Implementing App Shielding on iOS

Jun 22, 2020

Personalized Configuration Required.
In order to follow this tutorial, you need to purchase the App Shielding technology by Wultra and have a tooling as well as custom configuration prepared by Wultra engineers. Both tooling and configuration is specifically designed for your application. Contact your sales representative or technical consultant in order to obtain the required components.

In this tutorial, we will show you how to implement App Shielding in your iOS app. This tutorial has three parts:

Prerequisites

  • App Shielding tools with the configuration prepared by Wultra.
  • Your app in the format of *.app, *.ipa or *.xcarchive.
  • MacOS machine with Java 8 installation.
  • Signer certificate.

Running From the Command-Line

The easiest way to get familiar with our App Shielding script is to use the interactive mode:

./shield.sh --interactive

However, this is not practical for most of the situations, such as automated app build using a CI tools.

Shielding For App Store or Testflight

To shield the production app on the same machine as you used to build and sign an app, you can simply run the shielder script:

./shield.sh path_to_my_app.xcarchive

Shielding for Developer Distribution

To build an app for the testing purposes, for example, to be submitted to App Center or any other app distribution tool, you need to use the --trustsigner switch:

./shield.sh path_to_my_app.xcarchive --trustsigner

Omitting the App Signature

In case you would like to skip the signing step, you can use the --noresign switch and sign the app with the correct certificate later.

Specifying Paths

You can specify additional paths when running the shield.sh script:

  • -shielder - Path to the shielder utility file.
  • -config - Path to the App Shielding configuration properties.
  • -framework - Path to the App Shielding SDK.
  • -output - Path for the resulting output file.

Running From the Xcode

The integration with Xcode is based on the command-line integration we saw earlier in this tutorial. To add the App Shielding step in your project, you need to:

  1. Copy the shielder directory into your Xcode project folder (the $PROJECT_DIR variable in Xcode).
  2. Set FRAMEWORK_SEARCH_PATHS=$(inherited) $(PROJECT_DIR)/shielder/
  3. Add a “New Run Script Phase” to your target build phases, with the following script as a content (depending on the intent):
# Development Scheme
/bin/bash "${PROJECT_DIR}/shielder/shield.sh" "--trustsigner"
# App Store Distribution Scheme
/bin/bash "${PROJECT_DIR}/shielder/shield.sh"

More Complex Xcode Scripting

Of course, you can prepare a more complex script to determine which properties should be applied in the particular build setup based on your own variables (defined in the user defined setting, under “Build Settings”). For example, this is a simplified script that we use in our Mobile Token app on iOS:

#set -x

if [[ "${APP_SHIELDING}" == "YES" ]]; then

    if [[ "${APP_SHIELDING_TRUST_THIS_BUILD}" == "YES" ]]; then
        /bin/bash "${SHIELD_SCRIPT}" "-config" "${SHIELD_CONFIG}" "-shielder" "${SHIELD_UTILITY}" "-framework" "${SHIELD_FRAMEWORK}" "--trustsigner"
    else
        /bin/bash "${SHIELD_SCRIPT}" "-config" "${SHIELD_CONFIG}" "-shielder" "${SHIELD_UTILITY}" "-framework" "${SHIELD_FRAMEWORK}"
    fi
    RESULT=$?
    if [[ $RESULT != 0 ]]; then
        if [[ "${GCC_PREPROCESSOR_DEFINITIONS}" == *"DEBUG=1"* ]]; then
            echo "warning: App shielding failed!"
        else
            echo "error: App shielding failed!"
            exit $RESULT
        fi
    fi
else
    echo "App shielding is turned off"
fi

Continue Reading

Proceed with one of the following chapters:

Conclusion

In this tutorial, we showed you how to apply App Shielding to your iOS app using the command-line or via Xcode integration, including a practical example of our custom script we use on the Mobile Token project.

Last updated on Apr 21, 2021 (21:08) Edit on Github Send Feedback
Search

develop