected for subsequent builds.
  • Retention settings were reviewed and properly configured.
  • A new build with correct artifact handling was recommended.

No production rollback was required, as application functionality was not affected.


7. Corrective & Preventive Actions (CAPA)

ID Action Detail Owner Status
CAPA-01 Implement strict artifact validation in Firebase Upload dSYM step Fail the pipeline if required artifacts are missing. Tracked under BE-8367. Engineering Open
CAPA-02 Evaluate isolating dSYM storage lifecycle from archive cleanup Enable recovery even if the archive is deleted. Tracked under BE-8368. Engineering Open

8. Lessons Learned

What Worked Well

  • Issue was acknowledged within 30 minutes of customer reporting.
  • Rapid escalation and cross-functional coordination; CSM team led investigation and engaged engineering as needed.
  • Transparent and timely communication with the customer throughout the investigation.
  • Proactive release halt prevented further user exposure during the observability gap.

Areas for Improvement

  • Artifact lifecycle dependency checks need to be strengthened to prevent silent failures.
  • Fail-fast validation logic is required for workflow steps that depend on upstream artifacts.
  • Observability safeguards should be enforced before any destructive cleanup operations.
  • Recovery mechanisms should be evaluated for critical build artifacts.

9. Data & Privacy Impact Assessment

Criterion Assessment
Personal Data Breach No – no personal data was accessed, exposed, or compromised
Data Loss No – no customer or end-user data was lost. Build artifacts (dSYM) were deleted as a result of configuration, not a system failure
Security Breach No – no unauthorized access to systems, data, or infrastructure occurred
Service Availability No impact – the application remained fully operational
Regulatory Notification Required (GDPR / KVKK) No – does not meet the threshold for data breach notification
Third-Party Impact No – no third-party systems or data were affected

Conclusion: This incident was limited to a degradation in crash diagnostics observability caused by a build pipeline configuration. It did not constitute a security incident, data breach, or service outage as defined under SOC 2 or ISO/IEC 27001 controls.


10. Communication Log

Date Channel Audience Summary
Feb 24, 2026 Support Ticket Customer Initial issue reported and acknowledged.
Feb 24, 2026 Video Call Customer & Appcircle CSM Joint investigation session; root cause identified.
Feb 24, 2026 Support Ticket Customer Resolution steps and configuration guidance provided.
Feb 24, 2026 Internal CSM & Engineering Teams CAPA items created and assigned.

11. Approval & Sign-Off

Role Name Date
Prepared By burako@appcircle.io 2026-02-24
Reviewed By cagkan@appcircle.io 2026-02-24
Approved By cagkan@appcircle.io 2026-02-24

Document Control

Version Date Author Changes
1.0 2026-02-24 burako@appcircle.io Initial release

Classification

This document is Confidential and intended for internal use and authorized customer distribution only. Unauthorized distribution is prohibited.