Whether you distribute your apps through a public or private app store, log into the Blue Cedar Platform and follow this process for securing the apps with integration accelerators. (See below for details for each step.)
Upload the app to the platform
Click Mobile Apps.
Click Upload App.
Browse to the app file (APK file or IPA file) you want to upload, and click Open.
The platform uploads the app and then scans it. (You'll see scanning status messages.) Scanning identifies development stacks and frameworks used in the app that might be relevant to the accelerator.
A card for the new app appears on the Mobile Apps page. Once scanning has successfully completed, this app card displays the app name, app icon, and other app information.
Integrate the services
This step applies the app security profile and the signing parameters.
Click Integrate on the app card. A menu of available app security profiles appears. See Configuring app security profiles for details about creating a new profile or editing an existing one.
Choose an app security profile and click Next.
A menu of available signing options appears.
Choose the signing method to sign your apps. There are a few options:
- Sign on console: Let the platform sign the app. (Only available for Android apps.)
- Sign externally: Download the app with signing settings for code signing externally.
Both Sign on console and Sign externally bundle signing parameters with the app via a signing profile, and also validate specific entitlements to be used for signing.
- Skip code signing: Use this option to manage signing yourself instead of having the platform validate signing parameters and sign the apps.
Choose the appropriate signing profile and click Integrate & Sign app. See Using and configuring signing profiles for more information about signing profiles.
The integrated app security profile, signing method, and signing profile appear on the app card after integrating.
Download and distribute the secured file
To download the most recent integrated version of the app, click Download on the app card.
To choose the integrated or original version of the app, click the down arrow on the Download button. This submenu gives you two download options—the most recent integrated version of the app (same as clicking Download), and the original unsecured app. The options include:
|Download option||Description||Signing method|
|Integrated and Signed||Ready for distribution.||Sign on console|
|Integrated and ready to sign externally||Signing settings are included, integrated app is ready to sign offline.||Sign externally|
|Integrated||No signing settings are included.||Skip code signing|
|Original Binary||As uploaded, whether the app has been integrated or not. Option available for any app.||N/A|
To distribute your apps with a public or private app store, download the secured app.
- Import a signed secured APK file directly into your app store.
- Sign the secured IPA file and import it into your app store. See Signing apps externally on MacOS.
Note: Apps must be signed in the platform (via "Sign on console") or locally (apps secured with "Sign externally") before they are suitable for distributing and running.
When mobile device users install a secured version of an app over an unprotected version of the same app, they may need to uninstall the original app. Uninstalling the app loses any data that the original app had saved on their devices.
To let users keep a protected and an unprotected version of an Android app on their devices, you must change the app’s package name before securing. See developer.android.com for more on Android package names.
These sections describe the details of securing and signing apps.