I am planning on using DeviceCheckor indentifierForVendor to ensure that the same device is not being used to redeem multiple times the same gift (free money for example sake) offered to new users. I am wondering however, if it is possible to trick this system on a jailbroken device? Or using a custom simulator or a botnet (do iOS botnets exist?)?
I haven't tried it myself, but I think it is possible to change the bundle identifier, resign the app and side load it to your device.
This will change the change the identifier for both DeviceCheck and indentifierForVendor.
Now, for this to really affect you, the user needs to get a hold of the ipa. Which is getting increasingly difficult with the newer versions of iOS.
If you are interested in trying what I've discussed, refer to this link.
https://coderwall.com/p/qwqpnw/resign-ipa-with-new-cfbundleidentifier-and-certificate
And probably AirSign (much easier). Its a paid app for the Mac. https://www.macupdate.com/app/mac/51845/airsign
Related
I am aware that we can block safari content using swift code. I am interested in finding out if we can restrict install of certain apps from AppStore using similar approach ?
Also, is it possible if we can restrict a user from deleting the app from device (not from phone settings but from code) ? Even if Apple does not allow that to publish such app, I am looking for a solution as a part of research.
There are two things you mentioned.
First, can restrict install of certain apps from AppStore
Using Swift code I feel there are no Public API provided by Apple for the developer till now but there is a similar way that is called Device Enrollment Program.
The Device Enrollment Program (DEP) is part of the Apple Deployment
Programs (ADP), which help businesses and educational institutions
easily deploy and configure iOS and OS X devices. DEP provides a fast,
streamlined way to deploy institutionally owned iPad and iPhone
devices and Mac computers that are purchased directly from Apple or
participating Apple Authorized Resellers or carriers.
For more visit this developer guide.
Second: restrict a user from deleting the app from device
Same response for that, till now no Developer API, but lets say if we see this as a part of research and we develop some POC still, it does not make sense for me at all (It's my device and I install the app for making my life easy and better if I don't want to use it anymore, I need an option to delete it) and I don't think so this will be possible in future as well because the USP for iOS device is user experience and we can't make this like that.
I also want to hear something from others and if possible give the use case why you are looking a solution like that.
I hope this will help.
I am working on an enterprise app and need access to programmatically retrieve the device's serial number. Is there an API or any documentation on how to retrieve this in iOS 8? From what I can tell, this functionality has been removed in iOS 8.
Is there a suitable replacement identifier for the serial? I need something that is reliable and will never change even if the device is reset.
It will be for enterprise usage so App Store approval is not a concern.
You're up a creek here. The two "tracking" features are Advertising Identifier and Identifier for Vendor. The former can be reset within the Settings app quite easily while the latter will reset once the user uninstalls all apps with the root bundle identifier associated with the app suite. Both also change with a device reset of course.
If you're deploying the app with an MDM solution you will have access to that device's UDID as it still flows forward to MDM servers, you just can't access it programmatically in your code. The complete deprecation of UDID, serial number and MAC address (even with private APIs) stomped all over some custom utilities I wrote within our Enterprise to try and accomplish something similar to what you're looking to do. If you find somethingthats consistent I'd love to see the follow-up!
EDIT:
I had an epiphany while circling back to this situation again. If you are in fact using AirWatch (I can't speak to Mobile Iron, etc) you can setup the console to send a keychain value to each device at the time of app install. From there the app will be able to consume the value AirWatch sends down. The same goes for any attribute that AirWatch harvests for the device (serial, UDID, MAC, etc). While this workaround comes with a big caveat (using AirWatch for deployment) it will work. Since Apple neutered all Serial Number work arounds win iOS8 this is the most viable option I have found.
In our applications the user autentications is based on the serial number.It seems that in ios 8 it is not possible to get the serialnumber.Is any other way?
Thanks in advance.
Apple deprecated access to a unique-per-device UUID (known as uniqueIdentifier as of iOS 6. As of iOS 7, they also blocked access to MAC querying the address, and other sorts of unique identifiers. Sometime between iOS 6 and today, they started rejecting any application that accesses this property.
There are two replacement APIs that might help: on UIDevice, there is identifierForVendor, that is consistent across your apps. And there is also an entire framework, AdSupport, who's job is to provide an identifier that can be used for advertising networks. This identifier has the limitation of people can change it whenever they want, so you cannot rely on it being consistent across multiple launches.
