Is there a way to determine if a device token is sandbox or distribution? We are testing and the application is sometimes signed with a development certificate and others are signed with an ad hoc certificate(distribution certificate). This is because we are passing the application around to some of the 100 provided ad hoc test devices, and also building development signed apps to our devices.
Because sending a push notification requires that we select the appropriate push server and pem file, it would be great to be able to determine if the token is sandbox or distribution to send the notifications in the appropriate way so that the push notification succeeds.
We must sometimes use the distribution profile to sign our applications, so testing the push notification system requires us to deliver these notifications properly.
Open project build setting
Go to preprocessing settings
Under "Preprocessor macros not used in precompiled headers" (assuming you are not branching code in a .pch file), add TOKEN_ENV_SANDBOX=0 under Release and TOKEN_ENV_SANDBOX=1 under Debug and Ad Hoc.
In your code wherever just use the compiler directive
#if !TOKEN_ENV_SANDBOX
NSLog(#"TOKEN_ENV==PRODUCTION");
#endif
#if TOKEN_ENV_SANDBOX
NSLog(#"TOKEN_ENV==SANDBOX");
#endif
EDIT:
Corrected an issue above.
Here is what Apple has to say
You can determine in Xcode which environment you are in by the selection of a code-signing identity. If you see an “iPhone Developer: Firstname Lastname” certificate/provisioning profile pair, you are in the sandbox environment. If you see an “iPhone Distribution: Companyname” certificate/provisioning profile pair, you are in the production environment.
Add an Preprocessor Macro to your Target's Build Settings under Apple LLVM 7.0 - Preprocessing. Then under Debug add something like:
isRunningInDevModeWithDevProfile=1
Then in your .pch, you can do something like this:
// AZ - 01282016 - Determine which environment we are running in for APNS
# ifdef isRunningInDevModeWithDevProfile
# define isAPNSSandbox YES
#else
# define isAPNSSandbox NO
#endif
And then where you need to check it in your code, you can do this:
NSString *ifAppIsRunningFromXcodeUsingNonReleaseProfile;
if (isAPNSSandbox) {
ifAppIsRunningFromXcodeUsingNonReleaseProfile = #"dev";
} else {
ifAppIsRunningFromXcodeUsingNonReleaseProfile = #"prod";
}
We pass this value back to our APNS server so that it knows which path to take when calling Apple's APNS.
The reason I suggest this is that in this case, if you leave the preprocessor macro undefined in the non Debug targets, this will not cause an error when you try to build it.
Sure, there are solutions with a better form, but this is is a rather safe and quick way to get this functionality up and running.
I read all answers above and they are all correct but do not answer the basic question: "Is device token sandbox or distribution?".
It is because they detect build configuration, not token quality.
After spending several days in resolving this issue, I got to the straigt-forward solution:
Test token you got with real Apple Push Notification Server. You may use simple app that will talk to the server and you just need to configure it.
I did use this simple app "Easy APNs Provider" for macOS or any else.
https://itunes.apple.com/us/app/easy-apns-provider-push-notification/id989622350?mt=12
My core issue in macOS app was that I keep getting production token in both Debug and Release configurations.
When you detect what was an issue, you may invalidate certificates to be 100% sure it will not be compromised.
Related
I have gotten the following message from App Store Connect when trying to upload a new version...
Missing Purpose String in Info.plist File - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSBluetoothPeripheralUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data will be required to include a purpose string.If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs.
But I do not use bluetooth anywhere in the app (no bluetooth code).
Here are the frameworks I use:
CoreText, QuartzCore, CoreLocation, CoreGraphics, Foundation, UIKit, StoreKit, CoreData, MapKit
Any advice?
Open Info Plist file and press on + sign add new key in info.plist of your project and add this NSBluetoothPeripheralUsageDescription and write value "Explain the reasons for Bluetooth".
FacebookSDK is scanning Bluetooth since v 4.33. This is the description I have picked.
Facebook-SDK v4.34 contains Places Kit which contains Bluetooth scanning. This app isn't scanning/using Bluetooth at all.
We’re starting to use Fastlane for automated deployment, and it’s a very impressive toolset.
One mystery, though:
When submitting a BETA build to Apple’s TestFlight, how do you pass in the Demo Account credentials (username and password)? The docs don’t seem to say.
There seem to be a couple of clues here:
https://github.com/fastlane/fastlane/blob/master/spaceship/lib/spaceship/test_flight/beta_review_info.rb
https://github.com/fastlane/fastlane/blob/master/spaceship/spec/test_flight/app_test_info_spec.rb
And there does seem to be a way to pass in this info for actual App Store submissions:
https://github.com/fastlane/fastlane/blob/master/deliver/Deliverfile.md [see app_review_information]
... but not for TestFlight betas.
How do you do the equivalent for BETA uploads?
Thank you very much!
You need to use Appfile, pilot use it like deliver
Here is the doc.
https://docs.fastlane.tools/advanced/#control-configuration-by-lane-and-by-platform
My Appfile for ex. is:
app_identifier ENV["app_identifierEnterprise"] # The bundle identifier of your app
apple_id ENV["accountAppleId"] # Your Apple email address
team_name ENV["teamNameEnterprise"]
team_id ENV["teamIdEnterprise"]
for_platform :ios do
for_lane :releaseBeta do
app_identifier ENV["app_identifier"]
apple_id ENV["accountAppleId"]
team_name ENV["teamName"]
team_id ENV["teamId"]
end
end
I use .env (a file to set this variables), but you just need to replace ENV[""] with "ValueYouWant"
Hope this helps.
