Can’t submit file for Facebook App Approval - facebook

I’ll set my outrage with the way this process works (to whom can I speak?) aside for the moment: we are attempting to provide FB with a link to our ~200 mb app for approval. We have been rejected 3 times because they are incapable of extracting our zip file (they request a zip for some unknown reason — it has minimal size impact).
Some detail: we are linking to the zip on our Dropbox. We have removed all punctuation from our app title (Pandamonium!.app becomes Pandamonium.app). We have eliminated spaces from our source folder. I thought all these could be causing a problem with iOS-sim.
I’m not sure what is left to do, but I am hoping someone can present a clear set of instructions (NOT THEIR INSTRUCTIONS, WHICH I HAVE READ) they have followed particularly if you have met similar snags or ANY ideas for resolution. All they send me is useless screenshots of their simulator unable to open the app which I have simulated and opened successfully daily with iOS-sim for the last week.

After a great deal of trial and error I found that using Facebook's command-line instructions was what was causing the issue. You should just compress your .app file in an ordinary fashion (right click and compress -- I used a Windows computer just to make sure everything was copasetic after reading about bizarre Mac .cbgz compression issues).
Regardless, in summary, I can now see why no one else has had an issue with this: it's because no one reads their instructions and rather just creates their .zip files in the ordinary way; unsurprisingly, you're better off using your common sense rather than listening to others.
Aside: ironically, after being told my use case was fine and the only issue was not being able to unzip, Facebook (India) has now told me they couldn't find my login button (which is gigantic, in multiple places, and clearly described in my instructions). This process is an absolute joke. I wish anyone going through this hell good luck.

Related

Software Signing and antivirus blocking

I'm a software developer who works as a freelancer, and my question has two parts.
First part:
I was working on a project then out of nowhere while testing on windows 10 VM windows security start blocking my app, I have a legit Bitdeferter and Malwarebytes on my main machine, and when I scanned my app (the EXE file from C# project) everything is clean, yet when I uploaded the file to virustotal.com it shows 5 detections
I start doubting my code and NuGet packages (I use Microsoft.AspNet.WebApi.Client and Newtonsoft.Json) so I removed them and to my surprise, I only got 2 detections out of 5.
I even create an empty Console app and still get those 2 detections, and my main machine still shows nothing as a virus.
So does that mean that my app is good but needs to be signed?
Second part:
If my issue is just a signing certificate, do I need as a developer to obtain that or my client, and then I only sign his/her app under his/her certificate?
Thank you.
Many engines treat VirusTotal samples very harshly, and any new executable has very low reputation (never having been seen before).
Therefore you will get lots of false-positives from VirusTotal when looking at your own new binary.
Signing is likely to help somewhat - at least there's a chance that you can build reputation in your certificate rather than each binary separately.
As far as I know, you get the signing certificate for you as a developer, although that might be different if you are providing source code and the client is building the end executable.

Packaging a GWT app to run completely offline NOT installed via a "marketplace"

