I work for a company developing their iPad app. None in the company is a technological geek to handle Xcode app deployment themselves. So for now, we do this:
I develop the app.
Create an ad hoc testing version and share the .ipa file with them.
They test and then I make a distribution version for further release.
What I want to establish as a permanent solution is
I develop and share the Xcode archive
They make all different versions for testing and release.
However I have been largely unsuccessful in doing so: for creating the archive, I have to sign/certify with my development profile. They could deploy it further from Xcode archive to an .ipa file, using their distribution certificate. However, they can not install it on their devices. I believe mainly because the development version requires my certificate/profile to be enabled on their devices :(.
Is there a way out? I need to provide them an archive which they could further sign and do whatever they want to do (either test on whatever devices they want to or release).
Thanks,
Nikhil
If you don't want to manage the device identifiers where you are deploying the device, you could use:
1) TestFlightApp.com (although I don't know what the current status of their offerings are -- since they've been acquired by Apple -- but they still have a "Sign Up" link on the top of their home page).
or
2) Apple's Enterprise Developer Program, which allows you to "Distribute In-house Apps".
You can sign application using their distribution certificate.
To do so c'est have to send you a p12 export of the certificate, the p12 contains the private key of the one creating the certificate and the certificate.
To export a certificate :
Go to the keychain access
Right click on the certificate
click export
Related
I see that this question has been asked many times but I see no solution that works for me so I'm hoping that providing more info might shed some light.
We use appcenter.ms to test iOS apps. Until our iOS certificate expired this method worked fine. We generated a new enterprise certificate and ad hoc provisioning profile for new releases of the iOS app. Which led to the first curiosity.
I see how to upload a certificate on appcenter.ms but not a provisioning profile. I thought there was an option to do this in the past but perhaps I am mistaken. However, the app is signed with a provisioning profile before upload, so perhaps this is not needed now.
Once the app is uploaded, it can't be installed. It remains grey and when you tap it, you get the "this app cannot be installed because its integrity could not be verified" error. Again, that the .ipa is created with an ad hoc certificate and profile in Xamarin (VS for Mac).
Also, I can't install the provisioning profile on a device from appcenter.ms. You basically get stuck in a loop where you seem to successfully install the profile but have to keep doing it because it never actually installs.
I hope this is enough info for some insight and thanks in advance for any feedback.
We were able to solve this by redoing and downloading development certs and via
And also downloading and double clicking the apple development certificate here
After that our keychain showed both as trusted and we could build to the iPhone again.
The issue can be the your device is simply not registered on the developer portal and/or that ad-hoc provisioning profiles have not been regenerated.
You need to register your device, regenerate a provisioning profile with this device in it and rebuild your app using this profile.
This can also happen because of
Developer ID Notary Service - Outage
which can be checked on https://developer.apple.com/system-status/
Notarization is well explained here:
Notarization gives users more confidence that the Developer ID-signed
software you distribute has been checked by Apple for malicious
components. Notarization is not App Review. The Apple notary service
is an automated system that scans your software for malicious content,
checks for code-signing issues, and returns the results to you
quickly. If there are no issues, the notary service generates a ticket
for you to staple to your software.
Work around fix:
Select your app.
Navigate to TextFlight tab
Create External Testing group
Add one tester
Add build which you want to download using TestFlight
Open TestFlight and download an app.
In my case this was caused by trying to include an entitlement for aps-environment "development" when using an Ad-Hoc provisioning profile. The value for this environment in Entitlements.plist must match what is hard coded into the provisioning profile file - if you open an Ad-Hoc profile in a text editor you will see it expects the "production" environment.
The possible solutions depending on your requirements are to either use the Development profile/certificate, or change the aps-environment to "production" to continue using an Ad-Hoc provisioning profile.
It can also happen if you have other incorrect entitlements - worth checking what entitlements are enabled under the Identifier in Apple Developer portal and removing unnecessary ones.
I had this issue because when building the app on xCode for distribution (Product->Archive then Distribute App), I chose automatic signing. After manually signing the app and choosing my own generated certificate and profile, everything worked again fine.
I removed the Entitlements file from the Addition Resources in iOS Bundle Signing and it worked.
I think the MSAL configuration was set to debug in entitlements.plist
I have also face this issue before but for me the reason was little different
First the build was enterprise one and the build was made on the earlier Xcode version on which the iOS version you are using on the device was not supported by the Xcode.
All I did was to update my Xcode and make a new build and shared the build. After that we were able to install that build over device Hope it works for you as well
This is how I solved for myself.
In you iPhone Settings > General > VPN & Device Management you should see your company name (if an app from it is installed), and if you click on it, you will see a button like "Verify" above the list of apps installed provided by the company. Just click on "Verify".
