Skip to main content

App signing

To run the app downloaded from the App Store or while debugging on a physical iOS device, the app must be signed with a valid signing certificate and private key pair. Signature tells us the app is coming from a known source and that it wasn't altered from since it was signed. If you find the signing process a bit confusing, read on.

Signing process

To identify your app among other apps on the App Store, you need to give it a unique ID, i.e.: an AppID.


So, the logical thing to do first is to create one on Apple Developer Portal.

If you don't know how to log in to Apple Developer Portal, or how to create an account, check out the First Steps section.

Create an AppID

AppID uniquely identifies an app on the App Store. To create one, login to your Apple developer account and go to Certificates, Identifiers & Profiles section and select Identifiers. Here you can create different kinds of identifiers, but we are interested in creating an app identifier, so select App IDs on Register a new identifier screen.

Give it a good description, select your App ID Prefix and Bundle ID type. What are those, you might ask yourself? AppID Prefix should be your Team ID by default, but on older accounts it could be a different ID, so please make sure it's always set to Team ID. Prefix can give you headaches once you want to start using advanced capabilities like keychain sharing if it's not set to Team ID.
Bundle ID can be either Explicit or Wildcard. These are quite straightforward, but the important thing to remember here is that you can not publish an app with a Wildcard Bundle ID.

Here you can see a large list of capabilities (Push notifications, Sign in with Apple, Associated Domains...etc). Each capability that you want to use in your app, you have to enable here first. For now, just save the new App ID and edit it later if you need to.

###Create a certificate Since you have identified your app, now you have to be able to sign it, or it won't be able to run on real devices.
To sign the app you need to have a certificate and private key pair.

First you need to create a certificate request by opening Keychain Access app on your Mac and in the main menu select Certificate Assistant -> Request a Certificate form a Certificate Authority (Apple) option.
You will be presented with a simple input form, where you can just enter your email address and select Saved to disk option. You can save .certSigningRequest file and use it any time you need to create a certificate.

Login to your Apple developer account and under Program resources you will find, already familiar, Certificate, Identifiers & Profiles section. This time, select Certificates and the + sign on the top to create a new one. Select a certificate type, and you will be prompted to upload a previously created .certSigningRequest file.

Press continue, and the certificate will be created. After you download the .cer file, double click to import it. In Keychain Access app on your Mac, you will see the imported certificate along with your private key. Hold on to this pair, because without private key you can not sign the app. The certificate only verifies the identity of the developer, but the private key is used to sign the app, i.e.: create a digital signature that can be verified by anyone who has the public key which is included in the certificate.

Create a provisioning profile

Now that we have an App ID and a Certificate/private key pair, we need something to combine those two together. Let's introduce Provisioning profiles.

Provisioning profile tells us which certificate is used with a certain App ID. It also holds other info like list of devices the app is authorized to run on. When we create a provisioning profile, we have to specify both a certificate and an App ID.

There are different kinds of provisioning profiles like Distribution, Development and Ad Hoc. Which one will you create depends on your needs.
Distribution type is the one we use when we want to publish our app to the App Store.
Development is obviously for development, and Ad Hoc is usually for testing the release build before we upload it to App Store's Test Flight testing suite.
Both, Development and Ad Hoc, include a list of devices the app is allowed to run on.

Login to your Developer Portal and go to Certificate, Identifiers & Profiles section. Select Profiles.
Here, you can select whether you are creating a new Development or new Distribution profile. Next, you will select an App ID, Certificate, and finally a list of devices if we are creating a Development or Ad Hoc profile.

That's it! Download your profile, import it to Xcode and you are ready to sign and publish your app!