Right now I'm just trying to test my app on my phone and not deploy to the store.
How are all these things related? Since I'm not trying to upload to the store, can I ignore any of them?
I'm on the University Developer program. I was able to get a certificate and install it in Xcode, but builds still fail.
Is solving this problem just a matter of changing the application identifier? How do I know what to put in?
One thing I noticed is that in the Developer Portal I see only one App ID but it's for someone with a different name. So I guess I don't have an App ID. Do I need one if I'm just trying to test on my phone? If I need one, then how do I get it?
Help! It seems the more I research these things the more confused I get. If you can't solve my problem, can you at least tell me how these things are related to each other?
Provision Profiles are a very long, unique, string that allows the device to recognize certificates (very VERY helpful for development).
You must provision your device with the specific bundle ID of your app (done through developer.apple.com), then install said profile in order to even think about building with a valid certificate. However, it is much easier to have Xcode generate a wildcard provisioning profile, which allows you to test ANY bundle ID (it shows up as *.mobileprovision).
Certificates are the other side of the coin. A certificate for anything (website, application) indicates that this service can be trusted by the user, and more importantly, the OS. Certificates are issued by Apple California, are valid for a year, and may be revoked at any time for any reason. On a closed and secure platform like the iPhone, a certificate is a must for any application.
Related
Is there any way to distribute an unsigned app through emails or internet?
I.e. itms-services://?action=download-manifest&url=URL_TO_PLIST.
Moreover, it is a security issue if it is possible to install unsigned app on a jailbroken device?
Thank you.
I can't quite understand what you're trying to do here - if you're trying to install an app that is not on the App Store and also unsigned with the itms-services-protocol, you are out of luck, as that is strictly for iTunes and App Store-links.
The only way to distribute an app that is not on the App Store, is with the ipa-file, but that has to be signed as well (at least for unjailbroken devices).
You can do it in cydia with link like cydia://package/[package name]
However security is really a question here. Not sure if there any code review for the accepted packages.
Sorry if this is an extremely late response, but the question isn't closed yet, so I'm assuming you still need an answer. It is a security concern, but with a jailbreak, users are technically "opening" their device to such security threats, so I don't think that's much of a concern. If they jailbreak, they probably know what they're doing.
To answer the first part of your question, you can use ldid to pseudo-sign the app and then create an itms-services:// link that users tap to install. The only caveat to this option is that the iOS Device will contact oscp.apple.com & ax.init.itunes.apple.com to verify the app's signature. If you want to bypass this, you'll have to change the DNS settings of the iOS device using a mobile configuration file. Do this using Apple's iPhone Configuration Utility, which will generate a .mobileconfig with your specified settings. You won't have to generate a specific file for each device, so you can make one and you're done.
Anyways, back to the topic, jailbreaking doesn't remove the need for codesigning, it only removes the need for an app to be signed with Apple's certificate(s). itms-services:// is a bypass (for developers) of the same "need". Since Apple obviously doesn't want people who aren't developers just signing apps that aren't approved by Apple and installing them, they've implemented certificate checks. The signing-certificate is cross-checked with Apple's two servers. One of the servers (I don't know which) checks for "iPhone Developer:" in the name of the certificate. The other checks that it was signed by Apple's WWDRCA Certificate. If the iOS Device gets a response from either of the servers signifying that the app is "bad". If the iOS Device doesn't get a response, it will still install the app.
The way to go with this in order to bypass would be to clone a DNS server, and create a specific entry that will change the IP of these two servers to something (anything) else. That way, the Device will not get a response, and will install the application.
modify the file SDKSettings.plist : make code sign required value is NO
when build, selected project (not target) -- build setting -- code signning identity: Dont code sign
build, get the .ipa file can run on the jailbreak device
It seems that we have to get a new certificate every time we switch between apps we're working on and want to test them on our phones. My iPhone developer is stuck with this. Is there a way to keep a certificate for multiple apps? Or a way to have more than 1 certificate active at a time? We've got simultaneous projects going on right now and this is a major issue. I'm guessing there is a simple fix we don't know about? (hoping)
You're talking about provisioning profiles, right? Create an App ID with this format: com.YourName.* and then create a provisioning profile from that, and you'll be able to test any app that has a bundle identifier that falls into com.YourName.
My app has been more or less ready to be submitted for a while now, but as usual, the overly complex provisioning nonsense that Apple forces developers to jump through is causing me an enormous amount of stress. Initially the problem I was receiving was Invalid Codesign. After trying every 'solution' i could find on the internet and failing, I decided that it would be best if I started fresh -- Deleted all my provioning profiles, cleaned up my itunes connect account, deleted all my keys and certificate from the keychain access and started from scratch. The problem is that once I deleted by keys and developer certificate from the keychain access, I cant get them back!!! I've tried restarting, I've tried installing it every way imaginable, but I just cant get anything to be listed in the 'keys' nor 'my certificates' sections of the keychain access. I do have an iPhone edveloper profile in the 'certificates section' but this doesnt even seem to be of any use because when I look in the Organizer there are no developer profiles listed, and all my provisioning profiles warn "A valid signing identity matching this profile could not be found in your keychain"
Someone please help me through this mess. I've been developing my app for several months now and I already have an app in the App Store but Apple insists on making this process damn near impossible. Thanks so much!!!
