2

Maciej Muszkowski

Self-service for signing iOS apps

, Michał Kwiatek

3

What is an app?• App = .ipa file – exported through Xcode

• Binary• Resources• Provisioning profile

• Defines where this app can be executed• Defines entitlements• Contains digital certificate

• Digital signatures

• During development app is signed in the name of the individual developer

4

Distribution methods• 2 methods of distribution for production:

• AppStore• Enterprise

• Apps distributed for production are always digitally (re)signed in the name of CERN

• Look at:• CAPPS Sept 2013: App Signing Workflow

5

AppStore distribution• Target: app accessible for any AppStore user

• Developer needs to provide:• The app itself (.ipa) signed for AppStore distribution• Very detailed app information for AppStore

• The rest needs to be done by us (IT-OIS)• Examples: CERNmaps, OpenDays• Thanks to the self-service for signing iOS apps,

you can now easily re-sign your app for AppStore distribution

6

Enterprise distribution• Target: app only for users with active CERN

affiliation (in-house apps)

• Distributed by:• USB cable• OTA – Over-the-air (from a webserver)• MDM server (Mobile Device Management)

• Examples: CERNbox, EAM mobile• Signed with enterprise certificate key through

the self-service

7

Self-service (demo)• https

://service-ios-dev-admin-support.web.cern.ch/secure/form.php

• Priviledge to sign by bundle ID prefix and distribution type

• Username, time and .ipa’s are logged• Enterprise distribution: e-mail with OTA link

(only to test!)