Working with files outside sandbox in Mac App (Accessing Security Scoped Resource)

I was developing an Mac application recently and came across the problem, which was quite interesting and i thought I can share my experience with you guys.

ok, let me directly get it stright. Recently I developed a Mac application for binary resigning, the functionality of the app is to take your ipa files and resign it with different certificates and provision profiles.

I developed this app successfully and tried to publish on app store using app Store connect. But when I try to push the app to App Store, Apple didn’t allow me to publish stating the reason “I am not using App Sandbox in my application”. Problem is my app needs to access resources outside of the sandbox, if I enable sandbox I won’t be able to access system directories like “~/Library/MobileDevice/’Provisioning Profiles”, which is essential for resigning. I did some research and found a solution, which is what I am about to explain below.

1) Enable sand box to your application under signing and capabilities

2) Update your entitlement files

All three items are mandatory. com.apple.security.files.bookmarks.app-scope will allow to bookmark urls outside of the sandbox and com.apple.security.files.user-selected.read-write will allow to read and write files outside of the sand box. using the combination of these three permissions we will be accessing files outside of the sand box.

First we will request read and write access for a specific directory
Then bookmark that directory and save it to local storage
Using startAccessingSecurityScopedResource function we will access system directories out side of sand box.

I wrote a simple code snippet for this solution.

override func viewDidLoad() {
        super.viewDidLoad()
        
        let directoryURL = URL(string: "~/Library/MobileDevice/'Provisioning Profiles'")

        let openPanel = NSOpenPanel()
        openPanel.allowsMultipleSelection = false
        openPanel.canChooseDirectories = true
        openPanel.canCreateDirectories = false
        openPanel.canChooseFiles = false
        openPanel.prompt = "Grant Access"
        openPanel.title = "We need to access Provisioning Profiles for resigning. Please grand access to your Provisioning Profiles directory.."
        openPanel.message = "We need to access Provisioning Profiles for resigning. Please grand access to your Provisioning Profiles directory.."
        openPanel.directoryURL = directoryURL

        openPanel.begin { &#91;weak self] result in
            
            guard self != nil else { return }
            guard result == .OK, let url = openPanel.url else { return }

            self?.accessbookmarkfiles(url: url)
        }
    }
    
    func accessbookmarkfiles(url: URL){
        do {
            let data = try url.bookmarkData(options: &#91;.withSecurityScope])
            UserDefaults.standard.set(data, forKey: "profileUrl")
            guard let bookmarkData = UserDefaults.standard.data(forKey: "profileUrl") else { print("data not valid"); return }
            var isStale = true
            let url = try URL(resolvingBookmarkData: bookmarkData, options:&#91;.withSecurityScope], bookmarkDataIsStale: &amp;isStale)
            let _ =  url.startAccessingSecurityScopedResource()
            
            let directoryContents = try FileManager.default.contentsOfDirectory(at: url, includingPropertiesForKeys: nil, options: &#91;])
            print(directoryContents)
        
            url.stopAccessingSecurityScopedResource()
        } catch {
            print(error.localizedDescription)
        }
    }

override func viewDidLoad() {

super.viewDidLoad()

let directoryURL = URL(string: "~/Library/MobileDevice/'Provisioning Profiles'")

let openPanel = NSOpenPanel()

openPanel.allowsMultipleSelection = false

openPanel.canChooseDirectories = true

openPanel.canCreateDirectories = false

openPanel.canChooseFiles = false

openPanel.prompt = "Grant Access"

openPanel.title = "We need to access Provisioning Profiles for resigning. Please grand access to your Provisioning Profiles directory.."

openPanel.message = "We need to access Provisioning Profiles for resigning. Please grand access to your Provisioning Profiles directory.."

openPanel.directoryURL = directoryURL

openPanel.begin { [weak self] result in

guard self != nil else { return }

guard result == .OK, let url = openPanel.url else { return }

self?.accessbookmarkfiles(url: url)

