Note About Application Authenticity Failures in Applications Downloaded from the Apple App Store
Idan Adar May 07, 2018
MobileFirst_Foundation Application_Authenticity
If you are an on-premise 8.0 customer or Mobile Foundation service customer, then read further to learn about Application Authenticity failures in applications downloaded from the Apple App Store. This blog post details a possible scenario, whereby the Application Authenticity validation rejects an iOS application that was installed from the Apple App Store, despite the application’s authentic identity. This post is applicable to IBM MobileFirst Platform Foundation V7.0, V7.1, and V8.0.
Related APARs:
- PI67872 EXTENDED APP AUTHENTICITY MAY FAIL ON APPLICATIONS INSTALLED FROM THE APPLE APP STORE.
- PI72795 APPLICATION AUTHENTICITY CHECK DOESN’T WORK IN IOS APPLICATIONS INSTALLED FROM THE APPLE APP STORE
In MobileFirst Platform Foundation V7.0 and V7.1, the failure happens when the Extended Application Authenticity feature is used. The Extended Application Authenticity algorithm relies on the binary content of the application. The failure might result from manipulation of the binary content, by Apple, during the app submission process, which prevents the feature from working correctly.
To avoid such failures, the MobileFirst Platform development team is redesigning the Application Authenticity feature to eliminate the use of the binary content, and thus bypass the effects of such external manipulations.
Workaround
For MobileFirst Platform Foundation V7.0 and V7.1, use Basic Application Authenticity (with bitcode switched off). The Basic Application Authenticity algorithm uses application metadata to generate challenges for the client. These challenges are generated in a random process, which is difficult to reverse engineer or reproduce.
For MobileFirst Foundation V8.0, until the Application Authenticity redesign is completed, an interim fix was released with a workaround that implements basic application-authenticity validation for iOS. For more information, see APAR PI72795.
Note: For an update on this, please read Extended application authenticity feature does not work in MobileFirst Platform for iOS v7.x and v8.0.
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.