🚀 re:Imagine QA - See how AI reshapes your SDLC @ AWS re:Invent. Visit BrowserStack Booth!
No Result Found
Connect & Get help from fellow developers on our Discord community. Ask the CommunityAsk the Community

Re-sign iOS apps

Learn how BrowserStack re-signs iOS apps for device installation and which entitlements are supported.

When you upload an iOS app for testing, BrowserStack automatically re-signs your main app and any secondary apps (specified via otherApps or midSessionInstallApps).

Ensure the iOS app has isInspectable enabled for WkWebView or JSContext components if it is built using the iOS/iPadOS 16.4+ SDK. Apple now requires this to make WebView contexts available in Appium. The default value is No or false. For more information, see Enabling the Inspection of Web Content in Apps.

How automatic app re-signing Works

BrowserStack’s re-signing logic adapts based on your app type (main or secondary) and its original signature.

For the main app

Your main app is re-signed by default to ensure it can be installed and run correctly on our devices.

For secondary apps (otherApps / midSessionInstallApps)

To solve entitlement issues when installing multiple applications in the same session, BrowserStack also re-signs secondary apps by default. This ensures all your apps use a compatible provisioning profile.

The behavior for secondary apps depends on their signature:

  • Non-Enterprise apps: If your app is not enterprise-signed, BrowserStack re-signs it using the same provisioning profile and supported entitlements as your main app.
  • Enterprise apps: If BrowserStack detects your app is signed with an Apple developer enterprise program profile, it will not re-sign the app and will install it using its original signature.

Supported entitlements

During the re-signing process, BrowserStack preserves a specific set of app entitlements. You can add various entitlements to your apps by enabling the corresponding flag in your build.

Here is a list of all entitlements supported by BrowserStack:

Entitlement Description  
keychain-access-groups Identifiers for keychain groups that app can share items with.  
get-task-allow Required for apps which need to do Webview automation.  
application-identifier Automatically added by Apple based on bundle identifier.  
com.apple.developer.team-idenfifier Automatically added by Apple based on team identifier.  
com.apple.token Automatically added by Apple.  
ios_app_groups_support Required to allow multiple apps within an app group to access shared containers and communicate using interprocess communication (IPC).  

Disable app re-signing

While re-signing is the recommended default, you can disable this behavior if necessary (for example, if your app is signed using the Apple Developer Enterprise Program and must retain its original signature).

For the main app

You can disable re-signing for your main app by setting the browserstack.resignApp capability to false in your test configuration. See disable re-signing of iOS apps.

For secondary apps (otherApps / midSessionInstallApps)

To prevent BrowserStack from re-signing a specific secondary app, you must use the array of objects format for the otherApps capability. This allows you to set a resignApp flag for each individual app.

Capability format:

{
  "otherApps": [
    "bs://<hash_id_of_app_1>",
    {
      "app_id": "bs://<hash_id_of_app_2>",
      "resignApp": false
    },
    {
      "app_id": "bs://<hash_id_of_app_3>",
      "resignApp": true
    }
  ]
}

The example above demonstrates the following behaviors:

  • “bs://": BrowserStack re-signs this app (default behavior).
  • {“app_id”: “bs://", "resignApp": false}: BrowserStack does not re-sign this app (explicitly set).
  • {“app_id”: “bs://", "resignApp": true}: BrowserStack re-signs this app (explicitly set).

Parameters

  • app_id (string): The hashed app ID (bs://…) for your secondary app. Required.

  • resignApp (boolean): Optional.

    • If omitted or set to true, BrowserStack re-signs the app (unless it’s detected as an enterprise app).

    • Set to false to explicitly disable re-signing for this specific app.

Important considerations for enterprise apps

When passing secondary apps via otherApps or midSessionInstallApps, ensure you set resignApp to false if the main app is an enterprise app.

Enterprise apps: If any app in the array is an enterprise app, the enterprise re-sign flow is triggered.

Standard apps: The app is signed using BrowserStack’s provisioning profile.

You can still use the original format, which is a simple array of app-id strings. When you use this format, BrowserStack automatically re-signs the apps unless they are enterprise-signed.

We're sorry to hear that. Please share your feedback so we can do better

Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked





Thank you for your valuable feedback

  • ON THIS PAGE

    Is this page helping you?

    Yes
    No

    We're sorry to hear that. Please share your feedback so we can do better

    Contact our Support team for immediate help while we work on improving our docs.

    We're continuously improving our docs. We'd love to know what you liked





    Thank you for your valuable feedback!

    Talk to an Expert
    Download Copy Check Circle