I'm new to MacOS app development, and just getting around to hopefully releasing an app. I have two options - the Mac App store or do it through my website.
I would have preferred to do via the App Store but realized it has a "sandbox" requirement, and I'm flummoxed on what I should do.
My app requires heavy file/folder access. Some of the basic requirements are
ability to open and save files
ability to create folders (without prompting, as part of a process run)
ability for a backend process to access those files and run on it (e.g., if I added a markdown file to the app, and then run pandoc on it)
I can live with a user giving access to a base folder (and its subfolders) as kind of the app folder and I can work inside it. But being able to invoke a command-line tool installed on the mac, to run on those files, is paramount.
Can I do this at all? Or do I need to go outside the app store? I do not need access to system files etc and my app does absolutely nothing with any file except the ones within a project folder chosen by the user.
Any pointers to more recent documentation greatly appreciated. Kind of lost.
Related
I recently learned that it's a bad idea to store data you want secure in a plist, and it's better to store it in a keychain, since a user can get access to what is stored there.
This makes me ask what other data can a "motivated" user get access to from inside your Xcode project, once it is in the App store. For example, can someone download the core database of a project just by downloading the app? Or if you have a .csv file in your project folder which you use to parse data from, could a user download the original .csv file just by having access to the app?
This may be an obvious answer like "of course not, the user can't get any files from your project." But I'm fairly new, and I couldn't find any discussion about this, so I wanted to make sure that I am going about things in a secure way.
Thanks!
Apps on iOS are "bundles", which just means they're a directory with a name that ends up in .app. Any file that you include for your app to use ends up in the bundle, and a motivated user should be assumed to have access to everything in the bundle. This includes any data models, CSV files, images, sounds, etc, that you include as well as compiled storyboards and so on. Decompiling code is challenging but reverse-engineering data models is easy.
Here's how you can have a look:
Compile your app.
In Xcode, go to the file browser on the left. Under "Products", find your app.
Right-click on the app entry and select "show in Finder".
In Finder, right-click the app and select "show package contents".
Now browse the bundle contents and see what's there.
This isn't the same thing as saving data, it's what comes built in to your app. Saved data is also mostly available. Keychain data should be unavailable because Apple encrypts it and keeps it separate from the app.
A "motivated" user has access to everything that ends up in your app bundle when Xcode packages the app for upload. Look at the "Copy Bundle Resources" Build Phase of your project to get an idea which files are copied in addition to your compiled code.
We are packaging our app for drag and drop installation DMG as following:
Application Name/Application.app
Application Name/Readme
Application Name/Examples/...
Application Name/Documentation/...
And user is supposed to d&d Application Name Folder to /Applications/.
Everything is code signed including DMG.
From most information I read this should be enough to prevent app translocation happening, but for some reason it isn't for some of our Sierra users?
The solution for them would be beside d&d folder to /Applications is to do another drag & drop (move) Application.app somewhere and back to /Applications/Application Name/ or move only Application Name/Application.app overwriting /Applications/Application Name/Application.app.
Now the question is why do only some users have this issue, and shouldn't code signing dmg prevent app translocation from happening?
I verified they have selected Allow apps downloaded from Mac App Store and identified developers.
I had this same problem on my side and had to go get some help via DTS, so I thought I'd repay the favor by replying here:
To avoid translocation, it turns out that not only is the disk image DMG supposed to be signed, but the file format for the image needs to be very specific: UDRO.
You can see more information about UDRO when you look at the man page for the hdiutil command line tool.
I have made an app that displays my website from a UIWebView and it takes you to a store that you can download files. My question is that I need to download a '.zip'file from my website using the app to the IPhone. Heres is my problem. I don't want the file to goto the App's Document folder, I want it to goto a folder that is outside of my applications folder. Here is an example path I might want my file to goto EX:'var/mobile/Library/Downloads'. If there is not a way to download the files to a path outside of the app's folder, is there a way to transfer the specific file that I have downloaded from my website using the my app to another folder that is not located in my app's folders? I know this can be done because I have used apps that have done this, of course they were apps only available on Cydia. This is also an app that will be used for Jail-broken users just for your information!
