Skip to main content
Version: Early Access

Signing FAQ

This page answers frequently asked questions about signing native iOS and Android apps so they can be distributed to mobile device users through the App Catalog. If your question is not listed here, try entering a keyword in the search box at the top right to search other pages.

What is signing?

Signing (also known as code signing) uses a digital certificate and private key to seal an app and identify its author. This process identifies an app as belonging to your organization and ensures that the app has not been modified since it was last signed.

For more information about what signing is and why you must do it, see About Signing.

What do I need in order to sign apps through the Admin Portal?

The requirements for signing apps are different for iOS and Android. Once you have created the appropriate credentials, you can either store them on your computer or store them in Digital.ai App Management for easy access during signing.

For information on required signing credentials, see Signing Prerequisites.

How do I create signing credentials for iOS apps?

To sign an iOS app using either the Portal or the signing package, you need:

  • An Apple Developer account from the Apple Developer Program.
  • distribution certificate (also referred to as a production certificate) that is paired with a private key and approved by Apple. The distribution certificate authenticates that the app comes from an Apple-trusted source (this is the signature). A distribution certificate is not specific to a particular app; you can use the same certificate to sign all your iOS apps.
  • distribution provisioning profile, which authorizes devices to use the app. The provisioning profile is the file actually used to sign the app. It includes a name, a distribution certificate, and an app ID. The provisioning profile should use an unique app ID associated with a particular application.

To learn how to create iOS signing credentials, see iOS Signing Requirements.

How do I create signing credentials for Android apps?

To sign an Android app using either the Portal or the signing package, you need:

  • A private key pair stored in a Java keystore (JKS).
    • To sign an Android app with Digital.ai App Management, you need to provide the private key in PKCS (Personal Information Exchange File) #12 format with a .p12 extension.

To learn how to create Android signing credentials, see Android Signing Requirements.

How do I sign an app through the Admin Portal?

To learn how to sign an app in Digital.ai App Management, see Sign an App (Admin Portal).

Can I sign an app outside of the Admin Portal?

To learn how to sign an app outside of Digital.ai App Management, see Sign an App (Signing Package).

Can I use App Management to sign an iOS app that includes extensions and an Apple Watch (watchOS) app?

iOS apps with watchOS components can't be signed through the Portal; these apps must be signed with the signing package. iOS apps with extensions can be signed in the Portal.

For more information, see App Extensions and Entitlements and Sign an App (Signing Package).

Do I need to sign every app that I add to App Management?

Every iOS and Android app must be signed before you can distribute it to your users.

For more information, see About Signing.

Do I need to sign Native App Catalogs?

iOS and Android App Catalogs need to be signed like any other native applications; Windows 8 App Catalogs do not.

For more information, see About Signing.

What is the difference between the standard iOS Developer Program and the iOS Developer Enterprise Program?

To learn about the iOS developer programs and how they relate to signing apps, see Apple Developer Programs.

What is the difference between an Individual Developer License and an Enterprise Developer License?

An "Individual Developer License" is another way to refer to a developer's account for the standard iOS Developer Program. That is, an account that can create a distribution provisioning profile to distribute apps to up to 100 specific iOS devices. An "Enterprise Developer License" refers to an account for the iOS Developer Enterprise Program. Organizations with this account can create provisioning profiles to distribute apps to an infinite number of devices.

What is the difference between a development provisioning profile and a distribution provisioning profile?

development provisioning profile is associated with a development certificate that identifies a single developer on a team. It authorizes an app to use certain technologies and run on designated devices during development. In order to work, it requires Xcode, which makes it useful during the app development process only. It is not for deploying apps to users.

distribution provisioning profile is associated with a distribution certificate that identifies a team, not a team member. It authorizes an app to run on devices without the assistance of Xcode. A distribution provisioning profile is used to deploy an app to users via the App Store or other app marketplace, such as the App Catalog.

For more information, see Manage Distribution Provisioning Profiles.

What is the difference between Ad Hoc and In House distribution?

For more information, see Ad Hoc or In House Distribution.

Can I sign an iOS app with a wildcard distribution provisioning profile?

Digital.ai App Management does not prohibit you from signing an app with a wildcard distribution provisioning profile, but it is not recommended.

For more information, see App Extensions and Distribution Provisioning Profiles.

What does it mean when an app "expires," and how do I fix it?

When an app "expires," it means that the credentials used to sign the app have expired. This could mean something different depending on the type of app.

For more information, see Sign an app with a certificate that is about to expire.

How can I check the expiration date of iOS signing credentials?

You can check the expiration date of an application in the Expiration Date column on the Applications page. The Expiration Date column is hidden by default; use the Show/hide columns menu to display it. In additional, status tags on the Applications page identify apps that are due to expire soon or have already expired.

You can also check the expiration date of an iOS app's credentials on the Signing page for the app.

If you have an iOS Developer Program account, you can also log in to the iOS Dev Center to check expiration status, create new distribution certificates, and perform other tasks to create and manage signing credentials for iOS apps.

info

Digital.ai App Management helps track expiration dates of signing credentials by notifying Administrators about iOS apps due to expire. Notification emails are sent 60 days before an app expires, 45 days before, 30 days before, and then every day until the app either expires or is re-signed with a current distribution certificate and provisioning profile.

You can also check the expiration date of any signing credentials you have stored in Digital.ai App Management. To do this, go to Signing Credentials on the Settings page.

For more information about expired iOS apps and what to do when an app is about to expire, see iOS App Expiration.

When do I need to re-sign an app after it is in App Management?

After an app has been added to Digital.ai App Management, there are times when you will want or need to re-sign the app.  For more information, see Re-sign an App.

Do I need to re-sign an app with the same credentials it was signed with previously?

With iOS and Android apps that have been installed on any of your users' devices, it is important that you re-sign the apps with the same credentials they were signed with previously. If you sign an app with different credentials, users will not be able to install an update of the app.

Last updated on