iOS Management
iOS software must be signed using a company specific provisioning profile. The iOS Management page provides users a step-by-step process to complete the provisioning process and keeps track of each iOS device, its status, provisioning profile, and signing certificate.
iOS Provisioning Tool
On the iOS Management page, under the Complete these steps to connect to iOS device, download the provisioning tool and complete steps 2 and 3.
iOS Provisioning Status
The status of all profiles stored on the GigaFox server will be displayed in the iOS Provisioning Status section.
Devices
Devices displays all iOS devices, their deviceControl and Provisioning Profile status.
A list of all the provisioning profiles will be displayed and will expand to show details including the expiration date, certificate, devices, and entitlements.
To upload a provisioning profile:
- Under Upload provisioning profile, click Choose File.
- Select the file and click Open.
- Install the certificate to Keychain Access.
Delete Provisioning Profile
- Open the details of the Provisioning Profile.
- Click Delete profile.
Installed Certificate
Installed Certificate IDs are displayed in the iOS Management section. Once the provisioning profile has a matching certificate, a key icon will be displayed next to the provisioning profile.
Provisioning Profile Matching
Prior to running an application on an iOS device, Apple requires
the identifying provisioning profile to match the application's
requested entitlements.
If discrepancies between the app's entitlements and its profile
exist, the app will not be granted the necessary permissions to
launch on that device and will display an app installation error.
When these discrepancies are present, including different Team IDs or Apple Application Entitlements, GigaFox will automatically resign with a matching provisioning profile that will satisfy the app's requirements, resign the app with the profile, and launch the app.
Resigning App Entitlements
If an app's entitlements are rewritten during the resigning
process, some entitlements may be disabled to meet the provisioning
profile's details. A list of those changes is available under
the Resigning with modified app-package entitlements
section of the logs.
To access the logs:
- Go to the Systems page and under System Logs, download logs by clicking Save Logs.
- Open the zip file and navigate to
usr_local_deviceConnect_logs > MobileLabs.DeviceConnect.Services.log
iOS Manual Instrumentation
When multiple teams with different Apple Team Identifiers or if dynamic instrumentation is not applicable, the application will need to be instrumented with the deviceAgent using an instrumentation utility or with Xcode. To manually instrument:
- Open the iOS Signer Utility.
- In the IPA Path field, select the IAP file.
- In the Provisioning Profile field, select the provisioning profile to re-sign the application.
- In the Trust.Agent .dylib(optional) field, choose the trust.dylib file.
- If using a development profile, enable the Enable Debugging (Required for Development Provisioning Profiles) checkbox.
- To change the bundle ID of the IPA, select the Change ID checkbox and enter the value to set the bundle ID of the IPA to in the com.companyname.appname field.
- In the Certificate Name field, enter the certificate identity for the provisioning profile.
- Click the ReSign! button.
- A new -resignedIPA will be available in IPA path.
- Upload the newly resigned application to GigaFox.
NOTE: If the App ID in the provisioning profile does not match the bundle ID of the IPA, iOS Signer Utility will warn of the discrepancy. App IDs are case sensitive and will not re-sign the application unless the IDs match exactly.
To preserve user data, iOS prevents applications from using Apple Wallet (formally Passbook) owned by other teams. To use the app, users must sign in with the same provisioning profile and certificate already registered to the app.
Compile Trust Agent file with iOS Applications
- Launch Xcode.
- Open the application's project and create a duplicate target (copy only). This ensures the main target can be deployed without deviceAgent.
- Drag and drop the trust.dylib file into the project. To verify the file was successfully transferred, navigate to the Build Phases tab and click on Link Binary with Libraries. If the file is present, the transfer was successful.
- In Xcode, navigate to Copy Bundle Resources and drag and drop the trust.dylib file.
- On the main menu, select Editor > Add Build Phase > Add Script Build Phase.
- To Add Script Build Phase, enter the following to the script body:
- On the Toolbar, click Run to compile the application. At this point, the app should run on an iOS device.
- Build and run app.
- In the Output section, search for "Starting Trust Agent" message to confirm the app is running with Trust Agent.
NOTE: If the trust.dylib did not transfer to the project file, drag and drop into the Link Binary with Libraries section.
line 1:
codesign -fs "$CODE_SIGN_IDENTITY" "$BUILT_PRODUCTS_DIR/$CONTENTS_FOLDER_PATH/trust.dylib"
line 2:
install_name_tool "$BUILT_PRODUCTS_DIR/$EXECUTABLE_PATH" -change trust.dylib @executable_path/trust.dylib