iOS Management

iOS software must be signed using a company specific provisioning profile. The iOS Management page provides users a step-by-step process to complete the provisioning process and keeps track of each iOS device, its status, provisioning profile, and signing certificate.

iOS Provisioning Tool

On the iOS Management page, under the Complete these steps to connect to iOS device, download the provisioning tool and complete steps 2 and 3.

iOS Provisioning Status

The status of all profiles stored on the GigaFox server will be displayed in the iOS Provisioning Status section.

Devices

Devices displays all iOS devices, their deviceControl and Provisioning Profile status.

A list of all the provisioning profiles will be displayed and will expand to show details including the expiration date, certificate, devices, and entitlements.

To upload a provisioning profile:

  1. Under Upload provisioning profile, click Choose File.
  2. Select the file and click Open.
  3. Install the certificate to Keychain Access.

Delete Provisioning Profile

  1. Open the details of the Provisioning Profile.
  2. Click Delete profile.

Installed Certificate

Installed Certificate IDs are displayed in the iOS Management section. Once the provisioning profile has a matching certificate, a key icon will be displayed next to the provisioning profile.

Provisioning Profile Matching

Prior to running an application on an iOS device, Apple requires the identifying provisioning profile to match the application's requested entitlements.
If discrepancies between the app's entitlements and its profile exist, the app will not be granted the necessary permissions to launch on that device and will display an app installation error.

When these discrepancies are present, including different Team IDs or Apple Application Entitlements, GigaFox will automatically resign with a matching provisioning profile that will satisfy the app's requirements, resign the app with the profile, and launch the app.

Resigning App Entitlements

If an app's entitlements are rewritten during the resigning process, some entitlements may be disabled to meet the provisioning profile's details. A list of those changes is available under the Resigning with modified app-package entitlements section of the logs.
To access the logs:

  1. Go to the Systems page and under System Logs, download logs by clicking Save Logs.
  2. Open the zip file and navigate to
    usr_local_deviceConnect_logs > MobileLabs.DeviceConnect.Services.log

iOS Manual Instrumentation

When multiple teams with different Apple Team Identifiers or if dynamic instrumentation is not applicable, the application will need to be instrumented with the deviceAgent using an instrumentation utility or with Xcode. To manually instrument:

  1. Open the iOS Signer Utility.
  2. In the IPA Path field, select the IAP file.
  3. In the Provisioning Profile field, select the provisioning profile to re-sign the application.
  4. In the Trust.Agent .dylib(optional) field, choose the trust.dylib file.
  5. If using a development profile, enable the Enable Debugging (Required for Development Provisioning Profiles) checkbox.
  6. To change the bundle ID of the IPA, select the Change ID checkbox and enter the value to set the bundle ID of the IPA to in the com.companyname.appname field.

    7. NOTE: If the App ID in the provisioning profile does not match the bundle ID of the IPA, iOS Signer Utility will warn of the discrepancy. App IDs are case sensitive and will not re-sign the application unless the IDs match exactly.

  7. In the Certificate Name field, enter the certificate identity for the provisioning profile.
  8. Click the ReSign! button.
  9. A new -resignedIPA will be available in IPA path.
  10. Upload the newly resigned application to GigaFox.

To preserve user data, iOS prevents applications from using Apple Wallet (formally Passbook) owned by other teams. To use the app, users must sign in with the same provisioning profile and certificate already registered to the app.

Compile Trust Agent file with iOS Applications

  1. Launch Xcode.
  2. Open the application's project and create a duplicate target (copy only). This ensures the main target can be deployed without deviceAgent.
  3. Drag and drop the trust.dylib file into the project. To verify the file was successfully transferred, navigate to the Build Phases tab and click on Link Binary with Libraries. If the file is present, the transfer was successful.

    4. NOTE: If the trust.dylib did not transfer to the project file, drag and drop into the Link Binary with Libraries section.

  4. In Xcode, navigate to Copy Bundle Resources and drag and drop the trust.dylib file.
  5. On the main menu, select Editor > Add Build Phase > Add Script Build Phase.
  6. To Add Script Build Phase, enter the following to the script body:

    7. line 1:

    
   codesign -fs "$CODE_SIGN_IDENTITY" "$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/trust.dylib"

    line 2:

    
   install_name_tool "$BUILT_PRODUCTS_DIR/$EXECUTABLE_PATH" -change trust.dylib @executable_path/trust.dylib
  7. On the Toolbar, click Run to compile the application. At this point, the app should run on an iOS device.
  8. Build and run app.
  9. In the Output section, search for "Starting Trust Agent" message to confirm the app is running with Trust Agent.