I would like to verify the identity of each instance of the iPhone application that a user might use to connect to my service. To that end, I would like each instance of the iPhone app downloaded to include a certificate that I generate, or even some sort of UUID that I have generated. Does the App Store support the inclusion of unique files in an app bundle?
Or, must such identifiers be downloaded only after the app is installed? If that is the case, is there a mechanism to ensure that the app downloaded is trusted (from me), instead of from an impersonator?
I don't think it's possible to have unique packages per download. Why don't you use the UUID of the device for such checks?
Related
I have create three developer profile (like A,B,C) with wildcard APP ID.
First, I have install application A using profile A in device.
Now, I have install application B using profile B in device, then this B application is overwrite on application A. means now application A is not available in device only B application is available.
Same issue generate when we use C profile.
So, only one application is install in device at a time that's my problem.
so. pls tell me how to install more than one application in device without generated different APP ID(means using wildcard APP ID).
It seems that all of your apps are using the same bundle identifier (specified in the app's info.plist file)..
The idea is:
each app has got its own unique identifier;
a (*) wildcard profile will just work with any identifier.
A bundle identifier has the generic form:
domain.name.appName
e.g.
com.apple.iphoto
I would suggest checking how those values are defined in your apps.
I have many iOS applications live on AppStore. Now for next version of apps, I want to keep a piece of data for every application to share in KeyChain. As far as I know I need to provide same Keychain access group in Apple's KeychainItemWrapper class.
*keychain = [[KeychainItemWrapper alloc] initWithIdentifier:#"Any string" accessGroup:<string representing access group>];
I know about custom URLs and it is of no use as I want data to be persistent.
All my applications have different bundle seed ID as I can see from provisioning portal. I know that the main pre-requisite for shared keychain access is that all of the applications have a common bundle seed ID.
Now my question is how do I make sure that in this senario I can use Keychain to share data among all these applications ?
Is it possible to change the bundle seed ID of all applications through Provisioning profile portal without doing any harm to any functionality ( Although I want to avoid that as there are so many apps).
Is there a way I can add bundle seed ID of all apps in a file and build all apps with that file in project to achieve this ? I know about "keychain-access-groups", do i need to create a plist file and add bundle seed ID of all application in it ?
Appreciate any help in this regard.
If you have different bundle seed IDs (the ten alphanumeric characters preceding the bundle identifier, the Xs in XXXXXXXXXX.com.company.application), you can't share an access group. It's a restriction on Apple's part and circumventing it is not allowed. I suggest you find another solution of safely sharing data (possibly outside of the device, on a server, but not iCloud as it has the same restrictions).
General information about keychain access groups:
Since iPhone OS 3.0 it has been possible to share data between a family of applications. This can provide a better user experience if you follow the common path of free/premium applications or if you have a set of related applications that need to share some common account settings.
The main pre-requisite for shared keychain access is that all of the applications have a common bundle seed ID. To be clear what this means remember that an App ID consists of two parts:
<Bundle Seed ID> . <Bundle Identifier>
The bundle seed ID is a unique (within the App Store) ten character string that is generated by Apple when you first create an App ID. The bundle identifier is generally set to be a reverse domain name string identifying your app (e.g. com.yourcompany.appName) and is what you specify in the application Info.plist file in Xcode.
So when you want to create an app that can share keychain access with an existing app you need to make sure that you use the bundle seed ID of the existing app. You do this when you create the new App ID in the iPhone Provisioning Portal. Instead of generating a new value you select the existing value from the list of all your previous bundle seed IDs.
One caveat, whilst you can create a provisioning profile with a wildcard for the bundle identifier I have never been able to get shared keychain access working between apps using it. It works fine with fully specified (no wildcard) identifiers. Since a number of other Apple services such as push notifications and in-app purchase also have this restriction maybe it should not be a surprise but I am yet to find this documented for keychain access.
Once you have your provisioning profiles setup with a common bundle seed ID the rest is pretty easy. The first thing you need to do is register the keychain access group you want to use. The keychain access group can be named pretty much anything you want as long as it starts with the bundle seed ID. So for example if I have two applications as follows:
ABC1234DEF.com.useyourloaf.amazingApp1
ABC1234DEF.com.useyourloaf.amazingApp2
I could define a common keychain access group as follows:
ABC1234DEF.amazingAppFamily
To enable the application to access this group you need to add an entitlements plist file to the project using xCode. Use Add -> New File and select the Entitlements template from the iPhone OS Code Signing section. You can name the file anything you like (e.g. KeychainAccessGroups.plist). In the file add a new array item named keychain-access-groups and create an item in the array with the value of our chosen keychain access group:
Note: Do not change the get-task-allow item that is created by default in the entitlements file unless you are creating an Ad-Hoc distribution of your app (in which case you should uncheck this option).
