Summary
Apple has changed its TestFlight certificate. The current one expires on August 12th. As a result of our repackaging protection, new shielded builds uploaded to TestFlight are exiting on startup.
Problem symptoms / Details
When an app is uploaded to TestFlight, Apple re-signs the app with their TestFlight certificate. App Shielding's repackaging check looks at the certificate that the application has been signed with, and if it is not a trusted certificate, we exit the app (exitOnRepackaging). App Shielding, by default, trusts the TestFlight and the AppStore certificates, as well as any certificates specified in the App Shielding configuration via 'Application signer Certificate'. Since Apple changed its TestFlight certificate, OneSpan doesn't trust it by default, so it needs to be added to the list of certificates that are trusted by App Shielding.
Applications already uploaded to Testflight before will not be impacted.
Unfortunately, Apple does not disclose when they are going to change the certificate nor do they give out the new certificate in advance.
This is why we could not share this information more upfront.
Problem Solution
The new TestFlight certificate will be white-listed by default on the upcoming Shield version (> v8.1.2.194676-a).
For earlier versions, you can add the new TestFlight Certificate attached to this KB article as Application Signer certificate in your Shield configuration:
- For the Application Signer Certificate: select "Custom certificate"
- Upload the certificate attached to this article, save the configuration and re-shield your Application.
Security Status: External
Document type: Known Issue
Applies to: App Shielding