Script-based instrumentation for iOS apps

During the normal instrumentation process, a Perfecto library is added to the app’s binary. Specific function calls inside the app may be replaced with calls to functions from the Perfecto library.  As a result of this processing:

  • Apps have to be re-signed with a Perfecto iOS certificate after the binary has been modified, due to iOS code signature requirements

  • Apps using special entitlements that require the original author's certificate may not work after the re-signing process.

Perfecto offers script instrumentation, a customized instrumentation feature that enables customers to instrument an application with the Perfecto library and then re-sign it with the customer's own certificate. The main advantages of script instrumentation include:

  • Maintaining the original application entitlements and signature

  • Identical instrumentation process, except for the re-sign step

    Instead of re-signing with the Perfecto certificate, the application signature is performed locally, at your organization's premises, on a Mac machine with your enterprise certificate.

Supported environments

Script instrumentation of iOS apps is supported on macOS machines.

Prerequisites

  • macOS Mojave or later

  • XCode 8.3.3 or later 

  • Python 3.6 or later, with requests module installed

    To install the requests module, run the following command:

    Copy 
    pip3 install requests

  • Open to internet connection (to access Perfecto services)

  • Keychain on Mac should contain the required enterprise certificate

    Because duplicate names are not allowed, you must verify that only a single entry with this name is included in the keychain list.

  • Keychain password

  • .mobileprovisionfile matching the enterprise certificate

  • *.ipa file of the application (which should be instrumented) 

Limitations

You cannot use multiple certificates to sign the application.

How it works

The re-sign process is performed on a Mac machine within the customer's environments.

The Keychain on the signing Mac should include:

  • The enterprise certificate used to re-sign the instrumented application
  • The .mobileprovision file matching the enterprise certificate

Perfecto will provide the user with a script, to run on the Mac machine, that executes the following steps (also shown in the following image):

Step 1: Upload the application file (*.ipa file) to Perfecto's instrumentation service.

Step 2: Download the instrumented application file (*.ipa file) from Perfecto's instrumentation service.

Step 3: Re-sign the instrumented application file with the customer's certificate.

What's next?

Run script-based instrumentation on iOS apps