Setting username and password protection for Xcode IOS app - ios

How do I set usernames and passwords for my app and they can only be used on one device at a time?
I am making an app that I will be selling as a one-click installation rather than in the app store so I need it to be extra secure. Please let me know what you come up with. I am a beginner programmer so please try to explain in a way that I would understand. Although I have decent knowledge on how to make an app, I would like some help.
P.S. - Some sort of device lock or UDID lock would work too. Whichever way will lock best on one device!
Thanks in advance!

If you get the installation worked out (which seems impossible without requesting the user to make a jailbreak), you could setup a server and implement a web socket to check that a given user has only on instance running at any time.

Related

Force removal/invalidation of iOS app from user devices

Assuming you created an app that users have downloaded that is just awful and you neither want to fix it nor have anyone continue to use it so that it won't tarnish your brand, is there a way to end its life on user's iOS devices?
Curious if there is some store setting to force it to work with earlier versions of iOS and invalidates the current app, or code that would force an update that says the app is no longer available.
As many have confirmed, there is no way to remove an application from someone's device. For these cases though, many companies have servers that the application sends a request to on launch, that returns either a need to update the app, a message, or to tell the user the app has been discontinued and that the app cannot be used anymore, stopping them from using the app from there on.
The last use case might be useful to you, but of course this is a proactive solution, not a reactive one.

Xamarin IOS identifying device

I'm writing an application which will be used in an enterprise, no outsiders.
This application should fetch data from API response and display it.
Each user has his own device, Ipad and should see only the data he is the owner of.
Problem i'm facing is identifying the device/user, so that API responds with only the information the user is supposed to see.
brief example of how it should work:
App is opened -> get unique id -> attach ID to API call -> receive appropiate response -> display data
As i imagine this ID should be static and not made upon installation of the app or generated.
I've tried getting UDID, Serial, MAC,- no luck, they're deprecated. Only managed to get .IdentifierForVendor, which is unique not in the way that i need.
So here is my question, are there any other options left?
Like fetching appleID name,email or should i make unique deployments for everyone separately?
Or a Log-in screen?
You could create a GUID for every App instance. However, apart from that you will have a hard time doing what you want.
These ways of identifying a device have been deprecated to ensure Advertisers and other malicious Apps cannot fingerprint a device easily.
If you don't want too much hassle authenticating everyone, you could apply a simpler scheme such as using a pin code, QR code, NFC tag or whatever you prefer.
However, if someone were to steal one of these enterprise devices and it would contain any secret information I would rather rely on something more secure as username and password, or even better something multi-factor.
Unique id's will have to be set by deploying the app from MDM. For example:
https://docs.jamf.com/9.9/casper-suite/administrator-guide/In-House_Apps.html
How should the application accept those variables, i dont know. Maybe it modifies .plist when deploying.
Solution i did was enforcing device name from MDM, so that users are unable to change it - and using that as the unique identifier.

Can an attacker install an app that takes a name similar to a legitimate app on iPhone

I know that Apple wants a new app to have a unique name if it is to be registered on the App Store (Source: https://apple.stackexchange.com/questions/153572/can-two-different-app-with-the-same-name-exist-in-app-store). I have a questions what if an attacker can install an app with the same name as that of a legitimate app. I am assuming an attacker has taken control over the iPhone by some sort of attack such as TrustJacking. I tried searching over the internet but couldn't find anything relevant to answer my question.
Thanks in advance!
If you are talking about the display name which shows under the icon, then the answer is yes, that does not have to be unique.
Not unless the iPhone is already compromised (jailbroken). In a normal usage scenario apps are digitally signed with private certificates and so even if an attacker created a new app with the same bundle Id & name, the app wouldn't be launched by iOS; the attacker would also have to somehow find a way to inject the app on your device, which in theory should also be locked. Safe to say that unless proven otherwise, its impossible.

App rejected due to an IPV6 Swift3 error. How do I fix it?

A few days ago, Apple rejected my app, indicating that it didn't have IPV6 support, however I don't need that support since my app does not require internet access.
I asked the following:
Hi, my app does not need any internet connection yet.
So, why it's required to have support to IPV6?
They said:
Thank you for your response and for your question. In order to bring your app into compliance with Guideline 2.1 it would be appropriate for your app not to crash when logging in.
end
So, why do I need that Support?
If is necessarily, how do I can do it?
Please I need help
Test your app extensively and fix the crash. Enter wrong values, don't enter anything at all, intentionally try to break your app and get it to crash. Then you will find your error and you can fix.
EDIT BASED ON COMMENT BELOW
"My app don`t need conect with external database, because I got the information inside" - in this case, no, you do not need to add IPv6 support because you are not communicating with the internet for logging in purposes.
You can keep the login given it is only going to be 2 people using the app, just resolve the crash when logging in.
To test, enter a variety of incorrect passwords and usernames to ensure that there is no crash on incorrect entries, and confirm that correct entries do not crash the app.
Original Answer
Apple indicated that because there is a login feature, they think it is trying to communicate with an external database (ie a database that is not on the device). If there is no external database, just fix the crash is what they are asking.
Based on your question, you have eluded to the app not communicating externally for logging in. While some may find this odd, it is not uncommon. An example for those wondering would be a childrens app for iPad. The iPad might be shared amongst several children and as such each child might complete different sections or features of the app so an account local to the device is a good idea if there is no cloud support.
If there is external communication, you need to handle the case for no internet access. The question has been answered extensively, however this was the first result I found:
Detect Internet Connection and display UIAlertview Swift 3
Update: Why do I need to Support the case for no internet connection?
A use case:
John has just downloaded your app. He has just walked through the steps to create an account, but he has accidentally set his device to Aeroplane Mode.
John hits the "Create Now" button but nothing is happening. There is no error or success alert appearing, the screen has not changed, he can't see a loading icon. John is confused and getting frustrated because he's certain that he has completed everything in the form.
John doesn't understand that he needs internet connectivity to successfully submit a request to create an account. John decides to delete your app from his device and leaves a bad review.
John really could have used an alert saying "You need internet connection to sign up to this app. Please check you are connected and try again". This would have made John a whole lot happier and he probably would have continued to use your app with all of it's amazing features.
More information can be found in the guidelines that Apple mentioned, and further to this, the Apple Design Principles Guide is an invaluable resource.
I hope this makes sense.

Intercept iOS Device internet traffic with profile

I want to create an a parental-control app very similar to Onavo, other than I'm not compressing any data, I'm just storing the URL being requested and letting it go on its way.
Basically, I just want to install a profile that will tell my app anytime an internet request is made on the device (assuming my app is running in the background). This is an even simpler version than what Onavo does (intercept internet actions and reroutes them), so I know it's possible I just can't seem to find any documentation for it...
Can anyone point me in the right direciton? Google is failing me.
I'm an intermediate iOS developer. Thanks!

Resources