}

func accessbookmarkfiles(url: URL){

do {

let data = try url.bookmarkData(options: [.withSecurityScope])

UserDefaults.standard.set(data, forKey: "profileUrl")

guard let bookmarkData = UserDefaults.standard.data(forKey: "profileUrl") else { print("data not valid"); return }

var isStale = true

let url = try URL(resolvingBookmarkData: bookmarkData, options:[.withSecurityScope], bookmarkDataIsStale: &isStale)

let _ = url.startAccessingSecurityScopedResource()

let directoryContents = try FileManager.default.contentsOfDirectory(at: url, includingPropertiesForKeys: nil, options: [])

print(directoryContents)

url.stopAccessingSecurityScopedResource()

} catch {

print(error.localizedDescription)

}

Hope this will be helpful for you guys. Happy Coding 😁!!!

IOS App Signer

27. Feb
/
Mac Apps Mobile Applications My Projects
/
1 Comment

Hello ladies and gentlemen, today I am glared to introduce an interesting project I’ve been working for months. Its called IOS App Singer.

let me explain to you in detail, I am sure if you are reading this blog post, you definitely know what’s resigning in the iOS application. please be patient let me explain the basics for the people who don’t understand what’s iOS resigning

Every iOS application that’s installed on the iOS mobile must be signed with an Apple certificate, without an apple certificate, you cannot run any iOS application on any iOS device.

Currently there are three kinds of apple Certificate

iPhone / Apple Development certificate – this cert is used while development of the application, using this certification only specific allowed iOS devices can run the application. if your device is allowed for development you can either run the application using Xcode or using an ipa file signed with a development certificate.

Enterprise certificate – this cert is needed when you want to publish the application inside your organization. Anyone who has the ipa file signed with an enterprise certificate can install use the application. The only difference is you cannot publish this ipa file to App Store for the public to download worldwide.
iPhone / Apple Distribution certificate – If you sign your ipa file using this certificate you are eligible to publish the application on AppStore and one around the world can download your app using the App Store

I know certificate is everything is iOS and its a big ocean, I don’t want to dive deep and water your time. Lets check what’s need to have a proper iOS application.

Main items need for iOS application or ipa file

info.plist file – This is the main configuration file for your application. This file will have information such as bundle identifier, application name, version number, version short string, and many more.
Entitlement file – This file will have information on the features that your application is using in the app. (eg: APNS, Apple Pay, Allow test flight)
Provision profile – this acts as a bridge between your application, apple developer account, and your development mobile devices. This file will have information on what certificates used in your application, development devices allowed to install the application, allowed entitlements settings, and much more information about your application.

Every application will have the above-mentioned files. Now, why am I telling you all this stupid stuff, that make no sense to re-signing. Lets get to the point right away.

what if you can take an existing working application and change these three files. yes, you can re-package any iOS application. Still don’t understand (it’s hacking. example: say you have the IPA file of the Facebook app, you can change the bundle identifier, application name, application version number, change certificate, change provision profile, re-package IPA file and publish to AppStore like your own new application )

That’s exactly what this application is gone to do. I’ve developed this application so that you can use this tool to resign any iOS application. This is a very helpful tool if you are want to test any application before going to production. This tool also can be used as security for your application, where you don’t have to pass your distribution certs to your developers. All developers can work with Apple development cert and generate the IPA file, when you are ready to go live, use this tool in a machine that has a distribution certificate, to resign and publish the IPA on AppStore.

Fun is not yet over, I am making this project fully open-source (GIT HUB – Very soon), you can see the entire source code for this application. If you feel this project is really helpful, I would really appreciate your contribution to enhancing this project to the next level.

Thank you. 🙏 😊

Download the app file and move it to your Application directory.

Download App file. Download

Download Packager File Download

Smart Home (IOT) Project

01. Jan
/
IOS My Projects
/
No Comments

Smart Home project done for leading internet service provider in Singapore and Malaysia. Smart Home is a one among many solutions they provide to their customer. Smart home is a complete security solution which supports almost all Z-Wave sensors, IOT devices and many more smart home appliances. This product is also expected to go live with the integration of leading market voice assistant such as Alexa and Google echo voice assistance.