I'm trying to upload data using NSURLSession with a background task from an OSX share extension.
As soon as I start the task, by delegate is called back with the world's least helpful error message:
The operation couldn’t be completed. (NSURLErrorDomain error -995.)
There's no other information in the NSError object, nor in the console.
After scouring the internet, the only clue I have is to make sure that I've set up the configuration.sharedContainerIdentifier correctly, however I've already done that:
let configuration = NSURLSessionConfiguration.backgroundSessionConfigurationWithIdentifier(uniqueId)
configuration.sharedContainerIdentifier = Config.appGroupName
urlSession = NSURLSession.init(configuration: configuration, delegate: self, delegateQueue: nil)
I then prepare the request and create the task:
let task = self.urlSession!.dataTaskWithRequest(request)
self.tasks.append(task)
task.resume()
Note that everything works perfectly when from my main app. It's just the sharing extension that fails.
What other problems could cause error -995?
(Bear with me, I don't have rep yet for a comment so I have to answer, and notwithstanding the possibility you've found a bug, the last part I'm adding might help others)
When you're using an NSURLSession any background upload/download that completes will launch your main application. This is detailed in the Common Scenarios page.
As you show you've done, you need to set the NSURLSessionConfiguration with a sharedContainerIdentifier:
let configuration = NSURLSessionConfiguration.backgroundSessionConfigurationWithIdentifier(uniqueId)
configuration.sharedContainerIdentifier = Config.appGroupName
urlSession = NSURLSession.init(configuration: configuration, delegate: self, delegateQueue: nil)
You also need to ensure that both your app extension and your main app are all triple-checked in the 'App Groups' option in Xcode (I'm looking at Xcode 8.1), which means:
The app group name is the same for both app and extension(!)
the check beside Add the App Group entitlements in the entitlement file
the check beside Add the App Groups feature to your App ID
the check beside Add App Groups to your App ID
And the checks need to be there on both app and extension.
I'm a bit rusty on adding these but my recollection is these aren't listed in the right order, e.g. you have to 'Add App Groups to your ID' before you can check them in both app and extension, but I could be wrong.
Advanced - Thirdparty libraries in app extensions.
Looking at the github project nst/STTwitter, a third-party Twitter REST library, they needed to add a configurable group ID to allow setting the NSURLSessionConfiguration sharedContainerIdentifier to the library user's group ID.
I may again be mistaken but this seems like it would be a general problem when using thirdparty libraries in an app extension - e.g. I've just now come across this error when trying to use the ChromeCast SDK and this could be the kick in the pants.
I am building an application that simulates user input (command+c and command+v). Before sandboxing it, everything worked fine, but now I am getting these errors from the console:
Firstly, when I fire it up:
5/27/13 1:35:11.980 AM appleeventsd[54]: A sandboxed application with pid 5343, "CopyBoard" checked in with appleeventsd, but its code signature could not be validated ( either because it was corrupt, or could not be read by appleeventsd ) and so it cannot receive AppleEvents targeted by name, bundle id, or signature. Error=ERROR: #100013 { "NSDescription"="SecCodeCopyGuestWithAttributes() returned 100013, -." } (handleMessage()/appleEventsD.cp #1755) com.apple.coreservices.appleevents.peer.0x7fa9b0411260.xpcq
Then, when I try to simulate command+c, I get:
5/27/13 1:52:22.980 AM WindowServer[85]: post_filtered_event_tap_data: Sender is prohibited from synthesizing events
5/27/13 1:52:23.000 AM kernel[0]: Sandbox: sandboxd(6515) deny mach-lookup com.apple.coresymbolicationd
5/27/13 1:52:24.252 AM sandboxd[6515]: ([5343]) CopyBoard(5343) deny hid-control
I'm looking for a solution that would allow me to copy and paste globally in a sandboxed environment. Is it possible that the Accessibility API is a good answer? Has my problem got anything to do with how I'm simulating user input? I'm very confused, thank you very much for helping.
The sandbox is designed to prevent exactly what you seem to be trying - allowing an application to simulate a user is defined as a security issue. If you have a narrow requirement which can be done safely you can submit it to Apple thorough bug reporter as an needed improvement to the sandbox.
The Accessibility API is not supported in general for this reason - no playing with other apps! This did not go down so well with all the developers which used it...
You can use AppleEvents in limited constrained circumstances and with the appropriate entitlements.
You'll probably need to go to developer.apple.com and read all the documents/view videos/etc you can find to see if what you wish is going to be possible.
The only point of hope I can offer you is that the sandbox is a moving target, so you may find you can do more than the above suggests. Go read. Good luck.
Is anyone now online able to perform receipt validation in a Mac application?
Have you used the ASN generated files in the application?
Are you able to produce a sample receipt by automatic popup of the iTunes authentication?
The best way I know to check receipts is by letting Receigen generate the code - different for each new version. It's probably more secure than what you can develop in a reasonable time.
I have it working, but i am using open source code to do it.
Using this code in your main , and changing your app bundleID/version, it validates the receipt.
In this question you can see the code i used.
Mac App Store Receipt Validation Code?
I've got an example receipt at my question here (Can Purely On-Device In-App Purchase Receipt Validation Be Done With iOS6?). I've generated the ASN files and am trying to use them now. I used the compiler here. I'm not sure if it all works though, just starting testing in earnest now.
Chris.