This might have been asked lots of times, but still I couldn't find info on why are they needed. I use DEVELOPER prov profiles to test apps on my device, that makes sense.
The Provisioning Portal explains prov profiles like this:
A Provisioning Profile is a collection of digital assets that uniquely ties
developers and devices to an authorized iOS Development Team and enables
a device to be used for testing.
By this logic they are only needed for testing, eg not for distribution. Do we need one to deploy the app on the AppStore?
Absolutely yes. The distribution profile is used for submission to the App Store. It does not have the 100 device limit that the development profiles have.
From the Tools Workflow Guide:
When you’re ready to share your app for user testing or for general distribution through the
App Store, you need to create an archive of the app using a distribution provisioning
profile and send it to app testers or submit it to iTunes Connect. This chapter shows
how to perform these tasks.
The distribution profile prevents the attackers from submitting a modified version of your app to the store - only you, who hold the private key of the distribution certificate, can submit and update your app.
Once your app is submitted, your embedded.mobileprovision and your binary will be checked and compared to make sure that you are the legitimate author. embedded.mobileprovision file is then discard and the app is signed again by Apple using their own certificate (which is by default accepted by all iDevices), so that all iDevices can run it.
When an iDevice downloads the app, the executable binary is then encrypted with an encryption key associated that device. At run time, only that device can decrypt the executable binary and run it.
There are two types of distibution profiles, the first one is to submit your app to the appstore and the other one (Ad-Hoc) is necessary if you can´t connect a device to your mac(developer profile). Then you can share your app wit the Ad-Hoc profile to someone else e.g. via mail.
Distribution Provisioning Profile
Distribution Provisioning Profile is used by Apple to publish an application to App Store. When Apple approve the application it is signed by Apple and became public.
Distribution Provisioning Profile contains:
Application ID - application which are going to run
Distribution certificate - who can debug the app
[Development Provisioning Profile]
[Certificate]
Related
So I'm not using enterprise distribution profile to archive and export my project into IPA file.
I am using a valid distribution certificate though.
On XCode organizer I've made sure that everything is valid by clicking on the validate button for my particular archive before exporting it using the exact same distribution certificate and distribution provisioning profile. Also, I've made sure that I checked App Store as the method of distribution.
So I assumed everything checked out, then I distributed the IPA through diawi.
This is what I used to distribute my development IPA at the early stage of this project. However, upon opening the diawi link, installation just failed on my device saying "Unable to download" every single time.
Now I'm just wondering is it not at all possible to distribute through diawi if I'm not using enterprise distribution profile to build the ipa itself?
Or am I building it the wrong way for the intended purpose?
I'm very new to this whole Apple environment so not sure if I'm understanding the process correctly. I'm developing this from a react native project in case you need to know.
Thanks in advance for any pointers! :D
EDIT:
There seems to be confusion in the answers so far. Just to clarify, I'm NOT using enterprise distribution profile nor I am using development provisioning profile. So adding UDID to the provisioning profile is not an option. The case I'm asking about is for ipa signed with app store distribution provisioning profile which I'm trying to share using diawi. It doesn't seem to be possible to distribute ipa signed this way with diawi based on my research, but I just wanna be extra sure. Sorry for the confusion. :)
You need to have the UDID of downloading device added to the provisional profile. Login to your apple developer account and check if the device is added or no. If not add that device and then update the provisional profile by selecting that new UDID. Download the updated profile and the build.
Turns out it's true that diawi can only distribute in-house apps (signed using enterprise program account) and development provisioning profile signed apps.
The reason what I'm trying to do is not working (not installing through diawi) is because I'm trying to distribute an app signed with classic apple account's distribution provisioning profile instead of development provisioning profile
As far as I my googling went yesterday, apps signed with distribution provisioning profile under classic account is only distributable through app store or test flight.
Let me know if I miss anything.
As per my understanding, to create an IPA for distribution for testing or sharing with others, I need to sign my application with AdHoc profile. For uploading the IPA to App Store, I need to sign the application using App Store Distribution profile.
But I have an application for which even if I create an IPA with the App Store distribution profile, I can install it on my test device (no it is not jail broken and yes it has the AdHoc Profile installed on the device). This particular profile was created during iOS 6.
Now when I create a new App Store distribution profile and I try to install on the test device with the AdHoc profile being present I am unable to do so.
Any idea as to how is it possible? Technically as per my understand App Store Distribution profile signed IPA should never be possible to be installed on devices directly using iTunes. It has to be installed through App Store (after Apple's approval).
It is not possible to do so. Somehow the old certificate allowed me to install the app in one of the device, after renewing the certificate it no longer allows me to install the app signed with the appstore certificate in the device.
So the final answer is that, it is not possible. It can only be installed on jailbroken devices (which is a different question altogether).
As I am new to iOS, I don't know much about it. So please help me
First someone tell me , what is the purpose of provisioning profile.
Second, is it possible to create a provisioning profile without having an Apple Developer Membership??
Help would be appreciated..
Provisioning profile is impossible to obtain without Apple Developer Membership.
Nevertheless Provisioning profile is required to test application on real devices and use it to upload application it to App store.
Provision profile is :
A provisioning profile is a collection of digital entities that
uniquely ties developers and devices to an authorized iPhone
Development Team and enables a device to be used for testing. A
Development Provisioning Profile must be installed on each device on
which you wish to run your application code. Each Development
Provisioning Profile will contain a set of iPhone Development
Certificates, Unique Device Identifiers and an App ID. Devices
specified within the provisioning profile can be used for testing only
by those individuals whose iPhone Development Certificates are
included in the profile. A single device can contain multiple
provisioning profiles.
