We have a series of iOS Enterprise applications that were built with Telerik Cordova (discontinued in May 2018). Those apps are in the process of being converted to a new platform, but in the mean time they must continue to service client needs.
The distribution certificate the apps were built with is valid for another 14 months or so, but the provisioning profiles expire in a few days. Since these are Enterprise apps they will expire with the profiles.
Unfortunately, Telerik can no longer rebuild the apps using an updated profile for us. We have re-signed the apps using new provisioning profiles (using both iReSign and Terminal). When we try to side-load the resulting IPAs through the XCode Devices panel, we get an error stating that the entitlements do not match and the apps are not installed.
The question was raised as to whether or not we not need to re-sign the apps since the certificates are still valid. Perhaps it would be possible to just replace the .mobileprovision file on the device somehow? I gave it a try using iTunes Sync but I cannot confirm whether the file actually went to the device or not.
Question: Is it possible to just update the *.mobileprovision on the device without re-signing the app? If so, could someone please give me the steps or direct me to a link to perform the steps?
Alternate Question: Otherwise, any thoughts on how to resolve my Entitlements issue? The app only needs Push Notifications, but Game Center and In-App Purchases are also enabled. These are reflected in the App ID and provisioning profile, and the distribution certificate is of type Apple Push Services.
I should point out that I am not an admin on the Apple Developer portal for the project as I am an outside consultant, so my portal access is strictly read-only.
Thanks in advance for any direction provided!
If the applications were distributed to the devices by an MDM, then you can push a new provisioning profile to them using the MDM.
If the applications were installed over the air from a web server or directly using iTunes or Apple Configurator, then you need to replace the entire application package on the device. This requires the app to be re-signed, since the changed .mobileprovision file will change the package signature.
If you don't have the original, app ID with matching entitlements in the developer portal, then you will need to delete the existing application from the device before installing the new, re-signed application. You won't be able to do an in-place upgrade.
I am working on a tvOS app. I need to create an ipa file. The client has provided a distribution certificate and a provisional profile for the app. But, the client has not provided any Apple Developer account details. Is it possible to create a valid ipa file for App Store?
You will not be able to be able to create a valid ipa without being part of their team on the Members Centre.
However, it should be relatively straightforward for them to re-sign the IPA, instructions can be found here:
How to Re-Sign an iOS App from an External Developer
This means you can just sign the ipa with your regular developers profile.
It may be worth noting that they can add you to their team on the Developer Centre without adding you to their team on iTunes connect as they are two separate services. This means you can provide them with a valid, signed build which they could then upload to iTunes Connect themselves.
Basically, I want to do exactly what is already stated in this question – just in XCode 7.2.
The setup: I am developing an iOS app (using Ionic) for a client and they want to publish it to app store in their name under their account. They however don't want to give me their account login and details. I have received a distribution certificate and a provisioning profile in stead.
I have installed the .p12 distribution certificate and have received a .mobileprovision profile for App Store Distribution using this certificate. I am however completely unable to select this provisioning profile anywhere.
My only choice in the export of the archive happens when XCode asks me which developer account I want to archive with. And here I can only choose my own account (of course). That's obviously not what I want though.
"Once" (in XCode 5, according the linked question) I should have been able to select the external provisioning profile under "Code Signing", but this doesn't seem to exist anymore.
Can this be done without getting their account details? I know that I don't need to know their password, they can just export it to me. Right?
I don't think you can do exactly what you are saying without code signing it with their account (which you don't have access to). I see two possible solutions for you to achieve your goal:
Send them the Xcode project and explain to them how to sign in to Xcode, archive the app and send it up to the store
Upload the app to your personal store account and then transfer it to their account. See this link for details on how to do that: https://developer.apple.com/library/ios/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Chapters/TransferringAndDeletingApps.html
I'm using Xcode 6.3.2, and I'd like to let another people to build and create the .ipa files of my projects, but I don't want neither to expose my Apple Developer account information, nor create users for them in my team... is that possible? Either by using Xcode, either by commands line.
Thanks in advance
EDIT: The goal is to prevent those external people from being able to submit apps to the App Store by means of my Apple Developer account and from being able to see the other apps managed in the account.
EDIT2: Does providing the distribution certificate to external people make possible to them to submit binaries to the App Store?
After reading your edits, I think I understand more clearly what you are trying to do. Basically, you will simply need to provide the other members of your team with the following:
The private key used to generate your app store distribution
certificate.
The distribution certificate
The app store distribution
provisioning profile
This will allow those team members to work on, and build the app for the app store. Without your Apple developer ID password, they will not be able to log into iTunes Connect to see the other apps you have. While they will be able to build the app for app store distribution, you (as the only one with the apple ID password) will have to be the one to submit the compiled app to the store.
