This document describes how to setup an environment to access and use the Mobile Protect SDK for iOS distributed via CocoaPods. This document will take you through the steps to integrate SDK into your build system. For other guides, check out Mobile Protect Installation Guides
To fetch the Mobile Protect SDK via CocoaPods, an API key is needed. If you haven’t received an API key for Mobile Protect, please contact us.
Step 1: Add API Key to .netrc
The API key should be added to your netrc file, which will be used automatically by CocoaPods, curl
and git
when fetching the SDK.
Add the following entry to the file at ~/.netrc
:
machine mobile-protect-repos.securetheorem.com password {MOBILEPROTECT_REPO_API_KEY}
Replacing {MOBILEPROTECT_REPO_API_KEY}
with the Mobile Protect API key.
Step 2: Add Mobile Protect to the Podfile
In your project’s Podfile
, add the dependency to the Mobile Protect SDK:
target 'MyAwesomeApp' do ... pod 'MobileProtect' end
For Mobile Protect Anti Fraud, use the Mobileprotect-antifraud pod:
target 'MyAwesomeApp' do ... pod 'MobileProtectAntiFraud' end
MobileProtectAntiFraud
depends on MobileProtect
so it includes all features present in Mobile Protect
And then run pod install
to retrieve the pods for the project. See https://guides.cocoapods.org/using/the-podfile.html#specifying-pod-versions for deciding if pinning the pod versions is the best practice for your project.
Note: If you encounter duplication issues because you have both TrustKit and MobileProtect, you can use the MobileProtect-NoTrustKit
pod and keep TrustKit as is.
Step 3: Add the Mobile Protect configuration
In the iOS project copy the MobileProtect.plist
config file into the project's Xcode project, place it in the project root. See Add Existing Files and Folders to a Project for instructions.
The plist file contains an AUTH_TOKEN
key; however, the key is NOT SENSITIVE. The key is only used to identify the data sent by Mobile Protect to the backend, but cannot be used to pull any data from the app nor the backend. A different and more secure key is required for pulling data. It is safe to commit and have the token in the .apk as it is used as an identifier, similar to Google's Firebase: https://firebase.google.com/docs/projects/api-keys
Results
Please visit https://www.securetheorem.com/mobile/protect to see the list of your apps and the state of protection, along with the individual protection item details.