How to Extract and Use a Provisioning Profile

Last updated June 4, 2024 by Appdome

What is a Provisioning Profile?

A Provisioning Profile allows you to install apps onto your iOS device and includes the signing certificates, a list of supported device identifiers (for the development and ad-hoc provisioning profile types only), entitlements, App ID, and more.

The following types of provisioning profiles can be generated

  • Development Profile
    Used for installing an app on a registered device in debug mode.
  • Ad-hoc Profile
    Used at a later stage of the development process, in particular for distributing the app to testers that are not part of the iOS developer program for your organization.
  • App Store Profile
    A profile that is used for the distribution of a completed app to the App Store for sale or to upload the application to the test-flight platform.

Appdome allows signing an app via the Sign tab by using any of the following methods:

  • Auto-DEV Private Signing
    Allows you to sign the app without uploading the signing certificate to Appdome’s cloud service.
    Appdome provides you with a script (.sh file), which runs on your trusted environment and signs the app by using your credentials    (certificate and password) as input. For more details, see How to Automate Secure iOS App Code Signing in DevOps CI/CD.

As part of the Appdome signing process of secured iOS apps, by using either Auto-dev Private Signing or Signing on Appdome, you are required to extract and upload a Provisioning Profile and an entitlement file for each executable in the app, and when using signing on Appdome, a P12 certificate and its password.

 

Extracting a Provisioning Profile

To extract a provisioning file for distribution to Appstore:

  1. From your selected browser, go to iOS Dev Center and sign in with your Apple ID.
  2. In the iOS Dev Center, click Certificates, Identifiers & Profiles.
    Certificates, Identifiers & Profiles in iOS Dev Center
  3. Go to Profiles.
  4. Click +.
  5. Select the requested Distribution/Development type.
    Select requested Distribution/Development type when registering a new provisioning profile
  6. Select an App or plugin ID.
  7. Select a certificate to include in the provisioning profile and click Continue.
  8. Enter a name for the profile and click Generate.
  9. (Optional) Click Download to download the provisioning profile.
    Here is an example of a provisioning profile file (can be opened by any text editor):

In order to sign an iOS executable, you need to define each executable’s capabilities and permissions via the executable’s entitlements.
The entitlements are part of the signature and are embedded into the executable.

If the app does not request an entitlement, the OS will not allow the matching application service at run time. Examples of entitlements are push notifications, App-Groups (allow IPC between applications on the same device), Keychain access groups, and iCloud.

The image below displays an example of an entitlements file, which can be opened and edited by any text editor.

An example of an entitlements file

Congratulations! You have now extracted the provisioning profile file required to sign your secured iOS application.

How to use the obtained provisioning profile

You can use this provisioning profile when exporting your application from XCode.
After archiving your application, select the type of your provisioning profile:
Select distribution method
Then select the provisioning profile you have generated and download it:
Select ad-hoc iOS provisioning profile
You can also use this provisioning profile when signing your application on Appdome’s platform.

After performing the above steps and generating provisioning profiles for all your application’s executables, you can upload it on the Sign tab to either the On Appdome signing or Auto-DEV Private Signing.

Upload a selected provisioning profile

FAQ

How do I extract the target bundle identifier from provisioning profile file?

  1. Open your file.mobileprovision file in a text editor.
  2. Look for the application-identifier key, which is stored in the Entitlements section inside your provisioning profile file.
    The value for this key is a prefix with the team identifier used when generating this target, followed by the target bundle identifier.

How do I extract the target team identifier from provisioning profile file?

  1. Open your file.mobileprovision file in a text editor.
  2. Look for the com.apple.developer.team-identifier key, which is stored in the Entitlements section inside your provisioning profile file.
    The value for this key is the team identifier.

How do I determine the type of the provisioning profile file?

  1. Open your file.mobileprovision file in a text editor.
  2. Look for the aps-environment key,  which is stored in the Entitlements section inside your provisioning profile file.
    If this value is development, then this the provisioning profile file’s type.
  3. Look for the key get-task-allow.
    If the value of this key is True, the provisioning profile file’s type is development.
  4. If you failed to find the file’s type, and the key ProvisionedDevices exists, the type is Ad-Hoc.

How do I determine whether the provisioning profile expired?

  1. Open your file.mobileprovision file in a text editor.
  2. Look for the ExpirationDate key.
    If the value indicated in this key is earlier than today, your profile has expired.

What is the difference between the Entitlements section in my provisioning profile file and the entitlements used to sign my application?

The entitlements used to sign your application are being saved in the derived data folder by XCode. They are the entitlements your application is using.

The entitlements section that the provisioning profile file contains are the entitlements you declared for your application in your Apple developer account when generating your provisioning profile

Related Articles

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

Appdome

Want a Demo?

Automated Signing of Secured Mobile Apps

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.