Code Signing

Getting iOS Applications to run on iOS devices

Unlike other operating systems, such as Windows or Linux, you can not run any application on an iOS application. Before the iOS operating system launches an application, it will first determine whether this application is allowed to run on that device.

Apple is the authority which decides which applications can run on iOS devices. By default, you can only run iOS applications which you have downloaded from the App Store.

iOS implements these restrictions by using code signing. Each iOS application is digitally signed using a certificate. If an application is signed directly by Apple, the application can run on any iOS device.

Developer Certificates

As an individual developer, you can request code signing certificates which allow you to sign applications which can run on a limited number of devices. iOS devices only accept code signing certificates which have been issued by Apple.

You can request a developer certificate by signing up for the Apple Developer Program.

Developer certificates can be managed using Xcode or directly in the Apple Developer portal. You can also use third-party tools, such as Fastlane to manage certificates.

Provisioning Profiles

It’s not sufficient to digitally sign your application with a developer certificate by Apple. You’ll also need authorization from Apple to run applications which you have signed on your devices. This authorization comes in the form of provisioning profiles.

A provisioning profiles is a document, digitally signed by Apple, which roughly states: “applications signed with developer A, B and C, can run on devices X, Y and Z”. You can manage provisioning profiles using the Apple Developer Portal, Xcode or third-party tools such as Fastlane.

Developer Profiles

Developer Profiles are zip files which can contain developer certificates and provisioning profiles. They provide an easy way to store developer certificates and provisioning profiles and share them across applications.

Developer profiles contain the private key for your code signing identities and are usually password-protected.

You can create a developer profile by exporting your code signing data from Xcode.

Last modified October 30, 2019: Add codesigning reference documentation (775e224)