- A string used to uniquely identify an app.
- By convention, it's a reverse-DNS style string.
- Must be globally unique.
Example:
- GitHub
com.github.stormbreaker - TikTok
com.zhiliaoapp.musically - Temple Run
com.imangi.templerun
Toolbelt:
https://developer.apple.com/library/archive/documentation/General/Conceptual/DevPedia-CocoaCore/AppID.html (doc says it could be outdated but this seems foundational enough to not have changed and is the best description I've found so far.)
- Two part string used to identify one or more apps from a single development team.
- First part is the Team ID.
- Second part is a bundle ID search string.
- There are two types of App IDs:
- an explicit App ID, used for a single app.
- wildcard App IDs, used for a set of apps.
Example:
- Explicit:
TeamID.com.example.app - Wildcard:
TeamID.com.example.*
https://developer.apple.com/library/archive/technotes/tn2311/_index.html
- An app ID prefix is a unique identifier used to group a collection of apps so that they can share keychain and UIPasteboard data.
- Notably, it's possile for a team to have multiple App ID prefixes, if they were created prior to the introduction of iCloud in June 2011. The new version is a Team ID and the old version a ten digit alphanumeric string. This has disadvantages:
- Apps with different App ID prefixes cannot share keychain or UIPasteboard data.
- Implies that migrating would cause the user to lose access to previously stored data.
- App ID prefix mismatch can cause issues at distribution time.
- Apps with different App ID prefixes cannot share keychain or UIPasteboard data.
Diagnostic:
- Log into the Apple Developer Portal and check the App ID prefix for the app in question.
https://developer.apple.com/help/account/manage-your-team/locate-your-team-id/
- A unique 10-character string that Apple assigns to your team.
- AKA an App ID prefix.
-
https://developer.apple.com/documentation/technotes/tn3125-inside-code-signing-provisioning-profiles
-
Except for macOS apps, a provisioning profile is required to run an app on a device.
-
A provisioning profile defines:
- Who is allowed to sign code?
- What apps are they allowed to sign?
- What devices are they allowed to run on?
- When can the app be run?
- Profiles have an expiration date.
- Typically, a profile is valid for one year.
- What capabilities does the app have access to?
- Automatic Provisioning requires that you log into Xcode in some way:
- App Store Connect API Key
- Apple ID
- Manual Provisioning requires that you download the provisioning profile and certificate from the Apple Developer Portal and install them in Xcode.
- The certificate must be installed in the Keychain.
- The provisioning profile must be in the expected location on disk.
In both case, you will need to store something in your CI/CD system to authenticate with Apple. Automatic Provisioning requires that you store an App Store Connect API Key in your CI/CD system, while manual provisioning requires that you store a certificate(s) and provisioning profile(s) in your CI/CD system.
The major pro of automatic provisioning is that you don't need to think about the certificate and provisioning profile. The major con is that you need to store an App Store Connect API Key in your CI/CD system.
The major pro of manual provisioning is that you don't need to store an App Store Connect API Key in your CI/CD system. The major con is that you need to manage the certificate and provisioning profile, and if you go the fastlane match route, you'll end up storing an encrypted blob of your certificate and provisioning profile in your git repository OR have a complicated CI/CD setup to manage the certificate and provisioning profile injection into the build environment.
- Run a signed app on devices in the provisioning profile.
- Run in debug mode.
- Submit an app to the App Store.
- Once approved and signed by Apple, the app can be downloaded by anyone via the App Store.
- Run a signed app on devices in the provisioning profile.
- Can register up to 100 devices.
- Similar to Ad Hoc, but can register an unlimited number of devices.
- Requires an Enterprise Developer Program membership.
- Requires that devices trust the enterprise certificate.
- Used by fastlane et al to automate app distribution.
- Limitations: (https://docs.fastlane.tools/app-store-connect-api/#supported-actionstools)
- Cannot create new apps: https://developer.apple.com/documentation/appstoreconnectapi/app_store/apps
- Cannot get push certificates (can't find source for this outside of fastlane docs)
https://stackoverflow.com/questions/11034133/building-ios-applications-using-xcodebuild-without-codesign fastlane/fastlane#6027
Sometimes you just want to know if your code compiles. Fastlane gym doesn't support skipping code signing, but they say that you can use their xcodebuild action to do so.
xcodebuild clean build CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NOhttps://codesigning.guide/ https://docs.gitlab.com/ee/ci/secure_files/ https://docs.fastlane.tools/actions/match/
Authentication mechanisms that work with match:
- App Store Connect API Key. See roles here: https://developer.apple.com/support/roles/
- Apple ID (but you'll have to store a cookie if you go this route.)
Notably, the app specific password won't work, since it only supports the iTMSTransporter API (uploads ipa files to the App Store) and not the App Store Connect API.
macs have uuids, virtual machines too. The UUID for an M1 virtual machine is bound to the create operation, so even clones will have the same UUID.