Maintaining Identifiers, Devices, and Profiles

You use Member Center to manage the identifiers, devices, and profiles used to code sign your app, enable it to launch on devices, and use certain app services. Xcode creates and manages these assets for you during development. When you’re ready to distribute your app for testing, you use Member Center to manage some of these assets yourself. For example, you use Member Center to create your ad hoc and store provisioning profiles. Also, you might want to upload a list of devices used for testing, not register them individually. This chapter covers miscellaneous tasks you perform to maintain identifiers, devices, and profiles.

For how to use Website Push IDs, read Notification Programming Guide for Websites.

Registering App IDs

You can create a wildcard App ID that matches one or more apps or an explicit App ID that exactly matches your bundle ID. The app services enabled for an App ID serve as a whitelist of the services one or more apps may use. What services an app actually uses is configured in the Xcode project. You can enable app services when you create an App ID or modify these settings later. Game Center and In-App Purchase are enabled by default for an explicit iOS App ID. In-App Purchase is enabled by default for an explicit Mac App ID.

In most cases, the wildcard and explicit App ID that Xcode creates for you when you add capabilities to your app, as described in Adding Capabilities, are sufficient to develop, test, and distribute your app. There can be only one explicit App ID per app, so if one already exists, Xcode uses it to create team provisioning profiles on your behalf.

To register an App ID

  1. In Member Center, select Certificates, Identifiers & Profiles.

  2. Under Identifiers, select App IDs.

  3. Click the Add button (+) in the upper-right corner.

    ../Art/13_createappID_1_2x.png
  4. Enter a name or description for the App ID in the Description field.

    ../Art/13_createappID_2_2x.png
  5. Select the corresponding checkboxes to enable the app services you want to use.

    A checkbox is disabled if the technology requires an explicit App ID and you’re creating a wildcard App ID, or the technology is enabled by default.

    ../Art/13_createappID_3_2x.png
  6. To create an explicit App ID, select Explicit App ID and enter the app’s bundle ID in the Bundle ID field.

    An explicit App ID exactly matches the bundle ID of an app you’re building—for example, com.example.gitakumar.adventure. An explicit App ID can’t contain an asterisk (*).

    ../Art/13_createappID_4_2x.png

    If you entered a bundle ID in the target’s Summary pane in Xcode, the App ID you enter here should match your bundle ID.

  7. To create a wildcard App ID, select Wildcard App ID and enter a bundle ID suffix in the Bundle ID field.

    ../Art/13_createappID_5_2x.png
  8. Click Continue.

  9. Review the registration information, and click Submit.

  10. Click Done.

Editing App IDs

For app services you can’t enable using Xcode, you can edit an App ID directly using Member Center. To enable app services for one or more apps, edit the corresponding App ID in Member Center.

To enable app services for an existing App ID

  1. In Member Center, select Certificates, Identifiers & Profiles.

  2. Under Identifiers, select App IDs.

  3. Select the App ID you want to change, and click Edit.

  4. Select the corresponding checkboxes to enable the app services you want to allow.

    ../Art/13_enable_technologies_2x.png
  5. If a warning dialog appears, click OK.

    Later, you’ll regenerate the provisioning profiles that use the App ID.

  6. Click Done.

To fully enable push notifications, read Configuring Push Notifications.

Deleting App IDs

You can also remove App IDs when you no longer need them. However, you cannot delete an explicit App ID for an app you submitted to the store.

To remove an App ID

  1. In Member Center, select Certificates, Identifiers & Profiles.

  2. Under Identifiers, select App IDs.

  3. Select the App ID you want to delete, and click Edit.

    ../Art/13_deleting_appIDs_2x.png
  4. Scroll to the bottom of the page, and click Delete.

  5. Read the dialog that appears, and click Delete.

Provisioning profiles that contain a deleted App ID become invalid. You can change the App ID in the provisioning profiles, as described in Editing Provisioning Profiles in Member Center, or delete them.

Locating Your Team ID

Occasionally, you may need to know your Team ID. For example, if you want to receive ownership of an app from another developer, the developer needs your Team ID to initiate the app transfer in iTunes Connect. The Team ID is a unique 10-character string generated by Apple that’s assigned to your team. You can find your Team ID using Member Center.

