It won’t come as a surprise to any iOS developer out there that iOS apps need to be signed before they can be installed on physical devices and shipped to end users via App Store. All you need for that is an Apple developer account, a valid signing certificate, a matching provisioning profile… and a Mac to generate these files. Sounds like a lot of trouble? Judging by the number of questions related to iOS code signing on Stackoverflow, many developers struggle with it. We understand that setting up code signing can be a headache, especially when you’re trying to get it work in a CI/CD environment, and even more so when you’re developing for multiple platforms, as you can do with the Flutter SDK, and don’t own a Mac.
But wait, we have good news to all the Flutter developers! Codemagic has made the entire code signing business easier than ever before by eliminating some of the steps required in conventional iOS code signing process.
Introducing an alternative to conventional iOS code signing
What if we told you that you don’t need a Mac anymore to be able to sign your Flutter app for iOS? And what if you didn’t need to worry about the signing files and could have Codemagic take care of all that for you at no cost? That’s exactly what we’re saying: Codemagic offers automatic code signing of Flutter apps for iOS by generating the signing certificate and the provisioning profile in-app, allowing you to sign and ship the app to App Store as part of the build process. Read on for an overview of code signing basics and Codemagic’s new automatic code signing feature.
Understanding the basics of iOS code signing
Before we’re going to describe how Codemagic does its magic with signing your Flutter app for iOS, let’s go over what is normally needed for iOS code signing.
- Apple developer account. Enrollment in the Apple Developer Program is required to use TestFlight for beta testing or releasing the app to end users on App Store. It’s also needed to be able to request certificates and download provisioning profiles. However, if you’re only looking for a way to get a build that can be installed on a real device, you can follow this tutorial on how to deploy your app on an iPhone without signing up for Apple Developer Program (but you do need a Mac for that).
- Signing certificate. The certificate is a public/private key pair that enables to identify who developed the code. There is a personal development certificate for code signing the app during the development process and a (shared) App Store and Ad Hoc distribution certificate that’s used when you’re code signing the app for distribution.
- Provisioning profile. A provisioning profile contains information about the app ID, the devices on which the app can be installed and the certificates that can be used for signing the app. Just like with certificates, there is a development provisioning profile for code signing the app during the development process and distribution provisioning profiles (Ad Hoc or App Store) for distribution. More specifically, the Ad Hoc distribution profile can be used for distributing the app to non-Testflight testers (e.g. via HockeyApp), while you need to use the App Store distribution profile for testing on TestFlight or releasing to App Store. Unlike other provisioning profiles, App Store distribution profile is not linked to particular devices.
- A Mac. You need a Mac to first request a certificate from Apple and later to generate the certificate file that can be uploaded to third-party systems. A Mac is not really required when you’re developing Flutter apps, so this part of the code signing process might turn out to be a problem when you don’t have a Mac that you could use.
To sum up, you will need to use a development certificate along with a development provisioning profile to sign the code and install your app on real devices while developing. When you’re planning to publish the app to testers or release it to App Store, you will need to use your distribution certificate along with the appropriate distribution provisioning profile. And to be able to do all that, you have to be a member of the Apple Developer Program and own a Mac to get the files necessary for signing.
If you want to read more about this topic, you can take a look at A Beginner’s Guide to iOS Provisioning Profiles.
How it works with Codemagic
With automatic code signing, you can have Codemagic generate a signing certificate and a matching provisioning profile for you and use them for code signing. Depending on the selected provisioning profile type, Codemagic will create a development or a distribution certificate and a development, Ad hoc or App store provisioning profile. This way, you can get signed builds that can be installed on real devices and distributed to App Store — without owning a Mac.
Requirements for using automatic code signing
Before setting up automatic code signing, let’s go over what is needed for using Codemagic’s automatic code signing feature.
- Apple developer account. You still need to be a member of Apple Developer Program to be able to sign code and distribute your apps. Codemagic will require your Apple developer portal username and password to generate the certificates and provisioning profiles for you. We recommend adding a new user to your team and using that account with Codemagic’s automatic code signing feature.
- Registered devices. Codemagic will create a provisioning profile containing all the devices that have been registered on your Apple developer account. Before every build, Codemagic will check if new devices have been added and will update the profile if needed.
Set up automatic code signing
Setting up automatic code signing on Codemagic is fast and easy.
- Go to your App settings.
- Make sure that you have Release mode selected in Build settings.
3. In the Publish section, click on iOS code signing to expand this step.
4. Select Automatic as the code signing method.
5. Enter your Apple ID (Apple developer portal username) and Apple developer portal password.
6. Then choose the provisioning profile type.
7. You can also enter your app’s bundle identifier (optional). By default, Codemagic detects it automatically from your repository.
8. Finally, click Save to finish the setup. If your Apple developer account has two-step verification or two-step authentication enabled, you will be asked to enter your verification code in a popup and click Save again.
That’s it. You will now on receive signed builds for the workflow at hand. The .ipa file will be available for download in the Artifacts section of build overview and will be also sent on your email or Slack channel, if you have publishing to it configured. As a next step, you can configure publishing to App Store Connect to distribute your signed app to testers or submit it for review.
While you don’t strictly need to sign the app while developing, there’s no escaping from code signing and joining the Apple Developer Program when you’re planning to publish your app to the public via App Store. We believe that by eliminating the need for a Mac for code signing purposes allows more people to deliver their app to potential end users.
In the end, Codemagic’s automatic code signing feature is not just for people without a Mac: it simply takes the pain out of the entire process by automating yet another aspect of app development. However, those who wish to remain in full control of code signing can still continue to use our manual code signing option and upload signing files manually.