Working with files outside sandbox in Mac App (Accessing Security Scoped Resource)

I was developing an Mac application recently and came across the problem, which was quite interesting and i thought I can share my experience with you guys.

ok, let me directly get it stright. Recently I developed a Mac application for binary resigning, the functionality of the app is to take your ipa files and resign it with different certificates and provision profiles.

I developed this app successfully and tried to publish on app store using app Store connect. But when I try to push the app to App Store, Apple didn’t allow me to publish stating the reason “I am not using App Sandbox in my application”. Problem is my app needs to access resources outside of the sandbox, if I enable sandbox I won’t be able to access system directories like “~/Library/MobileDevice/’Provisioning Profiles”, which is essential for resigning. I did some research and found a solution, which is what I am about to explain below.

1) Enable sand box to your application under signing and capabilities

2) Update your entitlement files

All three items are mandatory. com.apple.security.files.bookmarks.app-scope will allow to bookmark urls outside of the sandbox and com.apple.security.files.user-selected.read-write will allow to read and write files outside of the sand box. using the combination of these three permissions we will be accessing files outside of the sand box.

  • First we will request read and write access for a specific directory
  • Then bookmark that directory and save it to local storage
  • Using startAccessingSecurityScopedResource function we will access system directories out side of sand box.

I wrote a simple code snippet for this solution.

Hope this will be helpful for you guys. Happy Coding 😁!!!

IOS App Signer

Hello ladies and gentlemen, today I am glared to introduce an interesting project I’ve been working for months. Its called IOS App Singer.

let me explain to you in detail, I am sure if you are reading this blog post, you definitely know what’s resigning in the iOS application. please be patient let me explain the basics for the people who don’t understand what’s iOS resigning

Every iOS application that’s installed on the iOS mobile must be signed with an Apple certificate, without an apple certificate, you cannot run any iOS application on any iOS device.

Currently there are three kinds of apple Certificate

  • iPhone / Apple Development certificate – this cert is used while development of the application, using this certification only specific allowed iOS devices can run the application. if your device is allowed for development you can either run the application using Xcode or using an ipa file signed with a development certificate.
  • Enterprise certificate – this cert is needed when you want to publish the application inside your organization. Anyone who has the ipa file signed with an enterprise certificate can install use the application. The only difference is you cannot publish this ipa file to App Store for the public to download worldwide.
  • iPhone / Apple Distribution certificate – If you sign your ipa file using this certificate you are eligible to publish the application on AppStore and one around the world can download your app using the App Store

I know certificate is everything is iOS and its a big ocean, I don’t want to dive deep and water your time. Lets check what’s need to have a proper iOS application.

Main items need for iOS application or ipa file

  • info.plist file – This is the main configuration file for your application. This file will have information such as bundle identifier, application name, version number, version short string, and many more.
  • Entitlement file – This file will have information on the features that your application is using in the app. (eg: APNS, Apple Pay, Allow test flight)
  • Provision profile – this acts as a bridge between your application, apple developer account, and your development mobile devices. This file will have information on what certificates used in your application, development devices allowed to install the application, allowed entitlements settings, and much more information about your application.

Every application will have the above-mentioned files. Now, why am I telling you all this stupid stuff, that make no sense to re-signing. Lets get to the point right away.

what if you can take an existing working application and change these three files. yes, you can re-package any iOS application. Still don’t understand (it’s hacking. example: say you have the IPA file of the Facebook app, you can change the bundle identifier, application name, application version number, change certificate, change provision profile, re-package IPA file and publish to AppStore like your own new application )

That’s exactly what this application is gone to do. I’ve developed this application so that you can use this tool to resign any iOS application. This is a very helpful tool if you are want to test any application before going to production. This tool also can be used as security for your application, where you don’t have to pass your distribution certs to your developers. All developers can work with Apple development cert and generate the IPA file, when you are ready to go live, use this tool in a machine that has a distribution certificate, to resign and publish the IPA on AppStore.

Fun is not yet over, I am making this project fully open-source (GIT HUB – Very soon), you can see the entire source code for this application. If you feel this project is really helpful, I would really appreciate your contribution to enhancing this project to the next level.

Thank you. 🙏 😊

Download the app file and move it to your Application directory.

Download App file. Download
Download Packager FileDownload