I have a little problem and I am wondering if this is possible. I have just finished updating an app with push notification for a client. I don't have a hold of the server side so I tested the push by modifying the app id and just make it as my own temporarily, created the necessary certificates and provisioning profiles and then tested it using PushMeBaby app. All works fine without problems.
And now, the client wants to publish it and he gave me the distribution certificate and provisioning profile for distribution. I am not a member of his team but I somehow find a way to build it using the command line.
Now comes my problem, I wanted to test it first on my device to check if the push notification works. The server is already setup since it is already existing in the store. I know for sure that the push will work, but somehow I really feel the need to test it first on my device. I tried to request him to use testflight for testing but he said he doesn't know how to do it. I tried to present myself to do it but he doesn't allow it because the original developer made some anomalies with his account, so as much as possible, he won't give it to me saying there must be other way to test it myself.
And so I asked, is there any way to test it with just the distribution certificate and provisioning profile provided? If not, what would be the best alternative to do it, considering having the client do a very minimal and easy stuff on his side, if any.
Hoping for someone to actually give a hand or a hint.
Thanks in advance.
Related
I have made a simple desktop app that I want to sell through the AppStore. Of course I want to be protected against piracy. Does AppStore give any protection? How does that process work?
For instance, what prevents a dishonest person from buying my app and then upload it on a torrent and share it with others. If these other people download my app, will they automatically be asked for their identity check (Apple ID and password), the first time they try to use my app, thus preventing them from using it if they have not bought it legally.
If this identity check does not happen automatically, then do I need to add some code in my app that will ask for the identity check. If so, where can I find info about how to do that?
I'm not entirely sure how this process works. Could somebody shed some light on it?
Mac App Store slips a receipt each time it is downloaded into the bundle. The receipt contains information about the computer used (the so called GUID) and the user logged into the App Store.
See here how you should validate the receipt:
https://developer.apple.com/library/mac/releasenotes/General/ValidateAppStoreReceipt/Introduction.html#//apple_ref/doc/uid/TP40010573
If you implement the GUID validation as described in the document, the app will not run on any other computer.
Also check the signature of your code to make sure it has not been tampered:
Verifying app's signature by code
Your application, when downloaded from the App Store, contains a receipt. The receipt contains proof that it was downloaded onto this computer from the App Store, and the ID of the application. There are instructions somewhere on Apple's website that tell you how to verify the receipt and what to do if the verification fails.
That said, you are much better off concentrating on writing an app that people actually want to buy. People who pirate your app wouldn't hand over money if it couldn't be pirated. They would do without it, pick some free app, or pick a different app that they can pirate.
And I'm quite sure that any copy protection you build into your app yourself will get it rejected from the App Store.
Even though the answers I've got were helpful, they didn't quite provide the answer I needed. Looking around I found a software called Receigen from Laurent Etiemble, and the FAQ on his site (http://receigen.etiemble.com/faq.html) gave many answers for what I was looking for. For instance
What is an App Store receipt validation ? Why is it needed ?
Basically, an App Store receipt is what an application must check to ensure that the copy is genuine and can be run.
What happens if I don't check the App Store receipt ?
Well, anybody with a copy of your application can run it, with or without proper authorization.
Is the code receipt validation easy to write?
No because it requires deep understanding of cryptography and secure coding techniques.
It didn't hurt either that Receigen generated code that freed me from dealing with receipt validation code. Receigen takes care of this part so I can focus on what is really important for me: my application.
Yes, it costs money but personally I am more than glad to pay it, because I find this part of the development tedious, boring and complex.
TPInAppReceipt is a great package for this.
I was able to easily add local receipt validation after trying many others solutions less successfully:
https://github.com/tikhop/TPInAppReceipt
I'm stuck with this damn "Application failed codesign verification" warning that I simply can't solve... I'm about to submit my app to Apple. :(
Having a look to my provisioning profiles made me realize that the status of my development profile is "Active, managed by Xcode" whereas my distribution profile is only "Active". It may be the reason of this problem because anything else seems to be OK. So what is wrong here ?
Thanks a lot for your advices.
Having a look to my provisioning profiles made me realize that the
status of my development profile is "Active, managed by Xcode" whereas
my distribution profile is only "Active".
The team development profile includes certificates for all the developers on your team and device ID's for all your devices. Since only one person is authorized to distribute applications for any given account, and since there are no device ID's associated with the distribution provision, there's no need to have Xcode or the provisioning portal manage your distribution provision -- there'd be very little to manage.
It may be the reason of this problem because anything else seems to be
OK. So what is wrong here?
No, difference in the description of your development and distribution profiles isn't the problem. The problem is that the codesign utility was, for some reason, unable to sign your application. There are several things that can prevent your app from being signed, such as:
Wrong distribution profile selected in your project's build settings.
App ID in distribution profile doesn't match that of the app you're trying to sign.
Problem with distribution profile, e.g. an expired certificate.