To locate your Team ID

  1. In Member Center, select Your Account.

    Your Team ID appears in the Developer Account Summary section under the team name.

    ../Art/13_locate_teamid_2x.png../Art/13_locate_teamid_2x.png

Registering Devices Using Member Center

In Member Center, you can register devices individually as needed or upload a file with information on multiple devices. Each year, you’re allowed to register a fixed number of devices. The maximum number of devices you can register is 100 per membership year. If you later disable a device, as described in Disabling and Enabling Devices Using Member Center, it doesn’t decrease your count of registered devices.

Locating Device IDs

You need the name and device ID for each device you want to register. There are several ways to obtain device IDs depending on whether you have Xcode installed.

Locating Device IDs Using Xcode

In Xcode, a team member can select a device in the Devices window to display the device ID.

To locate your device ID using Xcode

  1. Choose Window > Devices.

  2. In the Devices window under Devices, select your device (your Mac is a device too).

    ../Art/11_deviceid_2x.png
  3. Select, copy, and paste the text in the Identifier field.

Locating iOS Device IDs Using iTunes

For iOS devices, you can also obtain a device ID using iTunes. For example, testers follow these steps to get their device ID using iTunes when they don’t have Xcode installed.

To get a device ID using iTunes

  1. Launch iTunes on your Mac.

  2. Connect your device to your Mac.

  3. In the upper-right corner, select the device.

  4. In the Summary pane, click the Serial Number label under Capacity or Phone Number.

    The label Serial Number changes to UDID and displays the device ID.

    ../Art/13_itunesgetdeviceid_2x.png
  5. Copy the device ID by Control-clicking the identifier and choosing Copy from the shortcut menu.

  6. Paste the device ID in a document or an email message.

Locating Mac Device IDs Using System Preferences

For Mac apps, you can get a device ID using the System Information app. For example, use this method if you want to register a Mac for testing that isn’t used for development.

To locate your Mac device ID using System Information

  1. Open the System Information app located in the /Applications/Utilities folder.

  2. Select Hardware in the left column.

    The device ID, or hardware UUID, appears near the bottom of the Hardware Overview pane and is in the format XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.

Registering Individual Devices

To register a device using Member Center, you need to have the device name and device ID.

To register a single device

  1. In Certificates, Identifiers & Profiles, select Devices.

  2. Under Devices, select All.

  3. Click the Add button (+) in the upper-right corner.

  4. Select Register Device.

  5. Enter a device name and the device ID (UDID).

    ../Art/13_ios_adddevice_onportal_2x.png../Art/13_ios_adddevice_onportal_2x.png
  6. Scroll to the bottom of the page, and click Continue.

  7. Review the registration information, and click Submit.

Registering Multiple Devices

If you have many test devices, you can create a file containing the device names and device IDs and upload the entire file to Member Center. Member Center supports these two file formats: a property list file with a .deviceids file extension and a plain text file. The file format you choose depends on whether you have access to the devices you want to register.

Creating a Property List Devices File

If you have access to the testing devices, you can use iPhone Configuration Utility to create a property list file that contains the device names and device IDs of the devices you connect to your Mac.

To download iPhone Configuration Utility

  1. Go to http://www.apple.com/support/iphone/enterprise/.

  2. Scroll down to the iPhone Configuration Utility section.

  3. Click the appropriate download link, and follow the online instructions.

To create the devices file using iPhone Configuration Utility

  1. Launch iPhone Configuration Utility.

  2. Connect each device to your Mac in turn.

    iPhone Configuration Utility adds the device information to the Devices section under Library.

  3. Under Library, select Devices, and select the devices you want to add to the file.

  4. Click Export in the toolbar.

  5. Enter a filename in the Save As field.

  6. Choose Device UDIDs from the “Export type” pop-up menu.

  7. Click Save.

Creating a Plain Text Devices File

If you don’t have access to the testing devices, you can create a .txt file containing the device names and device IDs you collect using another method. In this case, create a tab-delimited file with one device ID and one device name in each row. You can use the first row for your headers, because that row is ignored when parsed.

Uploading the Devices File

In Member Center, the steps to upload the devices file are the same for both file formats.

