How to Extract and Use a Provisioning Profile
What is a Provisioning Profile?
A Provisioning Profile allows you to install apps onto your iOS device and includes the signing certificates, a list of supported device identifiers (for the development and ad-hoc provisioning profile types only), entitlements, App ID, and more.
The following types of provisioning profiles can be generated
- Development Profile
Used for installing an app on a registered device in debug mode. - Ad-hoc Profile
Used at a later stage of the development process, in particular for distributing the app to testers that are not part of the iOS developer program for your organization. - App Store Profile
A profile that is used for the distribution of a completed app to the App Store for sale or to upload the application to the test-flight platform.
Appdome allows signing an app via the Sign tab by using any of the following methods:
- On Appdome
Allowing Appdome to take care of the entire signing process. You only need to provide the signing credentials. For details, see topic How to Sign Secured iOS Apps without Xcode.
- Private Signing
Gives you full responsibility for handling the entire signing process. For more details, see How to Privately Code Sign Sealed iOS Apps using DevSecOps Build System.
- Auto-DEV Private Signing
Allows you to sign the app without uploading the signing certificate to Appdome’s cloud service.
Appdome provides you with a script (.sh file), which runs on your trusted environment and signs the app by using your credentials (certificate and password) as input. For more details, see How to Automate Secure iOS App Code Signing in DevOps CI/CD.
As part of the Appdome signing process of secured iOS apps, by using either Auto-dev Private Signing or Signing on Appdome, you are required to extract and upload a Provisioning Profile and an entitlement file for each executable in the app, and when using signing on Appdome, a P12 certificate and its password.
Extracting a Provisioning Profile
To extract a provisioning file for distribution to Appstore:
- From your selected browser, go to iOS Dev Center and sign in with your Apple ID.
- In the iOS Dev Center, click Certificates, Identifiers & Profiles.
- Go to Profiles.
- Click +.
- Select the requested Distribution/Development type.
- Select an App or plugin ID.
- Select a certificate to include in the provisioning profile and click Continue.
- Enter a name for the profile and click Generate.
- (Optional) Click Download to download the provisioning profile.
Here is an example of a provisioning profile file (can be opened by any text editor):
In order to sign an iOS executable, you need to define each executable’s capabilities and permissions via the executable’s entitlements.
The entitlements are part of the signature and are embedded into the executable.
If the app does not request an entitlement, the OS will not allow the matching application service at run time. Examples of entitlements are push notifications, App-Groups (allow IPC between applications on the same device), Keychain access groups, and iCloud.
The image below displays an example of an entitlements file, which can be opened and edited by any text editor.
How to use the obtained provisioning profile
After archiving your application, select the type of your provisioning profile:
After performing the above steps and generating provisioning profiles for all your application’s executables, you can upload it on the Sign tab to either the On Appdome signing or Auto-DEV Private Signing.
FAQ
How do I extract the target bundle identifier from provisioning profile file?
- Open your file.mobileprovision file in a text editor.
- Look for the application-identifier key, which is stored in the Entitlements section inside your provisioning profile file.
The value for this key is a prefix with the team identifier used when generating this target, followed by the target bundle identifier.
How do I extract the target team identifier from provisioning profile file?
- Open your file.mobileprovision file in a text editor.
- Look for the com.apple.developer.team-identifier key, which is stored in the Entitlements section inside your provisioning profile file.
The value for this key is the team identifier.
How do I determine the type of the provisioning profile file?
- Open your file.mobileprovision file in a text editor.
- Look for the aps-environment key, which is stored in the Entitlements section inside your provisioning profile file.
If this value is development, then this the provisioning profile file’s type. - Look for the key get-task-allow.
If the value of this key is True, the provisioning profile file’s type is development. - If you failed to find the file’s type, and the key ProvisionedDevices exists, the type is Ad-Hoc.
How do I determine whether the provisioning profile expired?
- Open your file.mobileprovision file in a text editor.
- Look for the ExpirationDate key.
If the value indicated in this key is earlier than today, your profile has expired.
What is the difference between the Entitlements section in my provisioning profile file and the entitlements used to sign my application?
The entitlements used to sign your application are being saved in the derived data folder by XCode. They are the entitlements your application is using.
The entitlements section that the provisioning profile file contains are the entitlements you declared for your application in your Apple developer account when generating your provisioning profile
Related Articles
- How to Sign Secured iOS Apps Without Xcode
- How To Sign Secured Android Apps Without Android Studio
- signing apps with Extension or Frameworks.
- Request a demo at any time.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
