Signing apps externally

Enforce and Enterprise (hosted) users must sign secured apps externally; Enterprise (on-premises) users may choose to do so. This page outlines the paths and provides links to further details.

Pre-signing setup

In the policy console, choose or define signing profiles. See Using and configuring signing profiles.

On a macOS server external to the console, set up the signing environment. See Signing apps externally on MacOS.

• To sign iOS apps on a machine running macOS 10.12+, you need:
  
  • Xcode 8.3.2+
  • Python 3.6+
  • Command line developer tools (these may be installed with Xcode or with Python 3)
  • Your code signing identity
• To sign Android apps on a machine running macOS 10.12+, you need:
  • Android Studio SDK, including build-tools 29.0.s+ 

Blue Cedar supports macOS signing, but you can follow this process to sign Android apps on a Windows server: Signing Android apps on Windows (unsupported). Install these packages:

• Android Studio SDK (newer than version 26.0.0)
• JDK (oracle.com) (version 1.8+)

Signing process

Once you are set up to sign as described above, follow this process:

Enterprise on-premises: On the App details page, under App Signing > Signing, select Sign Externally.

Enterprise and Enforce: Select a signing profile. You must select a signing profile to apply the security policies. See Using and configuring signing profiles for details.

Note: Signing profiles cannot be added to master profiles.

Click Apply Policies. The policy console injects your app with the policies you chose.

Click Export for Signing to download the secured app from the console.

Unzip and sign the app.

• macOS (iOS or Android apps): See Signing apps externally on MacOS.
• Windows (Android apps only): See Signing Android apps on Windows (unsupported).