I'm using IOS Simulator v6.0.
Device is iPhone (all iPhone devices behave the same with regards to my problem)
IOS version is 6.1
I'm attempting to download a p12 via a web app using the built-in safari browser.
When the download completes the user is automatically taken to the settings app (which I understand is necessary to complete installation of the p12) - but there is no option to complete the installation. Ive read that a Passcode Lock is required for enabling certificate imports. However, I can't find out how to enable a passcode lock within the iPhone IOS simulator.
The doc I've read says the option should be within: Settings -> General -> Passcode Lock
Except its not. Is this a simulator specific restriction? Can I overcome it?
Neil,
Yes, as you've pointed out, the iOS Simulator is not a 100% accurate replication of the operating environment found in an actual iOS Device -- certain classes of interactions that are dependent on specialized hardware (cameras, gyroscopes, magnetometers, hardware-based encryption technologies, etc.) are naturally unsupportable in a simulated environment. Other classes of interactions that would seemingly be 'software-only' kinds of interactions are also prohibited on Simulator (Push Notifications, iCloud, etc.) -- these are attributable to a couple of things:
Unlike physical devices, you do not provision the iOS Simulator. Since Provisioning Profiles include entitlements for these Apple services, there is no (current) way for Simulator to understand how to connect to your specific app's slice of these services.
Simulator does not have a unique hardware identifier, so connections from your Simulator would be indistinguishable from connections on any other Developer's Simulator.
And finally there are the class of interactions that don't fit either of the exclusions from above that can only be attributable to design decisions made by Apple. Passcode lock, for example, can simply be enabled by security-conscious iOS device users...or it can be enforced by IT departments by way of Mobile Device Configuration policies (via ActiveSync, MDM servers, etc.) Adding only the generic, non-IT-mandated version of Passcode Lock would cause intra-Simulator feature parity as only the most Generic Passcode lock behaviors would be supported, leaving MDM users out in the cold. To avoid this, Apple would then have to endow Simulator with the knowledge to support .mobileconfiguration profiles, connect and periodically check with MDM servers (thus requiring unique hardware identifiers), and ultimately include the Mail.app in Simulator to allow for Exchange connections to be setup to enforce ActiveSync managed configurations.
As you can see, the relatively simple feature quickly spiders out to a host of other iOS elements that would also need to be simulated. Taking this to the most unlikely, extreme edge case, Simulator would become a full-fledged software-only iPhone where you receive calls and texts, check email, etc. directly from the iPhone shaped interface on OS X...not an experience Apple would like for users to have even though those users are their 3rd-party developers.
Though there are some interactions we can easily deduce the rationale for their omission from the simulator, only Apple really knows why they elected to exclude other interactions from Simulator.
So, back to your questions:
Is this a simulator specific restriction?
Yes, this is currently not supported in iOS Simulator as of Xcode 4.6.2.
Can I overcome it?
To the best of my knowledge, no.
I do, however, think that your lurking question about installing a Certificate in Simulator is something that you can do something about -- In fact, I installed a self-signed certificate authority into my Simulator to do some security testing about 2 months ago based in large part to some of the work presented by the Developers of the Charles web proxy.
If you download their shell scripts you can see how they injected self-signed certificates into the Simulator keystore -- assuming your ultimate goal is to get a certificate installed, you may be able to apply a similar process to your own certificate.
Do make sure to backup the default keystore; It would be really easy to accidentally break the binary data in that file and render your Simulator useless for all SSL connections.
As is likely tacitly understood, this is not a supported operation in iOS Simulator -- tweak Simulator at your own risk.
Good luck, and if all else fails, push your app to device where you can definitely get a certificate installed.
Related
Is there a way to officially bypass the iCloud lock on 8.1.2 (iPhone 5C) devices, outside of Doulci? Something free, and does not require dialing 112? Apparently that's an emergency number.
I need this to continue development on iOS devices.
If not, is there a way or software to forcibly downgrade my iOS version to 7.1.2, or an early hackable iOS 8 firmware without iTunes? I own a Macbook Pro, running Yosemite, if that makes it easier. I have access to a Windows machine too.
This is a legitimate question, and it's not a duplicate from the last one I had made asking for Doulci specifics. Please do not lock this unless the question becomes dead, I don't know how to contact people and ask why the questions are "Deleted". I don't understand why my last question (which was all about Doulci) was locked. I really believe this would be useful for other iOS developers who don't have $500 on hand.
Thanks! :)
If you mean the Activation Lock, then I really count on there being no way around it since IOS 8.
