I have developed a Blackberry Application and requested Blackberry for Signing Certificates, where in I have entered my Company Details. Then I have published the App on my client's Vendor portal but the app is shown on the name of company but when it is being installed, it is showing my company name instead of client company name. Will the blackberry devices shown the company details which are entered during the certificate generation? if so how can I publish another update with new certificate. Will Blackberry app world accept the update that is signed with different certificate? As I am from Android Background, I don't know this details.
If the problem is that, in the device settings/options, you're seeing this screen
with the name of your company (where my screenshot says BlackBerry Developer), that's not a result of using your code signing keys. It's probably a default in your (Eclipse) development environment, and you can change it without changing code signing keys.
Open up the BlackBerry_App_Descriptor.xml file, and change the Vendor: field to be your client company's name, not your company's name. In the xml, it will look like this:
<Properties ModelVersion="1.1.2">
<General Title="" Version="1.0.0" Vendor="MyCompany" Description=""/>
If you're talking about which company name is listed in the BlackBerry World store, that should be defined by what values you enter into the app (or vendor) description in the Vendor Portal.
Code signing keys are really just used by BlackBerry to identify who (which 3rd-party developers) are using protected APIs ... not to identify the apps' vendors to the users. This way, if apps are found to be using those APIs maliciously, BlackBerry will know which developer wrote the malicious code.
If you still want to know if you can change signing keys (out of curiousity), see this answer.
Related
I know this has been talked before, but I don't know if this changes with recent changes in the App Store.
I'm a freelance developer, and as such I develop apps for many different clients, each of which have their own Apple Developer accounts to sell their apps on the App Store.
I know I can't upload the app myself for my client (not without their private key) I'm looking for an "easy" way to get the app on the App Store with as less effort as possible for the client side.
Options I can think of:
Getting the private key and credentials for the client and upload it for them. But I would like to avoid that.
Client adds me as a member of their iOS team, set me as a developer for the app and I download the provisioning profiles and somehow send them a file they can resign and upload to the store.
I upload the app to my account and then use the new transfer funcionality to put it under the client name.
I don't know, there HAS to be a way, hasn't it?
EDIT:
I seem to have found a way, its described in my answer.
I'm sorry I didn't accept any of the answers yet, but I've been trying some stuff and I think I found a way, a little strange and probably not optimal, but it could work and I would like to share it with you to see if you think it's ok.
First: I'm a developer with my own Apple ID and developer certificate. I have my own apps on the app store.
Second: I also make client work and then I want to upload and manage the apps I do for them, to a certain extent.
Third: My client has to have their own developer account and it has to be a company account, which will allow them to manage teams.
This is what I think that works:
I ask my client to add me to their iOS Developer Team as an "admin". This is done through the member center. This allows me to create distribution certificates and distribution provisioning profiles, as stated in here.
After I accept the invitation (can't remember if I really have to) I log into the member center. It will ask me to select the team I want to use for my session (my own team or one of my clients'). I choose my client's team.
I go to Certificates and create a new Certificate for Production->App Store and Ad Hoc (I think there's a max of two per account, so if there are already two of them this option will be grayed out)
I have to upload a CSR file generated from my computer's keychain, following on screen instructions, and then my certificate is ready to download and use.
While I'm on member center I generate my AppID and then go to Provisioning Profiles and generate a new Distribution Profile for the App Store with my AppID and for the certificate just created.
That's it for member center, now I can download the distribution profile for the app I'm am developing for my client. Or let XCode 5 manage it.
Then I want to upload the app to the store and manage it with iTunes Connect with my own account.
I ask the client to iTunes Connect -> Manage Users -> iTunes Connect User and add me with a Technical role. This allows me to manage apps, but I wont see anything about banks, contracts, payments...
The problem with point 1 here is I already have an iTunes Connect account for myself with my email address and you can't have two iTunes Connect accounts linked to one email address. I could use a different address, but as I'm using gmail, I just use an alias. I give them the address: myemail+clientname#gmail.com
Once invited, I receive an activation mail and then I can log into iTunes Connect with that address and create apps and set them ready to upload.
Then I just have to go to Xcode, select my client's code signing identity (which is the certificate I created), the apps distribution provisioning profile (I created earlier too), archive, validate and submit to the app store with my alias for this client.
I've just tested it and it works.
It's not yet an optimal solution because when logging into iTunes Connect I can see every other app my client has and I could, potentially, delete something. But still, I think is a pretty good one for clients with no knowledge of XCode (or no interest in doing all this) but also wanting to keep their credentials and private keys secret.
I recommend asking the client to add you to his dev center team as well as a iTunes Connect user , you can then take over the uploading and make the app uploading part smooth.