Thanks for any help!
Any "regular" iphone app runs in a sandbox that prevents access to system wide directories. Practically, you only have access to the app Home Directory.
Unless you go for a jailbroken app, you have no other options than storing to the App docs folder.
Read "The Application Sandbox" and "The File System" [here] for more details1.
EDIT:
I am not an expert on cydia, but the general idea is gaining access as root and then write to where you need to. This can be done by replacing your app with a suid shell script that will in turn exec your app (which will have root privileges now and then be able to go out of the sandbox).
For more info look at this.
Hi have noticed today whilst writing a simple iPhone app that Xcode sometimes starts a new folder in applications, whilst your still working on the same app.
/Users/Fuzzygoat/Library/Application Support/iPhone Simulator/User/Applications/4E5EF4F0-F410-46A6-888C-0D23BB97D2DC
Does anyone know what causes Xcode to swap to a new app folder (i.e. the one named "4E5EF4F0-F410-46A6-888C-0D23BB97D2DC")
EDIT_001: One thing I have noticed is that I have been doing a lot of quitting an application and restarting to check a set of archive methods, and that does tend to confuse it sometimes. A couple of times it has not found saved data, I guess this is just a side effect of constantly running the simulator over and over via Xcode. Things seem to go just fine if I test on the Simulator without Xcode, for a start the folder keeps the same name.
NB: I am using NSSearchPathForDirectoriesInDomains to get the documents folder each time.
gary
For security reasons, iPhone OS restricts an application (including its preferences and data) to a unique location in the file system. This restriction is part of the security feature known as the application’s “sandbox.” The sandbox is a set of fine-grained controls limiting an application’s access to files, preferences, network resources, hardware, and so on. In iPhone OS, an application and its data reside in a secure location that no other application can access. When an application is installed, the system computes a unique opaque identifier for the application. Using a root application directory and this identifier, the system constructs a path to the application’s home directory. Thus an application’s home directory could be depicted as having the following structure:
/ApplicationRoot/ApplicationID/
During the installation process, the system creates the application’s home directory and several key subdirectories, configures the application sandbox, and copies the application bundle to the home directory. The use of a unique location for each application and its data simplifies backup-and-restore operations, application updates, and uninstallation. For more information about the application-specific directories created for each application and about application updates and backup-and-restore operations.
see The Application Sandbox
I know it happens when you restart the simulator. At least, that is when I have definitely observed it.
The developer docs tell you that the path can change without warning and to never depend on it. This is part of the iPhone's security system which prevents malicious apps from using hardcoded paths to find and exploit system resources.
I would like to make an app that will manage some files on jailbroken devices like SMS, Notes .db, but I have problems with accessing such files. I've also made just to test my skills, similar application like your file manager and I could browse almost whole file system and access everything except some folders in /var/mobile/Library/. I get a list of contents of /var/mobile/Library but I get nothing in subdirectories like /var/mobile/Library/Notes/, /var/mobile/Library/SBSettings/, and btw what is most important in my case: /var/mobile/Library/SMS/ or /Notes/ displays nothing.
Of course when I browse my device by SSH using Fugu I got everything and have access to everything (like chmod i.e.)
I would be great if you please give me some advices or source code what should I do to have, I guess the root's privileges, not only to access those files, but also change their permissions and names.
I know how to make such operations using typically NSFileManager, but not on files from the directories above like /.../SMS/.
I've never developed an application that strictly need jailbroken device to perform the given tasks. I believe I will need some extra libraries? Is it true? Can I use Xcode or there is something else to develop such apps.
I would be very grateful!
Even when jailbroken, applications installed via Xcode or the App Store are still sandboxed. To get read-only access to the entire filesystem, an application has to be installed in /Applications/ instead of /var/mobile/Applications/. To get write access to the entire filesystem, the application would additionally have to be owned by root and be flagged with the setuid mode