IR-0005: Missing dSYM Upload Due to Premature Archive Deletion – Ziraat Teknoloji (IR-2026-0224-1059)¶
| Field | Detail |
|---|---|
| Document ID | IR-2026-0224-1059 |
| Classification | Confidential – Customer & Internal Use Only |
| Version | 1.0 |
| Date Issued | 2026-02-24 |
| Prepared By | burako@appcircle.io |
| Reviewed By | cagkan@appcircle.io |
| Approved By | cagkan@appcircle.io |
1. Incident Overview¶
| Field | Detail |
|---|---|
| Incident Date | 2026-02-20 |
| Detection Date | 2026-02-24 |
| Resolution Date | 2026-02-24 |
| Duration | ~2 hours (active investigation); ~8 hours including customer follow-up |
| Customer | Ziraat Teknoloji |
| Deployment Model | Self-Hosted |
| Severity | SEV-1 – Critical |
| Status | Resolved |
| Incident Reference | Ticket #1059 |
2. Executive Summary¶
On February 20, 2026, a build was generated and distributed via phased rollout through the Appcircle platform. During the build process, the "Delete Archive" option was enabled in the Xcodebuild for Devices workflow step for storage optimization purposes.
This configuration resulted in the deletion of the .xcarchive file immediately after IPA creation. Consequently, the required dSYM (debug symbol) files were not available for upload to Firebase Crashlytics.
The Firebase Upload dSYM step completed with a success status despite the absence of the required artifact, producing a false-positive result. This prevented crash report symbolication for approximately four days until the issue was detected.
When the phased rollout reached approximately 10% of the target user base (~100,000 downloads), the release was proactively halted by the customer in coordination with Appcircle.
The application itself remained fully operational throughout the incident. The impact was limited exclusively to crash diagnostics observability.
3. Impact Assessment¶
3.1 Service Impact¶
| Dimension | Assessment |
|---|---|
| Service Availability | No impact – application remained fully operational |
| Data Integrity | No impact – no data loss or corruption occurred |
| Data Confidentiality | No impact – no unauthorized data access or exposure |
| Crash Observability | Degraded – crash reports were generated but could not be symbolicated |
| Affected Users | ~100,000 (10% of target user base during phased rollout) |
| Duration of Impact | ~4 days (2026-02-20 – 2026-02-24) |
3.2 Business Impact¶
- Reduced observability during a critical phased rollout window.
- Temporary loss of actionable crash diagnostics, preventing proactive quality assessment.
- Customer required to halt the release until crash visibility could be restored.
3.3 Platform Impact¶
- Identified a validation gap in artifact lifecycle management within the build pipeline.
- Identified missing fail-fast behavior in the Firebase Upload dSYM workflow step.
4. Root Cause Analysis¶
4.1 Primary Cause¶
The "Delete Archive" configuration option in the Xcodebuild for Devices step removed the .xcarchive artifact immediately after IPA generation. This occurred before the Firebase Upload dSYM step could extract and upload the required debug symbols from the archive.
4.2 Contributing Factor¶
The Firebase Upload dSYM step did not perform artifact existence validation before execution. When the required .xcarchive was absent, the step completed with a success status rather than failing or producing a warning. This false-positive result masked the issue and prevented early detection.
4.3 Systemic Gap¶
There was no pipeline-level safeguard to prevent destructive artifact cleanup before downstream dependency validation. This represents a pipeline design control gap, not a runtime or infrastructure failure.
5. Timeline¶
All times are UTC+3 (Istanbul).
