Source code security - working with companies iOS - iphone

I am currently working for a company on a rather big scale e-commerce project for iOS. Of course, they want to publish their project under their iTunes account. My concern is, all I want to do is to develop the project and upload the project in their behalf, from their account and keep my code to myself, just in case they want to do a similar project.
Will my ipa or code be safe? Any way they can reach the ipa or code only from the itunesconnect account ? Any thoughts and knowledge will be great from experienced developers.

Your client must use Application Loader
They have to give you an App Store provisionning profile
Archive your app with "com.compagny.appname" with the provisionning profile
Organizer should open after the process. Select your archive and click on Distribute button.
Select Save for Enterprise or AdHoc Deployment
Select the App Store provisionning profile
Save your ipa on your disk (e.g Documents dir)
Open terminal and go to Documents and execute : sudo chmod 755 yourApp.ipa
Send your ipa to your client and that's all !
With this method your client won't get your code

I would recommend having them add your developer account as a developer for them and having you upload it for them. This will reduce any possibility of any issues when you send them the IPA and they upload the file.
Once your IPA is created, they cannot retrieve the source code. They only thing they could do is get the images and the binary file. They could however reverse engineer the binary from assembly but that is VERY unlikely.

Note that is this is an ecommerce application (handles credit cards) and in the US, PCI legal requirements would likely not allow them to have you upload anything, nor for that matter not have the source code. Their legal team should know this.

Related

How can I deliver iOS app to tester that hasn't got a mac

I'm developing an iOS application (I have macbook) and I have an apple developer's account.
How can I deliver iPhone app to tester that hasn't got a mac?
Tester's phone is not jailbroken (I can't build deb)
I recommend using the Test Flight service. It allows you to upload builds of your application and distribute then to testers via their website.
They have a great help section to get you started.
EDIT: Oh, and it's free for the basic service.
I hope that helps. Good luck.
They can run itunes on a windows machine too. But if they don't have a computer at all there is another option. You can distribute it via a link.
Its really easy. Prepare to do an adhoc distribution as usual and then click the "Enterprise Distribution" tick box.
Then add the URL to where the final .ipa will be. I usualyl fill in the app name on the second line as well but never fill the rest in.
e.g
http://www.yourdomain.com/YourApp/YourApp.ipa
Then upload the created .plist and .ipa to the relevant URL so that the 2 files are available as:
http://www.yourdomain.com/YourApp/YourApp.ipa
http://www.yourdomain.com/YourApp/YourApp.plist
Now finally create a simple HTML page and upload it to your site.
<http>
<body>
<c><font size="20">Click here to install YourApp</font></c>
</body>
</http>
Now send them a link to the above HTML page and they are good to install.
Be warned: You must have the tester's UDID in the adhoc distribution profile certificate or this will not work.
Follow these steps:
Include the users' udids into your adhoc distribution profile
certificate (same step as in Goz's answer).
In Xcode, use the Archive function and sign the code with the adhoc profile
certificate.
In Organizer, create the .ipa file for distribution.
Send the .ipa file to your users (i.e. via email).
Ask them to drag and drop the .ipa file into Applications section of iTunes for Windows and synchronize their devices.
You must have Mac OS and Mac machine to develop them. You will need XCode installed on Mac OSX to code, run and test your application.
If you do not want to buy Mac you can install Mac OSX on PC referring this link thats called Hackintosh. This works fine on PC if you follow steps properly:
http://tonymacx86.blogspot.in/2011/07/xmove-multibeast-install-os-x-107-lion.html
If that's not a possible, you may consider inviting the person over physically or to do it virtually via ex. Teamviewer or any other remote desktop protocol.
The most convenient and time saving approach that I have used so far is Test Flight. The integration is seamlessly easy. You can share files with testers and it does not require you to have a system.
The main steps are
1)Download and integrate Testflight SDK after creating a valid account (Login required).
2) Integrate the SDK with iPhone application (Though it isn't mandatory if you only wish to distribute the application and not track its usage and reporting purpose).
3) Create you team and upload build on Portal.
4) Subsequently allow testers to have access to the permitted devices mentioned in provisioning profile.
You can manage Multiple teams and applications at a single place. Hope it helps.

