The app I am currently working on requires the use of Configuration Profiles in order to connect to a server to download XML. The certificates are distributed in the form of .p12 files, and they can be installed in the settings app in the iPhone like the bottom-left image.
The problem is that all over the internet people are saying that this is impossible.
HOWEVER, Junos Pulse can do this(bottom-right image).
It is only reading the Configuration Profiles which is exactly what I need.
I did not have to install them into the Junos Pulse app. Adding them to the system, and launching the app is enough for my profiles to be recognized.
Thanks for your help :)
The reason the Junos app is able to do this has been explained in a post in the Apple Developer Forums.
Original Question: https://devforums.apple.com/message/660579#660579
Explanation about Junos app: https://devforums.apple.com/message/351326#351326
To sum it up, access to this is not provided in the SDK and is by invitation from Apple only.
You won't. Your application is sandboxed, read the iOS App Programming Guide. Developer profiles are not public information for applications to access.
I am not sure what you are trying to accomplish, but the iOS Keychain services allows you to store and retrieve certificates and keys in a (supposedly) secure way. I have not used the API for other than storing passwords, so I cannot say how it works with certificates, but according to the docs it might work for you.
In particular, have a look at the SecItemCopyMatching function.
Related
I have a profile on my iPhone that is no longer available elsewhere. However, I would like to install this profile on my iPad. Is there any way to export these certificates? I tried grabbing the TrustCore.sqlite3 file form my iPhone and putting it on my iPad, replacing the one that was there previously, but that did not work after rebooting my iPad. I also tried using the iPhone Configuration Utility but it doesn't allow me to export individual certificates. Does anyone have any idea how I would go about doing this?
AFAIK, you can't exact configuration profile from a device. I have also tried with jailbroken phone, but could not find quick solution. I think its security provided by Apple. Otherwise, anyone can retrive installed configuration profile and modify it and re-install it.
Answer given by #obuseme is for provisioning profile. You can get them as mentioned by him. Configuration profiles are different than provisioning profile.
Yes you can.
This can be done for companies that need to extract configuration profiles so that they can deploy it to other devices within the network.
In most cases you would deploy using a tool like jamf.
To gather the configuration profile you can use AppleConfigurator2 or iMazing.
Personally I would use iMazing as AppleConfigurator2 is now old and would suggest using something that might be a little easer for the end user to extract the configuration profile.
I hove done a demo screenshot for you so that you can see it working for my Tennent that I will be deploying the profile out to all users in my workplace.
https://imazing.com/guides/how-to-manage-configuration-profiles
Is there any way to distribute an unsigned app through emails or internet?
I.e. itms-services://?action=download-manifest&url=URL_TO_PLIST.
Moreover, it is a security issue if it is possible to install unsigned app on a jailbroken device?
Thank you.
I can't quite understand what you're trying to do here - if you're trying to install an app that is not on the App Store and also unsigned with the itms-services-protocol, you are out of luck, as that is strictly for iTunes and App Store-links.
The only way to distribute an app that is not on the App Store, is with the ipa-file, but that has to be signed as well (at least for unjailbroken devices).
You can do it in cydia with link like cydia://package/[package name]
However security is really a question here. Not sure if there any code review for the accepted packages.
Sorry if this is an extremely late response, but the question isn't closed yet, so I'm assuming you still need an answer. It is a security concern, but with a jailbreak, users are technically "opening" their device to such security threats, so I don't think that's much of a concern. If they jailbreak, they probably know what they're doing.
To answer the first part of your question, you can use ldid to pseudo-sign the app and then create an itms-services:// link that users tap to install. The only caveat to this option is that the iOS Device will contact oscp.apple.com & ax.init.itunes.apple.com to verify the app's signature. If you want to bypass this, you'll have to change the DNS settings of the iOS device using a mobile configuration file. Do this using Apple's iPhone Configuration Utility, which will generate a .mobileconfig with your specified settings. You won't have to generate a specific file for each device, so you can make one and you're done.
