app_signing_service
DEPLOYMENT SERVICES

App
Signing Service

Digitally signed code guarantees that a mobile app executable has not been modified since it was signed. Code signing is also used to confirm the identity of the publisher (such as a company or software developer) that created the mobile app.

DEPLOYMENT SERVICES

Code Signing
Adding a Layer of Trust

App Signing | Code Signing

Mobile app signing, also known as code signing, is the process that is used to digitally sign a mobile app.

Verifying Authenticity

Historically, app developers and publishers code signed mobile apps to protect apps from being tampered with or altered, and to establish differentiation from pirated apps. With code signing, the mobile app has a digital signature that can be used to verify its authenticity.

Digital Certificate

Code signing provides a layer of trust by using a cryptographic hash to validate authenticity and integrity of the mobile apps. This hash is the code signing certificate, which is a digital certificate that contains information that identifies the entity and is issued by a certificate authority.

Public Key

The code signing certificate binds the identity of the app’s publisher to a public key that is mathematically related to a private key pair. This public key should be traceable back to a trusted certificate authority, preferably using a secure public key infrastructure.

Private Key

This public key infrastructure enables the secure electronic transfer of information and, in the case of mobile apps, is required when a more rigorous authentication method is needed to confirm the connection between an app and its creator. The integrity of code signing relies on publishers preventing unauthorized access to their private keys.

App Store
Requirements

A mobile app executable must be code signed in order for a mobile OS platform, such as iOS or Android, to permit installation of the mobile app on a mobile device, or for the mobile app to be listed in an app store such as Google Play or the Apple App Store. App stores will reject any app that is unsigned. Additionally, if a user attempts to install a mobile app that does not have signed code by some other means such as sideloading, the package installer will reject the installation.
MOBILE APP SIGNING GUIDE
App Store Requirements

What Makes App Signing Challenging?

Mobile app developers intimately understand the development lifecycle and release process, which includes app signing. Despite this familiarity and having to regularly sign apps with a code signing certificate, developers still struggle to get code signing right. Delays in app release due to signing issues is a common occurrence.

However, app signing is now no longer just performed by developers. The responsibility to ensure apps have the correct digital signature is now falling to IT operations because apps often need to be modified after the development process is ‘complete.’

Many Reasons to Modify Apps

There are many reasons why this modification is needed, including changes required for the backend infrastructure, or addition of security controls, performance management, or analytics functionality overlooked during the initial code build. Maybe a company’s IT operations team needs to deploy an app to different places, such as a private app catalog instead of a public app store. Perhaps the company may have acquired the app from a third-party independent software vendor (ISV) that doesn’t provide the needed functionality. For example, app-level security controls that work with the company’s unified endpoint management (UEM) solution may need to be added. Having app-level security controls enables a company to retain control over data in the app even if the app is used on mobile devices that are not managed by the company. Or a company may instrument a mobile app with an analytics library so that usage data can be collected. Aggregating usage data across all end users and analyzing it provides insights to make improvements to the app.

Modified Apps Must Be Code Signed

Any such modification requires the app to be code signed again, and the responsibility for signing the app with a code signing certificate increasingly falls to IT operations because sending it back to developers will cause uncontrollable delays, especially if it has to be re-signed by a third-party vendor. IT operations teams are not intimate with the app development lifecycle and release process, which makes the generation of signed code challenging. They are infrequently involved with these activities and, as a result, need to relearn the processes continually, such as what to do with a code signing certificate. Often, ‘documentation’ is nonexistent or outdated, and the code signing procedures are complex and mundane. Moreover, the iOS and Android app signing procedures are very different.

signing_services_ios

iOS App Signing
Challenges

Code signing an iOS app is exceptionally intricate and rigid because of the strict vetting by Apple to ensure that only trusted software is installed on iOS devices. But this is also why it is the mobile OS platform for which the most signing issues are encountered, despite Apple providing extensive documentation for generating signed code with an ipa file (that is, an iOS app).
Sign Up
logo_platform_apple

Provisioning Profiles

A unique and essential element to iOS app signing is “Provisioning Profiles.” These profiles contain app information and entitlements, which specify the system resources an app can use. A provisioning profile acts as a link between the device(s) on which an app will be tested, the developer account, the app, and the app container in the Apple App Store. The same provisioning profile must be used for both the initial signing and any re-signing.

logo_platform_apple

Apple's Ecosystem

Apple enforces code signing and they control the process. Moreover, Apple is the only certificate authority that can provide code signing certificates for an iOS app. While developers and IT operations sometimes view this as inflexible or inconvenient, it is advantageous for end users and the entire ecosystem. This rigidity means end users can have high confidence that mobile apps that are to be installed on an iOS device are safe and malware-free, as they are vetted, reliable, and secure.

logo_platform_apple

User Expectations

Given the importance mobile apps play in both the enterprise and consumer markets today, security is of utmost importance, and Apple’s approach reinforces this point. It is beneficial to companies to have a thoroughly vetted app that has been through extended validation. Without that, there is a higher likelihood that end users will call support services.

