8

We have developed an iOS app that has been delivered to the customer as an IPA with an ad-hoc distribution profile that allowed a set of their employees to install it on their devices. The customer now wishes to distribute that app internally to all their employees using their iOS Enterprise Developer program credentials.

I had hoped that the customer could simply re-codesign the ad-hoc IPA with their own enterprise identity. However, they say they can't do that. They say they "need an IPA file with the removal of the limitation to only certain devices".

So, what do I do?

  • Do I need to somehow create an "unsigned" IPA for them? (And if so, how do I do that?)
  • Do I need them to generate an Enterprise distribution provisioning profile for me so I can build the app with that profile?
  • Do I need to just send them the source or build output and let them build the package?

I have looked at the following documents, but they have not enlightened me:

Cœur
  • 37,241
  • 25
  • 195
  • 267
Kristopher Johnson
  • 81,409
  • 55
  • 245
  • 302

1 Answers1

8

It's completely possible to take any IPA and resign it with your own details, modifying the Info.plist, bundle ID, etc. in the process. I do this all the time with IPAs that have been signed by other developers using their own provisioning profiles and signing identities.

If they aren't familiar with the codesign command line tool and all the details of replacing embedded.mobileprovision files and entitlements, the easiest way for them to do this is for you to "Archive" the app via Xcode, and send them the generated archive file (*.xcarchive).

They can import that into Xcode so it is visible in the Organizer, and from there they can choose "Distribute" and sign it with their enterprise identity.

To import the .xcarchive file into Xcode, they just need to copy the file into the ~/Library/Developer/Xcode/Archives directory and it should appear in the Xcode organizer. Then they click "Distribute" and follow the instructions:

enter image description here

Mike Weller
  • 45,401
  • 15
  • 131
  • 151
  • It's not clear to me whether they have Xcode-savvy people. They have some sort of internal "company app store" and whoever manages it is apparently used to receiving IPAs that just work. I'll try to get more information. – Kristopher Johnson Jun 14 '12 at 14:58
  • Ah, they must be using some custom over-the-air portal or something like TestFlight. The problem is, the app needs to be signed with their enterprise details. There's no way around that. They could provide you with their private key and provisioning profile and you can build everything yourself. – Mike Weller Jun 14 '12 at 15:01
  • @MikeWeller you say that you can even modify the bundle ID -- but isn't this part of the binary as well? Wouldn't that cause any implications? (I first read about that in the "update" section here: http://oleb.net/blog/2011/06/code-signing-changes-in-xcode-4/ ) – phi Dec 18 '12 at 14:34
  • It only causes problems if you use Xcode to do the resigning (since Xcode does not change the entitlements of the binary). We have a script we developed internally which does all this for you using the `codesign` utility. So it is possible. You can do it all on the command line without a script if you have to. – Mike Weller Dec 18 '12 at 16:57
  • This script for IPA's worked well for me just now. https://gist.github.com/Gl0ub1l/4233537 – Steve Moser Mar 28 '13 at 20:38