I am developing an application which is going to be branded to for different clients. For some clients I will release the application myself using my developer account # apple, but some clients want to release the application using their own developer account.
Off course they can create an account for me which I can build the application with, or I could give them the source code of my application and let them do it them selfs.
BUT, what if I want to do neither of those solutions? Is there some way that I could build the application on my computer for the client with maybe the Bundle identifier that doesn't exist yet? (e.g. com.somecompany.appName)?
I am skeptic to "give" away my source code to the client.
How can I share my app with the client without sharing the source code?
If the client has an Intel Mac and an iOS developer account, then one common way to do this is to put your app's code mostly inside a static shared library, with a few pages of wrapper code to start it. Then give the client an Xcode project containing the library object code (of your "secret" ingredients) plus the public wrapper source code. The client can launch Xcode, select their Distribution provision, hit build, then submit the results.
This technique optionally also allows the client to modify icons, appIDs, etc., but still not see the source to your shared library.
Why don't you use the login provided by your client to do it yourself without giving away your source code. Or just request a distr cert en sent a zip back to your client.
It helps to have all your information ready. Appstore Submitting Template I use. http://loughnanedevelopment.blogspot.com/2010/08/app-store-submitting-template.html
Related
I've frequently heard that the main issue we need Firebase security rules is because an application contains all the configurations needed to connect to the database and thus users could do something like db.delete('*'), read/write whatever they want, etc. etc.
I can see how this is possible on a web app, as you could check out the requests being sent over the network and thus get the endpoint needed to connect to the database, but, on an iOS app, how would this be possible?
For instance, say I created some chat app with Firebase and released it to the App Store. When a user downloads it, how would he/she gain access to my database through an API other than the buttons etc I provide with them with? Is there something equivalent to the "Network" section in google chrome that shows all outgoing requests, and, from, this they could send a malicious request to my database? Would this require installing 3rd party software onto their device to see all outgoing/incoming requests and they could get the required endpoint/database connection info from there?
Thanks.
When a user downloads it, how would he/she gain access to my database through an API other than the buttons etc I provide with them with?
It's not hard to reverse engineer the contents of the IPA file to get both the configuration you provided, and also see what the code is that queries the database. The IPA file can be obtained pretty easily - there is not much protecting that, given the user effectively has full control over the device (e.g. jailbreak). Given that information, it's possible to simply invoke the public Firestore REST API to not just duplicate all the operations in the app, and but invent operations of their own.
I've been searching for a way that if there's any way that an app can push / pull a message to / from another app, assuming that both apps have been installed. I have a feeling that probably that it is not possible, but would like to confirm with SO.
Basically, I'm going to develop two apps, app1 and app2. Let's assume that a user always downloads both of the apps (or, I've found previous discussions over SO that it is possible for an app to figure out if another target app is installed assume it makes Uri registration.) App1 would generate some information and have to pass to app2. One way to do it is that I can have an external server as a relay, and both apps can talk over network. However, is it possible to pass information locally from an app to another app, just like Service in Android? It would be appreciated if you can give me a keyword or a link. I read it further. Thank you.
Your solution is the App Groups Entitlement.
For files see: https://developer.apple.com/documentation/foundation/filemanager/1412643-containerurl
For NSUserDefaults see: https://developer.apple.com/documentation/foundation/userdefaults#1664611
I'm new to mobile app development, I've been tasked with making an app and so I'm now starting my voyage of discovery. I am coding the app in Visual Studio 2015 with Xamarin using a Mac Book Pro as the client for testing, all our data is stored in a database in our Azure portal. The app I am making is for iOS.
I've read the documentation but I'm getting stuck in certain areas and I think it's down to not understanding what is needed based on conflicting documentation or my own failure to grasp the concepts outlined.
All I am looking to do at the moment is have my app grab data from my azure database and display it in a list/table.
The steps I have taken so far are:
I have created a very basic app within visual studio with a
storyboard and a navigation item that points to a table view(where I'd like my data to be shown).
I created a Mobile App in my Azure account(as per documentation).
I have set the above mentioned mobile app to use my current existing database and supplied it with the username and password which all seems to be ok.
I am now at the point I need to get my app to talk to this mobile app and grab some data from my database. The todo example is ok but it's not quite enough to get me up and running or more specifically it's not in quite the right context for my setup and I think it's causing confusion.
There seems to be a few ways to set the project up for data access but I'm not sure what would be best.
Can anyone assist?
You are nearly there.
Instead of connecting directly to your database, you connect to your mobile apps API which then connects to your database, handles your request, and sends the data back to your app. You need to code this backend first so it is able to handle your requests. Take a look at this tutorial, it is really good :
https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-dotnet-backend-how-to-use-server-sdk
You will access your Azure Mobile App with the Azure Mobile Client SDK nuget package.
A complete guide to do this can be found here: https://developer.xamarin.com/guides/xamarin-forms/web-services/consuming/azure/
There is also this podcast: https://blog.xamarin.com/podcast-building-connected-apps-with-azure-mobile-apps/
We have an App that is normally used with login + password.
But when we want to deploy this app to a customer who has airwatch (which we can handle things through their API), what would be the way to push individual creditals to the Mobile Devices through the Airwatch integration?
