Securing apps for app store compatibility

Public app stores (Apple App Store and Google Play) require apps to comply to their acceptance criteria and restrictions. Enterprise apps may not meet those requirements, and are often delivered through enterprise app catalogs. Blue Cedar secured apps are compatible with public app store requirements as long as the unprotected app is compatible, and if relevant information in this section applies.

You can skip this section if you plan to deliver secured apps only via enterprise app catalogs.

iOS apps secured with default Blue Cedar policies are not suitable for submission to the App Store due to the use of private APIs. These private APIs achieve compatibility across multiple versions of iOS. To avoid using private APIs in order to deliver a secured app via the App Store, you can enable App Store compatibility for iOS apps. Apps secured specifically for the App Store are subject to the restrictions mentioned in Limitations .

To deliver a secured app via public app stores, follow the instructions in this section to apply Blue Cedar policies appropriately for each app store's requirements. This ability is not available for all scenarios: for example, different countries have different requirements about encryption. For current information about compliance, see the Blue Cedar knowledge base: 

• Preparing a Blue Cedar secured app for the Apple App Store
• Preparing a Blue Cedar secured app for Google Play

Preparing an app for App Store distribution (iOS)

Please verify that the app complies with App Store requirements before securing it for App Store delivery. Follow these steps in XCode to export an appropriate IPA file. 

Note: If you have already uploaded the same version of the app, you need to update the version number prior to applying Blue Cedar policies. The app stores require updated version numbers.

In Xcode 8.2.1 (menus may vary per version):

Open the Xcode project for the app. 

Choose “Product > Archive”. (Archive is unavailable if a simulator is selected for a build target. Select "Generic iOS Device" to enable Archive.) 

Choose ”Organizer > Export…” (If the Organizer doesn't appear after selecting Archive, find it under Window > Organizer.)

Choose “Save for iOS App Store Deployment”

Click Next

Clear “Include bitcode” and click Export. (This option only appears if the app has been built with bitcode support.) The console cannot secure the app if bitcode is included.

Xcode exports the app as an IPA file suitable for uploading to the Policy Console.

In the policy console:

• On the iOS App details page or on the Master Profile page, choose 

  Enable App Store Compatibility. 

• Apply the desired policies to the app as usual.

See App Store Compatibility (API) to use the REST API.

You now have an app ready for app store distribution. Use Apple's Application Loader OSX app.

1. Double-click Deliver Your App.
2. Select the secured IPA you downloaded from the console.
3. Continue with the normal iOS App Store submission process.

Limitations

App store compatibility is a new feature and currently includes these limitations.

• There are no restrictions for Android apps for Google Play compatibility.
• Blue Cedar does not support Bitcode-enabled apps for App Store submission.
• Blue Cedar secured apps add an overlay icon to the app icon (see Changing the overlay icon for details), although this overlay disappears for apps compiled for iOS 11.
• Each app store has its own guidelines for app submission. These requirements still apply for Blue Cedar secured apps:
  • Apple App Store guidelines: https://developer.apple.com/app-store/review/guidelines/
  • Google Play guidelines: https://developer.android.com/distribute/tools/launch-checklist.html
• By default, the console re-signs an Android app with its own internal keystore, which can break compatibility with apps that are already in the app store with a different key. You can specify an Android signing key in a signing profile. See Using and configuring signing profiles.