12

Here is an article that should give a little more context (and see my comment on it, same username, for additional info).

iOS developers are able to distribute apps outside of the App Store using an Enterprise provisioning profile. This allows apps to be installed even right from Safari without the need for App Store approval, enabling non-developers to test beta builds, companies to distribute internal apps to employees, etc.

However, both Apple and the enterprise account holder retain the ability to revoke the certificate backing the provisioning profile, which would prevent anymore users from installing the app (in the case of the article linked above, Apple revoked the enterprise profile used to sign the emulator because they considered it abuse of the freedom granted by enterprise distribution)...excluding, of course, the "loophole" used to bypass that check: simply change your system date to any date in the past.

This raises a lot of questions about how the certificate validation is implemented, but I'm most curious about what goes on when the loophole is not being exploited. At what point does the device actually reach out to Apple to make sure the certificate has not been revoked? At the moment the app is installed? If that's the case, is it "soft" (allows install unless revocation is explicitly detected) or "hard" (forbids install unless certificate is absolutely proven still valid)? Or does the device check in with Apple periodically to get an updated blacklist/whitelist of enterprise certificate identities? Or is it something even different?

user2339252
  • 9
  • 2
n00neimp0rtant
  • 223
  • 2
  • 6

2 Answers2

7

From the iOS 7 Deployment Technical Reference document (opens a PDF):

Certificate validation
The first time a user opens an app, the distribution certificate is validated by contacting Apple’s OCSP server. Unless the certificate has been revoked, the app is allowed to run. Inability to contact or get a response from the OCSP server isn’t interpreted as a revocation. To verify the status, the device must be able to reach ocsp.apple.com. See “Network Configuration Requirements,” earlier in this appendix.

The OCSP response is cached on the device for the period of time specified by the OCSP server—currently, between three and seven days. The validity of the certificate isn’t checked again until the device has restarted and the cached response has expired.

If a revocation is received at that time, the app is prevented from running.

Revoking a distribution certificate invalidates all of the apps you’ve signed with it. You should revoke a certificate only as a last resort— if you’re sure the private key is lost or the certificate is believed to be compromised.

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
1

The most up to date answer can be found in Apple's Enterprise iOS Deployment Reference:

http://help.apple.com/deployment/ios/#/apda0e3426d7 See: Certificate validation

The first time a user opens an app, the distribution certificate is validated by contacting Apple’s OCSP server. If the certificate has been revoked, the app won’t launch. To verify the status, the device must be able to reach ocsp.apple.com.

Ashton-W
  • 11
  • 2