Whats the right way of manage signing with 3er party companies

Question

Created May ’23

Replies 1

Boosts 0

Participants 2

I want to understand the right way to manage the signing of my apps when the development is done by a 3er party company.

I'm working in a company, we are not mobile developers, so we use 3er party agancies to develop the apps we need. Even if we are not a development company, we want to upload all the apps i our store. And we don't want to give full access to the 3er party companies.

I believe that the best option is give a limited development certificate to one develope of the 3er party companies to make the archive, generate a IPA file and send it to us. Then, whit the IPA file, we are going to re-sign the file with our "production certificates"

It this the right aproach? Could be done by any 3er party companies? Can I limitate even more the access to 3er party companies developers?

Thanks!

Boost

Answer 1

DTS Engineer OP

Apple

Jun ’23

There’s no one Right Way™ to do this. Different teams use different approaches. The only thing that I absolutely recommend is that you ‘own’ your own developer account. I’ve seen folks run into irrecoverable problems when they don’t do that.

I believe that the best option is … generate a IPA file and send it to us.

If you’re using that general approach, don’t have them send you a .ipa. Rather, have them send you an Xcode archive (.xcarchive). With an Xcode archive you can use the Xcode organiser to re-sign and submit the app directly. With an .ipa you have to manually re-sign the product, which isn’t something directly supported by Apple tools.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0