iOS App Patching

App Live enables customers to use sensor instrumentation features, such as biometric authentication without getting their app resigned by BrowserStack, thus preventing iOS entitlement issues or authentication issues or invalid certificate issues during testing on BrowserStack devices.

Use App Patching for iOS Apps

You must use the BrowserStack endpoint to patch your app, and then sign the app with your own certificate, thus resolving any issues that occur from app resigning.

App instrumentation involves:

a) Uploading an unsigned app (.ipa) file to the BrowserStack endpoint and getting the instrumented app(. ipa) file.

b) Signing the instrumented app with your certificates.

c) Uploading the signed instrumented app to BrowserStack for using the sensor instrumentation features.

Get instrumented app

• Contact BrowserStack support to access an endpoint that you can use to get your app instrumented. You can save the instrumented app, customer_app_instrumented.ipa, in a directory.

Sign your Instrumented App

Prerequisites:

• The login keychain DB is unlocked.
  In your command line tool, run the following command:

        security unlock-keychain -p "<keychain_password>" "<absolute_path_to_login_keychain_db>
  

  
  For example, typically the keychain is available in the ~/Library/Keychains/login.keychain-db directory. If your macOS password is abcd@123, then the sample command is:
  

        security unlock-keychain -p "abcd@123" "~/Library/Keychains/login.keychain-db"
  

• The .mobileprovision file corresponding to the signing certificate that you will use to sign the app is available. This file, for example cert.mobileprovision, is specific to your organization.
• customer_app_signer.sh script file from BrowserStack is available.

To sign the instrumented app, complete the following steps:

1. On the command line tool, run the following command :

   security find-identity -v -p codesigning
   

   The following code shows the format of the sample response:

   x) <40_char_string> "iPhone Distribution: Some Inc"
   

   Here are few sample responses:

   • W19SNVTCZH0MKG491R7I3XJ3D028EWH9PJV4UY2S "iPhone Distribution: Some Inc."
   • IFMJ2RVFIWQ1I4MM60KHO7H5F1WCFMBCVLM93HUL "iPhone Distribution: Anything Inc."

2. Copy and save the 40 char long string that corresponds to the certificate you want to use for signing. This string is the provisioning_identity that will be used in later steps.

3. Generate the entitlements file by running following command and add the absolute path to the cert.mobileprovision file.

     security cms -D -i </absolute_path_to/cert.mobileprovision> /tmp/tmp.plist &&  /usr/libexec/PlistBuddy -x -c 'Print:Entitlements' /tmp/tmp.plist > /tmp/cert.plist
   

   Copy and save the /tmp/cert.plist to a directory.

4. Create a instrumentation_signing directory and save the following files to it:
   • Instrumented Enterprise app that you received from BrowserStack, customer_app_instrumented.ipa
   • customer_app_signer.sh script file from BrowserStack
   • cert.mobileprovision file specific to your organization.
   • cert.plist entitlements file
   • 40 char long provisioning_identity

5. Run the following command:

     bash customer_app_signer.sh "<absolute_path_to_unsigned_instrumented_ipa>" "<provisioning_identity>" "<absolute_path_to_cert.mobileprovision>" "<absolute_path_to_signed_ipa>" "<absolute_path_to_cert.plist>" "<absolute_path_to_working_directory>"
   

   For example, the following command is used when your run it from the instrumentation_signing directory:

     bash customer_app_signer.sh "customer_app_instrumented.ipa" "<provisioning_identity>" "cert.mobileprovision" "customer_app_instrumented_signed.ipa" "cert.plist" "/instrumentation_signing/"
   

   After you sign the instrumented app, the script file returns the signed instrumented app, customer_app_instrumented_signed.ipa.

Upload your signed instrumented app

1. Log in to the App Live dashboard.
2. On the Select Source page, click the Settings icon next to your app.
3. Enable the iOS Entitlements option, and disable the Biometric Authentication and Image Injection options.
4. Select the required device-OS where you want to test the app.