Android App Signing
Challenges

With Android, there is more flexibility in generating signed code but that comes with lower security. Android developers have the option to sign apps before deploying them to a device. But this is not a requirement: developers can also choose to release an app without signed code. It reflects Google’s Android open design philosophy of “to make sure that there would always be an open platform available for carriers, OEMs, and developers to use to make their innovative ideas a reality.” While Google has some control over Google Play, it does not control the Android platform as a whole.
Sign Up
code_signing_service
logo_platform_android
Sideloaded Apps

There are several ways developers can deploy apps to Android devices that do not require them to be signing code. Apps can be ‘sideloaded’ by physically connecting the device to a computer with a USB cable.

logo_platform_android
Sideloaded Risks

It is important to note that one of the biggest complaints about Android is how easy it is for a third-party, sideloaded app to cause problems on an end user's mobile device. Issues include the risk of creating app and OS instability, security warnings, and enabling malware to install itself.

A Code Signing Service Provides a Solution

If your mobile app portfolio grows to ten, twenty, or more apps, each of which comes from a different vendor, things get really complicated and challenging for signing code. But it doesn’t have to be this way. A secure app delivery platform for mobile that offers a code signing service can perform code signing as part of a deployment workflow, which ensures rigor over the entire process. With a code signing service, app signing can happen automatically as part of the deployment flow but it doesn’t always have to be so. For example, some companies have a separate team dedicated to perform app signing because the company wants to restrict who has access to the code signing certificates. In such a situation, the code signing service could be configured to provide a notification when the app is ready to be signed. Once the app signing service generates a notification, the app signing team can spring into action to complete the signing.

Support for iOS and Android Apps

Support for iOS and Android Apps

The app signing service should support both major mobile platforms. That means there should be an iOS signing service and an Android signing service. Given the intricacies associated with code signing an ipa file and the extended validation required, an iOS signing service will be incredibly beneficial. Common issues that prevent the generation of successfully signed code, such as those that arise because of a mismatch between the provisioning profile and signing certificate, will be a thing of the past because an iOS signing service will ensure rigor over the process.
Ensure Manual and Automated Use of Service

Ensure Manual and Automated Use of Service

An app signing service that supports both manual and automated options provides companies with flexibility. Setting the app signing service to auto will ensure speedy and uninterrupted deployments if that is what matters most to a company. The manual mode of the app signing service allows a company to have greater control, perhaps trading off speed, as the deployment workflow will only move ahead once someone from the signing team has decided that the app can be signed. Regardless, a secure app delivery platform for mobile with an iOS signing service and an Android signing service can provide time and resource savings because it can easily scale signing, no matter your mobile app portfolio's size.
Achieve Deployment Visibility and Optimization Insights

Achieve Deployment Visibility and Optimization Insights

Offering an app signing service as part of a secure app delivery platform for mobile can provide visibility into code signing via a signing dashboard. As a secure app delivery platform for mobile participates in every step in a deployment flow, there is a tremendous amount of deployment data that such a platform collects. The signing dashboard could provide the kind of information that IT operations would need to optimize app deployment flows. Examples of information that would be useful include: which apps are waiting to be signed; security warnings that were generated when attempting to sign an app; which code signing certificates in a key vault are about to expire.

App Signing Checklist

With all this in mind, here are the key activities that IT operations teams should pay attention to when approaching the app signing process and using any app signing service.

mobile_app_deployment
Use the correct code signing certificates with the app signing service.

IT operations needs to obtain the proper distribution code signing certificates, typically from the development team. If IT operations cannot do the signing, they need to engage the signing team for re-signing. Within a large organization, there is typically a separate team for this function. There may be multiple code signing certificates, which this team will likely keep in a central key vault that only members of the signing team can access.

mobile_application_deployment
Review provisioning profiles and entitlements.

This can be particularly challenging with third-party apps, as IT operations has to coordinate with the third party to get the provisioning profile and make sure the profile's entitlements are correct before using an app signing service. The last thing anyone wants to see when trying to rapidly deploy a mobile app is spurious security warnings.

enterprise_app_deployment
Re-sign apps when needed.

An app may need to be re-deployed, and therefore re-signed, multiple times a year by IT operations for reasons previously discussed. If anything has changed, such as a new app version that needs updating with a different provisioning profile, IT operations will run into issues when using an app signing service. This is especially common when apps come from third parties.

value stream management platform

See it.
Try it.

The Blue Cedar Platform is a secure app delivery platform for mobile. It provides a unique set of deployment microservices, including an app signing service, and workflow orchestration capabilities to streamline mobile app deployments. Blue Cedar integrates with popular technologies, which reduce the overhead that IT operation teams face when manually coordinating deployment activities across multiple teams and toolchains. Deployment data that is generated by the Platform provides the foundation to visualize deployment states and optimize value being derived from a company’s mobile app portfolio. Try out the Blue Cedar Platform to see how a secure app delivery platform for mobile can help your mobile app deployments. We’ll set you up with an account so that you can get hands-on experience with using the workflow builder, services and technology integrations.
SIGN UP
Cedar