Responsibilities: IOS Developer

Requirement analysis and design architecture for mobile programming.
Select suitable technology and library such as MQTT for the feasible solution.
Design, develop the mobile application IOS platform
Collaborate with designing team to ensure best user experience

Key Areas: #MQTT, #Signal-R, #Swift, #XML, #Rest, #Json, #pushNotifications, #cocoapods

ZupportDesk Live chat System

21. Dec
/
My Projects
/
No Comments

Live chat system is a realtime chat application, Using this system users can add a simple chat widget to their websites and whenever a new visitor comes to that website, you will be notified and you can have a realtime chat with visitors. Its not that simple as i say, Its a huge system that will help to solve customers inquiries and also help to identify what their customers specifically looking on their website and giving them the realtime support from the time they visit the website and till they exit the site. As a mobile application developer my task is to develop a realtime chat communication application to integrate with this system for both IOS and Android Platforms.

Technologies used to build this system are Xcode, Objective-C, cocoapods, Signal-R, Google Maps, Android Studio, Java, Rest Apis, Gson

These are some of the screenshots of the application i developed

ZupportDesk Ticket System

21. Dec
/
My Projects
/
No Comments

ZupportDesk Ticket System is a customer support ticket solution. Using this system customers can send their queries or problems via email and those email will automatically converted to ticket. Ticket System helps the support team to escalate customers problem in a professional manner, it also help the companies to analyse the pattern of recurring problems and find a permanent solution. My task a mobile application developer i have to develop a ticket application for both IOS and Android platform with will collaborate with our common api module to sync the entire system. Technologies used in this application are Android Studio, Java, Xcode, Objective -C, Rest Api, cocoapods and Gson. These are some of the screenshots of the application i have developed.

My Places – Android Application

21. Jun
/
My Projects
/
No Comments

Its a simple android application i developed on my own interest to explore new technologies. This application will helps to log all the new places you visit and also to share it with your friends and families. The application also has features like

– Live GPS update
– Live Altitude Update
– Live GPS Accuracy meter
– Get directions to the places
– Get full details about a place.
– Live Map to display all your places
– Keep your data safe in cloud, enjoy sync.

Technologies used in this project are SQLite, Google Places Library, Google Maps, GPS, Android Studio and Java

Its available on play store : https://play.google.com/store/apps/details?id=com.sathyabaman.gpstracker

These are some of the screenshots of the application i developed.

Be Like bro

20. Jun
/
My Projects
/
No Comments

Its a simple memes application with over 50,000 Memes. I developed this app because of the interest i had on memes. you might have a question, how i got these 50,000 memes? Well, I wrote a script to automatically download memes from Facebook and save it on my server over a long period of time. This application was a great success and have over 20,000 downloads as today and more than 200 people installing the app every day.

This app is great for time killing. have fun download it now (https://play.google.com/store/apps/details?id=com.sathyabaman.belikebro_compilation)

Here are some screenshots of the application.

Certis Agent Tracking System

23. May
/
My Projects
/
No Comments

This is my first ever commercial application i developed. Certis is a company that provides security guards to other company, Certis has agents who go and check these security guards. My task was to develop an application that will track the location of agent every 2 minutes and update the system, also using this system admins can send new task to their agents in real time and agents also can update the status of the task and pickup a their new task using the mobile application itself.

Technologies used in this application are Java, Android Studio, Google services, Google maps, Geo fencing, Rest Api

These are some of the screens of the application i developed.

Jaffna Temples Android app

20. May
/
My Projects
/
No Comments

Jaffna Temples is a Mobile Application, that will help the users to locate the nearby by temples from their location and also get the easiest direction and route path to visit those temples. This project started as my final year project at college. I as a sole developer done research, design and development for this project, which ultimately gained me a grade A and contributed to get a 2nd class Upper division at the end of my Bachelor’s Degree program. I also published the project on play store (https://apkgk.com/baman.lankahomes.lk.jaffnatemples).

