My situation is that I have just hired a second developer to work remotely. He doesn't have a developer account and would like to send me his progress.
At the moment he is using my Apple Developer account with a temporary password but this is not ideal, is there a way that he can have a certificate and I can reset my password?
My Apple developer account is set up as individual by the way
Thanks
If you are not going to extensively adding and removing the devices then the easiest way is to add all the devices, create dev and distribution profiles and certificate download all in your Xcode then simply export and send to him and he can simply import and use the local signing assists option not the online account .
You can export the certificate and the private key for the certificate in the Keychain Access application. You could then send the developer the key, certificate, and the provisioning profile to the other developer, who could then build the app with your provisioning profiles, without direct access to your developer account.
This will be a bit of a hassle if the other developer needs to do a lot of device maintenance on the developer profile (adding / removing devices). If that's not the case, I would simply send him the necessary files and reset your password to prevent having to share full access to the account.
Related
Another developer shared his app with my dev account. But in that case I do not get access to the provision profiles. But my Xcode does not want to run that app on my iPhone. Asks me provision profile.
He also sent me the provision profile(downloaded it and sent me file) but I cannot still install it.
How I can solve the problem without username/password credentials of the creator?
Yes, but you will need to have the developer send you the signing identity for the provisioning profile. This will consist of the iOS Developer Certificate (.cer) and the private key for the certificate (usually a .p12). With those things, you should be able to build and sign the app without the developer having to give you their Apple developer credentials.
We are struggling with the Distribution Certificate handling from Apple.
We have several developers setup in the Apple Developer Portal, for the sake of the example:
Alice: Team Admin
Bob: Admin
Charles: Admin
Dan: Developer
Alice, Bob, and Charles should be able to build Apps for Distribution (Adhoc for internal testing, Testflight for external testing, and Appstore for distribution). Dan is only producing code and debugging on his local machine.
All users use individual accounts for the development.
From what we understood from the Apple documentation, Alice, Bob, Charles need a valid distribution certificate. If xCode generates it for them, they will start playing “ping pong”, and keep revoking each other’s certificate – at least this is what appears to be happening at the moment.
We are not sure why this would happen. One would think, that if you create a different new user this account can also maintain his own (distribution) certificates.
Anyway, so they will need to share a distribution certificate, by sharing the private key (p12 file) of it, as you can find in the answer here.
In our account, it appears as if we can have up to two valid distribution certificates.
We don’t really know how this ultimately worked – we didn’t do it manually over the developer portal, but used xCode for it. Alice generated her certificate, Bob revoked and regenerated, Alice did the same thing – but suddenly they both had a valid distribution certificate, instead of invalidating Bobs certificate.
In the documentation it was mentioned that you can have up to 2 valid distribution certificates. We have also manually tried to generate the distribution certificates and could confirm that it is limited to two.
However, we then got recently invited to a customer’s developer program to sign apps on his behalf.
I assume the customer was not aware that we require the private key from his distribution certificate. We therefore tried to manually generate a distribution certificate, and saw that it was not possible. To our surprise though, the customer managed to generate 3 valid distribution certificates.
Any idea how this worked?
Our questions in a nutshell:
1. What is best practice when you manage a team of developers?
Do you normally share the private key of the first developer who generated the certificate with all other team members, which should be able to sign the app?
2. What is the best practice when you work with clients?
Do you ask them to generate another private key, or is there some hidden functionality to generate as many distribution certificates as you want, given that every developer uses his own account?
3. What happens when we revoke a certificate.
It doesn’t affect the apps in the app store, but only seems to limit other developers to build their app. However, what happens with APNS / Push Server certificates? When we revoke a distribution certificate through xCode, will this also suddenly stop working for the sender?
Thank you for your help.
After a long time of investigation and trying things out, here is what we think is the best fit for us. Not sure if it is best practice but it seems to work for us just fine.
1. What is best practice when you manage a team of developers?
One person generates a distribution certificate using his mac. He then exports the certificate (public AND private key) in a p12 file, as suggested by washloops and shares it with the team.
2. What is the best practice when you work with clients?
We have two sorts of clients:
Clients working with multiple suppliers (so we are just taking care of 1 app, out of their portfolio) - We ask them to share their distribution certificate (public + private key). If they don't have it, they need to get it from another vendor.
Clients working only with us - We generate the certificate and share it with the client later on. This allows them to share it with other vendors if they need to.
3. What happens when we revoke a certificate.
From our tests: "nothing". If you revoke a distribution certificate, it will prevent developers using this certificate from submitting / building apps. However, existing APNS / Push certificates are not affected.
For us it seems as APNS / Push certificates are totally independent, and if you wish to revoke them, you need to revoke both.
You have to create just 1 distribution certificate. After that you go to Keychain Access, select the certificate and export it as ".p12", and maybe add a password to it.
After that you just install it in the other computers.
Regards :)
I have hired a freelancer to build an app for me. I have an individual dev account to which I have added him as a technical user. He has requested either that I send him distribution and development certs plus a provisioning profile OR to make him an admin role in iTunes Connect.