Your public and private keys are automagically generated when required - if you use the certificate assistant to request a signing certificate as the provisioning profile describes you will find your new private/public keys created.
Once you begin this process you should also use spotlight to remove all .mobileprovision and .cer files you may have remaining in downloads, and also use organizer to remove profiles from devices. If you are starting from scratch you want to make sure none of that stuff remains to cause you problems.
This is an overcomplicated process to be sure, but once everything is really deleted and a fresh start is made it should be good for some time. The biggest problems I have had are when getting a new Mac and having hiccups with exporting/importing keys in an effort to keep my old certificates/provisioning valid.
I'm attempting to do an ad-hoc distribution of my (first) iPhone App to a small group of volunteer testers. I've looked through Apple's documentation, as well as a number of blog posts, but am still having trouble. I have a couple questions about things that aren't clear (to me, at least):
When creating Development and/or Distribution certificate requests, for Common Name, should I use my name or my company's name? I registered for the iPhone Developer program as a company, and the portal shows this company name, but also my own name as "Agent".
Also, Apple's documentation (the "Publishing Applications for Testing" chapter of the Developer's Guide) contains a diagram showing the Tester Provisioning Profile as containing info about the Tester Device, the Test App ID, and the Development Certificate. When I try to create the Tester (Ad-hoc) Provisioning Profile on the portal, it selects the Distribution Certificate, not the Development Certificate. Is this right? It seems to make sense, but doesn't match the diagram.
Any other advice on ad-hoc provisioning would also be appreciated, particularly how to gather information for troubleshooting. My testers have reported getting an "application was not installed because an unknown error occurred (0xE8008016)" message, which doesn't tell me anything about what I may have done wrong.
Thanks,
Andrew
Well, I seem to have it working -- sorry for the long delay in following up. Here's the best resource on this that I've found: http://www.bigspaceship.com/blog/labs/iphone-101-understanding-distribution-pt-i-of-ii/ although even it doesn't get quite all the details right, and it seem that Apple changes the iPhone Program portal often, so maybe no resource will ever be fully up-to-date. Your mileage may vary.
To answer the questions I posed (and reply to some of the questions raised in other answers): For the Developer Certificate, I used my own name. For the distribution certificate, I used the name of the Company. Yes, the dist.plist bust exist and the get-task-allow property is false.
Finally, one more gotcha: the AppID/Bundle identifier should be all-lowercase.
I posted a sample packaging script that i use for automating ad hoc distribution builds, maybe this is useful?
http://iphonedev.makerlab.org/2009/12/packaging-script-for-iphone-ad-hoc-distribution-builds/
I used my own name for Common Name, however, I'm not sure this really matters. I did name my dist. provisioning profile with my company name, though.
Ad-Hoc is considered distribution, so the distribution certificate is the correct one.
Did you create an Entitlements.plist file for your ad-hoc?
Are you getting any signing errors when you build your ad-hoc?
Does the ad-hoc build you created install properly for you? That's the easiest way to gather information-try it yourself, following the directions you're giving your users.
I had problems with Windows users not being able to install my app because Windows couldn't properly decode the compressed folder I created on my Mac. I eventually resorted to a Run Script build phase in XCode that created a .ipa file which worked properly for drag-and-drop for Windows and Mac iTunes.
In your entitlements.plist file you have to uncheck the get-task-allow bool to give it a false value. This is only for AdHoc distribution.
I learned this the hard way when I went through a build cycle thinking I had saved and checked in the right entitlements.plist with get-task-allow unchecked.
I have a small doubt, so apologies first.
I am creating an iPhone application using my Macbook. I want to upload it into AppStore after some days by creating a developer certificate and use provisioning profile. My friend wants to create his own iPhone application and wants to upload to AppStore for him personally, but he wants to use my same Macbook, but he may create his own dev certificate etc. I hope this is possible. Can we both use a same Macbook to develop different business(myself and my friend's) applications? I'm just curious to ask this doubt.
One more question,
Can we submit an iPhone application into AppStore without having own website page? Is it mandatory to have my own web site page for uploading an application into AppStore?
As long as all of the right pieces are installed, you could definitely share one Mac. You'd need all of the appropriate provisioning profiles installed in XCode, and the private keys / signing certificates used to generate them installed in the Keychain.
Going with separate user accounts might be a good idea, if just so that neither of you gets confused and accidentally builds their app with the other person's profile. But there shouldn't be any technical reason why you couldn't do this with a single user.
You would both need to have different users but apart from that, I can't see a problem.
As far as I know, the certificates and public private keys are per user.
As for the second question, I have no idea, sorry!
For first question:
Sure, it is possible! Its all a matter of creating different Certificate and Provisioning and When you build the project making sure you use the correct certificate to Code Sign!
Second Question:
You don't need a website of your own. I've come across many developers who uses their Blogspot address!
But if you are serious and look serious, get a domain and a simple site :)
Cheers