So I have a client who I’ve built this app for. The app had reached its MVP so we launched it and transferred the app to their developer account. Now I want to continue working on the app for them but I don’t have the proper certificate on my device to make changes to the project on the clients developer account. How do I go about getting the proper certificates set up so I can upload new app versions of the app to their App Store Connect account?
There is two solutions I can think of :
They can add your Apple developer account into their new developer account and give you the developer access (or admin access to have a bigger freedom). Therefore you will be able to recreate certificates for you in order to work on your project. (for me this is the best approach and it keep things clean). To do so, just ask one of the admin of the itunesconnect account on your client side, and he will add you as a Developer Manager in the account.
you can ask them to export their new certificates as a .p12 file (which contain the private and public keys) and their provisioning profile from their Mac OS key chain (the developer or team from your client that is handling the app nowadays if any). Then you will have no issue at all. (I do not recommend this one and vouch for the first one even if second one seems easy). Also if tomorrow they changed it or revoke it will require to do again the same update..
Got a new SSD for my mac (so it is like starting over), and am trying to set it up for Xamarin iOS development (again). After much fun with Apple procedures I am ready to upload to the App store, but get this message:
This message pops up when I am after the Archive is built, after I select Upload (after Sign and Distribute). It seems the important part is Authentication failed Sign in with the app-specific password you generated.
Sign in? Sign in to what? I have my app specific password, but what do I do with it?
There certainly seems to be a lot of web pages trying to push me to appcenter.ms, but I should not be forced to use a Microsoft service to distribute my app and do not wish to go that route at this time.
Below are some hints to help others who like me are not full time iOS app developers and are tired of massive web pages explaining the process.
Important things to know/remember for Xamarin/iOS development (obviously you need a Apple developer account, need to install XCode, VS, Xamarin):
you need to tell XCode your Apple developer credentials
you need to tell VS your Apple developer credentials
you need to tell Apple the UID of your build box, test devices
you need a developer certificate and distribution certificate from Apple
you need to create two provisioning profiles, one for development and one for distribution
somehow building a Xamarin iOS demonstration project in VS on my Mac made the iOS simulators available to other projects
you may need a special Apple intermediate certificate (AppleWWDRCAG3.cer) and install it, even though various webpages said that was only necessary if your XCode was an old version (I had the latest XCode and still had to find/install it)
Short version
Is it still possible for one developer to compile an iOS app and pass it to another who has the distribution certificate (and private key) to upload to App Store Connect?
Background
My company has signed a contract for an external developer to deliver an app for us to put into the app stores, without giving us the source code.
We have tried resigning the app by removing the _CodeSignature folder and running 'codesign -f -s ......', but App Store Connect rejects it because of some problem with SwiftSupport folder. So now this external developer is insisting there is no way for him to compile the app and us to distribute it and wants our cert and private key even though Apple says "Do not share Apple Certificates outside of your organization."
Yes it is possible. Check out this tool on github https://github.com/Elyorbe/XReSign
I've read a bunch of threads, posts and articles but I didn't find what I'm looking for.
My friend has a apple dev account where I can generate the certs and such. This account is not a company account if that matters.
Currently I'm working on a ionic/phonegap app and it's ready for testing. There is a step when creating the certificate that needs to open the crt file within Keychain Access and export a file. <-- Is this step mandatory on the Mac of the dev account holder? or Can I do it with my own Mac? Will it affect somehow? We've 3 apps published already but I always use his to do this steps and he is currently unavailable.
Thanks!
You can do it with any mac, but the private key will be on that specific mac. You can then later share it.
However, your friend can export his/her dev account and share it with you, giving you everything you should need.
We have build an enterprise iPad App and now we want to give it to our employees. Initially when testing, we used ad-hoc distribution collecting all the test device's UDID and then creating the profile.
Now going live we want this app to be deployed in a secured web server and send the link to our employees, so that they enter the username and password before accessing the link.