This same process should be repeated for all apps that share the bundle seed ID to enable them to access the keychain group. To actually store and retrieve values from this group requires adding an additional value to the dictionary passed as an argument to the keychain services. Using the example from the previous post on simple iPhone keychain access the search dictionary gets the following additional item:
[searchDictionary setObject: #"ABC1234DEF.amazingAppFamily" forKey: (id)kSecAttrAccessGroup];
One final comment, using a shared keychain access group does not stop you from storing values in an applications private keychain as well. The Apple GenericKeychain example application builds two applications which both store data in a private and group keychain.
Source: Use Your Loaf
Now you can use UIPasteboard
//First app, install->run->close->delete
UIPasteboard* board = [UIPasteboard pasteboardWithName:#"com.company.wtv" create:YES];
board.persistent=YES;// persistent to make what you write persist after your app closes, or gets deleted.
[board setValue:#"ccccc" forPasteboardType:#"com.company.wtv.sharedValue"];
//Second app, installed after first one is deleted and ran this one... While bundle identifier and bundle seed different (i tried it on adhoc, not really releasing the app, but i htink the same)
NSData* result=nil;
NSString*resultStr=nil;
result =[board valueForPasteboardType:#"com.company.wtv.sharedValue"];
resultStr=[[NSString alloc] initWithData:result encoding:NSUTF8StringEncoding];// I got resultStr containing ccccc
check UIPasteboard documentation for further info.
I'll be coming back after using this for my store apps, in case of troubles
You can't change your app's bundle ID after it has been put into the AppStore. You also can't make an app read the info from the keychain that was put there by another app (with a different bundle ID). The solution: you'll need an entitlement with which you can access practically all the data.
On my jailbroken iOS device I can see that all App Store apps are located in individual directories in /private/var/mobile/Applications/ named with a long identifier (eg 2075E7C0-D2EF-5A4F-B356-3EECDC9F7B38). Does this serve a purpose, other than preventing conflicts between apps with the same names? Why don't Cydia apps stored in /private/var/stash/Applications/ have such an ID in their paths?
The identifier is generated randomly on install and it is one of the sandbox requirements.
iOS Provisioning files make reference to the Apple application ID (of the form "A1A2A3A4A5"). Most often, the DNS form of the application is replaced with a star (*).
My understanding is that the provisioning profile is stored in the iOS development device and is not used by Xcode. Thus, when building/signing the application, how can Xcode include the app ID into the executable file ? The only information Xcode has is the "Bundle Identifier", which is of the form "com.mycompany.myapp" - but there is no App ID, thus there is no way to add the app ID at this stage.
Does anyone know how this works. I feel that many people use those tools (as I do) without really knowing how it's made inside.
Many Regards,
Apple92
An iPhone application is not just an executable, it's a bundle (like a directory) that contains the executable, but also resources (like nibs or images) and in particular contains a small plist manifest file with details about your application - including the application ID. The provisioning profile is also included in this application bundle.
A device also maintains a list of provisioning profiles it has installed, but the profiles can be in the application as well and are checked against the application plist file to make sure everything matches.
For anyone who may stumble upon this question, I give a lot of detailed context in my answer to this related question.
https://stackoverflow.com/a/20557213/117471
Basically it boils down to this:
A Bundle ID is a string that is defined in Xcode
An App ID is an object that lives in Developer Member Center. It is often confused with Bundle ID because the App ID Suffix parameter of the object (I'm trying to drive home the fact that App ID is not a string. Is it working?) matches the Bundle ID of your app.
The App ID does not exist in iTunes Connect, or Xcode. It is only in Developer Member Center.
I've developed a generic iPhone app, intended for customization via a myapp.cfg file. I've successfully deployed the app to my adhoc testers via iTunes. My question is, how do I update their myapp.cfg file via iTunes. In other words, if they edit the .cfg file on their Windows PC or Macbook, how do they get it into the apps bundle in the iPhone?
You'll need to provide your own mechanism to download the config file into the application's Documents area; as app bundles are effectively sealed by the code signing process there's no way to modify the bundle post facto. As you have no interface to iTunes you need to provide your own mechanism - you might choose to do something like OmniFocus which uses Bonjour to discover the computer from which it retrieves its sync settings.
Looking at it another way; why use a config file at all? Other iPhone applications use a settings bundle and the standard application preferences as recommended by Apple, why do something different? There's always a chance that you'll confuse the user.