Re-signing iOS apps

I am occasionally presented with a packaged iOS .ipa archive by a third-party developer, which is intended for in-house distribution (using an Apple Developer Enterprise certificate), or for App Store distribution using a different developer account.

Re-signing is a quick and simple way of delivering an app when a developer won’t provide you with their Xcode project source from which to spin your own build.

I previously used the iReSign utility to accomplish this, but found that this wouldn’t work in all cases, in particular when the app includes linked frameworks or libraries (which results in errors such as “DYLD, Library not loaded“).

To solve this I wrote the shell script below. It takes an existing .ipa archive, embeds your own developer provisioning profile, replaces any existing code signatures and packages it again for distribution.

Please use with my compliments and leave a comment if this helps you out.

(Note: This script has a dependency on command line tools such as PlistBuddy and codesign, so you will likely need to install Apple’s Xcode developer tools)

Replace DEVCERT with the Common Name of your own Apple developer certificate.

#!/bin/bash
# Re-sign an IPA with specified developer certificate (present in keychain)

DEVCERT="iPhone Distribution: Your Developer Cert Name"
TMPDIR="tmpwork"
SOURCEIPA="$1"
MOBILEPROV="$2"
BUNDLEID="$3"

if [ $# -eq 0 ]

then
  echo "Usage: $0 [app.ipa] [provprofile] [bundleid]"
else
  if [ ! -e "$SOURCEIPA" ]
  then
    echo "Error: $SOURCEIPA not found"
    exit
  fi

  if [ ! -e "$MOBILEPROV" ]
  then
    echo "Error: $MOBILEPROV not found"
    exit
  fi

  SIGNEDAPP=`echo $SOURCEIPA | awk -F".ipa" '{ printf ("%s-signed.ipa", $1) }'`
  unzip -qo "$SOURCEIPA" -d $TMPDIR
  APP=$(ls ${TMPDIR}/Payload/)

  if [ ! -z "$BUNDLEID" ]
  then
     echo "Changing Bundle ID to ${BUNDLEID}";
     /usr/libexec/PlistBuddy -c "Set:CFBundleIdentifier $BUNDLEID" "${TMPDIR}/Payload/${APP}/Info.plist"
  fi

  cp "$MOBILEPROV" "${TMPDIR}/Payload/${APP}/embedded.mobileprovision"
  security cms -D -i "${TMPDIR}/Payload/${APP}/embedded.mobileprovision" > Entitlements_full.plist
  /usr/libexec/PlistBuddy -x -c 'Print:Entitlements' Entitlements_full.plist > Entitlements.plist
  echo "Re-signing with certificate: $DEVCERT"

  for folder in `find -d ${TMPDIR} \( -name "*.app" -or -name "*.appex" -or -name "*.framework" -or -name "*.dylib" \)`; do
    /usr/bin/codesign --continue -f -s "$DEVCERT" --entitlements "Entitlements.plist" "$folder"
  done

  echo "Package the signed IPA"
  cd $TMPDIR
  zip -qry ../${SIGNEDAPP} *
  cd ..
  rm -rf $TMPDIR
  rm Entitlements_full.plist

fi

EncFS for OS X Yosemite

securecloud It’s about time I updated my instructions for installing and running an EncFS filesystem on Mac OS X, synchronised to Dropbox. Use a combination of FUSE for OS X, EncFS, Dropbox and DropSec to create and maintain a super-secure filesystem which syncs with the cloud, while maintaining

  1. Download and install FUSE for OS X (the MacFUSE compatibility layer is not required)
  2. If you don’t have it already, install the Homebrew package manager
  3. Download and install EncFS (v1.7.5_1 at time of writing) and any dependencies, it’s as easy as ‘brew install homebrew/fuse/encfs
  4. Download DropSec, extract DropSec.app from the archive and copy it to your Applications folder

To create a new encrypted volume (stored locally at first to prevent your EncFS key from being synchronised with Dropbox):

encfs ~/Desktop/_Encrypted ~/Documents/_DropSec

Answer ‘yes’ when prompted to create the new folders and choose ‘p’ for pre-configured paranoia mode (256-bit AES encryption). Enter a secure EncFS password when prompted and you’re done. Now the filesystem has been created we can deal with securing the key.

umount ~/Documents/_DropSec
mkdir ~/.keys
mv ~/Desktop/_Encrypted/.encfs6.xml ~/.keys/dropsec.xml

The commands above move your key from the EncFS filesystem into a hidden folder in your (local) home directory Now move the entire ~/Desktop/_Encrypted folder (minus your key) into your Dropbox:

mv ~/Desktop/_Encrypted ~/Dropbox/

To mount the secure filesystem run the DropSec app from your Application folder. The first time you run DropSec it will prompt you for your EncFS password which it stores in your local login keychain. The password must match the secure password you set earlier.

