Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

security - How to get access to iOS Developer Certificate from code

Is there a way to know with which certificate app was signed?

I want to protect app from resigning with another developer certificate.

Let's say we have client-server application. And server keeps that unique key, associated with Developer Certificate.

So with every request to server we will pass this key, and if app will be reassembled with another developer's certificate, then server will know this.

This is possible? Or may be there another way to protect from resigning?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You can know the certificate and provisioning profile used to sign the app by manually parsing out data in the embedded.mobileprovision file that is included in the app bundle. If you look through the file you'll see information about the certificate and provisioning profile.

Here's an example of how to get embedded profile data from within your app programmatically:

NSString* bundleDirectory = [[NSBundle mainBundle] bundlePath];
NSString* db = [NSString stringWithFormat:@"%@/embedded.mobileprovision", bundleDirectory];
NSData* data = [NSData dataWithContentsOfFile:db];
// parse through the data to get your provisioning profile info. I'd recommend opening up the profile that is inside your .app to see how it is structured.

HOWEVER:

I'm not sure why you'd need to do this since no one can re-sign your app unless they have the right certificate to match the provisioning profile made for your app's bundle ID.

The only way to get that is to have credentials to the apple developer account that owns the bundle ID OR if someone 'got access' to your certificate and provisioning profile.

If the latter occurred I believe you should revoke that provisioning profile from within the apple developer account and create a new one to work around the security breach. This way as long as you have access to the developer account you can always stomp on such a security breach that way, instead of writing code between client and server to check for it.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...