In the Keychain Services Programming Guide it states the following:
"On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application."
Which I have no problem with but I would like to test that if I provide an update to my app in the AppStore that it will still be able to access the old values stored in the keychain. I have tried to test by updating the app with a version signed with an ad-hoc distribution profile that contained the same bundle id and product name as the original but it could not access the old value in the keychain.
Is the only option to submit the update to the AppStore and hope that it will work?
This is a good question.
One of the main reason why you might want to store some data in the keychain is to prevent malicious users from accessing it. This is quite a dry sentence on its own so I recommend reading about how someone might access that data.
Another way to access keychain data would be to create a malicious app with the same app ID as the target app. Apple have secured this route by requiring the provisioning profile to be the same.
So, to answer your question, you can only test the keychain data in update from the same provisioning profile, i.e.
Ad hoc to Ad hoc
App store to app store.
App store to app store is not really an option since it will be too late by then (your update will be on the market). So instead you need to delete your app store app and install an ad hoc version. Then recreate your data on the keychain, then update to the latest ad hoc version and test that it worked.
Of course this requires you to have an archived ad hoc version of the app thats currently on the app store. If you don't have this, then its not possible to test an update.
Unless I am mistaken, to update an app in the app store you need to use the same provisioning profile. Therefore, since you will be using the same profile, you should have access to the same keychain items.
It's actually not the provisioning file that matters, but the app ID. Specifically the Bundle Seed ID that you set when creating an App ID. Keychain access is governed by it. So as long as your profile uses an app ID with the same Bundle Seed ID you can continue to access the info in the keychain. I have a few apps that do this.
This allows you to to create a suite of apps that can all access the same keychain items as long as you set them to use the same Bundle Seed ID. So if you do a light and a pro version, they can both access the same keychain info while maintaining separate bundle identifies for things like user defaults.
SFHFKeychainUtils may be your good choice.
It's a wrapper to access keychain.
More about: SFHFKeychainUtils :http://www.ioslib.com/archives/sfhfkeychainutils/
Related
I have an application already in the store that use Keychain to store passwords.
I want to publish an update of the application, the problem is that I don't have the original certificate anymore (it was expired and I created another).
Reading Apple's documentation it says:
Note: On iPhone, Keychain rights depend on the provisioning profile
used to sign your application. Be sure to consistently use the same
provisioning profile across different versions of your application.
If I edit my provisioning profile with a different certificate, will my users lose their passwords when I will upgrade the application?
Thanks
if you can upload the app into the store (so update the old one), the users will not recognize anything of this ;)
What's saved in their keychain will be bound to the Bundle an stays at least until the application is deleted.
You can revoke and re-create your cert, and assign it to your provisioning profile without any further consequences.
After update our iphone app can not access the keychain.
The distribution certificate has been updated, can this affect the keychain access?
Keychain access depends on the App Id (more precisely on the Bundle Seed Id part of the App Id): the first part of 9876543210.com.mycompany.myapp. Probably you created the new distribution certificate on a different App Id by mistake or your team provisioning profile is not the same (9876543210.*)
For submitting an iPhone app to the App Store, we need to create Certificates, App ID and Provisioning Profile.
I often get confused whith these things (even after reading the Apple documentation on http://developer.apple.com/library/ios/#documentation/ToolsLanguages/Conceptual/DevPortalGuide/Introduction/Introduction.html#//apple_ref/doc/uid/TP40011159-CH1-SW1)
So could someone please explain me these things in simple terms.
Can the same certificate be used for multiple apps (and both for dev/distribution) ?
Also I guess App Id is unique for each app. But can the same App ID be used for both dev/distribution ?
For Provisioning Profile, I think we need to create 1 each for Dev/distribution. Correct?
Please explain in simple terms. Thank you.
1. Can the same certificate be used for multiple apps (and both for dev/distribution) ?
No, distribution certificates can't be used for development, especially the App Store profile which can only be used to submit an app.
2. Also I guess App Id is unique for each app. But can the same App ID be used for both dev/distribution ?
Yes you can use the same app id for the development, ad-hoc and AppStore.
3. For Provisioning Profile, I think we need to create 1 each for Dev/distribution. Correct?
No, you can create a wildecard development profile * as the app bundle id. You can even create a wildcard AppStore profile. Only apps signed with this profile will not be able to use pushnotifications or InApp purchases.
