How Appdome Enables Signing Secured iOS Apps without Xcode

Last updated January 23, 2024 by Appdome

Code signing is a requirement for installing any app on an iOS mobile device.
A valid signature, using an Apple-issued certificate, ensures the integrity of an app and provides proof that the app comes from a known and approved source and has not been tampered with.
By enforcing code signing, Apple ensures that no third-party app loads unsigned code resources or uses self-modifying code.

During the Appdome app build process, build process adapters are added to the app to achieve the requested additional functionality. As a result, the app’s original signature is invalidated and must be re-signed in order for the app to be deployed on mobile devices.

Appdome allows signing an app via the Sign tab, by using any of the following methods:

  • On Appdome
    Allow Appdome to take care of the entire signing process. You only need to provide the signing credentials. For details and specific, see section
    3 Easy Steps to Sign Secured iOS Apps on Appdome below.
  • Auto-DEV Private Signing
    Allows you to sign the app without uploading the signing certificate to Appdome’s cloud service.
    Appdome provides you with a script (.sh file) that runs on your trusted environment and signs the app by using your credentials    (certificate and password) as input. For details, see topic How to Automate Secure iOS App Code Signing in DevOps CI/CD.

As part of the Appdome signing process of secured iOS apps, by using either Auto-dev Private Signing or Signing on Appdome, you are required to extract and upload a Provisioning Profile and an entitlement file for each executable in the app, and when using signing on Appdome, a P12 certificate and its password.

This article provides instructions for signing sign Secured iOS Apps on Appdome without Xcode.

Why Should I Sign my Application on Appdome?

As an Appdome user, you can choose to sign any Appdome-built app by using Appdome’s built-in signing capabilities or by using your own mechanism outside of Appdome. However, you are strongly encouraged to deploy apps from Appdome, as this process is quick and easy for any iOS app, including Native iOS, hybrid apps, and non-native apps integrated with Maui, Xamarin, Cordova, React Native, Ionic, and more. Deploying apps from Appdome takes advantage of unique features such as automatic deployment of Fused apps to the Apple App Store and Leading EMM Stores.

3 Easy Steps to Sign Secured iOS Apps on Appdome without Xcode

Follow these step-by-step instructions to sign secured iOS Apps without Xcode.

  1. Select the Sign Tab.
    A blue underline appears, indicating that the step is active.
  2. Select On Appdome as the signing method.
    Upload the Provisioning Profile that matches your signing certificate and wait for Appdome to verify the signing parameters, then click on the Sign button.
    Note: If your application contains multiple executable files, ensure that you upload a provisioning profile for each file.
    Optionally: Toggle ON the option Manual Entitlements Matching if you want to set an entitlement plist file to use when signing an app on Appdome.When this feature is OFF, Appdome creates an entitlements file based on the entitlements used for signing the non-protected app.
    Optionally, upload an Entitlement file for each of your app executables. If you do not do so, Appdome will automatically generate entitlement files from your unsigned application executables.
  3. Click Sign My App.
    Ios Signing
    When you click Sign My App, Appdome will analyze the built app’s extensions, frameworks, and resources, and calculate a checksum that represents an exact state of each component within the app. Embedding the checksum into the app’s executables ensures that the app cannot be modified or tampered with once the signing is complete.
    Signing Completed
    Congratulations! You now have a signed Fused app ready to deploy.

For additional information about Appdome’s checksum validation, see article Running a Checksum Validation of Android and iOS Apps.

For information about additional anti-tampering features provided by Appdome, see article How to Build Anti-Tampering in Android & iOS Apps.

Prerequisites to Sign Secured iOS Apps Without Xcode

Follow these steps to add a mobile app to your Appdome account.
If you do not have an Appdome account, click here to create an account.

Complete the workflow of  Building an app and Updating App icon branding.

To sign your iOS app, you need a valid signing certificate stored in the iOS development environment.

To use your signing credentials, you need access to the following:

  • Built (Fused) mobile app
  • P12 Certificate File – A P12 certificate file is a certificate and private key concatenated into a single file, protected by a password.
  • P12 Certificate Password – The password used for unlocking your P12 certificate file.
  • Provisioning Profile – A Provisioning Profile allows you to install apps onto your iOS device and includes the signing certificates, a list of supported device identifiers, entitlements, and an App ID.
  • Optional – entitlements files.

What to Do after Signing iOS Apps

Deploy the Appdome-Build App to a Mobile Device

Once you have signed your Appdome-Built app, you can download to deploy it by using your distribution method of choice. For additional details on deploying your Appdome-Built apps, see article How to Auto Publish Secured Android & iOS Apps to app stores.

That is it – Enjoy your Fused app!

Related Articles:

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

 

Appdome

NEED HELP?

let's solve it together

TomMaking your security project a success!
By filling out this form, you opt-in to receive emails from us.