[BSI][05_22_cwa-app-ios-master] Developer Menu Compiled Into AppStore Version about cwa-app-ios HOT 5 CLOSED

We fully understand that this issue is due to the development phase of this project.
Please consider this issue as a reminder to ensure that this will not make it into production.
Please leave this issue open until it is resolved in the version we are testing.

Thank you very much

Proof of Concept:
The implementation of the isAllowed() function can be found in the DMDeveloperMenu.swift file:

    private func isAllowed() -> Bool {
	true
//        #if RELEASE || DEBUG
//            return true
//        #else
//            return false
//        #endif
    }

from cwa-app-ios.

We fully understand that this issue is due to the development phase of this project.
Please consider this issue as a reminder to ensure that this will not make it into production.
Please leave this issue open until it is resolved in the version we are testing.

Thank you very much

Proof of Concept:
The implementation of the isAllowed() function can be found in the DMDeveloperMenu.swift file:

    private func isAllowed() -> Bool {
	true
//        #if RELEASE || DEBUG
//            return true
//        #else
//            return false
//        #endif
    }

Thanks for very much for bringing this issue up again. We will put this on our checklist that will be used during the release prep. This issue will remain open until we have completed the checklist.

from cwa-app-ios.

We require this menu to be available for a couple of more days since it will be useful during testing.

The app is using two different set of entitlements:

App Store Builds

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.developer.exposure-notification</key>
	<true/>
</dict>
</plist>

Release and Debug Builds

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.developer.exposure-notification-test</key>
	<true/>
	<key>com.apple.developer.exposure-notification-test-skip-file-verification</key>
	<true/>
	<key>com.apple.developer.exposure-notification</key>
	<true/>
</dict>
</plist>

Thus what the app can do is limited on an OS level already.

The developer menu is not able to do anything the user could not do otherwise. Getting access to the developer menu is harder than just sending the corresponding HTTP/s requests using a standard HTTP/s client. So even if we remove any traces of a developer menu from the code base you would still be able to do everything the developer menu can.

I am closing this issue. If you feel this is incorrect please simply reopen.

Thank you very much.

from cwa-app-ios.

hi, i have some experience in developing big banking app. we build for this 2 different versions of our app. one for appstore with disabled funktion (including logging) and one for testing with an apple enterprise account and different bundleid. maybe this could be an solution.
I can support you on on this if needed.

thanks
andreas

from cwa-app-ios.

@BSI-TF-CWA can you confirm that #484 fixes this?

from cwa-app-ios.