Or can I push the App to the iOS Devices with pre-configured individual credentials through Airwatch?
The Apple EMM Features seem to cover this topic, but they don't have examples how to do this without the help of an MDM.
You can achieve this by using App Config. Simply put the following lines of code in your iOS application and push the app through MDM defining the same key and value in the app config section of the app publishing:
code:
obj-c
NSString *value = [[[NSUserDefaults standardUserDefaults] dictionaryForKey:#"com.apple.configuration.managed"] objectForKey:#"key"];
swift:
let value = UserDefaults.standard.dictionary(forKey: "com.apple.configuration.managed")?["key"]
Here is what I have done to make it work with AirWatch. This concept uses "App Configuration" mechanism provided by Apple's MDM Protocol
Login to Airwatch Console
Click "Apps & Books" section
Click "List View" under the "Application" Tab
Here we have to add the application, which needs custom info(in your case it is credentials). It allows you for both AppStore apps as well as Internal(Enterprise profile signed) app.
Click on the application which we just added
Look for option "Assign", this is like a app-delivery-configuration profile.
If you dont have one already, create one with what ever config details you need
In our context we need to Enable "Application Configuration" Tab, which will enable us to enter key-value pairs. Here we can enter any custom key-value pair parameters.
Then click add, then Save and Publish.
Now the app should receive these custom key-values pairs in com.apple.configuration.managed in NSUserDefaults dictionary.
AppConfig is definitely the way to go if you want to push individual configuration parameters (like username / password) to an app distributed and managed by AirWatch.
You can also consider certificate-based authentication (CBA) in which case the App would present a client authentication certificate to your backend web service instead of username / password. Pushing a certificate down to an App via EMM requires the integration of your vendor's (AirWatch) SDK. There is something called Application Profile you might want to research about if you decide to go down that route.
Let me know if you want to know more about CBA in mobile Apps and how to manage the certificates.
Mr Gosh, See the ACE program. You may find guidance there. All apps loaded in Airwatch for distribution can send configuration data. To what extent I'm unsure. http://appconfigforenterprise.org/
The program is multi vendor, and meant to be a clearing house for standardizing app config with MDMs. I hope this helps.
I am trying to implement SSL mutual authentication in an iOS app.
In most of the examples that I have seen, the client certificate is bundled with the application package. But in my case, I need to load the client certificate remotely (i.e, from a link or via email).
If I try to load a certificate from an external source (i.e, mail app), it navigates to settings app and install it to the apple's keychain. So this certificate is not accessible with my app.
So anyone please suggest an idea for this ?
I built a system like this in our internal iPad app.
Forget the System preferences, profiles, etc. All certificates installed in this way are inaccessible to third party apps but only to the system apps, probably because are installed into the Apple keychain.
I have explored these three methods to load the certificate and used the last one:
Bundle into the app, as you have already seen is impractical
Send a file from another app (e.g. email)
Use a link to download (what I did)
FOREWORD
I think you have built your simil-PKI, with a CA, an automatic/manual way to issue/revoke certificates, etc.
So the problem is the delivery to devices.
For all the solutions I suggest to save the private key and cert in PKCS #12 format with a strong password.
Use an MDM to manage the devices and if your app is internal and will be used with company's devices supervise them for added options
(e.g. Meraki, is free but do not handle the ManagedAppConfiguration)
SOLUTIONS
Solution 1)
Impractical because is very hard (to impossible) to generate different versions of the app with specific certificates. Not to mention that will be nearly impossible to handle the distribution of a specific version on every single device of the users.
Solution 2)
Save the .p12 file
change the file extension to a custom one
register that extension to open with your app, so in the "Open in..." will be listed your app
"Open in" for specific document type
The safest way should be that the user can select the password to encrypt the .p12 file so when the p12 will be opened the user must enter his password but this lead to other work to make it work.
A less safe but working method is to use a single strong password embedded in the app and use that for all .p12 files
Solution 3)
Similar to 2) but you download the file directly from a specific URI of your web application, this allow some automatic configuration because the app can identify himself.
Basically these are the steps:
the app connects to a specific URL of our application via HTTPS.
checks that the server certificate is correct (trusted origin).
send something to authenticate.
In our case I use the device name that I set up during device preparation and I can change it remotely using MDM.
download the configuration bundle with the certificate in it
I use a JSON payload to send the PKCS #12 file base64 encoded and other data to config the app.
If your MDM supports ManagedAppConfiguration you can change a bit these operations to build a more flexible behavior:
With ManagedAppConfiguration you can send a specific string inside every app NSUserDefaults remotely, so you can use a different or temporary URLs/tokens to download the config bundle and ditch completely the use of devices name for authentication.
WWDC 2014 #704 - Building Apps for Enterprise and Education ~13:00
Apple Developer - ManagedConfig Sample App
ADDED PARANOIA
log everything! Everything that this part of the app does (failed/wrong requests, not existent device names requests, etc)
the configuration URL is activated/deactivated only when we need to configure new devices.
You can done this a lot of ways, my webapp checks for the presence of a specific file so I can do something like touch APP_CERTIFICATES_CONFIG_ENABLED to activate the auto-configuration service and disable everything deleting the file.
Just to be sure that no certificate will go around without my supervision.