How to restrict app and build access

This article describes the different options to restrict access to apps and builds.

Download Page

When you create a new app, HockeyApp sets the visibility of the download page for the app to private. This means that only invited testers can see the app's icon on their HockeyApp dashboard. You can change the visibility as follows, assuming that you are the owner or developer of the app:

  1. Click on the app on the HockeyApp dashboard
  2. Click on Manage App
  3. Click on Distribution
  4. Select public or private for the Download Page
  5. Finish with Save

The visibility of the download page does not affect whether a build can be downloaded. To control access to the builds, you need to restrict all versions of your app of HockeyApp.

Restrict Builds

By default, builds are unrestricted and can be downloaded anonymously through HockeySDK or the HockeyApp API. The reason for this anonymous access is that sandboxing on iOS and Android prevents HockeySDK from identifying the user. For a higher level of security, we recommend the following steps:

  1. Make sure that the download page is set to private (see above)
  2. Restrict access to existing builds:
    • Click on the app on the HockeyApp dashboard
    • Click on the Versions tab
    • Click on the version
    • Click on Manage Version
    • Click on Status
    • Set Restrict Downloads to Enabled
    • Select one or more distribution groups, users, or enter one or more tags
    • Finish with Save
  3. For new builds, restrict access through the user interface that is shown after uploading the build or via the Upload API (fields tags, teams, or tags).

Once builds are restricted, HockeySDK can only offer in-app updates if it knows the identity of the user. If you want to continue to use in-app updates, you need to enable non-anonymous authentication:

In case you did remove a tester from your app on HockeyApp, the user will no longer be able to use the app and will stop receiving updates. It is not possible to force remove the app from the testers devices as neither Apple nor Google offer such a feature for ad-hoc distribution, enterprise distribution, or side-loaded apps.

App ID for Pre-release vs. Production Builds

HockeySDK automatically detects if an app was downloaded from the App Store or Google Play and disables in-app updates, so you can use the same build for pre-release testing (in-app updates enabled) and the final release (in-app updates disabled). Regardless of this mechanism, it is possible for an attacker to extract your App ID from the app package, for example by disassembling your app binary. If your builds were not restricted as described above, the attacker can then download the latest version of the app through the HockeyApp API (in the same way as HockeySDK would offer an in-app update).

We recommend to not only restrict all builds, but also use separate App IDs for pre-release and for the production release of your app. This is possible by creating two apps on HockeyApp and by changing the App ID before creating the production build. To prevent that an attacker can still obtain the App ID of the pre-release app, you want to make sure to remove the pre-release App ID from all source code and configuration files, for example from the Info.plist, and only use the production App ID.