2

Recently, I had an experience of expiring profile & certificate and my all distributed apps were stopped running. So i want to go in depth of this logic. I have few question listed below. Anyone please answer because most iOS developers still don't know the answers.

  1. Why apple is expiring certificates and profiles exact after one year ?

  2. Can we extend the limit of expiration year from one year to any ?

  3. How iOS decide, The particular app certificate is expired so it should not be run in the device ?

  4. When installed app life is deciding by iOS i.e. When app is installed first time OR when Certificates and Profiles created ?

Most iOS developers are wondering for knowing the logic behind this certificate expiration process so please answer who knows the truth behind this.

Thanks in advance.

Nikh1414
  • 1,238
  • 2
  • 19
  • 35

1 Answers1

2

Why apple is expiring certificates and profiles exact after one year ?

So that you don't set up a parallel app store(IMO)

Can we extend the limit of expiration year from one year to any ?

For Enterprise licenses, 'in-house' distribution profiles have a validity of 3 years. Here is an old thread you may refer.

How iOS decide, The particular app certificate is expired so it should not be run in the device ?

From Apple docs: The first time an application is opened on a device, the distribution certificate is validated by contacting Apple’s OCSP server. Unless the certificate has been revoked, the app is allowed to run.

When installed app life is deciding by iOS i.e. When app is installed first time OR when Certificates and Profiles created ?

Same as above, certificate and PP expiry dates are taken in account before running the app. Try installing an app which was signed with old certificate and you'd see.()

Community
  • 1
  • 1
Vin
  • 10,517
  • 10
  • 58
  • 71
  • Sounds convincing. One question immediately struck my mind was "Offline". How does the above process be carried when the app is installed/opened when out of internet connection. – Dinakar Dec 24 '14 at 12:30
  • Hey Vin, Can you please provide more details on parallel app store and what is IMO ? – Nikh1414 Dec 24 '14 at 12:57
  • @Dinakar the validity is checked whenever the device comes online and the information is cached in the device, until checked again. – Vin Dec 24 '14 at 13:10
  • @Nikh1414 IMO(in my opinion) Apple doesn't want people to distribute apps except from the Appstore. When the profiles don't expire, you'd be able to create your own appstore and may start distributing ad hoc builds of the app. – Vin Dec 24 '14 at 13:12
  • The expiration date of the provisioning profile is also stored on the device. If you try to run an app that is signed using a provisioning profile it also check the expiration date, which it can do whether you're online or off-line. If expired it won't let it run. – wottle Dec 25 '14 at 01:04
  • Thanks @Vin . Imagine the user tries to use the app offline. By then the profile is already expired. What happens if the date on the iPad is altered & tries to use the app. My question might sound stupid but I am trying to understand how the OS is checking the validity offscreen. – Dinakar Dec 30 '14 at 06:21