If you load a different os on it (i.e. jail break it) then you may have some joy, for a while, but you will need the password to get IOS 8 back on it.
The best way is to turn off find my iPhone, using the password.
If no password then you can reset the password if you have the security answers required. last resort call apple support.
Only working ways to unlock/bypass iCloud at current moment:
Ask previous owner to remove it from their iCloud account
Get previous owner iCloud account control in not legit ways/phishing
If it Clean mode than find legit Apple Employee who will remove it by GSX account request
If it Lost mode, than there is no other ways than 1 or 2 steps of this list
If device still works but linked to iCloud, use myicloud info trick to restore backup from working device. Full bypass until first firmware restoring
I have develop server that gives access to web browser - iCloud DNS Bypass, it free and works for all iOS versions. So it only bypass working at current moment, but no calls and no mobile Internet.
The only way at the moment is to Erase the SSD nand Completely which the device Has Security measures for keeping you from doing so. Thus the SSD nand would have to be replaced, then restored with IOS version you wish to install.
Is there any way to distribute an unsigned app through emails or internet?
I.e. itms-services://?action=download-manifest&url=URL_TO_PLIST.
Moreover, it is a security issue if it is possible to install unsigned app on a jailbroken device?
Thank you.
I can't quite understand what you're trying to do here - if you're trying to install an app that is not on the App Store and also unsigned with the itms-services-protocol, you are out of luck, as that is strictly for iTunes and App Store-links.
The only way to distribute an app that is not on the App Store, is with the ipa-file, but that has to be signed as well (at least for unjailbroken devices).
You can do it in cydia with link like cydia://package/[package name]
However security is really a question here. Not sure if there any code review for the accepted packages.
Sorry if this is an extremely late response, but the question isn't closed yet, so I'm assuming you still need an answer. It is a security concern, but with a jailbreak, users are technically "opening" their device to such security threats, so I don't think that's much of a concern. If they jailbreak, they probably know what they're doing.
To answer the first part of your question, you can use ldid to pseudo-sign the app and then create an itms-services:// link that users tap to install. The only caveat to this option is that the iOS Device will contact oscp.apple.com & ax.init.itunes.apple.com to verify the app's signature. If you want to bypass this, you'll have to change the DNS settings of the iOS device using a mobile configuration file. Do this using Apple's iPhone Configuration Utility, which will generate a .mobileconfig with your specified settings. You won't have to generate a specific file for each device, so you can make one and you're done.
Anyways, back to the topic, jailbreaking doesn't remove the need for codesigning, it only removes the need for an app to be signed with Apple's certificate(s). itms-services:// is a bypass (for developers) of the same "need". Since Apple obviously doesn't want people who aren't developers just signing apps that aren't approved by Apple and installing them, they've implemented certificate checks. The signing-certificate is cross-checked with Apple's two servers. One of the servers (I don't know which) checks for "iPhone Developer:" in the name of the certificate. The other checks that it was signed by Apple's WWDRCA Certificate. If the iOS Device gets a response from either of the servers signifying that the app is "bad". If the iOS Device doesn't get a response, it will still install the app.
The way to go with this in order to bypass would be to clone a DNS server, and create a specific entry that will change the IP of these two servers to something (anything) else. That way, the Device will not get a response, and will install the application.
modify the file SDKSettings.plist : make code sign required value is NO
when build, selected project (not target) -- build setting -- code signning identity: Dont code sign
build, get the .ipa file can run on the jailbreak device
Is there any way to push apps to an iphone through an iPhone explorer or something else, where you can bundle up the ipa and copy it onto an unlocked device (or non unlocked even)?
How can I push an app to my device without putting it on a cydia repo? Are there instructions on how cydia does this, or would this be out of my depth (considering I dont know the intricacies of the iphone).
This is a customized app I have developed, I just need a way to push it to the device without worrying about the approval process, and I want to keep it on the device past the 3 month provisioning profile period.
After spending much time on internet for this question I present the following.
Summary
iOs doesn't allow sideloading of unsigned apps. The only way to
currently do that is jailbreak.
But there is a work around.. You could beat that using
MacBuildServer
The signing process MacBuildServer uses to cleverly skirt this
limitation is to have you use your own certificate, or to simply use
their certificate from the iOS developer enterprise program to sign
the compiled app (again, for testing purposes).
The iOS Developer Enterprise Program was designed to allow companies
to develop in-house apps for use within their organization, without
publishing them on the App Store.
An example of a business that would be part of this program would be
an event coordinating business that uses these in-house iOS apps to
check people in and perform other tasks.
