I am trying to find a way to generate a pass for passkit on the device its self after it received the information to put in a pass over the network.
Does anyone know if this can be done / how to do this?
Refer to: https://developer.apple.com/library/ios/documentation/UserExperience/Conceptual/PassKit_PG/YourFirst.html#//apple_ref/doc/uid/TP40012195-CH2-SW1
Basically: Not easily (if at all), you need to be able to sign your pass using signpass, a command line utility in order to make it readable by devices. This will cause a lot of hassle and distress, as you can't run another process on iOS, and to convert the signpass code to run on the device might not be possible either.
What I would suggest is to sign your pass on the server/wherever the data is coming from, and send both the information and the generated .pkpass to the device. This is how it was designed, and how it should be used. Read the docs for more information, they're very clear.
Actually, Apple have stated the security problems when signing passes in iOS. This is because the certificates needs to be packaged with the app. And you don't want to expose certificates to users like that.
Just like WDUK suggests, implement a simple pass signing and distribution server that your app can request passes from. This is also very helpful when you want to update passes added to devices.
I'm sure you can find a server implementation that fits your needs on GitHub.
Related
Trying to figure out if it's possible to share my pass with another app produced by an independent developer team.
As per passkit documentation you have to specify team identifier for the pass which (I'm assuming) limits the scope of accessing pass when using method such as -[PKPassLibrary passesOfType:]
Additionally I found following excerpt in the documentation for [PKPassLibrary passes]:
Your app only has access to certain passes according to its entitlements. PassKit doesn’t return passes that your app can’t access.
What if I want another app to be able to access my pass programatically - is my assumption correct meaning it's not possible to share pass between two apps?
Thanks
Our iOS app has a subtle bug which is 100% reproducible on one of the team members’ device.
He is not a programmer, so he does not use XCode.
To investigate the bug, I plan to make a custom build with logging, ask him to launch it and reproduce the bug.
The question is where to write logs to and how to get them from his device with minimal friction.
I believe that logs must be written to some local file on iPhone, and then he send me this file say by email.
Are there any ideas how to make this sharing clear and easy for a non-programmer?
Little clarification:
In my concrete case I need to log a couple of (rather long) base64-encoded string.
The better way for your scenario is use slack, telegram or any chat application. Then instead log to the files, you can send log to a channel directly.
https://core.telegram.org/bots/api
https://api.slack.com/messaging/webhooks
In our applications, we write the log to the files, then server side supports the api to upload these files.
I'm writing an application which will be used in an enterprise, no outsiders.
This application should fetch data from API response and display it.
Each user has his own device, Ipad and should see only the data he is the owner of.
Problem i'm facing is identifying the device/user, so that API responds with only the information the user is supposed to see.
brief example of how it should work:
App is opened -> get unique id -> attach ID to API call -> receive appropiate response -> display data
As i imagine this ID should be static and not made upon installation of the app or generated.
I've tried getting UDID, Serial, MAC,- no luck, they're deprecated. Only managed to get .IdentifierForVendor, which is unique not in the way that i need.
So here is my question, are there any other options left?
Like fetching appleID name,email or should i make unique deployments for everyone separately?
Or a Log-in screen?
You could create a GUID for every App instance. However, apart from that you will have a hard time doing what you want.
These ways of identifying a device have been deprecated to ensure Advertisers and other malicious Apps cannot fingerprint a device easily.
If you don't want too much hassle authenticating everyone, you could apply a simpler scheme such as using a pin code, QR code, NFC tag or whatever you prefer.
However, if someone were to steal one of these enterprise devices and it would contain any secret information I would rather rely on something more secure as username and password, or even better something multi-factor.
Unique id's will have to be set by deploying the app from MDM. For example:
https://docs.jamf.com/9.9/casper-suite/administrator-guide/In-House_Apps.html
How should the application accept those variables, i dont know. Maybe it modifies .plist when deploying.
Solution i did was enforcing device name from MDM, so that users are unable to change it - and using that as the unique identifier.
I cannot find anything on Device check Api in iOS over here. However, let me draw your attention to the fact that, I wanna use and pass Unique ID from my iPhone app to the server always with the pretty much the same ID even after reinstalling the App. Eventually, I got to know that, Device Check Api is well suited for this purpose for the simple reason of Access per-device, per-developer. But I'm bit confused how to use it properly and can anyone help me with the proper and clear-cut guidelines including both front end and back end parts. It would be great if you help me with it. The Apple documentation link is provided here below for the reference, https://developer.apple.com/documentation/devicecheck.
Have you checked this? https://fluffy.es/devicecheck-tutorial/
It explains the whole thing and gives an example.
Edit: But as suggested by #Paulw11 DeviceCheck does not provide a Unique ID, it only gives you access to 2 bits of information (2 booleans really) by device by developper (not by app).
Not exactly a programming question but here it goes:
How can a company who is distributing passbook passes via email or web prevent a pass from being installed on more than one device?
I can not find anything about this on Apple docs. The only I can think of is to check on the device registration webservice whether the combination of pass type and serial has a device already registered and delete it , but I am not aware of any command to delete the pass remotely.
Another option would be to check if it is already registered prior to generating the pass but this would only work for URL distribution, not for email.
Is there any way to delete a pass remotely via push notification + update? Any ideas on how to solve this issue?
Mail and Mobile Safari will present any pass they are given and the user can decide to add them to their Passbook. There is nothing the pass creator can do to prevent it except to be careful about how the .pkpass files get handed around.
If you really only want to deliver a specific pass to a specific device you might consider a companion app that uses a custom API to communicate with the the backend and request the pass for that device that way. Then you have much more control than distribution via email or url links.
Apple frowns on trying to delete a pass programmatically; only users are supposed to delete passes because they added them. You can, however, update a pass to make it clear that is not valid and should be deleted. For example you can remove the bar code, if any, and use a background image with a big red "INVALID" on it.
Just to extend #ohmi's answer:
You cannot prevent passes from being installed on more than one
device - e.g. if user enables iCloud for Passbook, the passes will get
synced automatically across devices.
Considering your links to pkpasses are public, you may want to consider
introducing one-time download links, but while it can fill your
needs just fine, users can be really disappointed if it's impossible to re-add
passes that they manually deleted. So I wouldn't recommend such solution.
You can make you pkpass links kind of private, so only GET request originating from your application and carrying a specific value for specific header field (e.g. auth_token), will receive a pkpass file, however this way you almost disable pass distribution via email or via sharing URLs to passes and make pass updating probably impossible.