How to Follow the Distribution and Development Processes for Your iPad App
When you create an iPad app, you have to go through two processes: one for development and one for distribution. Both processes produce different (but similarly named) certificates and profiles. The distribution process involves how you get your app to run on other people’s iPads. The development process deals with how to get your app running on your iPad during development.
The distribution process for an iPad app
Before you can build a version of your app that will actually run on your users’ iPads, Apple insists that you have the following:
A Distribution Certificate: An electronic document that associates a digital identity (which it creates) with other information that you have provided that identifies you, including a name, e-mail address, or business. The Distribution Certificate is placed on your keychain — that place on your Mac that securely stores passwords, keys, certificates, and notes for users.
A Distribution Provisioning Profile: These profiles are code elements that Xcode builds into your application, creating a kind of “code fingerprint” that acts as a unique digital signature.
After you’ve built your app for distribution, you then send it to Apple for approval and distribution. Apple verifies the signature to be sure that the code came from a registered developer (you) and has not been corrupted. Apple then adds its own digital signature to your signed app.
The iPhone OS on the iPad runs only apps that have a digital signature from Apple. Doing it this way ensures iPad owners that the apps they download from the App Store have been written by registered developers and have not been altered since they were created.
Although the system for getting apps on other people’s iPads works pretty well, leaving aside the fact that Apple essentially has veto rights on every app that comes its way, there are some significant consequences for developers. In this system, there really is no mechanism for testing your app on the device it’s going to run on:
You can’t run your app on an actual device until it’s been code-signed by Apple, but Apple is hardly going to code-sign something that may not be working correctly.
Even if Apple did sign an app that hadn’t yet run on an iPad, that would mean an additional hassle: Every time you recompiled, you’d have to upload the app to the App Store again — and have it code-signed again because you had changed it, and then download it to your device.
The development process for an iPad app
Apple has developed a process for creating a Development Certificate (as opposed to the Distribution Certificate discussed in the preceding section) and a Development Provisioning Profile (as opposed to the Distribution Provisioning Profile). This process is required only because of the code-signing requirements of the distribution process.
The Development Provisioning Profile is a collection of this information:
Your App ID
Your Apple device UDID (a unique identifier for each iPad)
Your Development Certificate (belonging to a specific developer).
This Profile must be installed on each device on which you want to run your application code. Devices specified within the Development Provisioning Profile can be used for testing only by developers whose Development Certificates are included in the Provisioning Profile. A single device can contain multiple provisioning profiles.
Even with your Provisioning Profile(s) in place, when you compile your program, Xcode will build and sign (create the required signature for) your app only if it finds one of those Development Certificates in your keychain. Then, when you install a signed app on your provisioned iPad, the iPhone OS verifies the signature to make sure that both
The app was signed.
The app has not been altered since it was signed.
If the signature is not valid or if you didn’t sign the code, the iPhone OS on the iPad won’t let the app run, which means that each Development Provisioning Profile is also tied to a particular Development Certificate.