BlackBerry Secure Work Space, a containerization solution that is part of BES 10, allows enterprises to manage devices powered by Android and iOS. Secure Work Space apps protect their data by encrypting their app data in transit and at rest. Enterprise in-house apps that leverage Secure Work Space can securely access data behind their companies’ firewall without any additional code for authentication or encryption. In order for an app to use Secure Work Space, it must first be wrapped by using that enterprises’ BES 10 UDS Administration Console. App wrapping automatically replaces the standard system calls with secure system calls and does not require any redevelopment work. This means you can wrap almost any app if you have the binary file (ipa or apk file). After an app has been wrapped, it needs to be re-signed because the wrapping process invalidates the previous signature. The process to re-sign an app is documented here.
Because the signing process for iOS is more complex, I have written the following bash script located here to simplify the signing process significantly. In order to use the script you will need the following:
- Xcode Command Line Tools
- BES Wrapped iOS App (the .ipa file)
- iOS Enterprise Signing Keys
How to re-sign a wrapped app using this script:
- Set Environment Variable SWSSIGNIDENTITY to the iOS Signing Identity
- Set Environment Variable SWSWrappedAppFile to the full path of the wrapped app
- Set Environment Variable SWSProvisioningProfile to the app Mobile Provisioning Profile
export SWSSIGNIDENTITY="iPhone Distribution: My Company Name, LLC (45G34YW73X)" export SWSWrappedAppFile="/Users/shikhir/sws/script/ECL-v5-wrapped-unsigned.ipa" export SWSProvisioningProfile="/Users/shikhir/sws/ECLAppProfile.mobileprovision" ./SWSiOSResign
Just type in ./SWSiOSResign and you will be prompted to enter the parameters.
Once your iOS app is re-signed, you will get a message that the app has been re-signed successfully. Now the app is ready to be distributed to your employees via BES. The steps to distribute the app to your employees are documented here and are usually done by the BES Admin.