To register multiple devices

  1. In Certificates, Identifiers & Profiles, select Devices.

  2. Under Devices, select All.

  3. Click the Add button (+) in the upper-right corner.

  4. Select Register Multiple Devices.

  5. Click Choose File.

    ../Art/13_ios_addmultidevices_onportal_2x.png
  6. Select the file you want to upload, and click Choose.

    Select either the .deviceids or .txt file you created earlier.

  7. Click Continue.

  8. Review the registration information, and click Submit.

Installing iOS Developer Previews on Your Device

Before you begin, download the iOS developer preview you want to install on your device from iOS Dev Center.

To install an iOS developer preview on your development device

  1. Connect the iOS device to your Mac.

  2. In the iTunes, select the device in the upper-right corner.

  3. In the Summary pane, Option-click the Restore iPhone/iPad/iPod button.

  4. Select the iOS beta software restore image, and click Open to begin installation.

  5. When installation is complete, activate the device and restore its contents using iTunes.

Disabling and Enabling Devices Using Member Center

You can disable and enable a device, but you can’t delete it from Member Center. You can disable a device you no longer use for development or testing. However, doing so invalidates provisioning profiles that contain the device and doesn’t increase your total count of devices for the year. You can also enable a device that you previously disabled.

To disable or enable a device

  1. In Certificates, Identifiers & Profiles, select Devices.

  2. Under Devices, select All.

  3. Select the device you want to disable or enable.

  4. Click either Enable or Disable.

    ../Art/13_disable_device_2x.png
  5. In the dialog that appears, click either Enable or Disable again.

To regenerate invalid team provisioning profiles after disabling a device, read Refreshing Provisioning Profiles in Xcode. To remove a disabled device from other provisioning profiles you manage, read Editing Provisioning Profiles in Member Center.

You can also enable a device using Xcode. For iOS apps, Xcode automatically registers a connected device that’s chosen from the Scheme toolbar menu in the project editor. For Mac apps, Xcode automatically registers the Mac that’s running Xcode. If the device or Mac was previously registered but is disabled, Xcode enables it.

You may still run your app on a disabled device if it is in an older version of a provisioning profile that is installed on the device. To remove old versions of your provisioning profiles, read Removing Provisioning Profiles from Devices.

Managing Apps on iOS Devices

In the Devices window, you can manage instances of your app installed on an iOS device. Before you begin, connect the iOS device to your Mac, choose Window > Devices, and select the device under Devices.

Removing Apps from iOS Devices

To remove all data files associated with an app on an iOS device, delete the app from the device. You might do this to test code that runs only when your app first launches. In Xcode, you can remove only the apps that you created. You can’t remove any of the system-installed or third-party apps from the device using Xcode.

To remove an app from an iOS device

  1. In the Installed Apps table, select an app and click the Delete button (–) below the table.

  2. In the dialog that appears, click the Delete button.

Viewing, Downloading, and Replacing App Containers on iOS Devices

You can view the file structure of an app container on an iOS device directly in Xcode but not the contents of the files.

To view the contents of an app container

  1. Under Installed Apps, select the app from the list.

  2. From the Action menu (the gear icon to the right of the Delete button), choose Show Container.

    ../Art/13_devices_action_menu_2x.png
  3. Click Done.

To examine or modify the files in an app container, download it to your file system. Analyzing the contents of an app’s container may provide important information to help you diagnose problems or tune the app.

To download the contents of an app container

  1. Under Installed Apps, select the app from the list.

  2. From the Action pop-up menu, choose Download Container.

  3. Enter a filename in the Save As text field, and click Save.

To test the app in a particular state, replace the app container on an iOS device.

To replace an app container on an iOS device

  1. Under Installed Apps, select the app from the list.

  2. From the Action menu, choose Replace Container.

  3. Select a container from the File Picker and click Open.

Creating Provisioning Profiles Using Member Center

You can create both development and distribution provisioning profiles yourself using Member Center.

Because Xcode creates and manages team provisioning profiles for you, you only create a development provisioning profile if you want to restrict development of an app to specific team members and devices. Follow the steps in Creating Development Provisioning Profiles if you want to create your own development provisioning profile.