Installing an Ad Hoc app for testing without synchronizing iTunes

I have an iPhone app that I'm distributing to testers. I followed these instructions:
https://developer.apple.com/library/ios/#documentation/ToolsLanguages/Conceptual/YourFirstAppStoreSubmission/TestYourApponManyDevicesandiOSVersions/TestYourApponManyDevicesandiOSVersions.html
And they work except for one of my testers, who does not use iTunes to synchronize his apps. He has many apps already on his phone and doesn't want to synch to iTunes because it sounds like it will delete them. So...Is there any other way to get a testing app onto an iPhone besides synchronizing with iTunes?
Simply distribute it using OTA ("Over The Air" distribution).
When you Archive your application using Xcode (menu Product -> Archive, I hope that's what you do already to keep debugging symbols so that you can symbolicate crash logs when testers send some back to you!), once you click on "Distribute", select the "OTA Distribution" option and follow the steps.
Don't forget to check the "Distribute for Enterprise" checkbox in the appropriate step and fill the requested informations (Product Name, URL of the IPA when you will upload it on your server, etc).
Once your .ipa and the associated .plist is created, upload them both on a web server, and make a link to "itms-services://?action=download-manifest&url=<the_url_to_your_plist_file_here>".
When the users will open this link from their iPhone, it will prompt to install the application on their device directly, without the need to plug their device to any computer.
There are many tutorials on the net about this, simply google about iPhone OTA distribution.
I strongly recommend TestFlight. It's free and it's easy and they manage all that server side work.
Since your user is afraid of the iTunes Sync Process (for good reason), why not recommending him to use the iPhone Configuration Ultility.
That tool does not do a complete sync but only transmits the app you specified to.
It is free, easy to use and very reliable. Well, sometimes it has its hickups on Windoze systems but that seems to be a normal experience for users of that OS.

Copying data from a free iOS version to a full version of my app?

How could a full version of my iOS app access / copy the database / settings from the free version ?
I'm thinking of providing a free version of my app and I can't see how people then buying the full version could get access to the data from my free version ?
All apps are isolated on iOS. They are installed as different iOS system users. One user do not have permission to access another user's files. In the old times, one common approach to address this problem is to enable iTunes file sharing. And tell users to manually copy the files.
Your better bet is to use the freemium model to sell your app. Make the app free, and unlock extra features via in-app-purchase. This way, your files, documents, settings won't need transferring to the pro version. The app itself becomes pro after unlocking.
Here is the guide from Apple: https://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/StoreKitGuide/Introduction/Introduction.html (though not very intuitive).
The walkthrough here: http://troybrant.net/blog/2010/01/in-app-purchases-a-full-walkthrough/ is very helpful.
Last but not least, be aware that in-app-purchase is crackable. So please read: How to detect "IAP crackers"? , Verifying In App Purchase Receipt from Client , and https://stackoverflow.com/questions/4715414/apple-in-app-purchase-verify-receipt , verify in app purchase , In App Purchase Receipt verification within app .
Note that you are supposed to setup a server to validate iap receipts. Though it's doable from within the app, it's not safe. As far as I can remember, you can test in-app-purchase through StoreKit in iOS simulator v5.0, that should be Xcode 4.2. Before that, it can only be tested on a device.
#Dominik Hadl mentioned you can use a server to sync the file. The operation is usually complicated. If you prefer this idea, you can choose to use custom url scheme to launch one app from another to ease the operation. See steps below:
User press "Begin sync" in the free app to upload the file to your server
Server return the ID of the file to the free app
User press "Launch Pro App and Download my file", which leads to a custom url scheme to launch your Pro version (must be installed first), with the file ID
Pro version use the file ID to download that file directly
I think the only way how you can do this is syncing the data with some server, registering the device and the syncing the data back to the full version.
Because all iOS apps are sandboxed, they can't access any other application data (unless you have jailbroken iOS).
Since multiple apps can share the same iCloud container, I'd say that the best practice nowadays is to "simply" store the data in iCloud.
(I'm putting "simply" under quotes, because it is easy to put data in iCloud and take it out; but if you actually want to do syncing, you may need to do more than just "I'll load from iCloud and save to iCloud" in order to provide the best experience to the user.)