We have a series of iOS Enterprise applications that were built with Telerik Cordova (discontinued in May 2018). Those apps are in the process of being converted to a new platform, but in the mean time they must continue to service client needs.
The distribution certificate the apps were built with is valid for another 14 months or so, but the provisioning profiles expire in a few days. Since these are Enterprise apps they will expire with the profiles.
Unfortunately, Telerik can no longer rebuild the apps using an updated profile for us. We have re-signed the apps using new provisioning profiles (using both iReSign and Terminal). When we try to side-load the resulting IPAs through the XCode Devices panel, we get an error stating that the entitlements do not match and the apps are not installed.
The question was raised as to whether or not we not need to re-sign the apps since the certificates are still valid. Perhaps it would be possible to just replace the .mobileprovision file on the device somehow? I gave it a try using iTunes Sync but I cannot confirm whether the file actually went to the device or not.
Question: Is it possible to just update the *.mobileprovision on the device without re-signing the app? If so, could someone please give me the steps or direct me to a link to perform the steps?
Alternate Question: Otherwise, any thoughts on how to resolve my Entitlements issue? The app only needs Push Notifications, but Game Center and In-App Purchases are also enabled. These are reflected in the App ID and provisioning profile, and the distribution certificate is of type Apple Push Services.
I should point out that I am not an admin on the Apple Developer portal for the project as I am an outside consultant, so my portal access is strictly read-only.
Thanks in advance for any direction provided!
If the applications were distributed to the devices by an MDM, then you can push a new provisioning profile to them using the MDM.
If the applications were installed over the air from a web server or directly using iTunes or Apple Configurator, then you need to replace the entire application package on the device. This requires the app to be re-signed, since the changed .mobileprovision file will change the package signature.
If you don't have the original, app ID with matching entitlements in the developer portal, then you will need to delete the existing application from the device before installing the new, re-signed application. You won't be able to do an in-place upgrade.
I'm using windows 8 to building applications with phonegap,
every thing is good except building apple application at:
https://build.phonegap.com
this appears:
phonegap build "no key selected"
how to get the key or .mobileprovision file?
You have to create them on https://developer.apple.com/, as AJD mentioned.
Go to your Apple developer portal
Click Devices to register your iOS device. You need to connect your device to iTunes to obtain your UUID
Click Certificate
Create a certificate for Production (to use PhoneGap Build, otherwise Development)
Download the certificate
Convert the certificate to a p12 file (See the screenshots below) - Double-click the .cer file to open it in Key Chain Access. Then click My Certificates under the category, Ctrl-click the certificate and export. When you save the .p12 file, you are asked to create a password that you will need later.
Create a provision file on Apple developer portal, then download. Again, to make this work on PhoneGap Build, you need one for Distribution, otherwise Development.
Actually, I blogged about it because using PhoneGap Build is not as easy as it should to develop iOS apps.
http://www.pubnub.com/blog/converting-your-javascript-app-to-an-ios-app-w-phonegap/
I know this question is made a year ago, but I hope this helps to everybody who has the same question.
You create and download the provisioning profile and an associated certificate on the Apple developer site.
Go
https://developer.apple.com/
Go member center > manage certificates and profiles...
A valid provisioning profile is connected to a valid distribution certificate. You will need both active.
Building for iOS
We're now able to offer support for building to iOS devices through Adobe® PhoneGap™ Build. The process for completing iOS builds is slightly different than that for other platforms: all iOS builds need to be signed by a developer certificate and a provisioning profile, that is tied to your Apple developer account and the device you wish to test on. This document covers how to set this up.
Note: Since PhoneGap Build uses Apple's standard development process to build applications, you will need to sign up for their developer program to build iOS applications on PhoneGap Build. You will also need a Mac to configure your certificate and provisioning profile.
When you upload a new application to PhoneGap Build, if you don't have a default certificate-profile pair attached to your account, you will be alerted that the iOS build can not be completed:
iOS Key Required
Your key will actually consist of two files: a certificate and a provisioning profile. Apple has extensive documentation for setting up your environment locally: the best approach is to ensure you can build an iOS application to your iOS device locally, to be sure that both your certificate and your provisioning profile are set up correctly for code signing.
Once you have these set up, you can export them for upload to PhoneGap Build. For the provisioning profile, you will need a file with the mobileprovision extension, which looks like this:
Provisioning Profile in Finder
Ensure that this provisioning profile is correctly paired with the device(s) you wish to test on.
Note that when you create your profile, you will specify the App IDs that are linked to the profile. This is important when using PhoneGap Build: the package name you specify for your app, in your config.xml (the id attribute of the widget element) or through the Edit App page, will have to match the ID for the provisioning profile. If they fail to match, your app will not be built correctly.
