Skip to main content

Code Signing

Unlike other operating systems, such as Windows or Linux, iOS restricts which applications can run on your device. Before the iOS operating system launches an application, it will first determine whether this application is allowed to run on that device.

Apple is the authority which decides which applications can run on iOS devices. By default, you can only run iOS applications which you have downloaded from the App Store.

iOS implements these restrictions by using code signing. Each iOS application is digitally signed using a certificate. If an application is signed directly by Apple, the application can run on any iOS device.

Developer Certificates

As an individual developer, you can request code signing certificates which allow you to sign applications which can run on a limited number of devices. iOS devices only accept code signing certificates which have been issued by Apple.

You can request a developer certificate by signing up for the Apple Developer Program.

Developer certificates can be managed using Xcode or directly in the Apple Developer portal. You can also use third-party tools, such as Fastlane to manage certificates.

Provisioning Profiles

It's not sufficient to digitally sign your application with a developer certificate by Apple. You'll also need authorization from Apple to run applications which you have signed on your devices. This authorization comes in the form of provisioning profiles.

A provisioning profiles is a document, digitally signed by Apple, which roughly states: "applications signed with developer A, B and C, can run on devices X, Y and Z". You can manage provisioning profiles using the Apple Developer Portal, Xcode or third-party tools such as Fastlane.