iPhone Key Chain and Distribution Profiles
Nov/Fri/08 14:07
There is a direct connection between the iPhone OS Key Chain service and the distribution profile that is used to sign you iPhone app for iTunes distribution. Once you have released an iPhone app that accesses the Key Chain you must always use that distribution profile to sign that app as updates are releases. I found out the problem the hard way. A small number of My Eyes Only found out the hard way as did the sales income for Software Ops LLC.
I decided to “clean up” my distribution process and use one distribution profile for my two existing apps instead of using the original distribution profile that I had used for the initial release and 4 updates. I didn’t know that this would have a negative affect on the ability of MEO to access Key Chain items that had been placed into the Key Chain by previous versions of MEO.
An application that has placed items into the Key Chain can’t retrieve those items if a follow-on version is signed with a different distribution profile.
This behavior isn’t documented anywhere that I can find at the time of this post. I like this feature and shows that Apple is building strong security into the iPhone’s Key Chain, but please document it so we all understand the behavior.
I did find this instruction on the Distribution tab of the iPhone Program Portal, but I had not known this information was documented, because I had released many updates of MEO before this information was posted. I do believe item 1 below is key and should be made more visible to all iPhone developers.
Updating your ApplicationThe App Store uses three pieces of information in your application to identify a submission as an update to an existing application. When you are submitting an update of your application to iTunes Connect for App Store distribution, make sure to:
Use the same Distribution Provisioning Profile to build each new version of your application
Increment the CFBundleVersion and CFBundleShortVersionString values in your project Info.plist file. Note: Version numbers must be period-delimited sequences of positive integers (1.0 to 1.1, or 2.2.1 to 2.2.2).
Some may ask, “did you test your software before you shipped?”. The answer is yes. But you must understand, that I tested with a development profile that I hadn’t changed. The binary that I signed with the new distribution profile is correctly accessing the Key Chain, but the iPhone OS is denying access to the items because of the different distribution profile. The code is correct; my build process was incorrect.
There was, and still is, no way for me to find this “bug” prior to MEO being released to the entire world. iPhone developers can’t test the final released build before it is released to the public. This is a BAD process and that I suspect has hurt other developers.
I suggest the following.
1) Developers submit to iTunes.
2) iTunes approves for release, but doesn’t actually release it.
3) Developers can download and test what iTunes has approved.
4) Developers then OK, the release, and it hits the iTunes store.
If the developer finds a problem with the binary, the make the fix and start over at #1. All the while, the existing version of the app is selling in the App Store.
I decided to “clean up” my distribution process and use one distribution profile for my two existing apps instead of using the original distribution profile that I had used for the initial release and 4 updates. I didn’t know that this would have a negative affect on the ability of MEO to access Key Chain items that had been placed into the Key Chain by previous versions of MEO.
An application that has placed items into the Key Chain can’t retrieve those items if a follow-on version is signed with a different distribution profile.
This behavior isn’t documented anywhere that I can find at the time of this post. I like this feature and shows that Apple is building strong security into the iPhone’s Key Chain, but please document it so we all understand the behavior.
I did find this instruction on the Distribution tab of the iPhone Program Portal, but I had not known this information was documented, because I had released many updates of MEO before this information was posted. I do believe item 1 below is key and should be made more visible to all iPhone developers.
Updating your ApplicationThe App Store uses three pieces of information in your application to identify a submission as an update to an existing application. When you are submitting an update of your application to iTunes Connect for App Store distribution, make sure to:
Use the same Distribution Provisioning Profile to build each new version of your application
Increment the CFBundleVersion and CFBundleShortVersionString values in your project Info.plist file. Note: Version numbers must be period-delimited sequences of positive integers (1.0 to 1.1, or 2.2.1 to 2.2.2).
Some may ask, “did you test your software before you shipped?”. The answer is yes. But you must understand, that I tested with a development profile that I hadn’t changed. The binary that I signed with the new distribution profile is correctly accessing the Key Chain, but the iPhone OS is denying access to the items because of the different distribution profile. The code is correct; my build process was incorrect.
There was, and still is, no way for me to find this “bug” prior to MEO being released to the entire world. iPhone developers can’t test the final released build before it is released to the public. This is a BAD process and that I suspect has hurt other developers.
I suggest the following.
1) Developers submit to iTunes.
2) iTunes approves for release, but doesn’t actually release it.
3) Developers can download and test what iTunes has approved.
4) Developers then OK, the release, and it hits the iTunes store.
If the developer finds a problem with the binary, the make the fix and start over at #1. All the while, the existing version of the app is selling in the App Store.