| Time | Date | Event |
|---|---|---|
| — | Feb 20, 2026 | Build generated and distributed via phased rollout. "Delete Archive" was enabled in the Xcodebuild for Devices step. |
| — | Feb 20–24, 2026 | Phased rollout progressed. Crash reports were generated but were unsymbolicated due to missing dSYM files. |
| 09:25 | Feb 24, 2026 | Customer reported urgent issue regarding crash visibility to Appcircle support. |
| 09:27 | Feb 24, 2026 | Initial investigation confirmed Firebase Upload dSYM step showed "success" status. |
| 09:30 | Feb 24, 2026 | Appcircle CSM investigation initiated – artifact paths and build configuration reviewed. |
| 10:07 | Feb 24, 2026 | Discovery: .xcarchive file was not retained for the affected build. |
| 10:10 | Feb 24, 2026 | Escalation meeting initiated between customer and Appcircle CSM team. |
| 11:40 | Feb 24, 2026 | Root cause identified: "Delete Archive" option was enabled, causing premature artifact deletion. Active investigation concluded. |
| 13:13 | Feb 24, 2026 | Follow-up: Retention configuration reviewed and guidance provided to the customer. |
| 18:06 | Feb 24, 2026 | Customer confirmed retention configuration updated. Issue formally closed. |
6. Containment & Resolution¶
6.1 Immediate Containment¶
- The phased rollout was proactively halted by the customer to prevent further exposure without crash visibility.
- Investigation confirmed permanent deletion of the archive during the build lifecycle; manual dSYM recovery was not possible.
6.2 Resolution¶
- Root cause was identified and communicated to the customer.
- The "Delete Archive" configuration was corrected for subsequent builds.
- Retention settings were reviewed and properly configured.
- A new build with correct artifact handling was recommended.
No production rollback was required, as application functionality was not affected.
7. Corrective & Preventive Actions (CAPA)¶
| ID | Action | Detail | Owner | Status |
|---|---|---|---|---|
| CAPA-01 | Implement strict artifact validation in Firebase Upload dSYM step | Fail the pipeline if required artifacts are missing. Tracked under BE-8367. | Engineering | Open |
| CAPA-02 | Evaluate isolating dSYM storage lifecycle from archive cleanup | Enable recovery even if the archive is deleted. Tracked under BE-8368. | Engineering | Open |
8. Lessons Learned¶
What Worked Well¶
- Issue was acknowledged within 30 minutes of customer reporting.
- Rapid escalation and cross-functional coordination; CSM team led investigation and engaged engineering as needed.
- Transparent and timely communication with the customer throughout the investigation.
- Proactive release halt prevented further user exposure during the observability gap.
Areas for Improvement¶
- Artifact lifecycle dependency checks need to be strengthened to prevent silent failures.
- Fail-fast validation logic is required for workflow steps that depend on upstream artifacts.
- Observability safeguards should be enforced before any destructive cleanup operations.
- Recovery mechanisms should be evaluated for critical build artifacts.
9. Data & Privacy Impact Assessment¶
| Criterion | Assessment |
|---|---|
| Personal Data Breach | No – no personal data was accessed, exposed, or compromised |
| Data Loss | No – no customer or end-user data was lost. Build artifacts (dSYM) were deleted as a result of configuration, not a system failure |
| Security Breach | No – no unauthorized access to systems, data, or infrastructure occurred |
| Service Availability | No impact – the application remained fully operational |
| Regulatory Notification Required (GDPR / KVKK) | No – does not meet the threshold for data breach notification |
| Third-Party Impact | No – no third-party systems or data were affected |
Conclusion: This incident was limited to a degradation in crash diagnostics observability caused by a build pipeline configuration. It did not constitute a security incident, data breach, or service outage as defined under SOC 2 or ISO/IEC 27001 controls.
10. Communication Log¶
| Date | Channel | Audience | Summary |
|---|---|---|---|
| Feb 24, 2026 | Support Ticket | Customer | Initial issue reported and acknowledged. |
| Feb 24, 2026 | Video Call | Customer & Appcircle CSM | Joint investigation session; root cause identified. |
| Feb 24, 2026 | Support Ticket | Customer | Resolution steps and configuration guidance provided. |
| Feb 24, 2026 | Internal | CSM & Engineering Teams | CAPA items created and assigned. |
11. Approval & Sign-Off¶
| Role | Name | Date |
|---|---|---|
| Prepared By | burako@appcircle.io | 2026-02-24 |
| Reviewed By | cagkan@appcircle.io | 2026-02-24 |
| Approved By | cagkan@appcircle.io | 2026-02-24 |
Document Control¶
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | 2026-02-24 | burako@appcircle.io | Initial release |
Classification
This document is Confidential and intended for internal use and authorized customer distribution only. Unauthorized distribution is prohibited.