Sealing iOS apps

book

Article ID: 181695

calendar_today

Updated On:

Products

Symantec Sealed

Issue/Introduction

 

Resolution

Use this workflow to apply the Symantec Sealed Libraries and test assertion to iOS apps.

For instructions to seal Android apps, see the article Sealing Android apps at www.symantec.com/docs/HOWTO95174 

Before you begin

You’ll need to have a few things set up before you can begin the actual app sealing process for iOS apps:
  • Xcode 5.0 or later
  • Xcode command-line tools (Installation instructions provided below.)
  • Disable ARM-64 processor support in Xcode  (Instructions provided below.)
  • The iOS version of the App Center mobile app (You’ll need it for testing your wrapped iOS app.
  • Instructions to build the app are provided below.)
  • An iOS/Apple Distribution Profile

Note: You can use either the Enterprise or Ad-hoc profile for the App Center app, but must have the Ad-hoc profile to submit your iOS app to Symantec for Symantec Sealed validation. See the Apple iOS Developer documentation for more information about Distribution Profiles.

 

Installing the Xcode command-line tools

The Xcode command tools are required to complete the iOS app sealing workflow, so check and if necessary, install the tools. Go to Xcode Preferences > Download. Under Components, verify that the Command Line Tools are installed. If they aren’t, at the bottom of the pane, click Check and Install

Disabling ARM 64 bit processor support in Xcode

With your project open in Xcode, go to TARGETS > Build Settings > Architectures, and expand Valid Architectures. Double-click the array of architectures and in the popup list, select and remove arm64.

Building the iOS version of the Symantec App Center app

The iOS App Center app lets you test your wrapped iOS app in the App Center environment.

To build the iOS App Center app:

Log into your Symantec Sealed Program Partner Portal and use the following workflow to first download the App Center Builder for iOS application, and then build the iOS App Center App:

  1. On the Admin Console in the left pane, select Downloads and then click Download App Center Builder. Open the .DMG file and drag the App Center Builder application to the Applications folder of your Mac computer.
  2. Open App Center Builder and provide a title for this instance of the App Center App. Optionally provide a subtitle, apply an icon image, and apply shine (gloss effect) to the icon images.
  3. Click Publish and then click Import Enterprise or Ad-Hoc Distribution Profile. Select your Distribution Profile and click Open.
  4. Enter the URL to your Symantec Sealed Program Partner Portal into the Symantec App Center URL field, and then click Generate and upload iOS App Center App. Enter your Symantec Sealed Partner Portal credentials and click Login.

The Symantec App Center App for iOS is generated and automatically uploaded to your Symantec Sealed Program Partner Portal.

iOS app-sealing workflow

This workflow starts in Xcode:

  1. If you haven’t done so already, clean the project and then build the project as an archive to create an .IPA file.
  2. In the Archives organizer, click Distribute.
  3. On the Select the method of distribution panel, choose Save for Enterprise or Ad-Hoc Deployment and click Next.

    Important Note: To have your iOS app validated by Symantec, your app must have an Ad-hoc Distribution Profile applied to it. Ad-hoc Profiles require the UDID of each iOS device that runs the app. Before you submit your app for Symantec Sealed validation, you’ll need to add the UDID’s of Symantec’s test devices to your Distribution Profile. The UDID’s of the Symantec iOS test devices are at: https://www-secure.symantec.com/connect/articles/udids-symantec-sealed-partner-app-testing.
        
  4. On the Choose an identity to sign with: panel, select your code-signing certificate and click Next.
  5. Verify or change the file name and file location, and then click Save.

Xcode saves the signed app.

Upload your iOS app and download the Symantec Sealed Library and Test Assertion

The next set of steps takes place in your Symantec Sealed Program Partner Portal. From the home page:

  1. Click Apps > Add App...
  2. Browse to and select the .IPA file for your app.
  3. In the app list, select your app, and in the right pane, click the download icon to download the Symantec Sealed Program Library. Select a convenient location or create a new directory to store the library. The Symantec Sealed Library downloads to your local computer as: wrapKit.embeddedframework.tar.g
  4. Still in the right pane, repeat Step 3 for the Test Assertion (a.k.a. “Debug Assertion”).  The assertion downloads to your local computer with the filename: entitlement.assertion
    Note: It is helpful to save both files to the same directory.