If the client has a Mac and already knows how to upload apps.. you could just send xcode archive for him/her to upload.. this though might make the process slower due to communication/other things.
Transferring ownership isnt an optimal solution since after transferring, next updates would require client keychain and provisioning profile which will bring you back to step one.
I think the approach should vary for the technical ability for your clients. Having them export a "Developer Profile" of all the certificates would allow you to manage the process.
If they are comfortable downloading XCode and submitting the app then you can just become a member of the team or just send them the Xcode project with instructions to change the code signing in build settings.
Without a private key, you can't submit and sign the app.
Exporting a Developer Profile in Xcode 5
In the Xcode Preferences window, click Accounts.
Click the Action button (to the right of the minus button) in the lower-left corner.
Select Export Accounts from the pop-up menu.
You will then be allowed to password protect the .developerprofile
I'm currently in the situation of writing an iOS application for a client.
The client wants to submit the app (.ipa package) to the app store himself, with his developer profile. Mainly because he want to have his name in the App Store rather than mine.
Could this procedure cause issues? For example signing issues?
Thanks in advance.
The application has to be signed with the certificates for the account under which it will be submitted. Your options include handing over the entire project and source code when the project is complete, or, develop the project as a developer of their account with their development and distribution certificates.
There is another option : you could ask the login and password of your client. So you'll create a distribution profile for your Mac, and all the other components for your application. When app is delivered on Itune Connect, your client may change its password.
That way, you can handle everything for him, and that could be usefull if he's not very able with techno stuff, but still want to have an app with his name.
We have build an enterprise iPad App and now we want to give it to our employees. Initially when testing, we used ad-hoc distribution collecting all the test device's UDID and then creating the profile.
Now going live we want this app to be deployed in a secured web server and send the link to our employees, so that they enter the username and password before accessing the link.
There are around 500+ devices we need to install this iPad App. Do i need to collect all the UDID and then deploy the .ipa file, because Apple documentation says:
Create an enterprise distribution provisioning profile that authorizes devices to use apps you’ve signed.
If not that way, do the user needs to install the profile.mobileprovision file and then install the .ipa file?
We are still unable to decide how to deploy our app because of this issue. We would like to avoid the app approval process because it App handles a lot of sensitive data.
Can some one help me on this, how to do a OTA deployment for enterprise Apps?
As of December 2011, these are the steps:
Create a provisioning profile in your Apple Enterprise account
Set this as the Code Signing Identity under the Build setting of your app.
Make sure the Bundle ID matches that of the provisioning profile.
Select Product > Archive to build IPA file.
Click Share (aka Distribute) button after selecting your Archive.
Set Contents radio button to iOS App Store Package (.ipa)
Make sure Identity in dropdown is the one used from Enterprise account.
Click Next
Select the check box "Save for Enterprise Distribution"
For Application URL put in the URL that points to where the ipa file will be placed (example: http://oursite.com/myApp.ipa)
Click Save. This will save a plist & an ipa file for you.
Place these files on your server with a link formated like this:
<a href="itms-services://?action=download-manifest&url=itms-services://?action=download-manifest&url=http:/oursite.com/myApp.plist" id="text">
Go to this page from your device and click the link to install the app
Probably the best way to distribute your enterprise mobile app and then securely manage users, groups, data and devices is using a Mobile Device Manager (MDM) tool suite.
iOS provides specific APIs that support enterprise deployment via MDM products with API level features like Per App VPN connections that allow you to firewall a DMZ application server to only connect to a specific signed client iOS app. The vendors also provided authentication SSO integration and encrypted storage on the devices to sandbox your enterprise apps from other untrusted personal apps on a BYOD device.
Here's the Gartner 2013 review of MDM products:
http://www.business.att.com/content/whitepaper/Gartner-MDM-MQ.pdf
The 3 major players are now: Air Watch, Mobile Iron and Citrix XenMobile.
NOTE: I don't work for or have a vested interest in any MDM vendor.
There are two solutions
Try testflightapp.com
It does everything for you. It even has a SDK which I found very useful in debugging scenarios with logs and crash reports.
If you are looking to have your own hosted solution for the enterprise then
http://hockeykit.net/ is the best bet.
It has a client application which makes the upgrade process painless. It also have a server side code which you can deploy on your server.
https://github.com/TheRealKerni/HockeyKit
Update 2013-11-23:
We have been using Diawi happily for quite some time.
You can also use my shell script that will help you a long way with generating the necessary files and links:
https://github.com/sveinungkb/ios-ota-buddy
You do not need to manage UDIDs if you are using an enterprise profile.
To install an enterprise app you need a provisioning profile built with your distribution certificate on each device. See Does an iPhone Enterprise provisioning profile need to specify phone UUIDs like an ad-hoc provisioning profile does?
