1

I have an IOS application for a client and I need to push it as an update to the existing app. I already received the credentials of the itunesconnect account which includes the application however here is my problem.
I don't have the private key which was used to publish the initial application which according to the below could cause a problem.
The private key is locally stored on the Mac device (in this case, the old vendor).
In the wrong hands, someone might attempt to distribute an app that contains malicious code. Not only could that cause the app to be rejected, it could also mean our developer credentials could be revoked by Apple.
Is there a way to retrieve the old key?

In the case where I sign the application with another certificate, will still go as an update to the existing one?

Ihab
  • 170
  • 1
  • 6
  • 1
    Of course it will go as an update, just create the new distribution certificate, or ask for the old one(if not expired), it can exported from the keychain. – Fahri Azimov Feb 17 '16 at 10:52

2 Answers2

3

Your fears are unfounded.

In the wrong hands, someone might attempt to distribute an app that contains malicious code

Don't forget that they would also need your team agent's credential to submit the app. Even if they have the private key, they wouldn't be able to submit anything.

Is there a way to retrieve the old key?

No need to retrieve the old key, just revoke it from the provisioning portal and generate a new one.

In the case where I sign the application with another certificate, will still go as an update to the existing one?

App updates are based upon bundle ID and not the code signing certificate. App submitted with the new certificate would still be considered an update, if the bundle ID is same.

Vin
  • 10,517
  • 10
  • 58
  • 71
1

Create new Distribution certificates and upload latest build with new version, this will go as update to users.

RBN
  • 482
  • 4
  • 13