When the secure volume is mounted a DropSec folder with a padlock icon will appear on your desktop. If it doesn’t, check that you have ‘Show Connected servers’ checked in Finder preferences.

To mount or unmount the encrypted volume simply run the DropSec app. For convenience copy it to your Mac OS dock for quick access.

WhatsApp Web is keeping my Mac awake

The new WhatsApp Web client is a welcome companion to the hugely popular WhatsApp Messenger cross-platform mobile application. It allows users to link their browser to their WhatsApp account and interact with chat sessions just like you do in the mobile app.

So far so good, but I have encountered one significant drawback. If you run the web client in a Google Chrome session on Mac OS X then a kernel assertion is established which prevents the system from sleeping, regardless of energy saver system preferences.

With the WhatsApp Web client running:

$ /usr/bin/pmset -g assertions
2015-01-29 17:47:11 +0000 
Assertion status system-wide:
 BackgroundTask 0
 ApplePushServiceTask 0
 UserIsActive 0
 PreventUserIdleDisplaySleep 0
 PreventSystemSleep 0
 ExternalMedia 0
 PreventUserIdleSystemSleep 1
 NetworkClientActive 0
Listed by owning process:
 pid 346(coreaudiod): [0x0006336d00011046] 00:00:50 PreventUserIdleSystemSleep named: "com.apple.audio.context532.preventuseridlesleep" 
 Created for PID: 12006.

With the WhatsApp Web session closed:

$ /usr/bin/pmset -g assertions
2015-01-29 17:47:23 +0000 
Assertion status system-wide:
 BackgroundTask 0
 ApplePushServiceTask 0
 UserIsActive 0
 PreventUserIdleDisplaySleep 0
 PreventSystemSleep 0
 ExternalMedia 0
 PreventUserIdleSystemSleep 0
 NetworkClientActive 0

I assume that this sleep issue is related to the notification feature of WhatsApp Web, since the assertion references Mac OS X’s coreaudiod process. Turning off desktop alerts and sounds in the client settings does not fix it however, so for the moment it doesn’t seem possible to prevent this system insomnia from occurring.

I shall contact WhatsApp product support and see what they can do.

And have you left Twitter?

This was the question recently posed by a friend at the end of an email.

The quick answer is yes!

I have also deleted my LinkedIn, Google+ and about.me profiles.

The next question I presume would be to ask me why?

To be frank, despite my long and illustrious association with the Internet and the various communication protocols it carries, I’ve never been much of a social networker. I’ve never used Facebook, Instagram or Pinterest – and don’t have any burning desire to!

I have been a member of the LinkedIn community since 2004. I viewed it as a handy tool for making business contacts and perhaps career development, but that view has changed. I found their ‘people you may know‘ recommendations disturbingly accurate. I don’t like an algorithm being able to piece together my social interactions in such fine detail. Next it was the nagging endorsement solicitations, avoiding them was harder than dodging chuggers.

The final nail in the coffin was the weekly ‘profile views’ email showing exactly who had been looking me up. At first it was interesting in a voyeuristic way, but it quickly dawned on me that the owners of the profiles I’d been idly browsing would also receive these notifications. The day I received an email from LinkedIn with a smiling photo of one of my exes, I took affirmative action and deleted my account.

Twitter is a slightly different story. Again I was a fairly early adopter, opening my account in January 2009. As an information broadcast medium I like the Twitter model. I used it primarily for keeping up to date with local events and entertained myself by trolling service companies (Hello @O2 & @SW_Trains !)

What I wasn’t comfortable with however was the realisation that I had become slightly addicted to the constant stream of news and miscellany. Feeding my information junkie habit became an all too frequent distraction.

So I decided to go cold turkey and simply uninstalled the mobile app. After a couple of days the urge to automatically check Twitter (after email and BBC News) gradually subsided.

Let’s see how long I last 🙂

Share your opinions?

It seems that every time I make any kind of purchase from an online retailer I’m soon bombarded with demands requests from various associated websites to provide my feedback / ratings / opinions / reviews.

Don’t get me wrong, I’m all for user-generated content and I often consult sites like TripAdvisor and Amazon for product reviews. What I object to is being hounded for my feedback.

Take this recent example:

Boots Opinions

As it happens my recent purchase from Boots was not for myself, so I don’t have an opinion. Boots did at least provide an unsubscribe link, but even that reveals the level to which I will be harassed for my feedback:

Manage your subscriptions

How about if I don’t review the product after 4 days then you get the message that I’m not interested and leave me the hell alone?

I thought I’d take a look at the Boots small print anyway.

“By submitting your reviews you agree to us using your opinions.”

That sounds fair enough, but to be thorough we really should take a look at the full Terms & Conditions (like everyone does of course!).

There is the expected legalise around content ownership and intellectual property rights (i.e. I am the author and I voluntarily waive all rights to my content), some sensible clauses about my not submitting false or defamatory comments, but then it takes a darker twist.

