All about Provisioning Profiles

tl;dr - Whatever Xcode is set up to do, we will re-use.

When Beta codesign’s your application, we choose the provisioning profile that Xcode embedded. Beta looks for a later version of that provisioning profile by name.

We also look for an identity in the developer’s Keychain that matches a certificate in the provisioning profile. We don’t always use what Xcode provided, but this should handle most cases. One example: if a developer has more than one individual’s Code Signing Identity in their Keychain, we may choose a different key than Xcode did, but it should be valid for the Proviosining Profile.

How should you setup Xcode? This will be most relevant for apps that use Game Center, push notifications, and iCloud. If you’re not using these, then the difference between Ad-Hoc and Development Provisioning Profiles is minor. Generally, the question is which provisioning profile has been used, so you know to update the correct one in Apple’s Developer Center when a new device is registered.

The Fabric OS X app names the provisioning profile at the top of the screen during distribution, prefixing it with either “Dev” for development or “Dist” for Ad-Hoc or Enterprise profiles.

You can set the Provisioning Profile setting for both Debug and Release schemes in an Xcode project, and while this will be the most exact it is also the most time-consuming. If you do this, you will need to update the setting every time you modify the provisioning profile as the project saves the UUID of the provisioning profile, which is randomly generated every time Apple’s Developer Center makes a new version.

If choose this path, you will need to select “All” under “Build Settings” in Xcode, and make sure to toggle open the Provisioning Profile option to set different values for Debug and Release. Usually, a Development Provisioning Profile is used for Debug and Ad-hoc Provisionoing Profile for Release. You can then delete all settings for Code Signing Identity, as Xcode will find the right ones.

If you distribute with Beta by Crashlytics, you can also look at the top of the screen to see which Provisioning Profile was used, and make sure it matches your expectations of being Development or Distribution, especially if you’re sending push notifications.

Note

It’s a good idea to clean between changes to Code Signing settings, to make sure that Xcode pulls in the correct Provisioning Profile.

Terminology

Provisioning Profile: A file included in your app and stored on the device. It authorizes an app or set of apps to run on specific devices, which are identified by UDID. Apps are identified by an App ID.

Variants:

  • Development: Typically used when running locally on a phone plugged in to your computer. This allows debugger access and uses development Game Center and development push notifications.
  • Team: A kind of Development profile that’s managed by Xcode. Xcode automatically adds everyone’s cert to it and all UDIDs from devices as well.
  • Ad-Hoc: Often used when sending out to testers. It does not allow debugger access and uses development Game Center, but production push notifications.
  • Enterprise: A provisioning profile that runs on any device. It uses production Game Center and production push notifications.

Code Signing Identity: A certificate and private key for signing apps. Developers often have one for development and an organization will have one for release. Provisioning profiles embed the certificates that they’re valid for. Dev provisioning profiles will usually contain each developer’s certificate. Release provisioning profiles (Ad-Hoc and Enterprise) will just have one.

Debug / Release Schemes: Xcode allows different settings for when building “debug” or “release.” Just pressing “Run” in Xcode will by default use “debug” settings whereas Archiving will use “release” settings.

App Id: Apple’s Developer Center lets you create “App IDs” for specific bundle identifiers or bundle identifier wildcards. A provisioning profile will be valid for a given App ID, though if that is a “wild card” then more than one app may match. (E.g. “com.crashlytics.ios.*”) To use Game Center or push notifications you need to create an App Id specific to your bundle identifier and not use a wildcard.