2

background: we are getting iOS apps ( .ipa ) from external developers ( their apps may be submitted in the appstore ), and they want submit their apps in our internal store just by sending their .ipa to us

we are installing apps using ota, by sending plist to our endusers, itms-services://?action=download-manifest&url=[PLIST_URL]

i was using some GUI signing tools such as iResign, iOS App Resigner and AppResigner, injecting custom entitlements, injection App Transport Security into info.plist. and when i tried to install apps which are signed by these tools, install popup is shown correctly, but after a while the application icon changes to disabled Gray and nothing happen then.

question: how we can resign their iPA files with our enterprise certificate without changing their bundleId

do i need any provision? if yes Ad-Hoc or in-house? Explicit Or Wildcard, if Explicit, so we try to confirm an Explicit AppId for third party developer iPA and we got an error that said an AppId with com.domain.blah is not available, please enter a different string

any advice and suggestions will be greatly appreciated

Some Research:

Saeed Sheikhi
  • 21
  • 1
  • 3

1 Answers1

3

Yes it's totally possible via iOS App Signer

You would need a provision that matches the bundle ID that you would like to have.

Taier
  • 2,109
  • 12
  • 22
  • 1
    Post Updated, is there any way to sign an app without changing BundleId? could you see screenshots? they have resigned app with their own new certificate without changing bundleId – Saeed Sheikhi Oct 01 '18 at 11:21
  • @SaeedSheikhi I used App Signer a few times, as I remember you could select not change bundle id at all. If it's not working now, then just change bundle id to the same one. Regarding entitlements, it should not touch them by default, but its possible to override them if you need (as shown on screenshots). – Taier Oct 01 '18 at 11:41
  • 1
    so as you said, we need a provision that matches the bundleId to resign application, right? problem_1: as you can see on screenshots, provision profile didn’t change before and after pushing into internal store, both are the same problem_2: if we want to generate a provision profile that matches the bundleId, for example something that is submitted into appstore already, apple developer panel throw an error **an AppId with com.domain.blah is not available, please enter a different string** so, how can i generate a provision with explicit AppId that matches the bundleId? – Saeed Sheikhi Oct 01 '18 at 12:05
  • @SaeedSheikhi 1) you need to have the same provision profile in order to re-sign .ipa with a new entitlements and present old provision. Provision profile is like a seal that guarantees that .ipa was not changed. If you have no access to it, then you cant re-sign app with a new entitlements and preserve old provision. 2) They are right, you cant have 2 apps with the same bundleID in the Appstore. But you could have Wildcard bundleID and distribute app inside your company. You cant submit app with Wildcard bundleID to the appstore. – Taier Oct 01 '18 at 12:16
  • 1
    do you mean that i must reuse previous provision which exists in payload to resign with my own enterprise certificate? – Saeed Sheikhi Oct 01 '18 at 12:31
  • yes, but you need an original file (not the one that exists in the payload). But again, a provision is linked to the certificate, so I don't think that you could create another certificate with same bundle id (not wild) from another account. – Taier Oct 01 '18 at 13:58