You agree to indemnify and hold Boots UK Limited (and its officers, directors, agents, subsidiaries, joint ventures, employees and third-party service providers, including but not limited to Bazaarvoice, Inc.), harmless from all claims, demands, and damages (actual and consequential) of every kind and nature, known and unknown including reasonable attorneys’ fees, arising out of a breach of your representations and warranties set forth above, or your violation of any law or the rights of a third party.

Really? In this highly litigious world we live in I don’t know who I might be offending by what I’ve written about a product. I’m not prepared to bankrupt myself defending Boots against someone who doesn’t like what I’ve said. Should I purchase legal indemnity insurance before posting a review?

For any content that you submit, you grant Boots UK Limited a, perpetual, irrevocable, royalty-free, transferable right and license to use, copy, modify, delete in its entirety, adapt, publish, translate, create derivative works from and/or sell and/or distribute such content and/or incorporate such content into any form, medium or technology throughout the world without compensation to you.

I accept that if I agree to submit some words then they can use what I’ve written, but what’s this about modifying, adapting and creating derivative works? What if I’ve honestly had a bad experience with a particular product and want to share that with the readers? Does that mean they can change what I’ve written and still attribute it to me? That sounds a bit scary.

As I read on I discover that my hypothetical bad review would not be published anyway. Their terms state “The following is not acceptable on this site: Disparaging reference to a healthcare product, company, institution or medical profession”.

Since Boots is predominantly a healthcare retailer, it is highly likely that any review I care to leave will be about a healthcare product, but I guess they only want positive feedback.

Thank you Boots for the offer, but I’ll pass on sharing my opinions.

Software bloat is not an Apple invention

Smartphone

The New York Times reporter Catherine Rampell has caused a stir with her article ‘Cracking the Apple Trap‘, in which she insinuates that Apple are employing planned obsolescence to slow down older devices and force customers into buying new products.

It’s certainly a common complaint in the IT industry, one most often directed at Microsoft and it’s Windows operating system. Search for ‘software bloat‘ and you’ll see what mean:

Software bloat is a process whereby successive versions of a computer program become perceptibly slower, use more memory or processing power, or have higher hardware requirements than the previous version whilst making only dubious user-perceptible improvements.

But it’s not as sinister as is being made out. Operating systems evolve over time resulting in improvements, usually fancy new user interfaces, graphics or features. These require extra computing ‘power’, be it a faster processor or more memory to work effectively.

What we often see is slick new software trying to run on older hardware. While it might still function, there are signs that it struggles and this is where you experience freezing, sluggishness or reduced battery life due to the processor having to work harder.

From Apple’s perspective, they’re damned if they do and damned if they don’t. Which would attract more criticism, not supporting iOS 7 on iPhone 4 at all, or stretching legacy devices to their limits in order to deliver the same customer experience to as many customers as possible?

The iPhone 4 was released in June 2010, so three years of supported operating system updates could hardly be considered “planned obsolescence”. Let’s not forget that not so long ago it was nearly impossible to update the software on your mobile phone. Apple were pioneers in using software update technology. It’s not unusual now to have consumer mobile contracts lasting 18 or 24 months, this is testimony to the longevity of smartphones.

If anything Apple is guilty of doing too much to appease their loyal customers. Deliberate software bloat is just as likely to drive customers away from Apple’s products as it would force them into begrudgingly buying new hardware. What we’re talking about is technological progress and the need to lead through innovation.

The iPhone 4 was a hugely successful product globally and Apple risked alienating many millions of customers by not by including them in the much heralded iOS 7 update. Having as large a base of customers all at the same software level also helps keep Apple’s application ecosystem vibrant. Developers are keen to exploit the latest features and customers are hungry for the next killer app. By reducing software fragmentation Apple aims to keep all elements of the ecosystem happy – and maintain a healthy revenue stream as a result.

As a lapsed Apple fanboi I have no vested interest in defending Apple. I converted to Android mainly due to price and flexibility, and the realisation that I mainly use Google services. I do still have an appreciation for Apple’s products however and I understand their motivations. Apple’s business model is not about box shifting, it’s about being at the centre of the digital home through a range of connected products all offering the best possible customer experience.

At a more practical level, if you’re content running iOS 6 on your iPhone 4 then my advice is to stick with what you have. If you are tempted by iOS 7 then just be aware of the consequences of running bleeding edge software on three year old hardware.

Marketing recycling

Notice any similarities between these two adverts?

The top one is a 2008 brand campaign for O2, the one below it is the new Lotto advert for National Lottery.

O2 'Better Connected' 2008

O2 ‘Better Connected’ 2008

National Lottery 2013

National Lottery 2013

Now who is in charge of marketing at National Lottery operator Camelot?

That would be Sally Cowdry, O2’s ex-Marketing Director!

She likes to recycle 🙂