There are around 500+ devices we need to install this iPad App. Do i need to collect all the UDID and then deploy the .ipa file, because Apple documentation says:
Create an enterprise distribution provisioning profile that authorizes devices to use apps you’ve signed.
If not that way, do the user needs to install the profile.mobileprovision file and then install the .ipa file?
We are still unable to decide how to deploy our app because of this issue. We would like to avoid the app approval process because it App handles a lot of sensitive data.
Can some one help me on this, how to do a OTA deployment for enterprise Apps?
As of December 2011, these are the steps:
Create a provisioning profile in your Apple Enterprise account
Set this as the Code Signing Identity under the Build setting of your app.
Make sure the Bundle ID matches that of the provisioning profile.
Select Product > Archive to build IPA file.
Click Share (aka Distribute) button after selecting your Archive.
Set Contents radio button to iOS App Store Package (.ipa)
Make sure Identity in dropdown is the one used from Enterprise account.
Click Next
Select the check box "Save for Enterprise Distribution"
For Application URL put in the URL that points to where the ipa file will be placed (example: http://oursite.com/myApp.ipa)
Click Save. This will save a plist & an ipa file for you.
Place these files on your server with a link formated like this:
<a href="itms-services://?action=download-manifest&url=itms-services://?action=download-manifest&url=http:/oursite.com/myApp.plist" id="text">
Go to this page from your device and click the link to install the app
Probably the best way to distribute your enterprise mobile app and then securely manage users, groups, data and devices is using a Mobile Device Manager (MDM) tool suite.
iOS provides specific APIs that support enterprise deployment via MDM products with API level features like Per App VPN connections that allow you to firewall a DMZ application server to only connect to a specific signed client iOS app. The vendors also provided authentication SSO integration and encrypted storage on the devices to sandbox your enterprise apps from other untrusted personal apps on a BYOD device.
Here's the Gartner 2013 review of MDM products:
http://www.business.att.com/content/whitepaper/Gartner-MDM-MQ.pdf
The 3 major players are now: Air Watch, Mobile Iron and Citrix XenMobile.
NOTE: I don't work for or have a vested interest in any MDM vendor.
There are two solutions
Try testflightapp.com
It does everything for you. It even has a SDK which I found very useful in debugging scenarios with logs and crash reports.
If you are looking to have your own hosted solution for the enterprise then
http://hockeykit.net/ is the best bet.
It has a client application which makes the upgrade process painless. It also have a server side code which you can deploy on your server.
https://github.com/TheRealKerni/HockeyKit
Update 2013-11-23:
We have been using Diawi happily for quite some time.
You can also use my shell script that will help you a long way with generating the necessary files and links:
https://github.com/sveinungkb/ios-ota-buddy
You do not need to manage UDIDs if you are using an enterprise profile.
To install an enterprise app you need a provisioning profile built with your distribution certificate on each device. See Does an iPhone Enterprise provisioning profile need to specify phone UUIDs like an ad-hoc provisioning profile does?
I've created tool (it's beta, so please be patient with it:)) for generating manifests from ipa file online:
http://manifest-generator.knejzlik.cz/
It generates plist with index.html file. All you need is to put content of downloaded archive to your site.
You can use InstallFish.com for this.
It allows OTA distribution for both IOS and Android. It also has a feature to automatically get the UDID and create your own appstores.
You will still need to provision them via your enterprise account but it makes the whole process of OTA installs much easier, especially for enterprise distributions.
You can use hockey, diawi etc. but sometimes you just want something simple that allows you to host it on your server. I was searching for a simple, basic php script that can do this but did not found any that suited my needs so I wrote a simple single php file server by myself and you can find it here:
https://github.com/leszek-s/LSIPASERVER
It has a list of all uploaded ipa files, upload page with password protected upload and each uploaded ipa has it's own page so you can send a link to specific uploaded ipa to someone. Feel free to use it on your own server.