Introduction

Halodoc, Indonesia’s leading healthcare application, is committed to simplifying healthcare services across the nation. As the team has grown and expanded to various platforms, they sought innovative ways to automate routine and time-consuming tasks. One of the challenges they faced was efficiently managing iOS development certificates and profiles. These certificates and profiles are crucial for code signing and app distribution on Apple’s platforms.

The Code Signing Process

Code signing is a fundamental process for iOS app development. It serves two critical purposes: first, it identifies developers to users who download their apps, establishing trust; and second, it prevents spoofing by ensuring that no other entity can use the same bundle identifier for a specific app.

To sign an iOS app, three elements are required:

1. Signing Certificate: Provided by Apple, this certificate is essential as the device needs a trust chain back to Apple to install the app securely.
2. Provisioning Profile: This profile contains information such as the App ID, Signing Certificate, Capabilities, and registered devices for development purposes.
3. Entitlement: It declares support for specific app capabilities, and it is associated with a value for each capability.

The Existing Approach at Halodoc

Halodoc’s existing approach for managing certificates and profiles involved a manual process with the help of an admin. When setting up a new Mac for a team member, the admin would create a certificate and share it with the new member. The new member would then install the certificate and download profiles manually from Xcode’s “Accounts preference” tab.

Similarly, when certificates or profiles needed updating, the admin would handle the process and inform all developers to download the latest profiles or certificates.

Challenges with the Existing Approach

The existing approach had a few drawbacks:

1. Individual Certificates: Each team member had their own certificate, which could lead to reaching the certificate creation limit and reusing existing certificates as the team grew.
2. Dependency on Admin: The process relied on the admin to create and manage certificates, which could be a bottleneck if the admin wasn’t available or familiar with the Apple Developer Portal.
3. Time-Consuming: Installing certificates and profiles manually proved to be time-consuming, especially as the team size increased.

The Proposed Solution: Automating with Fastlane

To overcome the challenges of the existing approach, Halodoc decided to implement Fastlane, an open-source platform for automating various aspects of iOS and Android app development. Fastlane simplifies tasks like code signing, beta builds distribution, app store releases, and more.

The ultimate goal was to store the existing development certificate and profiles in a private repository accessible to team members with read-only access. This approach would automate certificate and profile installation and updating without requiring direct access to the Apple Developer Portal.

Ensuring Security with Fastlane

Halodoc acknowledges the importance of security, especially as a leading healthcare provider. Storing certificates and profiles in a private Git repository offers several security measures:

1. Encryption: Both keys and provisioning profiles are encrypted using OpenSSL and a passphrase before being stored in the private repository.
2. Limited Impact of Leaks: Even if the certificates were Streamlining iOS Developer somehow leaked, they could only be used to install and run the app on registered devices. To add new devices, the attacker would need Apple Developer Portal credentials, which are not stored in the repository but in local keychains.

Conclusion

Halodoc’s decision to automate certificate and profile management using Fastlane has Streamlining iOS Developer significantly streamlined their development process. By maintaining their certificates and profiles in a secure private repository, they ensure that the process remains under their control. The implementation of Fastlane has reduced the administrative burden and provided team members with a faster and more efficient way to set up their development environment.