My Enterprise application is having more than 1000 users in production. Yesterday my provisioning profile got expired. From yesterday I got many calls of users that they did not able to use their app.
Is there any way so that the existing user don't need to install the new build again. Because its very difficult to tell more than 1000 users to reinstall the app again.
Please help me. The issue is with production.
Unfortunately, you will need to get the new provisioning profile on the devices somehow. The provisioning profile must get on the device, and you can simply provide the new profile by itself, or you can rebuild the app and the profile will be included in the app's payload.
There are a couple of ways to do this, but here are the most popular methods:
If the devices are managed using an MDM product, you can push the new profile out to the devices using the MDM capabilities. Again, you can use the MDM system to push just the provisioning profile, or you can push the new app build with the new provisioning profile. Judging by the fact that you would be requesting users to re-download the app, I don't believe you are using MDM to manage the devices.
If you have older devices (iOS 7 and before), you can have the user manually install the new profile. You can email the provisioning profile to the users, and they will be able to open the profiles on their device. Or you can host the profile on a web server and direct the users to open the link to install the profile. The app will then work with the new, valid profile.
Rebuild the app and re-distribute. When the users download the app (or any other apps built with the profile if you are using a wildcard identifier on your profile), the new profile should replace the other one and the app will be able to launch.
Unfortunately, all of these methods require you to get the new profile downloaded from the developer site onto each of those devices.
Related
Apple's Mobile Device Management Protocol Reference states on page 44 at the bottom
Third-party enterprise applications require provisioning profiles in order to run them. You can use MDM to deliver up-to-date versions of these profiles so that users do not have to manually install these profiles, replace profiles as they expire, and so on.
To do this, deliver the provisioning profiles through MDM instead of distributing them through your corporate web portal or bundled with the application.
Does this mean that I should remove or unbundle the embedded.mobileprovision from the application before installation?
Or does it mean,
Installing the provisioning profile via an MDM server separately before installing the app?
If the answer is the first one, how does one remove the embedded.mobileprovision without breaking the app. If the answer is the 2nd, does subsequently updating the app mess up the profile installed by the MDM server?
Second one. The MDM server installs provisioning profiles on the device before installing the app. It's generally part of "setting up the device" with the MDM.
Installing or updating the app after that point would be done through the MDM, so everything stays hunky dory.
Updated provisioning profiles get put up on the MDM (by developer/admin), then the MDM app on the user's device notifies the user of an update. They tap the update button and the new profiles get downloaded and installed.
EDIT 3/12/14: Apple has introduced the Device Enrollment Program(DEP) which now allows for "no-touch" installation of MDM provisioning profiles, setting up supervision and silently installing apps without ever taking the device out of the box. The system is based around:
Company account buys all devices (Apple maintains list of which serial numbers belong to company/account)
Company tells Apple which MDM has permission to make changes.
Company links MDM to Apple.
MDM now sends requests to Apple, which sends requests to device.
This will allow us to only screw, er setup, devices we bought. There are ways to "switch" ownership of devices/serial numbers of they were not all bought under the same account.
I have a developer account in iOS provisioning portal and already have all the certificates for one application. Now I want to build a new application with a new app ID within the same account.
Should I have to repeat all the steps once more? Can anybody help me with the steps I need to do in iOS provisioning portal?
Your certificate remains the same. (Developer / Distribution).
Create a new app id specific your new application
Create a new provisioning profile Specific for this application using new app id you created in above step. Select existing dev or distribution certificate. Select devices you want your app to be installed on for debugging / AdHoc builds.
yes. you will have to repeat it for the new apps except developer/distribution certificates this is because of independency of your applications that one of your application setting doesn't affect other's.
other push notification certificate will aslo separate for separate apps. both of distribution and development
I'm building an iOS app that uses push notifications, and I'm finally ready to submit it. Before I do, I'd like to test out push notifications off the Production server, to make sure everything is working correctly. Thus far, the sandbox environment has been working fine.
After doing quite a bit of searching, I learned that switching the servers over from ssl://gateway.sandbox.push.apple.com:2195 to ssl://gateway.push.apple.com:2195 wasn't enough, and that production push tokens are different from sandbox push tokens. Instead, apparently I need a new provisioning profile with Production entitlements, new certs installed on my server, and to re-build my app with said profile so that it knows to create the correct push tokens.
So, after going through all the steps, I can't even make a build run on my phone; XCode says
This profile cannot be installed on devices
Here are the steps I've taken. If I'm missing something please let me know:
In my iOS Developer Center, I've made sure that my AppID is "enabled for production" under the Apple Push Notification Service.
