Maintain trust for enterprise‑signed iOS apps

Starting with iOS 18, Apple changed how devices trust enterprise‑signed iOS apps, which can cause devices to enter an error state when apps are installed interactively. To maintain trust for enterprise‑signed iOS apps on Perfecto devices, you upload a small certificate keeper app that is signed with the same enterprise certificate as the apps you want to test.

This document includes references to a third-party product, Apple Xcode. The user interface and usage of third-party products are subject to change without notice. For the latest published information about iOS development with Xcode, see https://developer.apple.com/documentation/xcode.

Prerequisites

Make sure you have:

  • An Apple enterprise certificate that you use to sign your iOS apps.

  • Access to Xcode with permissions to:

    • Create and build an iOS app project.

    • Archive and export an .ipa file using your enterprise certificate.

    You must be signed into Xcode with the Apple developer account that contains your enterprise certificate.

  • Access to the Perfecto repository for your cloud so you can upload a file with the PUBLIC: certKeeper.ipa.

Create and upload the certificate keeper app

Perform the following procedure to create the certificate keeper app.

  1. Create a new iOS app project in Xcode:

    1. Open Xcode and create a new iOS App project.

    2. Define a unique bundle identifier for the app.

    3. Select a team that uses the enterprise certificate you want to use for your app.

  2. Configure the deployment target and build settings:

    • Set the minimum deployment target to iOS 15.0.

    • Make sure the build target is set to Any iOS Device (arm64).

    • Select the Xcode team associated with the enterprise certificate that is used to sign the applications you intend to test.

  3. Build and archive the app:

    1. Build the project in Xcode.

    2. Archive the app, and when the Archives window opens, select the archive you want to export.

  4. Export the app as an enterprise-signed .ipa file:

    1. In the Archives window, select Distribute App.

    2. Choose Enterprise as the distribution method and click Distribute.

    3. When the process completes, click Export and save the exported .ipa file to your local machine.

  5. Rename and upload the file to the Perfecto repository:

    1. In the output folder, locate the exported .ipa file.

    2. Rename the file to certKeeper.ipa.

    3. Upload the file to the Perfecto repository using the following locator: PUBLIC:certKeeper.ipa

  6. Once you have uploaded certKeeper.ipa to the Perfecto repository, contact Perfecto Support to enable the certificate keeper feature for your cloud.

When Perfecto Support enables the feature and the configuration propagates, the system installs your certificate keeper app on cloud devices during an available window when the devices are not in use. The app remains installed even if you run device cleanup or uninstall commands, helping maintain trust for your enterprise-signed apps.