How to Troubleshoot App Signing in Secured Android & iOS Apps
Signing mobile apps is complex and prone to error. Appdome provides tools to validate app signing when users sign mobile apps locally or privately on their own systems. This Knowledge Base article provides step-by-step instructions for using Appdome to troubleshoot app signing in secured Android and iOS mobile apps
We hope you find this knowledge base useful and enjoy using Appdome!
Using Appdome to Troubleshoot App Signing in Secured Android & iOS Apps
Appdome is a mobile security platform that allows users to add a wide variety of features, SDKs and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily add additional functionality to any mobile app – instantly, no code or coding required.
In order to deploy a secured app, it must be signed. Users have the flexibility of signing fused applications inside or outside of Appdome. We highly recommend you to use the built-in app signing functionality in Appdome. Appdome uses multiple input validation mechanisms to ensure proper signing of each mobile app. Deploying an Appdome-Fused app is only possible if it has been signed properly.
If you choose to sign and Appdome-Fused app outside of Appdome, Appdome offers an App Validation service troubleshoot app signing in secured android & iOS apps. The service also verifies that the app wasn’t tampered with in any way that may prevent it from running on any mobile device.
Prerequisites for using Appdome’s App Validation
In order to use Appdome’s app validation you’ll need:
- Appdome account – IDEAL or higher.
- Signed mobile app (.ipa for iOS, or .apk or .aab for Android)
3 Easy Steps to Troubleshoot App Signing in Secured Android & iOS Apps
Follow these step-by-step instructions to troubleshoot app signing in secured Android & iOS apps:
- Login to your Appdome account and Click on your user name in the top-right corner of the screen, and select App Validation.
- Upload your signed mobile app by dragging the app file to the dropbox or by browsing your device for the app file.
Note! You can’t validate an app unless you are authorized to change its functionality
- Once the your app was fully loaded, Appdome’s app validation process will start automatically
When the app validation process is completed, Appdome will present the results of the validated app signing at the bottom of the screen.
Here are a few examples of apps validation results:
- Correctly signed app:
- Falsely signed iOS app (private signing):
- Android app signed with incorrect keystore (private signing):
How do I correctly sign my app?
Make sure you sign correctly as an incorrect signature can trigger Appdome’s Anti-Tampering protection.
How to validate the signing SHA-1 or SHA-256 of a Google Play App
In some cases, Google Play resigns the application. In these cases, the SHA1 or the SHA-256 can be extracted via the Google Play Console. Or Via extracting the downloaded apk from an Android phone, and uploading it to the verification tool as depicted above.
How Do I Learn More?
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.