Hi all,
I've made via iCloud, an iOS build with AppStudio 3.0 ArcGisRuntime 100.2
We have this issue on testing the security vulnerability .
The app does not have an executable code "archs_no_code: - arm64" This non-executable type of app was generated by exporting an archive of the application for "Save for iOS App Store Deployment" with "include bitcode" checkbox enabled
Have you ever seen this issue? How can I provide an executable app?
Thanks.
Massimiliano
Solved! Go to Solution.
Hi Massimiliano,
Bitcode is enabled by default in iOS App Store builds created using AppStudio 3.0. As described below, bitcode is an intermediate representation which does n't contain executable binary. The App Store then compiles the bitcode down into a 64bit executable.
From Apple docs:
Bitcode is an intermediate representation of a compiled program. Apps you upload to iTunes Connect that contain bitcode will be compiled and linked on the App Store. Including bitcode will allow Apple to re-optimize your app binary in the future without the need to submit a new version of your app to the App Store.
For iOS apps, bitcode is the default, but optional.
----
I am not sure why this default behavior documented in official Apple docs is listed as a security vulnerability in the tools you are using.
Bitcode is currently an optional requirement for iOS AppStore upload. Bitcode can be disabled in AppStudio apps using below steps
- Open app in QtCreator
- Open appinfo.json for editing manually
- Set make.ios.enableBitcode to false as shown below
```
"arcgisRuntime": 1002,
"make": {
"ios": {
"enableBitcode": false
}
},
```
- Save changes
- Upload app to ArcGIS Online
- Rebuild app using Cloud Make
I hope this helps.
Thanks
Shobana
Hi Massimiliano,
Bitcode is enabled by default in iOS App Store builds created using AppStudio 3.0. As described below, bitcode is an intermediate representation which does n't contain executable binary. The App Store then compiles the bitcode down into a 64bit executable.
From Apple docs:
Bitcode is an intermediate representation of a compiled program. Apps you upload to iTunes Connect that contain bitcode will be compiled and linked on the App Store. Including bitcode will allow Apple to re-optimize your app binary in the future without the need to submit a new version of your app to the App Store.
For iOS apps, bitcode is the default, but optional.
----
I am not sure why this default behavior documented in official Apple docs is listed as a security vulnerability in the tools you are using.
Bitcode is currently an optional requirement for iOS AppStore upload. Bitcode can be disabled in AppStudio apps using below steps
- Open app in QtCreator
- Open appinfo.json for editing manually
- Set make.ios.enableBitcode to false as shown below
```
"arcgisRuntime": 1002,
"make": {
"ios": {
"enableBitcode": false
}
},
```
- Save changes
- Upload app to ArcGIS Online
- Rebuild app using Cloud Make
I hope this helps.
Thanks
Shobana
Hi Shobana,
I did not express myself well, the security issue is not the bitcode.
It's the tool HP Fortify that is not able to test an ipa like this.
I'll try your suggestion. I'll let you know.
Thanks
Hi Shobana,
it works, thank you!
Massimiliano