Here are some screen shots of the application i developed.

Calico QR- code System

01. May
/
My Projects
/
No Comments

Calico is a Sri Lankan company that manufacture Cords and tapes. Their main customers are Adidas and Nike, company’s manufacturing plant is located at Negombo, Sri Lannka. Recently they approached us to develop a QR-Code generating software for their packing section. Which they can put it on their boxes and access the QR-code using their mobile to get entire details about the package eg: contents, current location and invoice.

We were able to complete this project successfully, within few weeks. To accomplish this task we used technologies such as PHP, Mysql, HTML, CSS and Javascript. For Qr-code generating process, i used a third party library called phpqrcode developed by Alexandre Assouad, you can check his librarys at github-account.

Here is the code snippet for adding phpqrcode library.

<?php
  
  //set it to writable location, a place for temp generated PNG files
    $PNG_TEMP_DIR = dirname(__FILE__).DIRECTORY_SEPARATOR.'temp'.DIRECTORY_SEPARATOR;
    
    //html PNG location prefix
    $PNG_WEB_DIR = 'temp/';

    include "qrlib.php";    
    
    //ofcourse we need rights to create temp dir
    if (!file_exists($PNG_TEMP_DIR))
        mkdir($PNG_TEMP_DIR);
    
    
    $filename = $PNG_TEMP_DIR.'test.png';
    
    //processing form input
    //remember to sanitize user input in real-life solution !!!
    $errorCorrectionLevel = 'L';
    if (isset($_REQUEST['level']) && in_array($_REQUEST['level'], array('L','M','Q','H')))
        $errorCorrectionLevel = $_REQUEST['level'];    

    $matrixPointSize = 7;
    if (isset($_REQUEST['size']))
        $matrixPointSize = min(max((int)$_REQUEST['size'], 1), 10);


    if (isset($_REQUEST['data'])) { 
    
        //it's very important!
        if (trim($_REQUEST['data']) == '')
            die('data cannot be empty! <a href="?">back</a>');
            
        // user data
        $filename = $PNG_TEMP_DIR.'test'.md5($_REQUEST['data'].'|'.$errorCorrectionLevel.'|'.$matrixPointSize).'.png';
        QRcode::png($_REQUEST['data'], $filename, $errorCorrectionLevel, $matrixPointSize, 2);    
        
    }   
 

?>

<?php

//set it to writable location, a place for temp generated PNG files

$PNG_TEMP_DIR = dirname(__FILE__).DIRECTORY_SEPARATOR.'temp'.DIRECTORY_SEPARATOR;

//html PNG location prefix

$PNG_WEB_DIR = 'temp/';

include "qrlib.php";

//ofcourse we need rights to create temp dir

if (!file_exists($PNG_TEMP_DIR))

mkdir($PNG_TEMP_DIR);

$filename = $PNG_TEMP_DIR.'test.png';

//processing form input

//remember to sanitize user input in real-life solution !!!

$errorCorrectionLevel = 'L';

if (isset($_REQUEST['level']) && in_array($_REQUEST['level'], array('L','M','Q','H')))

$errorCorrectionLevel = $_REQUEST['level'];

$matrixPointSize = 7;

if (isset($_REQUEST['size']))

$matrixPointSize = min(max((int)$_REQUEST['size'], 1), 10);

if (isset($_REQUEST['data'])) {

//it's very important!

if (trim($_REQUEST['data']) == '')

die('data cannot be empty! <a href="?">back</a>');

// user data

$filename = $PNG_TEMP_DIR.'test'.md5($_REQUEST['data'].'|'.$errorCorrectionLevel.'|'.$matrixPointSize).'.png';

QRcode::png($_REQUEST['data'], $filename, $errorCorrectionLevel, $matrixPointSize, 2);

}

Hope this Helps. 🙂

12 Next Page

M	T	W	T	F	S	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31