Xcode creates an iOS ad hoc provisioning profile for you when you export an app archive and select the ad hoc deployment option, as described in Distributing Your Beta App Using Ad Hoc Provisioning. To create an ad hoc provisioning profile directly in Member Center, read Creating Ad Hoc Provisioning Profiles.

Similarly, Xcode creates a store provisioning profile for you when you submit your app to the store. To create a store provisioning profile directly in Member Center, read Creating Store Provisioning Profiles.

After creating provisioning profiles, refresh provisioning profiles in Xcode, as described in Refreshing Provisioning Profiles in Xcode. The provisioning profiles should appear in the Provisioning Profiles table in the view details dialog in Accounts preferences.

Creating Development Provisioning Profiles

Before creating a development provisioning profile, verify that you have an App ID, one or more development certificates, and one or more devices. If you want to register your own App ID, read Registering App IDs. (You can also use one of the App IDs that Xcode manages for you.) If you need to create your development certificate, read Requesting Signing Identities. If you need to register devices, read Registering Devices Using Member Center.

To create a development provisioning profile

  1. In Certificates, Identifiers & Profiles, select Provisioning Profiles.

  2. Click the Add button (+) in the upper-right corner.

  3. Select iOS App Development for iOS apps or Mac App Development for Mac apps as the distribution method, and click Continue.

    ../Art/13_ios_createdevelopmentprofile_1_2x.png
  4. Select the App ID you want to use for development, and click Continue.

  5. Select one or more development certificates, and click Continue.

  6. Select one or more devices, and click Continue.

  7. Enter a profile name, and click Generate.

  8. Click Done.

Creating Ad Hoc Provisioning Profiles

An ad hoc provisioning profile allows testers to run your app on their device without needing Xcode. To create an ad hoc provisioning profile, you select an App ID, a single distribution certificate, and multiple test devices.

To create an ad hoc provisioning profile

  1. In Certificates, Identifiers & Profiles, select Provisioning Profiles.

  2. Click the Add button (+) in the upper-right corner.

  3. Select Ad Hoc as the distribution method, and click Continue.

    ../Art/6_ios_createdistributionprofile_2_2x.png
  4. Choose the App ID you used for development, which matches your bundle ID, from the App ID pop-up menu, and click Continue.

    If you used a team provisioning profile during development and the menu contains only the Xcode iOS Wildcard App ID, select it. If the menu contains another Xcode-managed explicit App ID (it begins with “Xcode” and contains your bundle ID), select that App ID. If you created your own App ID, select that one.

  5. Select the distribution certificate you want to use, and click Continue.

  6. Select the devices you want to use for testing, and click Continue.

  7. Enter a profile name, and click Generate.

    ../Art/6_ios_createdistributionprofile_3_2x.png

    Wait while Member Center generates the provisioning profile.

  8. At the bottom of the page, Click Done.

In Xcode, refresh the provisioning profiles to download the ad hoc provisioning profile, as described in Refreshing Provisioning Profiles in Xcode. The ad hoc provisioning profile should now appear in the Provisioning Profiles table in the view details dialog in Accounts preferences.

Creating Store Provisioning Profiles

Before uploading your app to the store, you provision it using a store provisioning profile. (For Mac apps that don’t enable any app services, you can code sign your app using just a distribution certificate.) You don’t select any devices to create a store provisioning profile.

To create a store provisioning profile

  1. In Certificates, Identifiers & Profiles, select Provisioning Profiles.

  2. Click the Add button (+) in the upper-right corner.

  3. Select App Store for iOS apps or Mac App Store for Mac apps as the distribution method, and click Continue.

    The screenshot below shows App Store selected for an iOS app.

    ../Art/8_ios_createdistributionprofile_1_2x.png
  4. Choose the App ID you used for development (the App ID that matches your bundle ID) from the App ID pop-up menu, and click Continue.

    If you used a team provisioning profile during development and the menu contains only the Xcode Wildcard App ID, select it. If the menu contains an Xcode-managed explicit App ID (it begins with “Xcode” and contains your bundle ID), select that App ID. If you created your own App ID, select that one.

    ../Art/8_ios_createdistributionprofile_2_2x.png
  5. Select your distribution certificate, and click Continue.

    A store provisioning profile contains a single distribution certificate.

  6. Enter a profile name, and click Generate.

    Wait while Member Center generates the provisioning profile.

