We use TestFlight to test our iOS App binaries internally and with beta testers.
When TestFlight sends out an email alert to a user that a test binary is available, the web page it sends them to automatically knows if the user is using a registered device, but it seems to figure this out while in Safari. How is it doing this?
It has to match up UDIDs that we've supplied to their tool (via their website), but I was under the impression that websites could not grab data like UDIDs. How is TestFlight figuring that out?
When registering a device with an account and installing the testflight profile. It then will store the UDID information it received via the profile installation process in a session (and probably a cookie) which then can be accessed from the same website URL. So whenever you go back to the website it checks for the stored information.
This is roughly how it is done, detailed implementation can only be answered by the developers.
Related
I'm a long time iOS developer and i've been out of the domain for a while now,
I've been assigned a new task in which i need to check whether it's doable on the appStore or not.
My aim is to create an e-book like application, where the user downloads the app for free from the appStore, and is requested to enter an access code provided separately outside the appStore.
So the app can be free on the store, and once opened an external ajax/php request will take place to authenticate the user.
Previously, apple forbid this kind of transaction, i am checking now to see if this situation changed or/and is now approved by apple.
Many Thanks!
Currently, our client's app is in the AppStore, but they want to distribute it to schools and universities. Also, they want the student when opens app first time would be already logged in.
There are tons of info on the internet but it's hard for me to compile it into something clear. As far as I understood first they should enroll in Apple School Manager and rise their own Mobile Device Management. Then devices should be registered on that server. After that server will be sending those commands link. Is that correct?
Also what concerns silent login. The only way to implement it that comes into my mind is to at the app launch send request with some specific data(but what?) and if this is the device under Apple School Manager then return token.
P.S. I hope this is the correct place to ask this kind of question.
I recently updated an app for a client and it's now ready for submission to the App Store. But after a talk with my client they told me that the previous version (not developed or submitted by me) had a kind of "password protection" on the App Store. They explained it as anyone could find the app on App Store but when you click "download" the user would need to enter a password (not the Apple ID password, more of a predefined password specifically for this app) to continue the download process.
I am used to submitting apps to the App Store, both paid and free, but I have never done this and don't honestly know how. My closest guess is that we need to upgrade the plan to an enterprise account, but from my understanding (and please correct me if I'm wrong) this will remove the app from the App Store search and only allow download from a link or file?
What way would you guys recommend?
Thanks in advance!
There's no recommendation.
What you think and whatever is running in your mind is completely correct. There's no way to set custom download passwords. The only way to download using appstore is to use the apple id.
Point your client to the apple guidelines and documentation's. Hopefully they should understand.
Very nice concern from security point of view but unfortunately Apple has not provided any such feature yet...
An alternate solution to your query:
You can't block user from downloading your app but you can block user from using you app with the help of AppLock feature (One time password authentication - when user uses your app for first time).
Set a Passcode/Pattern protected lock screen as a first/main screen of your application (immediately after Splash Scree) and only users can unlock your app, to whom you've shared passcode. (Note: Integrate passcode verification using web service/server, so you can reset passcode any time from server)
I hope this may be helpful to you...
Update
Here is more option, if you want to allow/restrict your app usage for specific region/country (listed on Store).
Distribute iOS app for specific region/territory
I submitted my app for review to start external beta testing and I got the response:
Guideline 2.1 - Information Needed
...but we are not able to continue because we need a demo account to
fully assess your app features.
The app requires verification by phone number (same as when you install whatsapp), and sends a message to the phone number, but there is no "demo account". Do I need to create an account which they can access, with a phone number, and a pre-set verification code in this case? The app is based on the contacts on the phone, so the "experience" won't work as it would for a user this way.
Thanks!
Yes create a basic demo account that they can login to - Apple is strict about this.
Once you are finished you can either update the information and email them back or handle it through the Resolution Center. I updated the app information in iTunes connect with the demo login information and replied to the rejection email stating the demo account information, shortly after that the app was approved for TestFlight.
They basically just need to be able to see as much as possible within your app, so even if what shows is minimal that is fine.
I'm building a server-side "push" notification capability for various (specific) iOS apps my company makes. I'm not a mobile developer. I understand there's a "p12" certificate I'd need, and that the mobile client must provide the "token" I use to initiate the push from the server.
Does anyone know if there's a pre-built developer/test iOS app in the store that will display a token, has a downloadable cert, etc., and will accept push notifications? I'd like to build the server-side out a bit before I try to plug in the real tokens/certs for my companies apps.
No there isn't, but there are 2 separated environments one for test and one for production.
Usually the app developer team should provide the certificates to the back end developer team.
Once you have your certificates you can integrate them in the backend.
Pay attention that certificates are app specific, they work only for a given identifier.
During test both the team should work together to see if everything work as expected.
Token can be track in a different way, in debug mode using real device by printing them in the console log or by using a particular configuration file, in both cases the device must be connected to Xcode.
You should ask the dev team if they can provide you a sample app that print the token on the device screen and that just send the token to the server to make your experiments.