For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.
Enabling the application-authenticity security check
Enable the predefined MobileFirst application-authenticity security check to protect against attempts by fake or tampered applications to access your resources (APIs).
You enable the application-authenticity security check by creating an application-authenticity file, and deploying the file to MobileFirst Server. We can select whether to separate the file creation and deployment steps, or consolidate them into one step:
- One-step authenticity-file generation and deployment with mfpadm
- Two-step authenticity-file generation and deployment
Procedure
- One-step authenticity-file generation and deployment with mfpadm
Run the app version set authenticity-data command of the mfpadm command line program, or the <app-version> <set-authenticity-data> command through an mfpadm Ant task. Set the command's file argument or attribute to the location of your application binary file. This command will generate an application-authenticity file for our application, and store the file on the server.
- Two-step authenticity-file generation and deployment
- Get the MobileFirst application-authenticity Javaâ„¢ tool, mfp-app-authenticity-tool.jar, by using either of the following alternative methods:
- Download the tool from IBM MobileFirstâ„¢ Platform Operations Console (the console): from the console Dashboard, select Download Center, and then select the Tools tab. Under Applicaiton-Authenticity Tool, select Download and save the file to our preferred location.
- Copy the tool from the <product_install_dir>/MobileFirstServer/external-server-libraries/ directory (where <product_install_dir> is the directory in which you installed IBM MobileFirst Platform Foundation).
- Generate a unique application-authenticity file: from the command line, run the application-authenticity tool with one of the following command variations:
java -jar <path to mfp-app-authenticity-tool.jar> <app_binary> [<authenticity_file>]
java -jar <path to mfp-app-authenticity-tool.jar>When no parameters are provided, the application-authenticity tool runs in an interactive mode. You are then prompted to enter the path to your application binary file (app_binary), and optionally also the path to our target application-authenticity file (authenticity_file).
mfp-app-authenticity-tool parameters
- app_binary
- Mandatory path to our application binary file.
- For Android, refer to our .apk application file. This file must be signed. For more information about signing Android applications, see the Android documentation: Signing Your Applications.
Note that the Google Play multiple APK feature cannot be used together with the MobileFirst application-authenticity validation. For information about multiple APK, see the Android documentation: Multiple APK Support.- For iOS, refer to our .ipa application file. If your application must support both 32-bit and 64-bit execution, provide a single .ipa file that includes both 32-bit and 64-bit code.
Note that bitcode-enabled applications cannot be used together with the MobileFirst application-authenticity validation. See Work with bitcode in iOS apps.- For Windows 10 Universal Windows Platform (UWP) and Windows 8.1 Universal, refer to our .appx application file, or to a .appx file from a bundle.
- authenticity_file
- Optional path to the generated application-authenticity file. By default, the tool generates an <application-binary base file name>.authenticity_data file in the same directory as the provided application binary file (app_binary).
Example
The following command is run from the directory that contains the application-authenticity tool, and does not set the optional authenticity_file parameter. The command generates a my_ios_app.authenticity_data application-authenticity file in the same directory as the input my_ios_app.ipa application binary: /Users/myname/.java -jar mfp-app-authenticity-tool.jar /Users/myname/my_ios_app/my_ios_app.ipa
Deploy your generated application-authenticity file to MobileFirst Server, by using either MobileFirst Operations Console or mfpadm:
- In the console,
- Select your application version from the Applications section of the console's navigation sidebar, and then select the application Authenticity tab.
- Select Upload Authenticity File, browse to our generated application-authenticity file, and upload the file.
- Run the app version set authenticity-data command of the mfpadm command line program, or run the <app-version> <set-authenticity-data> command through an mfpadm Ant task. Set the command's file argument or attribute to the location of your application-authenticity data file.
When wer application-authenticity file is successfully deployed to the server, a relevant message is displayed in the console.
Results
When wer application-authenticity file is deployed to the server, the Status value in the application Authenticity console tab is set to "Enabled", indicating that the security check is enabled for our application.
We can retrieve a copy of the application-authenticity file that is deployed for our application on the server, by running the app version get authenticity-data command of the mfpadm command line program, or the <app-version> <get-authenticity-data> command through an mfpadm Ant task.
We can disable the application-authenticity security check at any time, by using one of the following methods:
- In the application Authenticity console tab, select Delete Authenticity File.
- Run the app version delete authenticity-data command of the mfpadm command line program, or the <app-version> <delete-authenticity-data> command through an mfpadm Ant task.
Parent topic: Application-authenticity security check