  7. At the bottom of the page, Click Done.

Refreshing Provisioning Profiles in Xcode

Changes you make in Member Center aren’t automatically reflected in Xcode. For example, if you create or edit a provisioning profile in Member Center, refresh provisioning profiles in Xcode to download the changes. If you revoke a development certificate, refresh provisioning profiles to regenerate team provisioning profiles managed by Xcode. When Xcode refreshes provisioning profiles, it also checks to see if you’re missing signing identities and may ask if you want to request them.

To refresh provisioning profiles in Xcode

  1. In the Xcode Preferences window, click Accounts.

  2. Select your team, and click View Details.

    ../Art/13_viewdetails2_2x.png
  3. In the dialog that appears, click the Refresh button in the lower-left corner under the Provisioning Profiles table.

    Xcode updates the list of profiles in the Provisioning Profiles table.

Using Custom Provisioning Profiles

Occasionally, you may want to use your own custom development provisioning profile instead of the team provisioning profile that Xcode manages for you. For example, you might do this if you want to limit development of an app to a subset of developers or if you’re testing different app configurations. If so, create a development provisioning profile, as described in Creating Provisioning Profiles Using Member Center, and set your code signing identity build setting to use the new profile.

When you build the app, you code sign it with the signing identity matching the certificate contained in the provisioning profile you want to use. The possible values for the Code Signing Identity build setting pop-up menu are:

A menu item appears in the Code Signing Identity build setting pop-up menu for each provisioning profile to which your development certificate belongs. The default setting is the platform-specific development certificate that appears in the Automatic Profile Selector menu item, which matches your development certificate. For a description of each type of certificate that may appear in this menu, refer to Table 13-2.

Before you begin, decide whether to set the Code Signing Identity build setting at the project or target level. For a single target, you can set this build setting at either the project or target level as long as you’re consistent. For multiple targets that use the same code signing identity, set this build setting at the project level. For multiple targets that use different code signing identities, you set this build setting for each individual target. For example, choosing the project level ensures that any helper apps inside of your project are code signed as well as the main app.

Set the Provisioning Profile build setting to your development profile and the Code Signing Identity build setting to your development certificate.

To set the code signing identity to your development certificate

  1. In the Xcode project editor, select the target.

  2. Click Build Settings.

  3. In the Build Settings pane, click All and type code signing in the search field.

  4. From the Provisioning Profile pop-up menu, choose your development provisioning profile.

    Xcode automatically sets the Code Signing Identity build setting to “iOS Developer” for iOS apps and “Mac Developer” for Mac apps.

  5. If necessary, from the Code Signing Identity pop-up menu, choose your development certificate.

    For iOS apps, choose the certificate in the provisioning profile menu item that begins with the text “iPhone Developer:” followed by your name. For Mac apps, choose the certificate in the provisioning profile menu item that begins with the text “Mac Developer:” followed by your name.

    ../Art/12_buildsettings_2x.png

Your app is code signed the next time you build it. You can build and run your Mac app by simply clicking the Run button. For an iOS app, follow the steps in Launching Your iOS App on a Device to sign your app and launch it on a device.

To use the team provisioning profile again later, change the Provisioning Profile build setting to None. To learn more about Apple’s code signing technology, read Code Signing Guide.

Troubleshooting

If the development provisioning profile doesn’t appear in the Provisioning Profile pop-up menu, refresh provisioning profiles, as described in Refreshing Provisioning Profiles in Xcode. Then try to set the Provisioning Profile build settings again.

If a code signing error occurs when you build the app, verify that the Code Signing Identity build setting is correct. Also, check whether the Code Signing Identity build setting is set at the project or target level (target settings override project settings). To troubleshoot the Code Signing Identity build setting, read Build and Code Signing Issues.

Using Xcode-Managed Provisioning Profiles

Xcode creates and updates code signing identities and provisioning profiles for you. However, if your project was created using Xcode 4 or earlier, you may need to set the Provisioning Profile build setting to Automatic to use this feature.

To use Xcode-managed provisioning profiles

  1. In the Xcode project editor, select the target.

  2. Click Build Settings.

  3. In the Build Settings pane, click All and type Code Signing in the search field.

  4. From the Provisioning Profile pop-up menu, choose Automatic.

    Xcode sets the highest Code Signing Identity build setting to Don’t Code Sign, and the "Any … SDK” Code Signing Identity build settings to iOS Developer (for iOS apps) and Mac Developer (for Mac apps).