Legality of transferring IPA files between people

We are currently developing an app for a client in the US, we are based in the UK. We need to "proof" the app as we make changes with our client i.e. get them to check the updates before we go any further.
The issue we're having is that transferring an IPA file to our client has been advised by their legal team as illegal. Is there any other way (simply) to allow our client to view this app regularly as we update it?
Cheers
IANAL, however, their legal team is wrong. When I click Build and Archive, and then Share by Email, the generated email file contains an ipa. This is an Apple-sanctioned method of doing ad-hoc sharing of iPhone apps.
What is probably confusing them is that if you're pirating apps, you use ipa files as well. However, saying that sharing ipa files is illegal is like saying sharing .exe files is illegal. Sometimes, yes. In this case: no, so long as the devices that are running it have been properly provisioned.

iPhone: Application submission in AppStore

I want to submit my application in AppStore. After i have gone through the docs there, i see i should go to iTunes Connect and fill the form to submit my application in AppStore. If someone already did it, can you guys please share your suggestion?
I did build 'Distribution' in my Xcode project and compressed my app ready, i want to upload it in AppStore as i have already a developer account.
** I also want to know, should my build be created using 'Distribution' configuration and built with Distribution provisional file? I have three provisional file created such as Main provisioning profile in 'Provisioning->Development' tab in Portal and Ad-hoc, AppStore provisional profiles in 'Distribution' tab in Portal. Which one i should use in Xcode and build my application to upload that in AppStore? Can i use any one of the three?
**Can i go to iTunes Connect and fill the form to upload my app? During filling the form it asks for 'Does your product contain encryption?' Why is that and what does it mean? After further filling up the details, will it ask me to upload my Zipped application(myApp.app file) there? How would be the process further, just give me some brief idea please?
Clave/
I also want to know, should my build
be created using 'Distribution'
configuration and built with
Distribution provisional file?
Yes. Your build must be signed with distribution profile. And do not forget about Entitlements.plist file
Can i go to iTunes Connect and fill the form to upload my app?
Yes :)
After further filling up the details, will it ask me to upload my Zipped application(myApp.app file) there?
Yes, there will be a screen where you should upload your zipped binary (as well as 512x512 Application icon and screenshots)
How would be the process further, just give me some brief idea please?
You'll need to fill some forms - application description, category, pricing, stores where distribute your app, some questions to rate your app (in case it contain "objectionable" contents) etc
Anyway (IMO) everything is user friendly and clear there.
In order to upload your app to the app store you must build with a distribution profile, thats pretty much all you need...If you dont know what using encryption means then odds are you are not using encryption so check no for that...after that its pretty straight forward you fill out the info form and submit it for review. If at any step you do something (such as use a wrong provisioning profile) itunes connect will tell you and wont let you proceed, so if you succesfully finish submitting the app then you are good to go...there is also an itunes connect guide you can use here https://itunesconnect.apple.com/docs/iTunesConnect_DeveloperGuide.pdf
Go here:
http://developer.apple.com/iphone/
On the right of the page, there is a section called "App Store Resource Center", and inside of that there are some great resources like Preparing your App for Submission, etc.
Also, under the Distribution section of the Program Portal, there are some answers to questions like how to build and zip your app for submission, and properly configuring Xcode for the build.
Encryption:
The reason it's asking you for this information is because there are laws around exporting certain types of encryption. You would know if you are using this in your application. If you said yes, there would be some follow up questions and it might lock your application to the US App Store only if your encryption was too high to export. For more information on encryption, your friendly neighborhood search engine can do the rest :)