In years gone by we found that we could only have 1 distribution certificate per logged on user so we created as many accounts as was need, 3 in our case, 1 for each developer program and logged onto the mac using the required account.
So anytime an app was developed and need to be distributed in-house I would log onto the mac using the enterprise account and archive and distribute for in-house and sent the resulting .ipa file and the provisioning profile to the users.
I have now discovered I can have multiple distribution certificates on the mac and am trying to see if I can distribute via in-house logged on to the mac as me and use my own profile or the team profile that link to the enterprise developer program.
The app build ok and generates the ipa file and I can install using iTunes but I get a faded icon on the iphone and when tapped it says installing but never does?
So, my two part question is:
a) is it possible to distribute in-house using my enterprise linked account logged on as me and using my profile or team profile
b) I read you do not need to give the user the profile, but I have always done this as was the requirement when I first learned to do this?
Thanks
a) Yes. I have 10 or so certificates (dev & dist) on my computer for various clients. I keep them in separate keychains for peace of mind. When it comes to time distribute your in-house binary, you archive in Xcode then hit the Distribute… button in the Xcode organizer, choosing the correct Enterprise profile.
b) This is no longer necessary as the Distribute… step mentioned above embeds the profile in the app. Things are much easier than they used to be.
NB: I avoid wildcard provisioning profiles as they can cause heartache, even in simpler situations than yours (e.g. if Xcode chooses a wildcard Ad Hoc profile during Archive, then your entitlements may be wrong once you Distribute), so for this reason I recommend you always use explicit profiles.
Related
We have a series of iOS Enterprise applications that were built with Telerik Cordova (discontinued in May 2018). Those apps are in the process of being converted to a new platform, but in the mean time they must continue to service client needs.
The distribution certificate the apps were built with is valid for another 14 months or so, but the provisioning profiles expire in a few days. Since these are Enterprise apps they will expire with the profiles.
Unfortunately, Telerik can no longer rebuild the apps using an updated profile for us. We have re-signed the apps using new provisioning profiles (using both iReSign and Terminal). When we try to side-load the resulting IPAs through the XCode Devices panel, we get an error stating that the entitlements do not match and the apps are not installed.
The question was raised as to whether or not we not need to re-sign the apps since the certificates are still valid. Perhaps it would be possible to just replace the .mobileprovision file on the device somehow? I gave it a try using iTunes Sync but I cannot confirm whether the file actually went to the device or not.
Question: Is it possible to just update the *.mobileprovision on the device without re-signing the app? If so, could someone please give me the steps or direct me to a link to perform the steps?
Alternate Question: Otherwise, any thoughts on how to resolve my Entitlements issue? The app only needs Push Notifications, but Game Center and In-App Purchases are also enabled. These are reflected in the App ID and provisioning profile, and the distribution certificate is of type Apple Push Services.
I should point out that I am not an admin on the Apple Developer portal for the project as I am an outside consultant, so my portal access is strictly read-only.
Thanks in advance for any direction provided!
If the applications were distributed to the devices by an MDM, then you can push a new provisioning profile to them using the MDM.
If the applications were installed over the air from a web server or directly using iTunes or Apple Configurator, then you need to replace the entire application package on the device. This requires the app to be re-signed, since the changed .mobileprovision file will change the package signature.
If you don't have the original, app ID with matching entitlements in the developer portal, then you will need to delete the existing application from the device before installing the new, re-signed application. You won't be able to do an in-place upgrade.
I have an app (adhoc dist.) and uploaded it to Diawi.
Now, I should add new UDIDs. After add them, do I need to recreate or rebuild the IPA and re-upload to Diawi?
Thanks in advance
An Ad-hoc IPA will only install on the devices listed in the embedded provisioning profile. If you want the app to be able to be installed on additional devices then yes, you need to provide an updated IPA with the updated profile.
Better yet, use TestFlight and avoid all of this hassle.
The answer to your query may be in two types of accounts
1) If you have an Enterprise Apple Account: No need to add tester UUDI to the account as the app can be released using Universal distribution binary which any device can install using OTA installation method.
2) If you have the developer account: your existing app will have no impact but yes for the new devices to install you have to regenerate the profile as the existing as on store account portal will get Invalid and needs to be updated for New IPA compilation. The old one will not work.
I would always recommend having an Enterprise account for a testing/building app company as Appstore Developer account is better for Distribution on Appstore or small scale company who rarely adds device ID for debugging and testing unless its standalone developer like scenario.