If necessary, set the project-level Provisioning Profile build setting to Automatic. To troubleshoot provisioning profiles, read Provisioning Issues.

Editing Provisioning Profiles in Member Center

You don’t need to re-create provisioning profiles to edit them. You can change the name of a provisioning profile and other properties depending on the type of provisioning profile. For all types of provisioning profiles, you can change the App ID. For an iOS app, you can add devices to an ad hoc provisioning profile. If you change a provisioning profile, remember to replace instances of the provisioning profile that you installed on devices.

If you want to repair a provisioning profile because you re-created a certificate, follow the steps in Re-Creating Certificates and Updating Related Provisioning Profiles.

To edit a provisioning profile

  1. In Certificates, Identifiers & Profiles, select Provisioning Profiles.

  2. Under Provisioning Profiles, select All, Development, or Distribution.

  3. Select the provisioning profile you want to modify, and click Edit.

    ../Art/13_tb_ios_modify_profile1_2x.png
  4. Make your changes to the provisioning profile, such as changing its name, adding certificates, or selecting a different set of devices.

    ../Art/13_tb_ios_modify_profile2_2x.png
  5. Click Generate.

After doing so, refresh provisioning profiles in Xcode, as described in Refreshing Provisioning Profiles in Xcode.

Renewing Expired Provisioning Profiles

If a provisioning profile expires, the provisioning profile’s status displays Expired in Member Center. You renew an expired provisioning profile by editing and re-generating it, as described in Editing Provisioning Profiles in Member Center. You don’t need to make any changes to the provisioning profile. Just scroll to the bottom of the Edit iOS Provisioning Profile or the Edit Mac Provisioning Profile page, and click Generate.

../Art/13_expired_profile_2x.png

If the expired provisioning profile is installed on your device, remove it, as described in Removing Provisioning Profiles from Devices. If the provisioning profile is an ad hoc provisioning profile, re-sign and distribute your app using the regenerated provisioning profile, as described in Beta Testing Your iOS App.

Verifying and Removing Provisioning Profiles on Devices

Use Xcode to verify if your provisioning profile is installed on a device or to remove expired provisioning profiles from a device.

To verify or remove a provisioning profile

  1. For iOS apps, connect the iOS device to your Mac.

  2. Choose Window > Devices, and select the device under Devices.

  3. At the bottom of the left column, click the Action button (the gear icon to the right of the Add button).

  4. Choose Show Provisioning Profiles from the pop-up menu.

    The provisioning profiles sheet appears.

    ../Art/13_remove_profile_2x.png
  5. To remove a provisioning profile, select it from the list and click the Delete button (–) in the lower-left corner.

  6. Click Done.

Removing Provisioning Profiles from Member Center

Occasionally, you may need to remove a provisioning profile from your team.

To remove a provisioning profile from your team

  1. In Certificates, Identifiers & Profiles, select Provisioning Profiles.

  2. Under Provisioning Profiles, select All.

  3. Select the provisioning profile you want to remove.

  4. Click Delete.

    ../Art/13_ios_delete_profile_2x.png
  5. In the dialog that appears, click Delete.

After doing so, refresh provisioning profiles in Xcode, as described in Refreshing Provisioning Profiles in Xcode, and remove the provisioning profile from your devices, as described in Removing Provisioning Profiles from Devices.

Downloading Provisioning Profiles from Member Center

If necessary, you can download specific provisioning profiles directly from Member Center.

To download a provisioning profile

  1. In Certificates, Identifiers & Profiles, select Provisioning Profiles.

  2. Under Provisioning Profiles, select All.

  3. Select the provisioning profile.

  4. Click Download.

    ../Art/13_ios_downloadprofile_2x.png

    A file with the provisioning profile name and the .mobileprovision extension appears in your Downloads folder.

Verifying the App Binary Entitlements

Some entitlements (for example, App Sandbox entitlements) are set in your Xcode project and others are set in the provisioning profile. You can check if the signed app has the correct entitlements by examining the app’s signature and if discrepancies occur, by examining the embedded provisioning profile located in the app binary.

