Include Simulator Architectures
| Plan | Platforms | MASVS |
|---|---|---|
| Enterprise | iOS | Not mapped |
Overview
Include Simulator Architectures is a build-time control that determines whether the MobileDefender framework includes iOS Simulator architectures (arm64 and x86_64 for Apple Silicon and Intel Mac simulators) in addition to the standard device arm64 architecture. When enabled, the framework can run in the Xcode Simulator, enabling quality assurance testing and continuous integration workflows without requiring physical devices.
By default, this control is disabled, and the framework includes only device architectures to minimize binary size and align with App Store requirements. This control is exclusively a build-time configuration and has no runtime security enforcement component.
When to Enable
Recommended Use Cases
- QA Testing on Simulator: Your QA team needs to test the integrated app in the Xcode Simulator on Mac hardware (Apple Silicon or Intel)
- CI/CD Automation: Your continuous integration pipeline runs automated UI tests, screenshot generation, or integration tests in simulator environments
- Development and Debugging: Developers need to run and debug the integrated app in the simulator before deploying to physical devices
- Rapid Iteration: You want faster build-test cycles during development by avoiding the device provisioning and deployment overhead
Example Scenarios
- A mobile banking app running nightly automated test suites against simulator-based test harnesses
- A healthcare app with screenshot-driven visual regression testing in CI
- An enterprise app requiring rapid prototyping and iteration during feature development
When to Leave Disabled (Default)
Recommended Use Cases
- Production Builds: Apps submitted to the App Store or TestFlight
- Minimizing Framework Size: You want the smallest possible framework binary to reduce app download size
- Device-Only Workflows: Your testing infrastructure uses only physical devices (on-premise device farms, cloud device testing services)
- Security-First Deployments: You want to ensure the framework runs exclusively on genuine hardware with full security controls active
Important Notes
- Simulator binaries are significantly larger due to multiple architecture slices (arm64 + x86_64 vs. arm64 alone)
- The App Store does not accept simulator architectures — Xcode automatically strips them during archive/upload, but enabling this control unnecessarily inflates pre-strip binary size
- Some MobileDefender security controls (e.g., hardware-backed attestation, Secure Enclave operations) may behave differently or be disabled in simulator environments
Tradeoffs
| Aspect | Enabled | Disabled (Default) |
|---|---|---|
| Binary Size | Larger (~2.5× due to x86_64 + arm64 slices) | Smaller (arm64 device-only) |
| Simulator Support | ✅ Runs in Xcode Simulator | ❌ Simulator crashes or fails to link |
| CI/CD Integration | ✅ Compatible with simulator-based test infrastructure | ⚠️ Requires physical device provisioning |
| App Store Submission | ⚠️ Xcode strips simulator slices (no impact on final IPA, but increases pre-strip size) | ✅ Minimal binary footprint |
| Security Controls | ⚠️ Some controls disabled or altered in simulator (e.g., no Secure Enclave, modified attestation logic) | ✅ Full security enforcement on real hardware |
| QA Workflow | ✅ Faster iteration with simulator testing | ⚠️ Requires device fleet management |
How It Works
When you create an app build through the MobileDefender App Creator:
- Framework Selection: The build pipeline selects either:
MobileDefender-simulator.framework.zip(contains arm64 + x86_64 slices) wheninclude_simulator: trueMobileDefender.framework.zip(contains arm64 device slice only) wheninclude_simulator: false(default)
- Integration: The selected framework variant is embedded into your IPA during the automated build process
- Code Signing: When simulator architectures are included, the build pipeline skips integrity hash generation (Tier 2 verification) because the host Xcode environment will re-codesign the binary, invalidating pre-computed hashes
- Deployment: The IPA can be:
- Installed on physical devices (both variants support this)
- Run in the Xcode Simulator (only the simulator-enabled variant supports this)
Build Pipeline Details
The MobileDefender iOS module CI/CD pipeline produces both framework variants on every release:
- Device Framework: Built with
xcodebuild -sdk iphoneos ARCHS="arm64" - Simulator Framework: Built with
xcodebuild -sdk iphonesimulator ARCHS="arm64 x86_64"
Both variants are identical in functionality and security controls; the only difference is the set of CPU architectures included in the binary.
Default Behavior
Disabled (device-only). This ensures production-ready binaries with minimal size overhead and full compatibility with App Store distribution requirements.
Support Matrix
| Platform | Minimum Version | Status |
|---|---|---|
| iOS | 12.0+ | ✅ Supported |
| Android | — | ❌ Not Available |
How to Enable the Control
Navigate to Settings from the AppTego portal, and open the Build Settings panel. Under this panel you will find the Include Simulator Architectures setting. Click Enable to apply it to the next protected build.
API Configuration Example
{
"IncludeSimulatorArchitectures": {
"protection": true
}
}| Field | Purpose |
|---|---|
protection | Enables include simulator architectures for protected builds. |
Configuration
For direct build submission payloads that do not use the tenant configuration object, the equivalent build parameter is include_simulator:
{
"tenant": "example-tenant",
"version": "1.0.0",
"app_name": "MyApp.ipa",
"subscription": "ENTERPRISE",
"include_simulator": true
}Set include_simulator: false (or omit the key entirely) for production device-only builds.
Plan Requirement
This control is available exclusively on the ENTERPRISE plan. Attempting to enable it on FREE or TEAM subscriptions will result in a build configuration error.