How to code sign iOS apps

What you need to know about iOS code signing

All iOS applications have to be digitally signed before they can be installed on real devices or published to the App Store. This is to verify the author of the app and ensure that all changes to the code come from a known source. A developer’s identity is verified with a code signing certificate issued by Apple.

In order to be able to install an app on a device during development or testing, the device must be provisioned with a provisioning profile containing the App ID, the certificate used to sign the app and the UDID of the device. The provisioning profile used when code signing apps for distribution via TestFlight or App Store Connect do not contain information about specific devices.

If you want to build an .ipa archive, you need to build the app with code signing.

Requirements for code signing iOS apps

To sign iOS apps, you need:

  • Apple Developer Program membership. This allows you to register your App ID and perform code signing.
  • A signing certificate. Signing certificates are issued by Apple. A signing certificate contains a public-private key pair that is used to sign the app and identifies who built the code. There are development certificates that belong to individuals and distribution certificates that belong to the team.
  • A provisioning profile. A provisioning profile contains information about the app ID, the devices on which the app can be installed and the certificates that can be used to sign the app. There are development certificates for running your app on real devices and distribution certificates for distributing the app for testing and to App Store Connect.
  • A macOS machine. iOS apps can be built and code signed only on macOS machines. See how to build iOS apps without a Mac here.

Matching the signing certificate and the provisioning profile

For successful signing, the certificate and the provisioning profile must match in the following way:

Development provisioning profile
Contains information about allowed Bundle ID(s), devices and development certificates
Development certificate (personal)
Used for development
Ad Hoc provisioning profile
Contains information about allowed Bundle ID(s), devices and the distribution certificates
Distribution certificate (belongs to team)
Used for testing on designated devices
App Store provisioning profile
Contains information about allowed Bundle ID(s) and the development certificates
Distribution certificate (belongs to team)
Used for distributing via TestFlight or submitting to App Store