Application integrity
App integrity levels
In the Token Server configuration you can select one of the two app integrity levels:
FULL
- the SDK will perform several checks for the app, including a tampering/modification check by validating the Application Signature of the app. The Application Signature used by the iOS app is the App ID obtained by the SDK at runtime during the DCR and it is verified against the App ID (Application Signature) stored in the Token Server. To obtain the App ID for the Token Server configuration please use the guide below.NONE
- the SDK will perform only the most basic additional sanity checks like the app's name verification.
Tampering Protection option, well known from iOS SDK 10 and below, is now deprecated.> > Starting with iOS SDK 11.0.0 we're introducing a new tampering protection functionality. The new feature does not check what the app contains but who created the app. Whenever the user installs the app on a device, the iOS SDK checks if the developer identifier who signed the app matches the one configured on the Token Server.> > For now on, to use functionality previously known as Tampering Protection (below SDK 11) you need to set App Integrity level to FULL and use App ID as a signature.> > You can learn more about the new tampering protection functionality here
Obtaining the App ID
The App ID is unique for every app. It consists of a unique Team ID generated by Apple and the Bundle ID of the app supplied by you.
Team IDe.g. A1B2C3D4 - you can find the Team ID on your Apple Developer Account.> > Bundle IDe.g. com.domainname.applicationname - you can find the Bundle ID in Xcode.
You can find more info about the App ID in Apple documentation. Locating your Team ID is described here. The App ID used for integrity check needs to be explicit (wildcards are NOT allowed).
Once you obtain the App ID (eg. A1B2C3D4E5.com.domainname.applicationname
) you can store it in the Token Server.
Storing the App ID
The App ID that is obtained must be stored in the Token Server admin console. Since the App ID might theoretically change (app is distributed under a different Bundle ID or different App Developer), therefore every application version has its own configuration. The Token Server application version documentation provides more info on where and how to store the App ID for a specific application version.