The hint Apple is trying to pass on here is "you cannot consistently, uniquely identify people per device across multiple apps that are not your own".
In addition to zadr excellent explanation I would like to not iCloud as another possible solution:
Simply store a value (as file or key-value) in iCloud. Only disadvantage of this approach is, that you will have to add the iCloud entitlement to your app if your app does not use iCloud yet. On the other hand there are some advantages
Very little / none additional effort necessary if your app already uses iCloud
No additional Frameworsk like AdSupport necessary
The saved value will be consistent between devices and app re-install
More than one app can share the ID by using the same iCloud (ubiquity container)
Of course in some cases this might be a little overdone but in other this can be a handy solution.
I would recommend using uniqueIdentifier as suggested above but saving in keychain. This way its reliably available to you all the time, and can be used to track the user.
I'm looking for a way to retrieve the UDID on devices running iOS 6+ (Enterprise deployment only - no app store limitations).
Calling the (now private) method uniqueIdentifier returns the 'vendorIdentifier' starting with 'FFFFFFF'. Unfortunately thats not what I want.
Any ideas? Is there another private method or something?
Thanks in advance.
I recommend you reading this article. To sum up:
The previously deprecated uniqueIdentifier now works like vendorIdentifier on iOS 7+, so it's no longer usable even for Enterprise Apps
OpenUDID cannot be shared between Applications on iOS 7+ and now can change. It's still usable but no longer recommended.
The vendorIdentifier hasn't changed, but it's not recommended for Enterprise Apps because it can change when updating the App.
The new advertisingIdentifier API is the way to go for new Apps. It's the same for all Apps and should not change frequently, but the user can reset it in the settings page.
Edit: Website udid.io obtains the real Device UDID instead of the obfuscated one if you need it for anything outside your App. If you need the UDID from within the App, see my answer above.
You can get a Unique UDID via this method using private api. Follow this link
Look for the code in accepted answer.
Sorry, but Apple warned it would be deprecated and it has been. I've had the same headache myself.
I can't help you identify the device in the same way Apple do, but you can always generate an unique UUID on app launch and stash that away in KeyChain. It won't be perfect, but it will persist between installations and will be unique to the device. As far as I know, that's the current solution
Is there a way to remvoe TestFlight apps from users that have installed them? Also is there a way that TestFlight can bake into the app some sort of password that the users all have to log in with (in case of a lost phone, we don't want our developement apps exposed).
If left untouched, the provisioning of your apps will eventually expire automatically. Even without the native ability to remove applications with TestFlight there is still something of an expiration date on the application.
That would still leave your question of a "baked in password prompt" and removing the application itself physically from the device.
The first part, the app checking for authentication could be solved by implementing a solution with a more robust SDK that happens to have that sort of security-minded approach. As far as I know, and based on TestFLight's feature grid, this exceeds the abilities of their tool.
The second part, removing the application itself from the device, would be accomplished by using a tool that has the ability to use MDM (Mobile Device Management) for device-level control. Specifically you'd want to look for something that can selectively control a single application, rather than having to apply a blanket MDM policy. Again based on knowledge of TestFlight and based on their web page this is also not something TestFlight is capable of.
There are solutions out there that will give you exactly what you are asking about - easy beta testing with the added ability to force the app to check in and re-authenticate as well as the ability to remove applications from the device when you're done testing. If you hit your search engine of choice you can find a few tools that will give you a "yes" to all of your questions here. The list is very short so they're easy to find. :)
If it is at all helpful to you, I am associated with one of those companies, AppBlade, and would be happy to answer questions about this sort of thing. We're at https://AppBlade.com and you're welcome to give us a call or even log into the tool to see how it works for yourself.
Unfortunately you can't delete apps that are already installed on the device via TestFlight, unless you do it on the device itself. As for the password, TestFlight doesn't exactly support that either. You could however put a passcode lock feature in all of the Beta versions of your apps through your code. Sorry thats probably not the answers that you wanted to hear, but TestFlight is still in its early stages.
You are not able to delete apps from a users device, however TestFlight is testing in their 'Area51' an option to force users to update to a new build if there is one available.
If you no longer want testers to access your app you probably could add a new build which justs shows some info screen.
There is a way to expire the builds in the app store connect when you click on build.
Another way if you want to get rid of it as a tested to open the app page and click on stop testing.