I'm self taught, and program alone so I have no one else to ask what might be a dumb question but at the same time could be very important. Is keeping your iOS appID and Bundle ID private important? Everyone always whites out their IDs on SO. Or do these pieces of information make their way around the web in plain text?
I ask because I stumbled on a text document of applinks that shows the corresponding iOS app associated with the link and its appID: "ABDJCEI890.com.john.smith" along with associated keys for a popular API. Mine was on the list and I was taken aback thinking that that information should be private.
There are hundreds of apps on this list, just a quick scroll reveals the IDs and keys of: lonelyPlanet, NBCUniversal, Vevo, etc.
Is this important or not important?
Important, no. Embarrassing, perhaps. For example, com.DanielStorm.iHaveNoIdeaWhatImDoing as a published application's Bundle Identifier might be a little awkward if you're trying to maintain a professional image on the App Store.
To be honest, I always hid my app id & bundle id for two reasons
app id, So the competitors wouldn't know what's my app name and what I am working on
bundle id, for most users it their real apple developer name. I don't like the world to know that either
Their maybe other better valid reasons that I don't know.
As for the site that you just mentioned, they didn't get appID info directly from some apple website and I bet they used some sort of web crawlers program that downloaded and decompiled their ipa and read info.plist file. It's really easy to do that. I bet you wouldn't find info for apps that are paid and were never made free.
To be honest its a shame apple doesn't encrypt everything in a ipa. Only certain data is encrypted the rest is easily viewable with a text editor
Related
I'm writing an application which will be used in an enterprise, no outsiders.
This application should fetch data from API response and display it.
Each user has his own device, Ipad and should see only the data he is the owner of.
Problem i'm facing is identifying the device/user, so that API responds with only the information the user is supposed to see.
brief example of how it should work:
App is opened -> get unique id -> attach ID to API call -> receive appropiate response -> display data
As i imagine this ID should be static and not made upon installation of the app or generated.
I've tried getting UDID, Serial, MAC,- no luck, they're deprecated. Only managed to get .IdentifierForVendor, which is unique not in the way that i need.
So here is my question, are there any other options left?
Like fetching appleID name,email or should i make unique deployments for everyone separately?
Or a Log-in screen?
You could create a GUID for every App instance. However, apart from that you will have a hard time doing what you want.
These ways of identifying a device have been deprecated to ensure Advertisers and other malicious Apps cannot fingerprint a device easily.
If you don't want too much hassle authenticating everyone, you could apply a simpler scheme such as using a pin code, QR code, NFC tag or whatever you prefer.
However, if someone were to steal one of these enterprise devices and it would contain any secret information I would rather rely on something more secure as username and password, or even better something multi-factor.
Unique id's will have to be set by deploying the app from MDM. For example:
https://docs.jamf.com/9.9/casper-suite/administrator-guide/In-House_Apps.html
How should the application accept those variables, i dont know. Maybe it modifies .plist when deploying.
Solution i did was enforcing device name from MDM, so that users are unable to change it - and using that as the unique identifier.
I know that Apple wants a new app to have a unique name if it is to be registered on the App Store (Source: https://apple.stackexchange.com/questions/153572/can-two-different-app-with-the-same-name-exist-in-app-store). I have a questions what if an attacker can install an app with the same name as that of a legitimate app. I am assuming an attacker has taken control over the iPhone by some sort of attack such as TrustJacking. I tried searching over the internet but couldn't find anything relevant to answer my question.
Thanks in advance!
If you are talking about the display name which shows under the icon, then the answer is yes, that does not have to be unique.
Not unless the iPhone is already compromised (jailbroken). In a normal usage scenario apps are digitally signed with private certificates and so even if an attacker created a new app with the same bundle Id & name, the app wouldn't be launched by iOS; the attacker would also have to somehow find a way to inject the app on your device, which in theory should also be locked. Safe to say that unless proven otherwise, its impossible.
I'm new to mobile programming. Recently my company has looked into creating a specific application for tablets (Android and iOS). So it was assigned to me to develop a thin-client based around using HTML5 for what we need to do.
Essentially the application allows a user to fill in a custom-designed form (which the user can build themselves, or pull down a predefined template from our server). This form is built using HTML5, Javascript, JQuery, etc. Some additional functionality is planned, such as being able to take a picture using the native device and attach it to the form that we send back to our server for storage (once we figure out how to do it in iOS. We've already done it in Android.)
However, I noticed the following on Apple's App Store Guidelines, under the Functionality section. Item 2.12:
Apps that are not very useful, unique, are simply web sites bundled as Apps, or do not provide any lasting entertainment value may be rejected
Can someone explain, or at least direct me to clarification of this when using the UIWebView construct? This application at its core is pretty much just HTML5. While it might have some additional bells and whistles, does this mean that if we try to submit this (when its completed) to Apple, that they will simply reject it out of hand? Implementing the majority of it in HTML5 was done purposely so we wouldn't have to re-code everything from device to device (and we will also embed it in one of our products, so if they want to fill it out on the desktop while in our system, they can.)
Any guidance would be appreciated, or even suggestions of where this question should be asked if SO is not the proper forum for it. Thanks again.
The key in the Appstore guideline is the word "simply":
Apps that are not very useful, unique, are simply web sites bundled as
Apps
If you keep a balance between locally stored and remote HTML content for your webviews Apple would not look at the app as a hollow shell pulling in remote content.
I would like to identify whether an app is paid or free; programmatically, at runtime.
To brief on the context I'm working on, I'm developing an SDK which can be used by various third-party apps. I would like to identify if the app that is using my SDK is paid or free.
Any suggestions to find this?
You should make them configure your SDK writing their app id somewhere, and then your SDK have to check the app store webservices like this
https://itunes.apple.com/lookup?id=theAppID
There you can check the price
One thing you can do is this
https://itunes.apple.com/lookup?id=YOUR_APP_ID
and then fetch price & currency values from the returned JSON
There is a way tick into my mind,
Add a logic to get application name which using your SDKalso add some logic to send that name to you via API or any other way you preferred.
Once you get a new name in your server database, you can, open AppStore in iTunes, and search for the application there, and yes you'll get to know whether they are paid or free!
I know its tough if your SDKwill be going to fly with many apps, but not hard.
An alternate way, if there's some way that you get to know whether app is paid or free, then, you can do the same thing, send app name, and its price details.
Recently news are coming out that one can create vanity url for Apple Appstore.
But I cant find any options additionally added in itunes connect to do it.
any help is appreciated :)
It seems we dont have to do anything ...
just we have to add the company name or app name at the end of http://appstore.com/
It seems since all the app names and company names are already unique, apple does the all background job of rerouting the appstore-link to the actual itunes-link..
iOS: http://appstore.com/<.companyname.> for example, http://appstore.com/ikural
Mac: http://appstore.com/mac/<.companyname.> for example, http://appstore.com/mac/popcap
apple has provided this Q&A page
You don't create it. It is based on your company or application name. It is not very robust (two applications with the same name can have the same URL). See Apple's Technical Q&A.
In particular, the last paragraph reads:
These App Store Short Links are provided as a convenience and are not
guaranteed to link to a particular app or company. Be sure to test
your URLs before using them in any marketing or other public
materials. If there are naming conflicts, continue using the standard
itunes.apple.com URLs, which contain a unique numerical identifier
within the URL.