How to Sign an xcframework.zip iOS SDK on Appdome

Last updated July 18, 2024 by Appdome

Introduction

Code signing is an essential step for deploying any SDK on a mobile iOS device. A valid signature verifies the SDK’s integrity, proving that it comes from a known and approved source and has not been altered. This article guides you through the process of signing an xcframework.zip iOS SDK on Appdome, ensuring that it meets Apple’s security standards for installation.

Importance of Code Signing

When you integrate additional features into an iOS SDK, the original signature becomes invalid due to changes within the SDK. To maintain the SDK’s usability and compliance with security standards, it must be resigned. Appdome facilitates easy and secure SDK signing through various methods, accommodating different user needs and security policies.

Code Signing Methods on Appdome

Appdome allows signing an app via the Sign tab by using any of the following methods:

  • On Appdome

Allow Appdome to take care of the entire signing process. You only need to provide the signing credentials.

  1. Access the Sign Tab: Log into your Appdome account and select the xcframework.zip iOS SDK you wish to sign.
  2. Provide Credentials: Enter your password, including the P12 certificate that corresponds to your SDK.
  3. Start the Signing Process: Click on ‘Sign My SDK’ to initiate the signing process. Appdome will handle the rest, ensuring your SDK is signed with the correct certificates.Sign Sdk On Appdome
  • Private Signing
  1. In the Sign tab, go to the section How Would You Like to Sign and select Private Signing.
    SDK Private Signing
  2. Click Download My Built SDK
    Download My Built SDK
  3. Unzip the secured xcframework.zip

    unzip <secured xcframework>.zip -d BUILD_OUTPUT_FOLDER
  4. Sign the unzipped xcframework SDK folders:
    <SDK>libloader.xcframework
    <SDK>.xcframework

    codesign -v -f -s <name in keychain access> <SDK>libloader.xcframework>
    codesign -v -f -s <name in keychain access> <SDK>.xcframework>

Success! Your SDK xcframework is now signed.

Troubleshooting for Private Signing

If you encounter a scenario whereby your Key Chain Access files are showing the following message: “certificate name is not trusted,” apply the following steps to resolve the issue:

  1. Open the file
  2. Navigate to the fields titled “Common Name” and “Organizational Unit”
  3. Download the relevant “Apple Root Certificate” and “Apple Intermediate Certificates”.
    For more details, see: Apple PKI documentation
    Key Chain Access Certificate

Related Articles:

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

Appdome

Want a Demo?

SDK Security Integration

GilWe're here to help
We'll get back to you in 24 hours to schedule your demo.