There are also a great many questions right here on SO pertaining to signing your app for distribution. It doesn't make sense to rehash all those answers here, especially without more information about what you've already checked or at least seeing the specific error. Take a look at some of those questions first and see if something rings a bell. Otherwise, take a look at the Troubleshooting section of the Tools Workflow Guide.
I am trying to figure out if I am in a potential bind here. I am having someone else develop my app and I have given them complete access to my developer account to create the certificates to build the binary. I have uploaded the binary using the Application Loader and it it now waiting for review by Apple. My question is when it comes time to update the app, will I be able to do so without using the programmer who signed the certificate? When I become competent I'd like to do this myself but I'm clearly not there yet. I don't want to be in a situation where I have to keep going back to the same programmer to do the smallest thing.
Yes, provided you:
Have them send you the signing assets as described in "Exporting Your Code Signing Assets to Your File System" in the Xcode documentation. Note that they will still be able to sign using your key.
Have them send you the original project, obviously.
Once you part ways with them you should change the passwords of any accounts they've been given access to, like Apple ID and iTunes Connect.
At a later date, or as a last resort, you can create new signing assets as described in "Reset You Signing and Provisioning Assets..." in the Tools Workflow Guide.
So, most important going forward, they must not have access to any Apple accounts belonging to you.
I am currently experimenting with programming for my Nokia 5800 XpressMusic (running Symbian 9.4). Setting up the development environment (Carbide C++) was already a huge pain, but now that I am actually able to build something the pain doesn't stop! It seems there is an incredible overhead involved when you actually want to test an application on the phone. But I really hope somebody more experienced than me knows some easy way to do it.
If I understood right every application has to be signed. I can sign applications myself, so this is not a problem and it seems to work fairly well. But then it seems not all capabilities are available if I do this, and the one I need is amongst them. So now I have the option to buy a publisher ID to get a developer certificate (current cost: 200$ - no thanks) or I have to upload the application every time to symbiansigned! Every time I change the code and want to test on the phone I have to upload the thing using a stupid web form!
But now I was excited to find that you can do some remote debugging stuff with a thing called TRK (maybe this spares me the signing?). I hoped that I could use this to connect Carbide and my phone. But this doesn't quite work. My phone doesn't show the application required for this connection although it installed properly. I had a look at the supported Symbian version number and it seems to be 9.2, so not mine :( Stuck again?
And the emulator is no option because it doesn't support sensors and cameras :(
So what am I doing wrong (and sure there must be something)? Is the only way to test my app on the phone to actually upload it every time, wait for it to getting signed, download it again, install it and test - just to see it didn't work and that I have to repeat this process over and over again?? PLEASE no...
follow the instructions here http://www.forum.nokia.com/Distribute/Packaging_and_signing.xhtml to get yourself a free certificate for 5 testing devices, then you can use this certificate to sign your applications directly without using open sign.
When you use TRK, your application is still installed on the phone (in background, with so called silent installation API - by the way, you can use it too, but it's offtopic), because the only eligible way for a binary to get into the phone is the Installer Service. So you still need some certificate. All three options to get certificate mentioned here are ok, though the last, free one (from Mahdi Hijazi), I suppose, is the preferred. :)
Please go to
http://www.opda.net.cn/register.php
then apply for a OPDA Developer Certificate and download signer tool from the site and use it to sign your symbian applications.
Is there any Remote wipe application which will be working on deleting the data in Emulator by sending an SMS from other emulator?? I found some of the free applications in android market on Remote Wipe.. But they are not working..
Please let me know if any of the application is working on Emulator
Thanks in advance
Uday
There is just one remote wipe application I have come across.
I have been trying to write one such application myself but I believe the permissions required are 2nd level and 3rd level permissions (check this link and this link). Thats is the reason I am unsuccessful as yet. I believe that you basically need to sign the package with the same signature as the OEM manufacturer to be able to grant those packages to your device.
If by an stroke of luck you do happen to make one successfully, please let us know the permission you have used to make such a thing possible! =)
Regards
Shouvik
EDIT: Okay I supposed I am wrong. I believe in android 2.2 it is possible to remote wipe your. I have not completely understood how to implement the function or the class yet, I plan to work on it as soon as I can spare some time. :)
Reply:
Well I have been looking at the SDK for some time now, and I can confidently tell you below 2.2, I am pretty sure there is no way I know of to remote wipe your data. I have although read on the mailers list that there is a function that enables a third party client to create a remote wipe application as you may have seen in my post above. I have actually use my own port of android on a device and have just used the brick, but if I do come across any reference that can show how you could achieve what you desire, I would be happy to leave a post here. Regards Shouvik.
Links
http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#wipeData%28int%
also for formatting the SD card I came across a permission that you can request, I guess you follow that you end up at the method.
http://developer.android.com/reference/android/Manifest.permission.html#MOUNT_FORMAT_FILESYSTEMS