Code signing is security technology that app developers use to certify that they created the app. Once an app is signed, the device's operating system can detect any change to the app—whether the change is introduced accidentally or by malicious code.
Once you have secured an app with Blue Cedar, the app must be re-signed to validate that the inclusion of Blue Cedar security is a deliberate and desired change to the app. The following sections cover the options available for signing secured apps. Your options vary depending on your Blue Cedar console version, the OS of the app (iOS or Android), and the OS of the signing server.
All customers can use the policy console to prepare a secured app for signing on your local app signing server (macOS, Linux, or Windows computer). The console bundles everything you need to sign externally, including a script for signing.
Enterprise (hosted) and Enforce users must sign secured apps externally. See Signing apps externally.
Enterprise (on-premises) users have these signing options:
- Sign on Console (include signing parameters when you apply policies). See Signing apps with the policy console.
- Sign externally (the console bundles everything you need to sign off-console). See Signing apps externally.
- Skip code signing.