iOS App Patching

Learn how to patch your iOS app to prevent entitlement issues while testing on BrowserStack devices.

In App Accessibility testing, you can test iOS apps that use sensor-based features, such as biometric authentication. These features require custom entitlements, which are deleted when BrowserStack re-signs your app with a Developer certificate as a part of the upload process.

By using App Patching, you can prevent BrowserStack from resigning your app. This allows you to test sensor-based features without encountering iOS entitlement conflicts, authentication failures, or invalid certificate errors when testing on BrowserStack devices.

Additionally, App Patching allows you to use continuous scanning while testing apps with iOS entitlements.

To patch and use your iOS apps for App Accessibility testing, you need to perform the following actions:

1. Convert your unsigned app to an instrumented app

2. Sign the instrumented app with your certificates

3. Upload the signed and instrumented app to BrowserStack

Convert your unsigned app to an instrumented app

To convert your unsigned app:

1. Contact BrowserStack support to request access to the BrowserStack instrumentation endpoint.
2. Use the instrumentation endpoint to upload your unsigned app to BrowserStack and get it instrumented.
3. Save the instrumented app, <customer_app_instrumented>.ipa, to a local directory.

Sign the instrumented app

To sign the instrumented app using your custom signing certificate and provisioning profile. You can use the customer_app_signer.sh script file provided by BrowserStack to sign the instrumented app.

Prerequisites:

• Unlocked login keychain DB:
  In your command line tool, run the following command:

  security unlock-keychain -p "<keychain_password>" "<absolute_path_to_login_keychain_db>
  

• .mobileprovision file:
  Ensure you have the .mobileprovision file corresponding to the signing certificate you will use to sign the app. For example, cert.mobileprovision. This file is specific to your organization.
• BrowserStack signing script:
  Obtain the customer_app_signer.sh script file from BrowserStack. Contact BrowserStack support if you do not have the script file.

Sign the app

To sign the instrumented app:

1. In the command line tool, run the following command to list available code signing identities:

     security find-identity -v -p codesigning
   

   The command returns the output in the following format:

     `W19SNVTCZH0MKGL1527I3XJ3D028EWH9PJV4UY2S "iPhone Distribution: Example IPhone Inc."`
     `IFMJ2RVFIWQ1I4MM98T5O7H5F1WCFMBCVLM93HUL "iPhone Distribution: Example Apple Inc."`
   

2. Copy and save the 40 char long string that corresponds to the certificate you want to use for signing. This string is the provisioning_identity that will be used in later steps. You can save it as a text file or note.
3. Generate the entitlements file by running the following command and add the absolute path to the cert.mobileprovision file.

     security cms -D -i </absolute_path_to/cert.mobileprovision> /tmp/tmp.plist &&  /usr/libexec/PlistBuddy -x -c 'Print:Entitlements' /tmp/tmp.plist > /tmp/cert.plist
   

   Copy and save the /tmp/cert.plist file to a directory.

4. Create an instrumentation_signing directory and save the following files to it:
   • Instrumented Enterprise app that you received from BrowserStack, customer_app_instrumented.ipa
   • customer_app_signer.sh script file from BrowserStack
   • cert.mobileprovision file specific to your organization.
   • cert.plist entitlements file
   • 40 char long provisioning_identity as a text file or note.
5. Run the following command after replacing the placeholders in angle brackets (<>) with the actual values:

     bash customer_app_signer.sh "<absolute_path_to_unsigned_instrumented_ipa>" "<provisioning_identity>" "<absolute_path_to_cert.mobileprovision>" "<absolute_path_to_signed_ipa>" "<absolute_path_to_cert.plist>" "<absolute_path_to_working_directory>"
   

   The script file returns the signed instrumented app, customer_app_instrumented_signed.ipa.

Upload the signed and instrumented app

To upload the signed and instrumented app:

1. Log in to the App Live dashboard.
2. On the App Live dashboard, upload your app from your system or from a public URL.
   
3. After your app is uploaded, click the configuration icon next to the file name of your app.
   
4. Under App Configurations, enable iOS Entitlements and disable Biometric Authentication and Image Injection options.
   
5. Navigate to the App Accessibility testing dashboard.
6. Select an iOS device from the device listing to launch your test session.
7. In the launch window, select Uploaded Apps if not already selected.
8. Select the My Apps filter to view the list of apps you have uploaded.
   
9. Select the app that you signed and instrumented. The session launches with the selected app.