Automatic Authentication on iOS

2014-01-31

2014/09/17: Automatic authentication no longer works on iOS 8 as Apple has removed the iTunesArtwork file.

When Apple removed UDIDs in iOS 7, we introduced a new feature to let users manually authenticate within your app. This allows you to restrict builds to certain users and see beta analytics, including which users have tested which build, and for how long. The latest release of HockeySDK takes this feature to the next level with Automatic Authentication. Since you’re likely curious how it works, we’d love to share the details with you:

When a user installs your app through HockeyApp, our backend generates a plist that is fed into the itms-services URL scheme to trigger the installation. The plist itself includes a link to your .ipa, the icon that is shown on the home screen during the installation, and the full-size icon - also known as iTunesArtwork. During the installation process, this full-size icon is stored into your app’s sandbox, so your app can actually access it from code.

The full-size icon is just a 512x512px png file, but things get exciting when you know that the png specification does declare ancillary chunks, including one to store text. This means that HockeyApp can pass textual information into your build at installation time without modifying the .ipa file.

Coming back to the user that taps the Install button: If the user is signed in or his UDID is present in the current browser session, then HockeyApp writes this information into the metadata of the full-size image. The new version of HockeySDK parses this metadata at the first start to automatically identify the user. Thereby the SDK utilizes the same URL scheme that we introduced with HockeySDK 3.5, allowing for a seamless fallback if the user was not signed in or installed the app through iTunes or Xcode.

HockeySDK 3.5.2 is now available and supports the automatic authentication with the authentication strategies BITAuthenticatorIdentificationTypeDevice and BITAuthenticatorIdentificationTypeWebAuth. The other non-anonymous strategies do not use the metadata from the full-size image, allowing you to have that extra step of verification if you want it.

Download the release here:
HockeySDK 3.5.2 for armv7, armv7s, and arm64

As always, if you have any questions, new ideas, or feedback, send us a message using our support system.