You need one certificate for Development and one certificate for Distribution (new ones for every year of enrollment). These 2 certificates can be used for any number of iOS apps.
A bundle ID is what identifies an app (not its name), so you should use the same ID for all versions and builds, including development, ad hoc, distribution, and updates of that same app.
I want to update an existing App in the App Store, but the profile I used expired (I'm not sure, if it has something to do with the corresponding certificate which also expired..). Since Apple tells me in the How-Tos:
Use the same Distribution Provisioning
Profile to build each new version of
your application
I don't know, what to do. Can anyone help?
The important part is keep the same bundle id.
If your provisioning profile has expired or you has to generate another certificate, it doesn't matter.
Get anew version of you provisioning profile, build your app and it should be fine.
If the profile is expired, simple renew it or generate a new one. I did it yesterday, my dist profile was expired and I simply deleted it and generated a new one.
Once a new one certificate is generated, download it, delete the old one from your keychain and add the new one.
After that, try to build your app. (Sometimes restarting Xcode is required)
Every profile and every certificate will expire. As long as the developer account is still the same, simply creating a new distribution cert should do the trick.
You need to keep exactly two things the same: the enrolled iOS Developer account you use, and the Target Identifier Property in Xcode (becomes the Bundle Identifier in the app). Do that, and the result will be an update to the same app in the App store.
Everything else you can renew, recreate in the portal, install on a new Mac, etc., including App IDs (wildcard on not) created in the portal, Developer or Distribution certificates, and provisioning profiles in the portal, installed in Xcode or on the iDevice. You can also change the Bundle display name (under the icon), the Product name, the Target name in Xcode, and maybe even the name of the app as it appears in the App store (if it's not misleadingly different).
Renew your certificate and provisioning profile at the iOS Developer Portal.
I've got my app approved a while ago and used the * provisioning profile so I created somehting like:
com.mydomain.MyApp
but now I have the necessity of adding push notifications and I can't due I am using the * provisioning profile and it needs to have its own app ID and profile.
How should I proceed in order to achieve an app update without breaking anything
The bundle identifier for an app must always remain the same between updates, but the AppID can actually be different. So all you need to do is create a new AppID that used the same bundle identifier as the original app instead of a wild card.
Apps that use a wildcard still need a normal bundle identifier. The wildcard AppID lets you use any bundle identifier you like, but it still needs one.
There used to be an Apple article about this:
but it is no longer available online However, an archive is available.
You can't change the CFBundleIdentifier of a released app if you want to release updates for it, the App Store will automatically reject it when you upload. So...
I needed to enable iAds on an app previously developed with a wildcard App ID. Here's what I did:
I have a wildcard App ID of <AlphaNumeric>.* which my app currently uses, and my app has a CFBundleIdentifier of com.companyname.mygame.
Created a new App ID of <AlphaNumeric>.com.companyname.mygame.
Created new development and distribution provisioning profiles that include the new App ID.
Download the new provisioning profiles to Xcode and my devices.
I was then able to compile the App with the new non-wildcard distribution profile, which meant on upload I could enable iAds (or Push for you). The CFBundleIdentifier didn't change so the new compilation appears as an update to the existing app.
I can confirm this process worked without issue.
Under Frequently Asked Questions in the document entitled "Technical Note TN2259," which is "Adding In-App Purchase to your iOS and Mac Applications," there's this bit
Question: My iOS application is currently signed with a Provisioning Profile
that uses a wildcard App ID. How do I enable my App ID to support
In-App Purchase?
Answer: Read the Creating and Configuring App IDs section of
the iOS Team Administration Guide to learn how you can enable your App
ID to support In-App Purchase.
The link points here, and there's a section called, "Updating Your App to Include APNS, iCloud, In-App Purchase, or Game Center Requires an Explicit App ID"
That said, I don't know (yet) at what point the app takes on the new App ID. Is it when you upload for review, before that, or when it has been approved? I am working on this problem now, so I might be able to add to this answer soon.
Edit: The explicit app id only affects the piece of software you are testing and has, essentially, nothing to do with iTunes Connect whatsoever. This means that if you are testing in-app purchases, the piece of software that's running (your app) has to have a provision profile based on a cert that is app specific. What happens in iTunes Connect is totally irrelevant.