I work for a company developing their iPad app. None in the company is a technological geek to handle Xcode app deployment themselves. So for now, we do this:
I develop the app.
Create an ad hoc testing version and share the .ipa file with them.
They test and then I make a distribution version for further release.
What I want to establish as a permanent solution is
I develop and share the Xcode archive
They make all different versions for testing and release.
However I have been largely unsuccessful in doing so: for creating the archive, I have to sign/certify with my development profile. They could deploy it further from Xcode archive to an .ipa file, using their distribution certificate. However, they can not install it on their devices. I believe mainly because the development version requires my certificate/profile to be enabled on their devices :(.
Is there a way out? I need to provide them an archive which they could further sign and do whatever they want to do (either test on whatever devices they want to or release).
Thanks,
Nikhil
If you don't want to manage the device identifiers where you are deploying the device, you could use:
1) TestFlightApp.com (although I don't know what the current status of their offerings are -- since they've been acquired by Apple -- but they still have a "Sign Up" link on the top of their home page).
or
2) Apple's Enterprise Developer Program, which allows you to "Distribute In-house Apps".
You can sign application using their distribution certificate.
To do so c'est have to send you a p12 export of the certificate, the p12 contains the private key of the one creating the certificate and the certificate.
To export a certificate :
Go to the keychain access
Right click on the certificate
click export
I've been under the impression for some time that for iOS, signing a build with a developer provisioning profile allows the app to run (and get debugged) on an authorized device (listed in the development provisioning profile) through an XCode build, whereas signing with a distribution profile allows the app to be run (but not debugged) on other iOS devices that have been specifically added to the distribution provisioning file for the purposes of QA/beta testing/etc (and installed via iTunes sync or OTA distribution), without the need for those QA/beta-testers to even know what an XCode is.
Seems to match several of Apple's own docs:
"When you’re ready to share your app for user testing [...], you need
to create an archive of the app using a distribution provisioning
profile and send it to app testers" (source)
and
Code Signing with a development profile allows your app to run on
device through Xcode, and signing with a distribution profile allows
you to create distribution builds.
The certificate named "iPhone Developer" allows you to run/debug your
app on iOS devices through Xcode, and the certificate named "iPhone
Distribution" allows testing your submission build with Ad Hoc
distribution (source)
This seems to imply that using a distribution profile is necessary to do app sharing outside of the App Store, and for years I've always assumed this to be true. Recently however, I've been shown a use case from another colleague where they've been able to share builds with many other people using only a development provisioning file. Another user has described a similar discovery here: Why not use development provisioning instead of ad hoc?
I'm worried I might be missing something here, I'm now suspicious that there are cases where as long as another user has access to a relevant developer provisioning profile that includes their device's UUID, and installs it on their device (drag into iTunes, config utility, etc), that they would be able to sync Developer builds through iTunes as well, without the need for making separate Distribution builds.
This has led me to question some of the assumptions I've had about the nature of the differences between developer and distribution builds in general. I'm starting to think that it's more about debug support and general ease of installation, rather than the nature of how it's installed (XCode vs iTunes/OTA explicitly).
In short, if a device has it's UUID included in a developer provisioning profile, do I really need to make separate distribution builds, or can I simply share a Release Development build and assume that will work with an iTunes sync as well? Does the "Use for Development" button in organizer have any real relevance to this?
More broadly: what are the fundamental differences between Developer and AdHoc builds in terms of how they can be shared among other people within an organization in the development/testing phase before being submitted to the App Store?
Check this SO Post for the differences listed out between developer and distribution builds. From a developer perspective, there is not much difference whether you want to distribute your app either by signing it with a developer profile or distribution profile, provided you are not testing push notifications.
I am making my .ipa for an app I'm about to upload to TestFlight, but I can't seem to figure out how to make it available to all of my teammates.
When I make a provisioning profile at developer.apple.com, I can only register one device per profile. (Right?)
When I create the .ipa in Build -> Archive, I can only use one Provisioning Profile. (Right??)
So this means I can only make an .ipa work for one device. (Right???)
This can't be right. What am I doing wrong?
An ad-hoc distribution profile can support more than one device. Check you are making one of those, rather than a development profile. It's a different tab in the portal. The device UDIDs can all be added in the portal as well.
Alternatively, if you're on the enterprise program, you don't need to gather UDIDs and can install on devices without them. There is some confusion over whether this is technically against Apple's terms but in practice it is being used by many developers for beta testing.