Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This document describes how to setup an environment to access and use the Mobile Protect SDK for iOS distributed via Swift Package Manager. This document will take you through the steps to integrate SDK into your build system. For other guides, check out Mobile Protect Installation Guides

Step 1: Add Mobile Protect to Xcode

To fetch the Mobile Protect SDK via SPM, an API key is needed. If you haven’t received an API key for Mobile Protect, please contact us.

Step 1: Add Mobile Protect to Xcode

  1. In Xcode, add the dependency to the Mobile Protect SDK through the FileAdd Packages… menu.

  2. Enter the following URL into the search bar on the top right:

    Code Block
    https://spm:{MOBILEPROTECT_REPO_API_KEY}@mobile-protect-repos.securetheorem.com/mobileprotect-ios

    Replacing {MOBILEPROTECT_REPO_API_KEY} with the Mobile Protect API key.

For Mobile Protect Anti Fraud, use the following URL instead:

Code Block
https://spm:{MOBILEPROTECT_REPO_API_KEY}@mobile-protect-repos.securetheorem.com/mobileprotect-ios-antifraud
  1. Select your preferred Dependency Rule, and then click on the Add Package button.

  2. Select the Target you wish to add Mobile Protect to, and then click on the Add Package button.

That key is NOT SENSITIVE. The key is only used to download the Mobile Protect SDK, but cannot be used to pull any data from the app nor the backend. A different and more secure key is required for pulling data. It is safe to commit in your repository.

Step 2: Add Mobile Protect Configuration File

Copy the MobileProtect.plist config file into the project, place it in the Target root. See Add Existing Files and Folders to a Project for instructions.

The plist file contains an AUTH_TOKEN key; however, the key is NOT SENSITIVE. The key is only used to identify the data sent by Mobile Protect to the backend, but cannot be used to pull any data from the app nor the backend. A different and more secure key is required for pulling data. It is safe to commit and have the token in the .apk as it is used as an identifier, similar to Google's Firebase: https://firebase.google.com/docs/projects/api-keys

Results

Please visit https://www.securetheorem.com/mobile/protect to see the list of your apps and the state of protection, along with the individual protection item details.