Best approach for enterprise ios standalone app?

Hi @wkozyra

As discussed in this thread What Does expo generated .IPA contain?

My enterprise is concerned about their privacy policy. So they don’t want to store their assets in expo server/cdn.

So I think I will be having the following cases to address their concern

Case 1 - Host the app on my own server and build stanalone using expo build service

A.) When I host the app on my own server use expo build services I will download the app from “expo.io” . Here what is actually happening? Will expo store my app bundle on their server/CDN.

Case 2 - Host the app on my own server and using turtlle CLI to build the stand alone

B.) when I run

turtle-cli build:ios --public-url https://f50801ca.ngrok.io/dist/ios-index.json

imageUrl, iconUrl, bundleUrl in the index.json will point to the server where I hosted those files.
After creating .ipa file suppose if I kill the server. Then how my app will behave ?

Can you please address A & B.

Thanks.

My enterprise is concerned about their privacy policy. So they don’t want to store their assets in expo server/cdn.

If it’s on user device it’s already accessible, unless it’s some sort of internal app and all users are trusted.

Case 1
If you host it on your own server, our server would fetch that during the build. In that case expo does not host any of your assets or code. We are uploading apk/ipa to s3 and it’s stored there for 30 days.

Case 2
if you disable OTA update it will never send requests to those urls
if you have ota updates enabled, it will try to update but fetching ios-index.json will fail and update won’t happen.

1 Like

Hi @wkozyra

Thanks for your support.

I’m sorry, I’m not sure I understand what you meant by? Can you please rephrase this point.

Thanks

Just wanted to point out that securing client side code/assets is a bit pointless in most cases. If app is installed on device user can always access that in some way, any form of security on client side is just obfuscation and can be overcome by determined enough user.

Got it. Thanks for the response @wkozyra.

Hi @wkozyra

In the above mentioned case I am having some queries related to apple certificates.
1.) Do I need to host the .p12 and p8 certificates along with the dist folder on my server?

2.) If turtle cli asks for the path of .p12 certificate which path do I need to give (local machine file path / hosted url path) of the certificate.

can you please give an example for the dist-p12-path. And is it mandatory to create a push certificate? Because I don’t have push certificate but it is asking for push-12-path.

Thanks in advance

You shouldn’t host credentials, pass local paths to those files.

Read help output of that command it’s clearly states what should be passed expo build:ios --help. There is no such thing as push-p12-path there.

Push certificates and push keys are server side credentials, there is no way to pass them to turtle. Use expo credentials:manager or expo build:ios to set up them on server.

Hi @wkozyra

As mentioned in this thread expo build: ios apple authentication fails

When I run the command expo build :ios I am getting the following error.

(For your information I am using windows machine and I have installed WSL. Already I have built an .ipa file in this machine using the command expo build: ios. But now facing this issue)

Please help me with this.

Hi @wkozyra

Can you please help me with this issue. Thanks in advance