To verify the entitlements of a signed app

  1. In Xcode, select your project in the project navigator.

  2. Click the disclosure triangle next to the project to reveal its contents.

  3. Click the disclosure triangle next to Products to reveal the binary.

  4. Control-click the binary file, and choose “Show in Finder” from the shortcut menu to go to the Xcode build location in the Finder.

    ../Art/13_locateprofileinbinary_1_2x.png
  5. Launch Terminal (located in /Applications/Utilities), and enter this text followed by a space character (do not press Return):

    codesign -d --entitlements -
  6. In the Finder, drag the app binary to Terminal.

  7. Press Return.

    For example, the output for an iOS app that is enabled for iCloud key-value storage contains the com.apple.developer.ubiquity-kvstore-identifier entitlement key. The output for a Mac app that is enabled for App Sandbox contains the com.apple.security.app-sandbox entitlement key.

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
        <key>application-identifier</key>
        <string>G9B5P7QDV2.edu.self.HelloWorld</string>
        <key>com.apple.developer.pass-type-identifiers</key>
        <array>
            <string>G9B5P7QDV2.*</string>
        </array>
        <key>com.apple.developer.ubiquity-container-identifiers</key>
        <array>
            <string>G9B5P7QDV2.edu.self.HelloWorld</string>
        </array>
        <key>com.apple.developer.ubiquity-kvstore-identifier</key>
        <string>G9B5P7QDV2.edu.self.HelloWorld</string>
        <key>get-task-allow</key>
        <true/>
    </dict>
    </plist>

If the app’s entitlements are different than what you have configured, verify that the embedded provisioning profile is correct. First, you need to locate the embedded provisioning profile.

To locate the embedded provisioning profile in the app binary

  1. In Xcode, select your project in the project navigator.

  2. Click the disclosure triangle next to the project to reveal the contents.

  3. Click the disclosure triangle next to Products to reveal the binary.

  4. Control-click the binary file, and choose “Show in Finder” from the shortcut menu to go to the Xcode build location in the Finder.

    ../Art/13_locateprofileinbinary_1_2x.png
  5. In the Finder, Control-click the binary file, and choose Show Package Contents from the shortcut menu.

    For iOS apps, a provisioning profile called embedded.mobileprovision appears in the Finder window. For Mac apps, the embedded file is called embedded.provisionprofile.

    ../Art/13_locateprofileinbinary_2_2x.png../Art/13_locateprofileinbinary_2_2x.png

To verify the entitlements of the embedded provisioning profile

  1. Launch Terminal (located in /Applications/Utilities), and enter this text (do not press Return):

    security cms -D -i
  2. In the Finder, drag the provisioning profile in the app binary to Terminal.

    ../Art/13_verifyentitlementsinapp_1_2x.png
  3. Press Return.

    This command outputs a property list in XML format.

  4. Locate the Entitlements key in the output and verify that the application-identifier key has the correct entitlements.

    For example, the following listing shows an iOS app that is enabled for data protection, Passbook, and iCloud. iCloud entitlements begin with the text com.apple.developer.ubiquity.

    <key>Entitlements</key>
        <dict>
            <key>application-identifier</key>
            <string>G9B5P7QDV2.*</string>
            <key>com.apple.developer.default-data-protection</key>
            <string>NSFileProtectionComplete</string>
            <key>com.apple.developer.pass-type-identifiers</key>
            <array>
                <string>G9B5P7QDV2.*</string>
            </array>
            <key>com.apple.developer.ubiquity-container-identifiers</key>
            <array>
                <string>G9B5P7QDV2.*</string>
            </array>
            <key>com.apple.developer.ubiquity-kvstore-identifier</key>
            <string>G9B5P7QDV2.*</string>
            <key>get-task-allow</key>
            <true/>
            <key>inter-app-audio</key>
            <true/>
            <key>keychain-access-groups</key>
            <array>
                <string>G9B5P7QDV2.*</string>
            </array>
        </dict>

See codesign and security for more ways to use these commands.

Recap

In this chapter, you learned how to maintain your certificates and provisioning profiles in a valid state and remove assets that you no longer need. To resolve specific certificate and provisioning profile issues, read Troubleshooting.