iOS

How to hide Fabric API key and build secret in an Open Source project

A mobile app that integrates the Fabric mobile platform and the Crashlytics crash reporting framework requires two things to successfully communicate with the Fabric / Crashlytics server platform:

  • The Fabric API key: This is required at build time so that the build process can upload the debug symbols that later are required to symbolicate crash reports. The API key is also required at runtime so that the app on a customer device can submit crash reports.
  • The Fabric build secret: This is also required for uploading debug symbols at build time.

Whoever knows these two pieces of information can freely interact with the Fabric / Crashlytics server platform on behalf of the app, so obviously you want to restrict knowledge of the information to people who can be trusted. This article shows how to keep API key and build secret private even in an Open Source project like Little Go where, by definition, there is the desire to publish everything.

iOS 5 and ad-hoc distribution

Ad-hoc distribution is definitely the way to go to make it easy for beta testers to install an iOS app that is not yet available through Apple's App Store. The answer to this stackoverflow question thoroughly explains how it works.

Today I tried to create a new ad-hoc distribution for my Little Go app, the first after iOS 5 has been released. Very much unexpectedly, the whole process fell flat on its nose due to a combination of code signature and entitlement problems. After a 4 hour battle I now have things working again, and although I am not entirely sure about the exact source of the problem, I thought I would like to write down what I have learned this afternoon.

The final solution, anyway, for those who don't want to read the whole story: Invalidate and then regenerate all provisioning profiles on Apple's iOS Provisioning Portal.