Apply the Symantec Sealed Program Library and Test Assertion to your iOS app

Unpack the Sealed Library

Open a Terminal window and do the following:

  1. Switch the terminal context to the download location for the Symantec Sealed Libraries and Test Assertion.
  2. Unpack the wrapKit tar.gz file with the command: tar xfz wrapKit.embeddedframework.tar.gz

Add the Test Assertion to your project in Xcode

Go to Xcode and do the following:

  1. In the center pane, select TARGETS, then drag and drop the entitlement.assertion file onto your project in the far left pane. Elect to copy items into the destination group’s folder.
  2. Click Finish.

Add the Libraries to your project in Xcode

In Xcode, do the following:

  1. In the TARGETS view for your app, drag and drop the entire WrapKit.framework folder onto the Frameworks folder (far left pane). Elect to copy items into the destination group’s folder.
  2. Apply the WrapKit.xconfig file to your project. If your app does not have any Linker Flags associated with it, you can simply drag and drop the file onto your project. If your app has Linker Flags, then you’ll need to add the xconfig file manually. For instructions, see the section below, Adding the WrapKit.xconfig files manually.
  3. In the center pane, switch to PROJECT and then at the top of the right pane, select Info and then expand Configurations.
  4. Under Configurations, expand Debug and Release.
  5. For both, Debug and Release sections, under the Based on Configuration… column, select WrapKit from the selection menu.

Adding the WrapKit.xconfig files manually

If your app is already using Linker Flags, you must add the WrapKit.xconfig configuration manually. To add the files manually, do the following:
Note: These instructions apply to both, the Debug and Release versions of your app.

  1. Open WrapKit.xconfig with a text editor.

  2. Copy from –framework to the end, for instance: -framework QuickLook -framework Security -framework CFNetwork - framework MessageUI -framework OpenGLES -framework QuartzCore - weak_framework AdSupport -weak_framework MultipeerConnectivity - weak_framework SafariServices -lstdc++ -lsqlite3 -lz -lresolv - all_load –ObjC
  3. In Xcode, click Target > Build Settings and scroll to Linking.
  4. Expand Other Linker Flags.
  5. Next to Debug (or Release) click “+”. Two fields are now showing.

  6. Click in the second field and then locate (use up/down arrows) and select Any iOS SDK.
  7. Click in the field to the right and replace the current contents with the WrapKit.xconfig text you copied in Step 2.
  8. Repeat for Release (or Debug), if needed.

Add a new Build Phase

With your app project open in Xcode:

  1. In the middle pane, select TARGETS and then in the right pane, at the top, select Build Phases.
  2. On the Xcode menu, go to Editor > Add Build Phase, and select Add Run Script Build Phase.
  3. Expand the newly added Run Script build phase.
  4. In the folder containing the WrapKit.framework folder, drag and drop the wrap.sh file onto the script path field in Xcode.

Seal your iOS app

In Xcode, do the following:

  1. Clean your project (Product > Clean) and then archive it (Product > Archive).
  2. In the Archive organizer, select the version you just archived, and then click Distribute.
  3. On the Select the method of distribution panel, choose Save for Enterprise or Ad-Hoc Deployment and click Next.
  4. So that you can easily tell the two app versions apart In the Save dialog, append the app name with a unique identifier, for instance, -sealed and then click Save.

Upload your sealed app to your Symantec Sealed Partner Portal

At your Symantec Sealed Partner Portal, do the following:

  1. In the right pane, in the Seal Your App section, click Done!
  2. In the Upload Test Version section, click Browse..., select your sealed app and then click Open.
  3. The sealed version of your app begins to upload to your Symantec Sealed Partner Portal

With your sealed app uploaded to your Symantec Sealed Partner Portal, you can begin your testing cycle.