I've created tool (it's beta, so please be patient with it:)) for generating manifests from ipa file online:
http://manifest-generator.knejzlik.cz/
It generates plist with index.html file. All you need is to put content of downloaded archive to your site.
You can use InstallFish.com for this.
It allows OTA distribution for both IOS and Android. It also has a feature to automatically get the UDID and create your own appstores.
You will still need to provision them via your enterprise account but it makes the whole process of OTA installs much easier, especially for enterprise distributions.
You can use hockey, diawi etc. but sometimes you just want something simple that allows you to host it on your server. I was searching for a simple, basic php script that can do this but did not found any that suited my needs so I wrote a simple single php file server by myself and you can find it here:
https://github.com/leszek-s/LSIPASERVER
It has a list of all uploaded ipa files, upload page with password protected upload and each uploaded ipa has it's own page so you can send a link to specific uploaded ipa to someone. Feel free to use it on your own server.
Is it necessary to sign apps before deploying them to devices? Isn't there a workaround where we can deploy apps without signing?
It is possible to run an unsigned application on actual device, only if you did not use "signed API" classes.
In RIM API javadoc for every class there is information, does it belong to signed API or not.
For instance, Bitmap does not belong to "signed API".
But Display class does.
Excerpt from Display class description:
Signed: This element is only accessible by signed clients. If you intend to use this element, please contact RIM to establish the necessary agreements that will allow you to have your COD files signed. Signing is only required for use on the device, development under the JDE can occur without signing the CODs.
We have an iPad app that we would like to distribute internally. We're looking into "Enterprise Distribution". The set of requirements I have been given include that the method for distribution is to be that a user goes to a secure website from an iPad, logs in, and downloads the app. The app then works for them.
Users who do not have access to the website should not have access to the application. We can easily prevent them from downloading the app by forcing them to log in. However, it is not obvious to me that after they download the app (via an .ipa file?), that they couldn't just give it to someone else, something that is not allowed.
It looks like a way around this is to have Distribution Provision Profiles, which determine whether a given app will run on the device. However, it's not obvious to me that those couldn't just be copied as well.
http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf
Once you create the enterprise distribution provisioning profile, download the
.mobileprovision file, and then securely distribute it and your application.
Sadly, I don't know enough to know exactly what I should be asking, but here goes:
Can ipa files just be copied from one Ipad to another, allowing anyone to use any given app? (assuming there is no other protection on the app)
If the answer to 1 is yes, is there any reason to believe that .mobileprovision files will help me?
Every device has a UDID, a unique identifier. This is how Apple enforces the 100 development devices rule for individual developers. You collect UDIDs as part of the download process, issuing the provisioning profiles to registered users.
To answer your questions:
Yes, theoretically, without DRM or provisioning, an ipa can be synced to iTunes (or manually copied with third party tools) and then moved to another dewvice.
Yes, .mobileprovision files include UDIDs in them which are pretty much unique to a given device. (The exception may be on jailbroken devices, which, if I recall correctly, can spoof a UDID.)
EDIT:
Just to clarify, in response to your requirements:
The set of requirements I have been given include that the method for distribution is to be that a user goes to a secure website from an iPad, logs in, and downloads the app. The app then works for them.
I would add a middle step.
User logs in.
User submits device info
You create a provision for the device
The user then downloads the app and the provision.
This does not stop the user from giving out the app to others, but it's the best you've got. You can also require the user to log in inside the app, with the same email as the one used to register the UDID, theoretically.
It's now July 2012. Apple's documentation on how to create and distribute an Ad-Hoc iOS application remains stuck at iOS 3, is over-complicated, overwhelming, and often wrong.
With an Developer Enterprise Program license (and a fair bit of patience), you can create an .ipa file, which you can stick on your website.
Your users can then navigate to this webpage on their iPad's Safari, click on a download link to download and install your app onto their device. No iTunes required.
Your app will need (amongst other things) to be signed with a distribution certificate, which you create on the Apple Developer website, but my point is that once you have jumped through all of these badly documented hoops, you can just stick an .ipa and .plist file on a webpage, and ANY user can install your app with it.
Even your Aunt Gladis, who lives 200 miles away and doesn't work for your company.
Mind you, if Apple finds out that you have distributed your app to anyone who doesn't work in your company, they will pull your license.
Getting the Enterprise Account takes a lot of work. Apple will want your DUNS and possibly other proof that you're who you say you are (and that you're an enterprise).
Going the other route (individual developer) will allow you to post your app (make it free so your users will not have to pay!) in the store. Your app can require an account on your local service that no one outside your company will be able to acquire, which will prevent people outside the company from using it. The risk here is that Apple will reject your app for this reason.