Open Radar

 
Summary:
The storeagent process in Mavericks is now caching receipts that are downloaded from iTunes. This makes it harder for developers to test the installer packages they upload to iTunes Connect.

Steps to Reproduce:
1. Install an app with CFBundleIdentifier of com.example.MyApp and a CFBundleShortVersionString of "1.0" using the following command:

$ sudo installer -store -pkg MyApp-1.0.pkg -target /

2. Launch the app using the Finder. Enter an Apple ID to generate a receipt file in /Contents/_MASReceipt

3. Install another version of the app with the same bundle identifier but a different CFBundleShortVersionString of "1.0.1" using the following command:

$ sudo installer -store -pkg MyApp-1.0.1.pkg -target /

4. Launch the new version of the app using the Finder.

Expected Results:
The new version of the app should launch an a new receipt with a value of "1.0.1" for attribute type 3 ("Application version"). 

Actual Results:
The receipt that is placed in the /Contents/_MASReceipt/receipt has a value of "1.0" for attribute type 3 ("Application version").

An app that tries to verify this receipt will correctly exit with code 173 since the version number can't be verified against the current one ("1.0" doesn't match "1.0.1").

A user then sees a dialog that says:

"MyApp" is damaged and can't be opened. Delete "MyApp" and download it again from the App Store.

Version:
OS X 10.9/13A598

Notes:
I have no way of testing this with an actual download from the App Store, but this behavior would also be a big problem if two releases were downloaded by a user within a short period of time.

Also: a workaround for this problem is to kill storeagent (and remove its in-memory cache).