Theres a few questions similar to this, so I'll try to be clear as possible.
We have an existing, fairly large and complex, GWT webgame I have been asked to make work offline. It has to be offline in pretty much the strictest sense.
Imagine we have been told to make it work off a CD Rom.
So installation is allowed, but we cant expect the users to go to a Chrome/Firefox store and install it from there. It would need to be off the disc.
Likewise, altering of the browsers start-up flags would be unreasonable to expect of users.
Ideally, it would be nice if they just clicked a HTML file for the start page and it opened in their browsers of choice.
We successfully got it working this way in Firefox by adding;
"<add-linker name='xsiframe' />"
To our gwt.xml settings. This seems to solve any security issues FF has with local file access.
However, this does not solve the problem for Chrome.
The main game starts up, but various file requests are blocked due to security issues like these;
XMLHttpRequest cannot load file:///E:/Game%20projects/[Thorn]%20Game/ThornGame/text/messages_en.properties. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource.MyApplication-0.js:34053 com_google_gwt_http_client_RequestBuilder_$doSend__Lcom_google_gwt_http_client_RequestBuilder_2Ljava_lang_String_2Lcom_google_gwt_http_client_RequestCallback_2Lcom_google_gwt_http_client_Request_2 MyApplication-0.js:34053
Now I was aware same origin policy issues might popup as during development we often tested locally using flags in chrome to bi-pass them.
Thing is...now I dont know how to get around them when we cant use startup flags.
Obviously in the example given its just the .properties file GWT uses to get some language related text. I could dump that inline in one way or another.
However, its only one of many,many,many files being blocked.
The whole game was made to run off *.txt game scripts on the sever - to allow easy updating by non-coders. Really the actual GWT code is just an "engine" and all the XMLHttpRequested files supply the actual "game".
These files are of various types; csv, txt, ntlist, jam.
The last two being custom extensions for what are really just txt files.
All these files are blocked by chromes security. It seems from what I can make out only images are allowed to be accessed locally.
Having all these files compiled in would just be impossible, as they are not fixed in number (ie, one central .txt file determains various scene .txt files which in turn determain various object files and directory's...).
Putting all this into a bundle would be nightmare to create and maintain.
So in essence I need some way to supply a offline version of a GWT project that can access a large number of various files in its subdirectories without security issues.
So far all I can think of is;
A) Theres something I can tell chrome via html or gwt that allows these files to be read in Chrome like FF can. (I suspect this isn't possible).
An alternative to XMLHttpRequest maybe?
B) I need to somehow package a game+a webbrowser in a executable package that has permission to access files in its directory's. (http://www.appcelerator.com/titanium ? ?? ).
C) I need to package and have the user run a full webserver that can then deliver all these files in a XMLHttp accessible way.
D) Bit of a funny one...we cant tell the user to add flags to browser start up...but Maybe I could write a game installer which just detects if they have Chrome or Firefox. It then opens up the games html in their browser with the correct flags for them? This would open up security issues if they browse elsewhere with that instance though, so Id presumably need other flags to disable the url bar if that's possible.
I am happy to make various changes to our code to achieve any of this - but as mentioned above theres no way to determain all the files needing to be accessed at compile time.
And finally, of course, it all has to be as easy as possible for the end user.
Ideally just clicking a html file, or installing something no more complex then a standard windows program.
Thanks for reading this rather long explanation, any pointers and ideas would be very welcome. I especially will appreciate multiple different options or feedback from anyone that's done this.
========================================
I accepted the suggestion to use Chromiumembedded below.
This works and does what I need (and much much more)
To help others that might want to use it, I specifically made two critical changes to the example project;
Because CEF needs a absolute path to the web apps local html, I wrote a c++ function to get the directory the .exe was launched from. This was a platform specific implementation, so if supporting a few OS's (which CEF does) be sure to write dedicated code for each.
Because my webapp will make use of local files, I enabled the Chrome flag for this by changing the browser settings;
browser_settings.file_access_from_file_urls = STATE_ENABLED;
These two changes were enough to get my app working, but it is obviously the bare minimum to make a application. Hopefully my finding will help others.
I'd suggest going the wrapper route. That is, provide a minimal browser implementation that opens your files directly. Options are Chromium Embedded[1]. If the nature of the application absolutely requires the files to be served as non-file urls then bundle a minimal webserver, have the on-disk executable start the server and open the bundled browser with whatever startup arguments you want.
[1] https://bitbucket.org/chromiumembedded/cef

