Sorry for maybe a silly question. I want my app to use iCloud for backing up and synchronising user's data, assuming that CloudKit works with user's cloud. However it may not be the case.
I have two cloud accounts: personal and developer's ones. My macOS is logged to the personal iCloud account, so I expected my macOS app to use it. However CloudKit Dashboard shows cloud containers for the developer's account instead.
Also iCloud design guide says "CloudKit provides a way to store data as records in a database that users of your app can share" which implies that the cloud data represent a single instance for all users.
So, which cloud: user's, developer's, or a separate one (designed especially for app containers) is used by CloudKit? It case a separate cloud it used does it count as a developer's storage?
The CloudKit container for your app contains two databases; A public database that is accessible to all users of your app and a private database that is only accessible to the current user.
Individual records in the private database can be shared with another user via a CKShare.
Data that is stored in the public database comes from your app's storage allocation; the amount of storage you get for free depends on the number of app installations.
Data that is stored in the private database is stored in the user's iCloud storage and counts against their storage allocation.
From the CloudKit Quick Start document
An app has access to both a public and private database in each container. The public database is for storing user and app data that is shared between all instances of the app. By default, all users can read the public database, but they need to enter iCloud credentials to write to the public database. There’s a private database for each user of your app, but the app only has access to the private database of the current user. The user has to enter iCloud credentials for the app to read and write to the private database.
Information is also available on CloudKit Overview page - Check the footnotes at the bottom; private storage comes from the user's free 5GB allowance (they may purchase more). Public storage comes from your app's allowance.
Related
An organization's employee are involved in a network. Each transaction they send will need to be signed against their private keys and will be encoded in the transaction they send.
1) Where are the private/public keys stored? Are they stored locally on an employee's laptop?
OR
2) If the organization's employee use different computers to perform daily tasks, would the pub/piv keys be stored on cloud?
Thanks!
Nice solution to store it on cards as described here
Private key protected by password and stored on card, we can use usb card readers to load key on device and use it to sing requests.
Difference to store certs on devices instead of cloud is that personal devices controlled differently then cloud - you can't protect information if you can't guarantee physical storage protection.
And it is always a question how to maintain CRL.
I have a developer account and I'm developing an app for someone. I want him to be able to change datas in CloudKit so I want to use his iCloud account(He doesn't have a developer account, just personal account). However, i don't know how to differentiate my developer account and his iCloud account.
Thank You
I believe CloudKit's notion of public and private databases may achieve what you need to do. As a reference, I am referring to slide 45 in Apple's WWDC presentation on cloudkit (http://devstreaming.apple.com/videos/wwdc/2014/208xx42tf0hw3vv/208/208_introducing_cloudkit.pdf)
Considering that each app has a container, and that container includes 1 public database (that all users of the app can access) plus a multitude of private databases (one per user), if the data you're storing isn't private, then consider storing it in the public database. You can modify it as needed during development by being logged into your iCloud account, and your client can modify it as well by being logged into his iCloud account. (Apple docs say the public database is stored in the App developer's iCloud space)
If you store the data in the private database, however, it will be written to an instance of the private database belonging to the currently signed-in user. So anything you write would go into a private database instance (which Apple docs says resides in each user's personal iCloud space) and anything he writes would go into his private database instance. Until recently, that was the end of the story. However, now, cloudKit supports CKShare which, in a nutshell, allows a user to grant access to specific shared items inside their private db. So you could still write the data to a private DB but allow access via a CKshare.
Finally, there's another option, but I don't recommend it. In the device settings, you can log out of iCloud and log back in as another user. In which, you're still developing on your device, but you're logged into iCloud as your client. This has many drawbacks, though. First and foremost, credential sharing is always a bad security practice. But, probably a more immediate consequence will be your device will no longer be sharing with/backing up to your iCloud account, but instead with the client's.
It's hard to give more specific advice without better understanding the scenarios you're implementing.
** update based on OP's comment **
I see now. Using the development cloudkit dashboard probably isn't going to work. AFAIK, you must log in with a development account, not just an iCloud account, to use the cloudkit dashboard. So your client won't be able to get in at all, anyway. You could add your client's email address as a member of your development team, which will let them log into your cloudkit dashboard; however, that also gives them access into portions of your iTunesConnect as well. And, it really won't scale to support additional users of your app.
How could I set World Write Permission on the iCloud Dashboard
cause now it's disabled, and really need it
Short answer: You can't.
For a running CloudKit app, a container’s public database is always readable, even when the user is not signed in to their iCloud account on the device. Saving records to the public database and accessing the private database requires that the user be signed in. If your app does more than read data from the public database, check to see whether the user is signed in before saving records.
Reference: Designing for CloudKit
CloudKit requires a user to be logged-in to an iCloud account to write to the public database.
If you need to provide such functionality for users who don't have an iCloud account, or don't want to sign-in, you may want to investigate a different cloud solution.
If you just need to write to the public database from your own server, you can use CloudKit Web Services with a server-to-server key.
CloudKit data, and most iCloud data outside of iCloud Drive, is sandboxed to individual applications. This makes sense from the standpoint of securing user data from leaking from one application to another without their control. However, with my own iCloud credentials as a user, I have access to all of my data via the apps which own the individual buckets.
Is it possible, as a technical user writing code on my own machine (not something that would be distributed in the App Stores), to enumerate, read, and/or write data as myself in the iCloud buckets of applications which I did not create?
I am particularly interested to do this on a Mac (with developer tools and unsigned apps allowed), and am willing to assume that I know the bundle IDs of the buckets of interest. Being able to enumerate all buckets which exist for my user would be even more useful.
If you have the same developer account as the original app, then you could create a 2nd app that could use the same CloudKit container. You do have to be aware that there is a developer and a production database. You can only access the production database with a published app (Could be a TestFlight only distribution)
There is a way to access a container that is created by someone else. But then you do need to get an API access web token which can only be handed out by the developer account of the original app. You could then access the container using the CloudKit Web API
I am doing one application.In that i want to store the data permanently in my iCloud account.If i use the icloud feature in my app,data is store into users iCloud account or developer icloud account.
With iCloud, apps can only access the user's iCloud account. The app can access whatever account the user has configured on their device, and there's no API for accessing any other account. The entire system is designed as a way for people to sync their data across multiple devices, so there's no option to share data or access other accounts in any way.
I'm not sure what you're trying to do, but if you're looking for some kind of server-side component for your app, there are lots of options. Parse is very popular, as is Azure, but there are many other services. If you're not prepared to set up your own server, you can integrate one of them. But your app will only access your iCloud account when it runs on your device.