MacBuildServer's demo gives you a three-click process to build any open-source iOS app you can find on GitHub, and sign it with an
enterprise certificate that allows jailbreak-free sideloading
for your own testing purposes.
Disclaimer
The ideas that are presented here are not my own i found this on internet.visit the reference for more details.
Reference
No. If you're working under the iOS Developer Program the only real way to distribute your app is via the app store. Other than that, you're stuck with ad hoc distribution and the time limit that comes with that. However, if you qualify for the iOS Enterprise Program (i.e. you're a business), you can sign up for that program and then distribute your apps in-house without going through the app store.
Without jailbreaking, your options are: app store, ad hoc (with time
limit), and join the Enterprise program
There is one other option. It's possible to create web-app and then add it as a bookmark.
But the obvious downsides are:
It's html. Even with html5 you're not going to get access to the camera etc...
2: It's open to the public (Although it's easy block access with standard security).
However question was asked long ago, but I think now it is possible with XCode 7.
I would find useful, in some cases, and under the user's permission, to block the device so only the running application can be accessed unless the usrer's password (pattern or whatever is used to unlock the session) is introduced.
I guess the mecanism should be something like: The application asks the os to do this, the OS asks the user for permission and then the application asks the device to block the application on "exit" or standby (or both).
This would be useful for using an iPhone or iPad as a device for public use. One example could be a Library where visitors can see the book list and some previews in the device. In this case, you don't want the user to access any other resource/application in the system.
Does it make sense?
What your asking is there any type of kiosk mode for iOS devices.
The short answer in no. The longer answer is if you're using a Jail broken device you might be able to relaunch the app on exit, but it would take significant R&D.
I hade a client ask about this last week, after some investigation and thinking I told her,
It's best to look for a case that blocks the home button. Or some kind of security bracket. It'll be cheaper and easier.
Also any App you create with this functionality would be rejected form the App store.
If your looking for advice on programming Jail broken devices there is a Stack Exchange proposal you can follow.
Supposedly there's a way to have a "kiosk" mode with a .mobileconfig file. Both of these articles talk about it, basically covering the same territory:
http://joris.kluivers.nl/blog/2012/03/02/kiosk-mode-for-ios/
http://rick-hawkins.blogspot.ca/2012/01/turning-ipad-into-kiosk-device.html
I was looking into this again and found out that iOS already supports the feature. It is called Guided Access, it was incorporated on iOS 6, it does not require jailbreak and can be used for any app installed on the device.
It makes sense, but I don't think you can do that without jailbreaking the phone. In iOS, the home button cannot be overridden by applications. Besides there is cheaper hardware out there for kiosk-style applications.
Can I go around Apple and offer applications to users, or do they force you to go through them? How? Just legally?
Aside from the App Store (and jailbreaking), Apple provides two official routes to install applications on the iPhone.
Enterprise Distribution: designed for internal users of a company
Ad Hoc Distribution: allows your app to be installed on up to 100 iPhones
Source: http://developer.apple.com/iphone/program/distribute.html
For phones that are not jailbroken, distribution rules are enforced by the iPhone's code-signing system. The phone won't run any apps that aren't signed by Apple, and the only way to get an app signed is either to get it into the app store or to use ad-hoc distribution.
Ad-hoc is effective but time consuming for more than a few devices, in that you have to get the unique device ID for each device you want to distribute the app to. You then sign the app for that device and send a copy along with a provision file. Some batching is possible-- you can get up to 100 devices in the same ad-hoc build. But if/when Apple finds out you're doing it, they'll close your iPhone developer account (for violating the rules) and then you won't be able to generate any more provision files.
One developer tried using the ad-hoc approach last year when Apple rejected their app (Podcaster). They claimed to have sold something like 1100-1200 copies before Apple shut them down.
Jailbroken phones don't have this limitation, but it's up to you to determine (a) whether the market is big enough and (b) whether enough of those people will be willing to pay for your app. I don't know the answers-- it could well be "yes" to both-- but don't just assume they're true without investigating enough to make a reasonable prediction.
If you wish to distribute applications to phones with out going through the App Store, you must sign each copy of your application for a specific phone handset. If you need more wide spread distribution, all your client phones must be "jail broken". Once a phone is jail broken, it will accept any application for installation.
You can offer applications through Cydia for jailbroken iPhones / iPods. Cydia uses a system similar to Debian's apt. Basically allows users to add custom "sources" (repositories) and install applications provided by those sources.
Obviously this is not supported or approved by Apple since it circumvents the App store and their App approval process.