Packing an Actionscript (Flash Builder) application for iPhone

Recently I tried to build a flash application in Flash Builder, and I wanted to export it to my iPhone. I have gone through all the required steps in order to certify my application.
Now, with all that done, all that was left to be done is building the ".ipa" file in Flash Builder. Now, this gives the following error:
'Launching TestGame' has encountered a problem.
Error occurred while packaging the application:
NotBefore: Wed Apr 11 18:52:40 CEST 2012
Google didn't give me a decent answer, nor does Adobe's information regarding mobile application development. All I can think off, is that I can't build the application before that date. That's ridiculous, I can't imagine a certain check like that.
I'm pretty sure my ".p12" key file is generated correctly.
Is anyone else familiar with this error? Please, be so kind to guide me in the right direction.
Kind regards,
Matthias.
The error occurs because the compiler didn't find the files under the corresponding directory such as debug-bin or release-bin folder. (explains from: http://forums.adobe.com/thread/893772)
For example, if you are doing a debug-build, and you didn't select the project option: copy non-embeded files to the output folder. And debug-build needs some files such as icons files under the debug-bin folder, and it couldn't find it.
Solution: select project compiling option: the copy non-embeded file to the output folder.
Try again, if still not you will need to try the ADT build to get more details http://help.adobe.com/en_US/air/build/WS901d38e593cd1bac35eb7b4e12cddc5fbbb-8000.html
I suggest compiling from command line. I'd ported an AIR app to iOS and compiled using adt dirrectly (without FB or whatever), and there were more meanful messages then yours. Take a look at the manual on how to build ipa wit adt. The other advise is to check your iPhone node in app.xml (take a look here) and icons.
The "error" was thrown because the certificate wasn't valid yet. It became valid on the date shown above.
You could also fix the manifest file in the iOS developers center.
This problem does come up more often than needed. The error reporting is lacking distinctions but is also difficult to asses since there can be many factors causing this error. If it was one factor or even just a few then it would most likely let you know.
A great way to ensure that the error reporting can do its job and tell you where the problem is is to check your error log. It will tell you at least a few of the places that threw the block.
If you are unable to read those strange glyphs then just ensure that all your resources are being packaged. This does mean a little time of list checking but it is well worth it, for the errors and to get rid of development junk.
The first step in the asset list check is to go through each part of your Assets class (flash builder reference). If you do not have a direct Assets class then you may want to make one and move all of your asset calls to that one class - since it will save you time if this happens again.
Your Assets class is not the same as your Assets folder. Your folder is where the files are stored - i.e. images, bitmaps, sounds, etc. Your Assets class is what categorizes and assigns references to each individual file.
Go through your Assets class to ensure that each of those files exist in the folder as well. Then go to the Project menu (top near Navigate and Search) and select Clean. Either clean all your projects or check the current one. Once this is done you need to click on your Assets Folder (right click or highlight and hit edit or whatever), and select Refresh. This will check that all the files are still there and get rid of/update them.
If none of this throws an error -red X- or other errors then you need to check your project .xml file. This may take you some time to ensure that all of your add on packages and details are correct. Make sure you have the correct:
at the top and it matches your current air release.
Make sure all the filenames, names, ids, version numbers, aspect ratios, fullscreen, visible, icons, extensionIDs, and everything else are not only correct but actually there. Most of these statements should have something written and not be blank. If they are blank find out what to put in.
Ensure that you have the proper icon file extension. If it says assets/icon48.png and the icon48.png is actually in assets/pictures/images/icons/toomanyfilesextensions/whatever/icon48.png
you need to fix that link.
The last thing that you will need to check is when you want to either Release Build or Debug. You need to make sure that all assets are checked and selected.
Go to Project - Properties.
then select ActionScript Build Path.
Click the Native Extensions tab and see if there are any red X's. If there are tap the little arrow beside them and see what the matter it. Add the correct ANE or get rid of it or whatever you need to do.
Then in the same menu go to the left and select ActionScript Build Packaging. A little arrow should be beside that one too. Tap the arrow and it will open to Apple iOS, BlackBerry, Gooogle and whatever else you have (probably nothing more). Select the OS your want to use, lets say Apple, and you will have 4 tabs pop up. Make sure you have the correct certificates selected. If you have none or are confused about this you need to spend some time on Google.
The biggest one for this error is under the Package Contents tab. Most people miss this!
Open the tab and see if anything is not checked. There will 99.99% be something or many of them not checked if you are getting this error. Just check them all and you can figure out what you need and don't need later. Some of them will be listed because you just threw in a bunch of ANEs and .SWFs to have some awesome app. Those add on packages will throw in unnecessary contents into this package. That is fine and don't worry until you want to be picky. Just make sure they are all selected and hit Apply and Ok.
That's it. You should have a working Release Build if you did everything else correct and this error should be easy from now on (but time wasting).
You may get a 'slip' error now, but that is another story. But that is a great sign because you are getting closer to that stupid mistake that we all make: the elusive spelling mistake.

iOS code signing fails: "A sealed resource is missing or invalid."

