-
Notifications
You must be signed in to change notification settings - Fork 7
Provisioning Profiles
Provisioning Profiles are the mechanism that Apple uses to restrict access to Apps for beta testing and enterprise deployment. Otherwise all Apps have to come from the App Store with a proper signature.
To create a provisioning profile, a developer has to have an account from Apple so that he can obtain a signing key. This key is used to code sign various pieces of the application. For our purposes here, the provisioning profile is signed by a developer's code signing key. The developer's key must be signed by Apple for the operating system to recognize it.
The provisioning profile contains various pieces of information on what applications should be allowed to run and when. For a beta-test scenario, it contains all of the different UUIDs of the devices where it will be allowed to run. Apple allows you to have up to 100 devices on your developer account available for using in provisioning profiles. The provisioning profile also contains things like the public key that the application should be signed with, the name of the applications it applies to and any entitlements that application should have access to. Again, this file has to be signed by the developer's key, otherwise it's invalid.
Once this provisioning profile is generated, it has to be loaded into the Xcode instance where the application is compiled. This is so that Xcode can generate the correct signature for the application. In Buster's case, the provisioning profile is uploaded to HockeyApp along with the executable, so you can always get the freshest provisioning profile from there.
Each user also has to install the provisioning profile so that programs that use it can be run on their device.
Note that none of this has to happen for an App on the various App Stores. Apple works the signatures such that they will run without any provisioning profiles. This is just for beta testing and enterprise deployment.
This process is why beta testers need to be added in batches. There is a significant amount of work on the part of the developer and the beta testers to roll out a new provisioning profile.