The recent iOS 14.5 update seems to block any Unreal app made on Windows. The issue relates to the code signing format which Apple have recently changed, and as of iOS 14.5, the legacy format will no longer install at all, with no option to override. What’s worse is that Apple have already prevented downgrading back to version prior to iOS 14.5. Thanks Apple!
I’ve submitted a bug report to Epic, and hopefully this will be fixed as it could be a major problem for some people. The issue relates to the program IPhonePackager.exe which Unreal uses to package and code sign apps for iOS. Even with a remote build, the actual final packaging is done on Windows. IPhonePackager.exe seems to date back to the days of Unreal 3, so a fix may not be trivial and we can’t assume that it will happen soon.
I’m posting this in case I can save anyone the trouble I’ve had during the last week, trying to find a workaround to whilst working on a production using a Unreal iPad/Phone app. It’s been incredibly frustrating to have Apple do this at this time. I understand that security and updates are their priority, but to not even give the option for advanced users to override locking out apps that days before worked absolutely fine is madness.
For anyone who already has an app published on the app store, in theory this should automatically be re-signed and work as usual. I would imagine this also happens if using TestFlight. For me, this isn’t an option, and I use a development profile with a UUID list of all the device I use. I have a feeling that trying to upload any new apps to the app store or test flight will now fail due to the legacy code signing (it was one of the many reasons for rejection when I tried to make test flight work).
For anyone making iOS apps in Unreal on OSX, I would guess that the code signing is not an issue (assuming you are able to run the latest OSX/xcode).
Anyway, I finally have a temporary fix that allows me to make apps made on Windows work on iOS 14.5 devices without any dodgy hacks or jailbreaking. There are 2 caveats however, a new developer certificate will need to be made, and access to a Mac is needed (or an OSX Virtual Machine).
- Create new developer Certificate for keychain
On the Mac, go to the Keychain Access app, at the top, go to Keychain Access → Certificate Assistant → Request a Certificate → Request a Certificate from a Certificate Authority. Enter the details (and select save to disk) to generate a new signing request file.
(This is the equivalent of using IPhonePackager.exe to create a “Certificate request and key pair” when first creating a new developer profile on windows.)
Go to your Apple Developer account online and under “Certificates”, create a new developer Certificate using your new signing request file that you generated. Then, Download your new developer Certificate (needed on PC and Mac).
(Your developer account may only let you create 1 of each type of developer Certificate, so worst case you may have to delete your existing one. In my case I created a new “iOS App Development” certificate which seems to do the same job as my existing “Apple Development” certificate.)
In the “Profiles” section, edit your app Provision Profile to include the new developer certificate. Download this to the PC.
On the mac, in Keychain Access, install the new developer Certificate file to your login keychain (drag the file in). If this works correctly, you should see it appear in Keychain, and you should be able to expand it to view the private key linked to it. This is important.
In Keychain Access, right click the Developer Certificate and click “Export [your certificate name]”. Save a .p12 file, and it should ask you to give it a new password. Copy this to your PC.
- Build Unreal Project
Now, back in Windows, go to your Unreal project, and go to iOS in Project Settings, click “Import Certificate” and add your new .p12 file and it should ask for the password. (This is instead of the usual process of selecting a .cer followed by a separate .key file.)
Click “Import Provision” and add (or update) your new Provision Profile file.
You can now package your project as an .ipa file for IOS. (currently this file will fail to install on iOS 14.5 due to the legacy code signing)
Copy the .ipa file to your Mac.
- Re-sign the ipa with new signing format
On the Mac, install the “iOS App Signer” app from:
Start “iOS App Signer” and select your .ipa file as the “Input File”
Your Signing Certificate should be in the list, select it.
You can leave all other fields as default/blank.
Click “Start” and select a name/location for the new ipa file.
And that’s it, you should now have a new re-signed .ipa file that you can install to your device from either PC or Mac. On PC, open iTunes and drag the .ipa into the library area to install (I’m sure it’s something similar on Mac). Once setup, it requires minimal effort to re-sign .ipa files.
I’m sure that some of these steps can be simplified, but currently it is the only way I have found after a lot of experimenting.
I believe that “iOS App Signer” requires XCode to be installed. XCode may need to be a fairly recent version to support the new code signing format.
The reason we need to create a new certificate is that I have not yet found a way to install the original private key (.key generated in IPhonePackager.exe on windows) in keychain on the Mac to go with the certificate (called a key pair), I would love to know if anyone knows how to make this work.
If your developer certificate originated on a Mac, you probably don’t need to make a new certificate, as long as the key pair is installed to Keychain.
In theory, it should be possible to re-sign using the terminal command “codesign”, however I couldn’t get it to make usable .ipa files. The “iOS App Signer” app might even use “codesign” behind the scenes, but with some extra parameters (i suspect something to do with entitlements).
I found a few Windows programs for re-signing ios apps. I personally didn’t have any luck with the free ones, and the rest were expensive high end software solutions. For anyone doing blueprint only development on PC with no Mac access, you might have to try and get one of these to work whilst we wait for IPhonePackager.exe to be fixed by epic.