Should I create certificates with my name/email and send them to him? Or with his name/email? Or should I just make him an admin? What is the best/safest course of action? This is just for testing purposes and I will be receiving the source code upon project completion.
Totally new to iOS dev and have been scrounging around the web for a definitive answer. Sorry if this is rudimentary!
Thanks!
You don't need to add him as a Admin at all. If he has a free developer account you can sent him a request to add to your developer account team and can create a development and distribution profile from which developer can download. For certificate request developer need to send the request from him Mac and can download it from developer.apple.com.
For other option i am not sure if it will work because from latest XCode environment developer account needs to be added in Xcode but give it a try.
Other option if you don't at all want to give access to your developer account will be. Create and download the developer and distribution profile and share it with Freelancer.
For Certificate you would be requiring a Mac. Below is a process of creating a certificate:
http://www.aquafadas.com/en/documentation/sample-page/developer-apple-com-2/generating-your-development-certificate/
https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingCertificates/MaintainingCertificates.html
Now goto your KeyChain access and can see your certificate there:
Right Click your certificate and export "iPhone Developer..." or "iPhone Distribution.." . Save it to your desktop. It will be a .p12 file and will ask for password while saving.
Share this .p12 file with the freelancer along with password. Share both Developer and Distribution certificate.
So now your freelancer has both Developer and Distribution certificate and provisional profile.
Since he is not the one that will be submitting the app to AppStore, then he should not be an admin. So the admin account is with your credentials.
Usually, if he is an iOS freelancer, most likely he already has an Apple account. So after he creates a certificate signing request, you should generate a development certificate for him, in order to test on real devices - that is, you must add his user to your created team.
However, the certificates-accounts process is not so easy, so I'd recommend you to also read: http://escoz.com/blog/demystifying-ios-certificates-and-provisioning-files/ .
I have a client that doesn't want my apple developer account to interfere with his application. So, can I use his developer account(without the credentials) to sign and test an application?
I searched and I found myself lost with some questions over a possibility that I'm not sure it works. The thing I found was him exporting the developer profile via XCode, sending me the developer profile file and me importing that into my XCode.
What I did not understand, however, was:
will this thing work?
will I need his account id and password for importing this, afterwards? (because this would be a problem)
is it required for him to generate this through XCode or is there any alternative?
can we both use this after he exports the file and I import it? is he able to revoke me after this is finished?
Edit:
Is there any other way to acheive that? Maybe any third party application?
It is very easy :
Get the p12 of his certificate : he could export from his keychain
then install this certificate and adhoc provisioning profile in you system. You can use this for taking build .
There is no way to build apps that appear to be signed by him without having his credentials. You only need this if you will be the one producing the release builds. For simple development you can use your own account.
There are various ways you could split up the work if he is capable of producing a build himself or running command line tools to re-sign the app you build (I haven't tried this myself). In my experience the company will have an account shared among developers permitted to produce and submit apps rather than individuals.
Not the way you hope it will work. When you import the profile you will be asked for a password.
You need his password to use his private key.
The developer profile is a convenient way to do it. He can send you the distribution certificate and a separate p12 file containing his private key along with his password for that key. You will import it into your keychain by double clicking the files and entering his password. Or he can give you his apple ID and password, and you can add that account in your Xcode preferences. This will give you access to the provisioning and distribution profiles.
You can both use the credentials at the same time. No, it is not revocable. Once you have his credentials it will be up to you to remove the account information. You will have his private key in your keychain.
Not sure if I understand your question correctly. Hope my answer helps you.
Your client can add you as a team member in his developer program. He can limit the access by choosing the appropriate role as mentioned in the below link.
https://developer.apple.com/programs/roles/index.php
You can then login with your credentials and create certificates/profiles/add devices etc but you can be restricted to access his iTunes Connect.
We have had a number of apps built by a 3rd party developer. I cannot remember how this was done in the past, but they have just updated 2 of our apps to work correctly with iOS 5.x
The agreement is that they will build and sign the files ready for us to upload to iTunes. We cannot build the code as the agreement doesn't include the source.
I have sent them the Distribution Provisioning Profile (.mobileprovision) but they have asked for the "Certificate for Keychain access"
Perhaps I am being overly cautious, but am I right in thinking I need to export my Developer Certificate as a .cer file and email that to them? We do trust the company, but is this the correct way to do things? Is it allowed by Apple?
The 3rd party have no access to our accounts (developer centre / iTunes connect) and we have no access to the source code.
Thank you
If they're going to build things as you, they'll need your certificate and private key as well as the provisioning profile. I don't think there's any way round that if they're going to do the building and code-signing.
I think it's a fairly typical way to do things, in a situation where the client has the dev account but the developer owns the source.
Even if the development company did have access to your iTunes account, you'd still need to send them the private key that your certificate was created with.
Not tried it myself, but seems like there is a way to re-sign the binary (IPA file). Check this link It uses a utility called iReSign