applicationSignerTeamID

The team ID used to sign the provided applicationSignerCertificate.

In order to increase security of the repackaging detection feature, App Shielding can be instructed to not only check the certificate that the application was signed with, but also the team ID contained in the signature. This is useful in case the application is not signed by the developer itself, but by Apple in case of TestFlight or App Store deployment. In that case, App Shielding will implicitly trust Apple as the signer if this hasn’t been disabled through the disableTestFlightTrust or disableAppStoreTrust options.

By verifying the team ID, it is possible to make sure that Apple did not sign the app for someone else.

This option can be given multiple times to configure trust for multiple team IDs. As part of the repackaging checks, App Shielding will then verify that the team ID that is part of the code signature matches one of the configured team IDs. If no team ID is given, the team ID is not verified.

Note that an attacker using Apple to re-sign a repackaged app is not a very likely scenario. Unless your are worried about exactly this kind of attack, it is recommended to not use this option as it might cause problems when submitting apps to TestFlight or the AppStore unless you know exactly how your app is being signed before submitting it to Apple.

This is an additional repackaging check. It requires a valid applicationSignerCertificate or trust in Apple’s AppStore and TestFlight certificates.

• Type: string

• Default Value: N/A

• Multiple allowed: Yes

• Required: No

• Depends on: checkRepackaging

 

<applicationSignerTeamID	v="T69KFPGEBY"/>

The team ID can be determined from the Keychain Access application in the following manner:

1. Open the Keychain Access application.

2. Right click on the certificate to use and select Get Info.

3. In the window that opens up, you can find the team ID under Organization Unit (make sure not to confuse this ID with the User ID).