I have a customer that wants to distribute our non-public application via their internal application store.
I have attempted to sign the application for distribution as an "App Store" application and "Ad-Hoc" application, using our development account and profile, but keep having an issue with the provisioning certificate according to the user.
They have other applications that were deployed via the MDM and others just provided a signed IPA file. The client uses MAAS 360 as a MDM solution, does anyone know how to properly sign the application for distributing via MAAS360?
If you sign the app with 'Ad-Hoc' provisioning profile then it will be locked to the UDID's of the devices you have in the system. This should work just fine provided you:
unlock the phone with XCode
ensure same phone is part of the profile
enroll that phone
push the app
In order to push the apps to any device in the world via mdm you need the customer to be registered for ENTERPRISE developer program (this registration requires a DUNS number and costs 300 USD/year). Once you have that you will be able to create a provisioning profile that allows installation on any device.
Related
Apple's Mobile Device Management Protocol Reference states on page 44 at the bottom
Third-party enterprise applications require provisioning profiles in order to run them. You can use MDM to deliver up-to-date versions of these profiles so that users do not have to manually install these profiles, replace profiles as they expire, and so on.
To do this, deliver the provisioning profiles through MDM instead of distributing them through your corporate web portal or bundled with the application.
Does this mean that I should remove or unbundle the embedded.mobileprovision from the application before installation?
Or does it mean,
Installing the provisioning profile via an MDM server separately before installing the app?
If the answer is the first one, how does one remove the embedded.mobileprovision without breaking the app. If the answer is the 2nd, does subsequently updating the app mess up the profile installed by the MDM server?
Second one. The MDM server installs provisioning profiles on the device before installing the app. It's generally part of "setting up the device" with the MDM.
Installing or updating the app after that point would be done through the MDM, so everything stays hunky dory.
Updated provisioning profiles get put up on the MDM (by developer/admin), then the MDM app on the user's device notifies the user of an update. They tap the update button and the new profiles get downloaded and installed.
EDIT 3/12/14: Apple has introduced the Device Enrollment Program(DEP) which now allows for "no-touch" installation of MDM provisioning profiles, setting up supervision and silently installing apps without ever taking the device out of the box. The system is based around:
Company account buys all devices (Apple maintains list of which serial numbers belong to company/account)
Company tells Apple which MDM has permission to make changes.
Company links MDM to Apple.
MDM now sends requests to Apple, which sends requests to device.
This will allow us to only screw, er setup, devices we bought. There are ways to "switch" ownership of devices/serial numbers of they were not all bought under the same account.
I'm trying to figure out more details on how apps are distributed to users when under the Enterprise developer program. The Enterprise Deployment Guide states:
If you develop an application that you want to distribute yourself, it must be digitally signed with a certificate issued by Apple. You must also provide your users with a distribution provisioning profile that allows their device to use the application.
What I want to know is how is the provisioning profile is created so that a specific device is allowed to use the app? Is this done by adding device UDIDs into the profile as per the standard developer program? Or some other means?
Provisioning profiles are managed thanks a website provided by Apple. It will be possible to generate and download Provisioning profiles from this website.
Then, if you sign an application with the Enterprise program licence, you will be able to install it on any device. You just have to send to the user your application and the provisioning profile.
Regards,
I have a problem
There is one iphone software product of our company
and this product can recieve push_notification messages from our push_notification server
this product is going to be on live(namely it is going to be in the APPSTORE)
so recently we are doing some testing work,(the product use developer provision profile,and the server use the development certificate),it works well
but we want to test the product in the REAL Environment
the server should use production certificate ,
the iphone side product should use DISTRIBUTION PROVITION PROFILE
Now the problem is
1.how to install the product in the device using the DISTRIBUTION PROVITION PROFILE
instead of developer provision profile.
2.if I use the DISTRIBUTION PROVITION PROFILE,can i recieve the push notification message
I am now online waiting for your anwser
thank you all
You can only install builds that have been built for ad-hoc distribution on your device. Builds for app store distribution will not run on any device, unless approved and installed through the store, as their only purpose is being submitted to the app store.
1: Just build your app using an ad hoc provisioning profile. Delete previous versions of the app on the device. Install the ad hoc build and the ad hoc provisioning profile.