Anyways, back to the topic, jailbreaking doesn't remove the need for codesigning, it only removes the need for an app to be signed with Apple's certificate(s). itms-services:// is a bypass (for developers) of the same "need". Since Apple obviously doesn't want people who aren't developers just signing apps that aren't approved by Apple and installing them, they've implemented certificate checks. The signing-certificate is cross-checked with Apple's two servers. One of the servers (I don't know which) checks for "iPhone Developer:" in the name of the certificate. The other checks that it was signed by Apple's WWDRCA Certificate. If the iOS Device gets a response from either of the servers signifying that the app is "bad". If the iOS Device doesn't get a response, it will still install the app.
The way to go with this in order to bypass would be to clone a DNS server, and create a specific entry that will change the IP of these two servers to something (anything) else. That way, the Device will not get a response, and will install the application.
modify the file SDKSettings.plist : make code sign required value is NO
when build, selected project (not target) -- build setting -- code signning identity: Dont code sign
build, get the .ipa file can run on the jailbreak device
I'm talking with a client who is abroad and I'm wondering whether I will be able to send him versions of the iPad app for testing before it's on iTunes.
Is there a solution (e.g. Ad-Hoc?) I could rely that doesn't require jailbreak or anything?
If so, could you please provide me with a link to a guide?
Thank you !
Yes Ad-hoc is what you need, basically you will need to associate your client device identifier (UDID) to a certificate that you will use to sign application.
This is a standard procedure (no jailbreak required) that is fully documented on Apple provisioning portal in User Program Guide (you have to apply ($99) for the developer program and be logged to access this... and it is limited to 100 devices)
Another good thing is to use an "Ad-Hoc" updater such as HockeyKit to ease your client updates and installation procedure...
Yes, indeed, there is an ad-hoc distribution method:
here is its mention on the Apple Developer website. As far as details, I think you have to be in the developer program in order to get direct documentation for that, and sadly I allowed my developer account to lapse. A few key points can be found here
Essentially, you can distribute to up to 100 other iOS users who have your group's apple developer credentials installed on their phone, and the app will remain live for 90 days
Essentially, it's the same headache on the remote side with certs, keys, etc... that you have to do with XCode when developing on the device, but you can put the app on a website somewhere where the remote party can install it on their phone.
EDIT: I found this guide that is presented on a forum if you want to look through the steps.
i have enterprise developer account.
Now i m having 2 queries
1. I m getting code sign error while i use this profile and requested certificate.
2. How to distribute app with this account - enterprise account
Reply asap
Thanks
There are two ways to distribute your app. One is to deliver the files (users will need both the app and a provision profile) to your users' computers by whatever means you like (e-mail, web server, thumb drive, etc.) and have your users install the app by dragging those files into their iTunes library. The other way is to host your app on a web server and distribute it directly to users' devices. Apple's instructions for both methods are here.
It's hard to say what's causing your code signing error. What's helped me in the past is to read the error carefully for clues, and sometimes Google the exact error message. Make sure you've got your Entitlements file set correctly -- requirements for this seem to have changed at some point.
An alternative way of deploying apps wirelessly which requires almost zero setup on your end (in case you don't want to spend the time needed for that) is to use something like TestFlight.
I have a small doubt, so apologies first.
I am creating an iPhone application using my Macbook. I want to upload it into AppStore after some days by creating a developer certificate and use provisioning profile. My friend wants to create his own iPhone application and wants to upload to AppStore for him personally, but he wants to use my same Macbook, but he may create his own dev certificate etc. I hope this is possible. Can we both use a same Macbook to develop different business(myself and my friend's) applications? I'm just curious to ask this doubt.
One more question,
Can we submit an iPhone application into AppStore without having own website page? Is it mandatory to have my own web site page for uploading an application into AppStore?
As long as all of the right pieces are installed, you could definitely share one Mac. You'd need all of the appropriate provisioning profiles installed in XCode, and the private keys / signing certificates used to generate them installed in the Keychain.
Going with separate user accounts might be a good idea, if just so that neither of you gets confused and accidentally builds their app with the other person's profile. But there shouldn't be any technical reason why you couldn't do this with a single user.
You would both need to have different users but apart from that, I can't see a problem.
As far as I know, the certificates and public private keys are per user.
As for the second question, I have no idea, sorry!
For first question:
Sure, it is possible! Its all a matter of creating different Certificate and Provisioning and When you build the project making sure you use the correct certificate to Code Sign!
Second Question:
You don't need a website of your own. I've come across many developers who uses their Blogspot address!
But if you are serious and look serious, get a domain and a simple site :)
Cheers