Apple appends a "Bundle Seed ID," or "App ID Prefix," to the provisioning profile when you generate it through the iOS Developer Center. Note that you do not to include this App ID Prefix in your config.xml for PhoneGap Build to build successfully. You just need the reverse-domain style Bundle Identifier - com.domainname.appname. This will also be best compatible with building for other platforms.
To prepare your certificate, you will need to open the Keychain Access utility on your Mac, and identify the certificate that you use for iOS development. Right click on that certificate and select Export ...
Export from Keychain Access
Save the certificate in a location you can remember, and enter a password. Remember the password: you will need to give it to PhoneGap Build, otherwise we cannot use your certificate.
Enter Certificate Password
Now back to the website. On the app detail page, simply select the "new key..." option from the signing key dropdown for the app in question, and then, from the list of platforms with signing available, hit add a key for iOS. Fill out the form: add your p12 certificate file and your mobileprovision file, and enter the password associated with your certificate.
Add Certificate to PhoneGap Build
Once your key is added, we'll attempt to rebuild the application for iOS. If all goes well, you should see a link for the built ipa file available.
You can then download the ipa file and use iTunes to install it directly on your provisioned iOS device.
Happy building!
I've been under the impression for some time that for iOS, signing a build with a developer provisioning profile allows the app to run (and get debugged) on an authorized device (listed in the development provisioning profile) through an XCode build, whereas signing with a distribution profile allows the app to be run (but not debugged) on other iOS devices that have been specifically added to the distribution provisioning file for the purposes of QA/beta testing/etc (and installed via iTunes sync or OTA distribution), without the need for those QA/beta-testers to even know what an XCode is.
Seems to match several of Apple's own docs:
"When you’re ready to share your app for user testing [...], you need
to create an archive of the app using a distribution provisioning
profile and send it to app testers" (source)
and
Code Signing with a development profile allows your app to run on
device through Xcode, and signing with a distribution profile allows
you to create distribution builds.
The certificate named "iPhone Developer" allows you to run/debug your
app on iOS devices through Xcode, and the certificate named "iPhone
Distribution" allows testing your submission build with Ad Hoc
distribution (source)
This seems to imply that using a distribution profile is necessary to do app sharing outside of the App Store, and for years I've always assumed this to be true. Recently however, I've been shown a use case from another colleague where they've been able to share builds with many other people using only a development provisioning file. Another user has described a similar discovery here: Why not use development provisioning instead of ad hoc?
I'm worried I might be missing something here, I'm now suspicious that there are cases where as long as another user has access to a relevant developer provisioning profile that includes their device's UUID, and installs it on their device (drag into iTunes, config utility, etc), that they would be able to sync Developer builds through iTunes as well, without the need for making separate Distribution builds.
This has led me to question some of the assumptions I've had about the nature of the differences between developer and distribution builds in general. I'm starting to think that it's more about debug support and general ease of installation, rather than the nature of how it's installed (XCode vs iTunes/OTA explicitly).
In short, if a device has it's UUID included in a developer provisioning profile, do I really need to make separate distribution builds, or can I simply share a Release Development build and assume that will work with an iTunes sync as well? Does the "Use for Development" button in organizer have any real relevance to this?
More broadly: what are the fundamental differences between Developer and AdHoc builds in terms of how they can be shared among other people within an organization in the development/testing phase before being submitted to the App Store?
Check this SO Post for the differences listed out between developer and distribution builds. From a developer perspective, there is not much difference whether you want to distribute your app either by signing it with a developer profile or distribution profile, provided you are not testing push notifications.
Can I send to my customer a beta version of my iOS app that he can run in the Simulator ?
Can I install Simulator only (without Xcode) on a Mac ?
I actually need an efficient methodology to send him the beta versions of the app, without having to meet him at each update.
Also, (3.) is there a way to install a beta version of the app, I developed in my xCode on its iOS device without app store ?
Thanks
No, I do not believe you can.
No, I don't think so. If you could, however, you'd also have to put all your source code on that machine and build your app there, just to run it in the simulator.
Yes, it's called an Ad Hoc build. You create a special provisioning profile through the provisioning portal on Apple's Developer portal. You then sign the build with that provisioning profile (actually, "Build and Archive"). Then you can, through the Xcode Organizer, share that build via e-mail with your customer. The Organizer creates an .ipa file and includes it along with the provisioning profile into an e-mail message which you can then compose and send.
Edit: The Ad Hoc provisioning profile will, of course, need to include the UDID's of your customer's device(s) on which they would like to test. That is the missing piece here that ties it all together: UDIDs, Ad Hoc profile, signed app with that profile, e-mail it to the customer and they can install both files (ipa and profile) via iTunes.
Lots of documentation on this, right in the Developer portal.
TestFlightApp.com is a great way to easily manage and distribute beta tests and ad-hoc builds. It's nothing you couldn't do yourself, manually, but it really helps make it easy, and is free.