2: I have not tried that, but I think this should work, provided you're using the push enabled app-id for your ad hoc provisioning profile and the ssl key and certificate have been installed on your notification server.
I was under the impression that when you use a development provisioning profile for a build of an app, only the specified developers can deploy that build to a phone.
But I just deployed a build that uses a development profile to a phone using Xcode Organizer, even though I'm not one of the valid developers for that profile. One of my colleagues, who doesn't even have Xcode installed, did the same with his phone using iTunes.
In that case, why not use a development provisioning profile for distributing your app to e.g. your QA team, instead of ad hoc distribution?
EDIT: Please read the part in bold carefully before answering. I'm not asking a basic "how does this work" question. I've made a lot of development, ad hoc, and app store builds, and now I find that I seem to have made some wrong assumptions.
There's one situation in which you need an Ad Hoc profile, and that's when you want to test Push Notifications.
If you test Push Notifications on a Development Provisioning Profile, your push notifications need to be sent using the Development Push Notification Certificate for your SSL connections to Apple's sandbox APNS server.
If you want to test Push Notifications using your Production Push Notification Certificate and the live APNS servers, you'll have to deploy your app to a device using a Distribution Certificate and Ad Hoc Provisioning Profile (which includes doing the Entitlement.plist steps, which you can ordinarily skip if you were only using Developer Provisioning Profiles).
Also note that when you deploy using an Ad Hoc profile, your device token will be different from the one you use when you're using the development profile. This the recommended way to test APN because there's no back end changes that need to be made between the Ad Hoc build and the final live deployment on the AppStore.
Ad-Hoc is not for developers, but for testers. Who do not have iPhone SDK / XCode, iTunes only.
(The answer is: you can install ad-hoc app without developer certificate, and can't do it with development app)
Method 1: Install from XCode
The Development Provisioning Profile requires you to run the app (initially) from within XCode.
This has the side-effect of marking the device as being used for development, but also requires you to connect the iPhone/iPod Touch to the machine running XCode. Once you run the app from XCode, the app is installed on the device and you no longer need to be connected to the machine to run it. (Until you want to update the app.)
Method 2: Install from iTunes
An Ad-Hoc provisioning profile allows you to give the app to anyone and let them install it themselves using iTunes. You send them:
the app, and
the Ad-Hoc Provisioning Profile
They select these two and drag them onto iTunes. Then sync.
Later, you can give them an updated version of the app only (without the Ad-Hoc Provisioning Profile, since they've already installed that on their device) and they can drag the new app onto the iTunes icon to install the new version.
One limitation to Ad-Hoc distribution, is that it requires you to enter each Device ID into the iPhone Development Portal. And there is a limit to 100 device IDs per year (you cannot erase any IDs, until your next year begins -- only add them). The 100-ID limit will not be a hindrance for most developers, just keep in mind that you need to get the device ID ahead of time, before you create the Ad-Hoc Provisioning Profile to send to the person you want to install your app.
I can't understand from Apple's docs if I need a production certificate or a development certificate...
You need to create a Distribution Certificate. The Distribution Certificate are used for creating Distribution Provisioning Profiles. Which will allow you to do the following:
Create an Ad-Hoc version of your app (this is used if you want to distribute to beta-users, testers, etc (this is what you want))
Create an App Store version of your app (You'll do this once you're ready to submit it to the App Store)
Below are the Apple steps on how to create an Ad-Hoc version of an app
Ad Hoc distribution allows you to share your application with up to 100 iPhone or iPod touch users, and to distribute your application through email or by posting it to a web site or server. To prepare your application, the following steps will need to be completed.
Create and Download an iPhone Distribution Certificate
Create and Download an Ad Hoc Distribution Provisioning Profile
Build your application with Xcode
Share your application file and the Ad Hoc Distribution Provisioning Profile with the owner of each device
Recipients of the application will need to drag the application file and Ad Hoc Distribution Provisioning Profile into iTunes, then sync their iPhone to iTunes to install
Hope this information points you in the right direction. If you need additional details or walkthroughs just let me know.
The SSL certificate you need is for production when you're building with a distribution provisioning profile. As far as push (apns) is concerned, ad hoc == app store. This is quite helpful, as you can test how push will work in the app store build by building an ad hoc app and using the production certificate.