Re-sign third party apps for Automation testing

Question

Created Jul ’20

Replies 1

Boosts 0

Participants 2

I want to test my website on Google Chrome. I do not want to do manual testing, and will be using Appium for automation.

Appium can only automate either system apps (such as Mail, or Safari) or apps that are running in debug mode.

My question is:
Can I download third party apps (in this case Google Chrome) and re-sign those apps with my certificate for testing purpose? Will I be breaking any of Apple guideline?

Boost

Answer 1

Security Engineer OP

Apple

Jul ’20

Hey!

You can replace the signature of a binary or package using the codesign utility. You can refer to the codesign manual (man codesign from a terminal), the options you will want are --force to replace a signature or --remove-signature to remove one.

Note that when you replace the signature, the program will no longer have access to its keychain items and you might not be able to sign in all the entitlements it had before. I'd suggest you make a copy before fiddling with the signature as it'll probably take a couple of goes to get everything right.

You will probably also need to do things like transferring entitlements. Entitlements can be dumped by doing codesign -d --entitlements :- /path/to/thing > thing.entitlements then resigning with codesign --sign "<identity>" --force --entitlements thing.entitlements /path/to/new/thing (replacing <identity> with either your profile or "-" for ad-hoc signing).

You might also need to add the get-task-allow entitlement to allow debugging and make Appium happy, the entitlement you'll want to add is "com.apple.security.get-task-allow"

Good luck and happy testing!

0