So basically, your development team will create the apps. When you're ready for release, they can do an "Archive" in Xcode to create the .app that has been signed for the app store (using the provisioning profile and signing identity that you provided them in the three files I mention above. They will zip up the .app and the .dSym files into a .zip and send it to you. You will then log into iTunes Connect and set upt the app to be ready for the new binary, and then use the Application loader to upload the .zip to apple for review. Once you have gotten a successful review, you will again log into iTunes Connect to release the app. So at no point will the developers have access to submit apps or see other apps you have in the store.
Also, the development team will not need the provisioning profile, cert, and key until they need to build for the app store. During the development phase, there is no problem with them using their own developer accounts to build and test the app.
One additional thing to note is that Apple is changing the roles that are available in iTunes connect. You may want to review those new roles to see if some combination of those roles my work for your team setup.
From http://9to5mac.com/2015/06/12/wwdc-itunes-connect-testflight-limits-account-switching/
After several apps are added to an account by its admin, developers
can now assign user roles to individuals on their team— app manager,
developer, or marketer— with each allowing varying access to iTunes
Connect features. App managers, for example, will be able to create
users, assign user roles, change pricing, and submit apps for review.
Marketers will get access to updating store metadata, uploading promo
material, and requesting promo codes. Users assigned the developer
role will be able to upload binaries, and view crash logs and store
metadata.
Apple recently introduced Free-provisional-profile and/or free-developer-certificate support.
But it's limited (see below note).
To utilise that follow below steps suggested by Apple,
In Xcode, add your Apple ID to Accounts preferences, described in Adding Your Apple ID Account in Xcode.
In the project navigator, select the project and your target to
display the project editor.
Click General and choose your name fromthe Team pop-up menu.
Connect the device to your Mac and choose your device from the Scheme toolbar menu.
Below the Team pop-up menu, click Fix Issue.
Xcode creates a free provisioning profile for you and the warning text under the Team pop-up menu disappears.
Click the Run button.
Note that said support is limited, for example, the capability to sell things with "Apple Pay" would not even build with a free-certificate.
Yes, there are several ways to solve your problem.
You can create .ipa file with you provisioning profile and give them the file, they can you use application called "Application Loader", they can use this application to upload the .ipa, this should resign your application with their provisioning profile. I did not try this but it should work.
When you create an archive of you application, it will be listed in "Organizer", go to that location, and give them that .app file alone. Then they can use any third party application(can be downloaded from Mac Appstore) to resign the application with their profile. In this case, you are completely hiding your information. They can even change the application icon, default image.. etc during the resigning process.
When you build your application in release mode an .app file is created, this is unsigned binary. You can search for .app file in your Xcode project itself. Just find the location, and give them that .app file alone. Then they can use any third party application(can be downloaded from Mac Appstore) to resign the application with their profile. In this case, you are completely hiding your information. They can even change the application icon, default image.. etc during the resigning process.
Hope this helps.
No, There is no way to compile a .ipa without a provisioning profile (device compile, not simulator compile). To do this, you would go XCode->{AppTarget}->Build Settings->Code Signing->Code Signing Identity, and set 'Don't code sign".
Trying to compile afterwards will fail with
CodeSign error: Code signing is required for product type
'Application' in SDK...
EDIT: The goal is to prevent those external people from being able to
submit apps to the App Store by means of my Apple Developer account
and from being able to see the other apps managed in the account.
You have two options:
Send them your Source code + XCode Project, and not the library.
Compile the code using "iOS Developer" Code Signing identity, and not "iOS Distribution" identity.
Anything signed with iOS Developer can never be sent to the AppStore.
Anything signed with iOS Distribution can never be run on a device
unless it is downloaded from the AppStore.
They can never see what you have for sale, nor publish anything unless they have your AppleID username and password
I am very new to iOS development and am in a bit of a bind. Another company has made an app for us and we are to deploy it. I have an enterprise development account and have successfully deployed one of my own apps to my own secured app store.
I have received a .ipa and a .plist file from company B and tried to put it up on my app store as I did with my app using the special href tag.
a href="itms-services://?action=download-manifest&url=http://www.myurl.com/app/company_b.plist">link</a>
The app downloads about 90% then fails. I have ensured that it is a valid plist file pointing to the .ipa.
Company-B had to add my iOS device to their device list at https://developer.apple.com/account/ios/device/deviceList.action. After they did this the app would download correctly.
I need to deploy this app to a number of people and Company B cannot add all the devices to their device list.
What can I do to deploy this app properly?
Any and all help is greatly appreciated!
Use a script like https://gist.github.com/RichardBronosky/2878446 to re-sign the ipa with your enterprise certificate. This way you don't need to give the 3rd party developer your signing identity.
You should never give out the private key for your enterprise certificate or give developer.apple.com access to anyone outside of your company.
The company has not properly signed the application. Get them to rebundle the ipa with the proper enterprise certificate