As a iOS developer, you have access to the Member Center, with 4 sections:

  1. Certificates
  2. Identifiers
  3. Devices
  4. Provisioning Profiles

1. Certificates: 

1.1   It’s the SSL concepts: certificate & keys. Private & public keys are generated by complex algorithms using large prime numbers. When one of them (not matter which) is used to encrypt, the other key is used to decrypt. So it has 2 purposes: (1) everyone can send you something that only you can read. (2) when you send out something they know the sender is you.

Certificate is the “identity proof” that a serious, trustworthy organisation (a Certificate Authority) provides everyone who wants and satisfies the requirement. These certificates has all “ID” information, like name, email, expiry date, web site… A certificate also contains a public key and a hash (to make sure certificate is not tampered). It never contains a private key.

In the Web, the browsers are already loaded with the root certificate of well-known CA (Certificate Authorities) – these CA keep the list of active and revoked certificates. Our iOS certificates are certified by Apple.

1.2   There are 2 types of Certificates: Development & Production.

  • Development: named “iPhone Developer“. Every iOS Developer team member gets an iPhone Developer certificate.

    The certificate “iPhone Developer” allows you to run/debug your app on iOS devices through Xcode.

  • Production: named “iPhone Distribution“. Only the team agent gets an iPhone Distribution certificate.

The certificate named “iPhone Distribution” allows testing your submission build with:

Ad Hoc distribution, submitting your app to the App Store, or creating an Enterprise build for in-house distribution.

Apple will use their certificates for the apps distributed on AppStore, and not our certificates.

In case of Apple Push Notification (APN), the provider sends a notification package to APNs – this package also contains device tokens. The APN then pushes these notifications to devices.

To know how to push to a device, first the device needs to register itself with APN (establish TLS peer-to-peer authentication / Transport Layer Security). Then it will have a device token (think of it as an address that push notification be sent to). A device token is an opaque identifier of a device that APNs gives to the device when it first connects with it. The device shares the device token with its provider. Thereafter, this token accompanies each notification from the provider.

  • APNs Certificate: SSL certificate that your push server (provider) uses to make a secure connection to APNS. You will need this to make sure of the provider’s identity to the Apple.
  • APNs Development iOS: for sandbox APN environment
  • APNs Production iOS: for real APN

1.3. Revoking these certificates won’t break any existing apps that are currently running on AppStore. And you will be ABLE to submit updates for those apps with different profiles. So no worries – just revoke if you don’t have the keys, Apple said it’s okay:

Members of the Standard iOS Developer Program can be assured that replacing either your developer or distribution certificate will not affect any existing apps that you’ve published in the iOS App Store, nor will it affect your ability to update those apps.

It is because when the AppStore distributes apps, they will use AppStore certificate to sign, not using yours cert to sign. Therefore there is no issue.

2. Identifiers:  Don’t mistake with code signing identity (which is the certificate + private key).  For more on Code Signing.

There are many identifiers but iOS developers are interested mostly in App IDs.

3. Devices:

The list of devices that you want to run the app on.

4. Provisioning Profiles:   Development & Distribution profiles.

Code signing with a development profile allows your app to run on device through Xcode. We can debug on these builds! These builds are also connected to sandbox APNs environment.

Code signing with a distribution profile allows you to create distribution builds. These builds allow you to test Push Notifications using your Production Push Notification Certificate and the live APNS servers.

Apple recommends to select Code Signing Identity like below: iPhoneDeveloper for Debug/Any iOS SDK & iPhoneDistribution for Release/Any iOS SDK

5. Code Signing:


Code Signing is a security technology, to certify that it was created by me. Once signed, all the changes to the app can be detected by the system.

Installing a new version of an app with the same digital signature,user  won’t have to be asked for permissions again – the new version will have the same access as the previous one.

There are 4 elements of code-signing:

  1. Code Signatures
  2. Code Signing Identities
  3. Code Signing Certificates
  4. Security Trust Policies