Also in my iOS Developer Center, I've created my Production Push SSL Certificate, gone through the necessary conversion steps, and installed the resulting .pem on my server.
Per the instructions, I've create "a new provisioning profile containing the App ID you wish to use for notifications." I've done this by going to Provisioning, and clicking on the "Distribution" tab, and making a new profile. I've confirmed that "production" is set under the "entitlements" section of this profile.
I've selected the provisioning profile in my project settings. I get the message
This profile cannot be installed on devices
and I'm stuck.
Build an ad-hoc distribution version of your app, and install it on your own device. That will use the production APN gateway and certs.
You cannot install an app compiled with a appstore distribution (production) profile on a device. Only Apple reviewers can do that. you can only test push on an app compiled in development mode and using sandbox server.
If you want to test production servers, you must compile the app using an AdHoc distribution profile enabling the devices you want to do the test. Clearly you must recompile and the send the app for review using the App Store distribution profile.
I have an app that is loaded onto one of my development phones. The provisioning profile that was used for this app will expire in a couple of days. So, after the provisioning profile expires will the app will cease to function? or does the provisioning profile expiration only affect building and installing the app on the device?
Once the profile expires you will be unable to launch the app. You can go to the Provisioning Portal ( http://developer.apple.com/ ) on the apple site and renew the provisioning license - once an updated provisioning license is installed on the phone the app will function again (i.e you won't need to do a rebuild).
There are reports that if you delete all the expired provisioning profiles from the device, a previously running app installed using one of those expired profiles might still continue to launch on that device, but I haven't had a chance to test this on a recent OS release.
A non-expired profile with an appropriate Developer and app ID on the device (even if not the one used to install the app) may or may not be required.
The app will cease to function. It will launch then exit immediately.
As davbryn says you won't be able to launch the app, except you do not need to go to the provisioning portal as XCode should take care of things automatically these days.
I was under the impression that when you use a development provisioning profile for a build of an app, only the specified developers can deploy that build to a phone.
But I just deployed a build that uses a development profile to a phone using Xcode Organizer, even though I'm not one of the valid developers for that profile. One of my colleagues, who doesn't even have Xcode installed, did the same with his phone using iTunes.
In that case, why not use a development provisioning profile for distributing your app to e.g. your QA team, instead of ad hoc distribution?
EDIT: Please read the part in bold carefully before answering. I'm not asking a basic "how does this work" question. I've made a lot of development, ad hoc, and app store builds, and now I find that I seem to have made some wrong assumptions.
There's one situation in which you need an Ad Hoc profile, and that's when you want to test Push Notifications.
If you test Push Notifications on a Development Provisioning Profile, your push notifications need to be sent using the Development Push Notification Certificate for your SSL connections to Apple's sandbox APNS server.
If you want to test Push Notifications using your Production Push Notification Certificate and the live APNS servers, you'll have to deploy your app to a device using a Distribution Certificate and Ad Hoc Provisioning Profile (which includes doing the Entitlement.plist steps, which you can ordinarily skip if you were only using Developer Provisioning Profiles).
Also note that when you deploy using an Ad Hoc profile, your device token will be different from the one you use when you're using the development profile. This the recommended way to test APN because there's no back end changes that need to be made between the Ad Hoc build and the final live deployment on the AppStore.
Ad-Hoc is not for developers, but for testers. Who do not have iPhone SDK / XCode, iTunes only.
(The answer is: you can install ad-hoc app without developer certificate, and can't do it with development app)
Method 1: Install from XCode
The Development Provisioning Profile requires you to run the app (initially) from within XCode.
This has the side-effect of marking the device as being used for development, but also requires you to connect the iPhone/iPod Touch to the machine running XCode. Once you run the app from XCode, the app is installed on the device and you no longer need to be connected to the machine to run it. (Until you want to update the app.)
Method 2: Install from iTunes
An Ad-Hoc provisioning profile allows you to give the app to anyone and let them install it themselves using iTunes. You send them:
the app, and
the Ad-Hoc Provisioning Profile
They select these two and drag them onto iTunes. Then sync.
Later, you can give them an updated version of the app only (without the Ad-Hoc Provisioning Profile, since they've already installed that on their device) and they can drag the new app onto the iTunes icon to install the new version.
One limitation to Ad-Hoc distribution, is that it requires you to enter each Device ID into the iPhone Development Portal. And there is a limit to 100 device IDs per year (you cannot erase any IDs, until your next year begins -- only add them). The 100-ID limit will not be a hindrance for most developers, just keep in mind that you need to get the device ID ahead of time, before you create the Ad-Hoc Provisioning Profile to send to the person you want to install your app.