I have been with this problem already 8 hours unable to solve it.
Whats Cool JLD$ codesign -vvvv build/Distribution-iphoneos/Whats\ cool\?.app
build/Distribution-iphoneos/Whats cool?.app: a sealed resource is missing or invalid
/Users/JLD/Desktop/iOS Development/Whats Cool/build/Distribution-iphoneos/Whats
cool?.app/Whats cool?: resource modified
I have tried the solutions posted on all these threads to no avail:
https://discussions.apple.com/thread/1590980
https://discussions.apple.com/message/9167082
http://www.iphonedevsdk.com/forum/iphone-sdk-development/2256-application-failed-codesign-verification.html
https://forums.macrumors.com/threads/entitlements-plist.584209/
How to solve "Application failed codesign verification" when uploading to iTunes Connect?
I even tried recreating the whole project again redoing all the IB connections and nothing works! It builds everything, but it is unable to code sign it! So I'm unable to upload it through the AppLoader.
I am doing all these following the instructions found at the provisioning profile on the Distribute application page.
https://developer.apple.com/ios/manage/distribution/index.action
I even tried building from another Mac. I have my distribution profile and my distribution certificate both set to WildCard. But it still doesn't work. I made a new app under a different name with another Bundle ID to no avail. I don't know what to try anymore!
Thank you future problem solver! I know you are there so come to my aid, I'll thank you forever!
UPDATE: I tried to make the new project from scratch. Copying the source code and remaking all the connections on IB to no avail. I even followed this link with instructions:
http://techiechok.com/2009/03/30/resolving-iphone-code-signing-error/
Unsuccessful. I don't know what else to do. I'm even considering using one technical incident to solve this problem once and for all.
I just experienced this error trying to sign an archive with Xcode 4 on Lion. The problem turned out to be related to the fact that the archive had been zipped on one machine and transported to another --- the zip utility did not support symbolic links, and the app code signature uses a symlink inside the bundle, so the unzipped archive was invalid.
Possible solutions are:
Use the Finder's contextual (ctrl-click/right-click) menu and choose "Compress" to create the zip file, or:
Use the command line version of zip and provide it with the -y argument to preserve symbolic links.
This isn't a specific answer I'm afraid, but something you may not have thought about.
From your command line snippet, it looks like you're code signing your app bundle after it's been built. Are you moving the bundle (.app folder or maybe an IPA or ZIP file) from another machine, or from another drive? I've had problems with moving app bundles between file systems that don't support symbolic links properly. Are you using a network drive, or have a local drive that's not formatted for Mac OS.
Solved. The problem was a '?' character on the product name. Shouldn't be like that but that's how it is. Nowhere apple says that that makes a codesign verification issue.
Apple's new APFS file system has some bugs to process unicode characters and it is causing the issue.
Moving the whole project to the legacy MacOS Extended volume and archiving again solved the issue.
Another problem could be your app contains image file name with none English characters in your app. Such as 'ş ç ğ'. If you remove those images or change the file name it will proceed.
I passed days on this problem, for me it's because the name of the application contains arabic caracters :(, So apple on xcode 12 doesn't accept arabic caracters ? on xcode 10 i publish without any problem
it's very complicated to be a developper on ios
In my case, I got that error because the disk image I created to distribute my app ran out of space and ditto did not copy all files from the build folder to the disk image. As the script I used generates so much noise, I missed the warning of ditto that it ran out of space in the target disk image. Unfortunately, ditto should have aborted the whole procedure, instead of burying the warning into a myriad of other paths of smaller files that it managed to copy.

Submitting application update to iTunesConnect (madness!)

iTunes connect keeps rejecting my binary for an application update and it's driving me mad. Usually I can figure it out but I've tried everything I can think of. Maybe someone can lend a hand :)
The error I'm getting is:
The binary you uploaded was invalid. The signature was invalid, or it was not signed with an Apple submission certificate.
I am uploading an updated version of my app to the store. The current version is 1.0, this new one is 3.0. Here's what I've tried:
Zipped the app bundle with the
command line (I've heard the Finder
zip utility can be bad sometimes)
Checked my app is signed properly
with $> codesign -vv myApp (says
"Valid on disk)
Checked in the build
log for the correct provisioning junk
to be there
Made sure in my
Info.plist file the CFBundleVersion
and CFShortBundleVersion are
incremented from my current version
That's what I can think of to check so far, and everything looks good as far as I can tell.
Now I've read somewhere in the Portal that says you must sign updates with the same Distribution Cert as before, and I am (I think). However I have to sign with a new provisioning profile because the old one I used for App Store has expired (or something, I don't know it just won't work).
Things to know about my situation
This update is actually a complete re-write from a new template, BUT I've made sure I'm using the exact same App ID (wildcard) and bundle indentifier) so that shouldn't be a problem.
Also, I've switched machines since I last submitted to the App Store but I remembered to export everything (I think) from my old machine. I still have the old one here, with all the same data on it, if that's helpful. I don't think I've forgotten anything).
Thanks in advance for any help :)
Update
So I've decided to try uploading with the Application Loader to see if it will give me any new errors, and it has, it spewed this out into the console. Perhaps someone can find something meaningful there.
Also of note, the Portal Guide says Updates must be signed with the original Distribution Provisioning profile as was used to sign the original app. I've tried using that old one, but Xcode won't let me select it, as there's "No matching key pair" or whatever. Is there a way to remedy this? According to Keychain I've got my Distribution Cert and its private key, it all looks valid. I've made sure to try Repairing the Keychain in case, but no change.
This is always the fun part, isn't it?
Assuming you've double and triple checked the usual stuff (using the right cert, compiling for device, have a proper icon file, app ID, etc.)
One obscure reason I've run into was roughly the same as the one outlined here:
http://discussions.apple.com/message.jspa?messageID=9167082#9167082
To sum up, my project.pbxproj file somehow ended up with two different entries for PROVISIONING_PROFILE (even though the XCode interface only showed one). My file looked a bit different from the one posted in that discussion, but removing the extra entry fixed the problem for me.
It's simple! Just let Finder zip it.