Code signing to check for IOS ipa integrity .

Question

Is there a way to check your app signature to verify if any one has tampered with the ipa file. I want to know specifically how to determine and handle this type of situation. How can i do a check for this in code(swift).

3.4k

Posted by

kakarot173

Reply

Add a Comment

Answer 1

in

Posted by

kakarot173

Add a Comment

Answer 2

Guys need your inputs on this please. Thanks

Posted by

kakarot173

Add a Comment

Answer 3

Guys need your inputs on this please.

Dude, patience.

Oh, and as a reminder, DevForums is an informal support channel. If you want formal support, open a DTS tech support incident. And if you follow that link you’ll find that DTS aims to respond to queries “within three business days”.

An .ipa file is just a zip archive it disguise. It doesn’t have its own signature, and thus there’s nothing to check.

If you want to check the signature of the app within the .ipa file, the answer to that depends on the context. Is your goal to do this on iOS itself?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by

eskimo

yes, i want to do it in iOS , natively in code(swift). Basically i want to have a check on our side to know if my app has been tampered with or not. I had an idea of verify the code signature to get this done. But i am not sure . I would love to get an solution for handling this situation of knowing if someone has tampered with the app and throw an popup alert when found.

—
kakarot173

Add a Comment

Answer 4

Basically i want to have a check on our side to know if my app has been tampered with or not.

The supported way to do that is with App Attest.

The path you’re going down is not supported by DTS. There are two reasons for this:

Anti-tamper protection is a form of DRM, and DTS does not support DRM [1] development in general. Any DRM system involves a trade-off between effectiveness and compatibility: The more effective your system is, the less likely it is to be compatible in the long term. DTS falls on the compatibility side of this divide, and so we don’t support DRM.
In this specific situation, Apple regularly transforms your app during the distribution process. For example:
- Re-signing the app
- Adding the App Store’s own DRM
- App thinning
- Applying bitcode
Some of these you can avoid but not all of them, and Apple reserves the right to add more as time goes by. There’s no supported way to distinguish Apple’s valid tranformations from tampering.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Well, non-Apple DRM. We do support various aspects of FairPlay.

Posted by

eskimo

Thanks for the answer. It clarified a lot of things. But is there a way to get Get Certificate SHA1 Fingerprint in iOS. I know in mac os its pretty straight forward. Can we still fetch it somehow on IOS

—
kakarot173
or maybe any standard checks that i can use on my native code to ensure the integrity of my app, except app attest?

—
kakarot173

Add a Comment

Answer 5

in

Posted by

kakarot173

Add a Comment

Answer 6

But is there a way to get Get Certificate SHA1 Fingerprint in iOS.

You’ll need to be more specific as to what you’re looking for here. There are at least two two different ways that we calculate certificate SHA-1 fingerprints, and that’s just in the Apple ecosystem (-:

Also, please put those details in a new thread, as it’s kinda off-topic for this one. Tag it with Security so that I see it.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by

eskimo

Add a Comment

Code signing to check for IOS ipa integrity .

Accepted Reply

Replies