Take a look on this link please , the author explains everything regardless the provisioning profile .
http://www.doubleencore.com/2013/04/what-is-a-provisioning-profile-part-1/
However you can not get a provisional profile without the Apple Developer Membership.
Also if you want to test you app on a real device or publish it to app store you must have a provisional profile.
"A provisioning profile is a collection of digital entities that uniquely ties developers and devices to an authorized iPhone Development Team and enables a device to be used for testing. A Development Provisioning Profile must be installed on each device on which you wish to run your application code. Each Development Provisioning Profile will contain a set of iPhone Development Certificates, Unique Device Identifiers and an App ID. Devices specified within the provisioning profile can be used for testing only by those individuals whose iPhone Development Certificates are included in the profile. A single device can contain multiple provisioning profiles."
No, it is not possible to create a provision profile without Apple Developer Membership. If you are deploying an ios App you need to get registered with APPLE.
You need to register your devices' UDIDs in the provisioning profile if you are testing your app and if you want to use it for Ad-hocs.
If you want to submit your app to appstore, then also you will require a provision profile attached with your app having 0 devices i.e infinite devices.
Here is the way you can register and make Provision Profiles:
How to create provision profiles?
Ans 1 : To run or test the application in ios device provisional profile is
must require.
Without it you can not run/test/install in your device.For this you have
to buy Apple Developer Membership from Apple
to became apple registered developer.
After successfully registration below link will useful to create provisional profile.
Link : http://www.wikihow.com/Create-a-Provisioning-Profile-for-iPhone
After downloading provisional profile you have to install and set that profile in your code.
After you can run application in ios device.
Ans 2 : No, Without Apple Developer Membership you can not create provisional profile.
I had a couple questions when trying to put an app on the app store.
1) With Xcode 5 when trying to validate the archived project, Xcode 5 keeps crashing when trying to download the provisioning profile from the net. I have refreshed the provisioning profiles using the Preferences >> Accounts >> View Details and have clicked the refresh button but it still crashes when I try to validate.
2) Is it best practice to have a separate distribution certificates and provisioning profiles for each app you put on the app store? right now I have a separate provision profile for my apps but they are under one certificate. Can you guys tell me what the best practice is?
3) And can you try to explain what the certificates and the provision profiles are doing? Also, what would the difference between distribution provision profiles and development provisioning profiles.
1) - Check what version of Xcode you're running. I had a similar issue where I was running a developer preview - you can't submit an app from a DP version of Xcode, and mine was crashing at the exact same point as yours.
2) - Having 2 certificates - 1 for dev, 1 for distribution seems to be the norm. I would suggest that you use explicit app ids and not the wildcard ID when you go to create your App ID though.
3) The way I see it, Provisioning profiles are your wrappers for your different things that make it up - mainly the signing certificate, the app id and the device id(s) - You select either a distribution or a dev signing certificate to determine if the app is being developed or submitted to the app store. You select the App ID to tell the app what functions it will have (iCloud, Data protection, etc) and what teams can work on the app. The Devices are what UDIDs are authorised to run this app that has this associated provisioning profile. The provisioning profile is how it's all packaged up.
As another way to look at it, You have your .ipa file (your app) and your provisioning profile. The device looks at the profile, checks if the devices UDID is present in the provisioning profile, checks the App ID to see what features it's allowed to run, and the certificate is used to sign it all off.
Hope this helps.
I've been under the impression for some time that for iOS, signing a build with a developer provisioning profile allows the app to run (and get debugged) on an authorized device (listed in the development provisioning profile) through an XCode build, whereas signing with a distribution profile allows the app to be run (but not debugged) on other iOS devices that have been specifically added to the distribution provisioning file for the purposes of QA/beta testing/etc (and installed via iTunes sync or OTA distribution), without the need for those QA/beta-testers to even know what an XCode is.
Seems to match several of Apple's own docs:
"When you’re ready to share your app for user testing [...], you need
to create an archive of the app using a distribution provisioning
profile and send it to app testers" (source)
and
Code Signing with a development profile allows your app to run on
device through Xcode, and signing with a distribution profile allows
you to create distribution builds.
The certificate named "iPhone Developer" allows you to run/debug your
app on iOS devices through Xcode, and the certificate named "iPhone
Distribution" allows testing your submission build with Ad Hoc
distribution (source)
This seems to imply that using a distribution profile is necessary to do app sharing outside of the App Store, and for years I've always assumed this to be true. Recently however, I've been shown a use case from another colleague where they've been able to share builds with many other people using only a development provisioning file. Another user has described a similar discovery here: Why not use development provisioning instead of ad hoc?
I'm worried I might be missing something here, I'm now suspicious that there are cases where as long as another user has access to a relevant developer provisioning profile that includes their device's UUID, and installs it on their device (drag into iTunes, config utility, etc), that they would be able to sync Developer builds through iTunes as well, without the need for making separate Distribution builds.
This has led me to question some of the assumptions I've had about the nature of the differences between developer and distribution builds in general. I'm starting to think that it's more about debug support and general ease of installation, rather than the nature of how it's installed (XCode vs iTunes/OTA explicitly).
In short, if a device has it's UUID included in a developer provisioning profile, do I really need to make separate distribution builds, or can I simply share a Release Development build and assume that will work with an iTunes sync as well? Does the "Use for Development" button in organizer have any real relevance to this?
More broadly: what are the fundamental differences between Developer and AdHoc builds in terms of how they can be shared among other people within an organization in the development/testing phase before being submitted to the App Store?
Check this SO Post for the differences listed out between developer and distribution builds. From a developer perspective, there is not much difference whether you want to distribute your app either by signing it with a developer profile or distribution profile, provided you are not testing push notifications.