When we develop iOS applications for our clients we don't typically publish the apps on their behalf, they publish them using their own Apple account. Each build of the application is tied to a P4 account however, so how do they publish using their accounts?

In order to publish an iOS app that has been created using another companies certificates and profiles and bundle id the ipa has to be updated with your details.

To re-sign an ipa and change the bundle id you have two main options:-

Manually from the command line
Using a tool such as AirSignApp or iReSign

The tools are pretty good, AirSignApp is particularly good. The AirSignApp has a 28 day trial and the iReSign app is free.

To understand what's involved to do this from the command line and to help understand what the tools do in the background, lets assume we are resigning an app and changing the bundle id from com.p4innovation.SocialApp to com.ourcompany.SocialApp:-

1.Unzip the ipa

unzip -q SocialApp.ipa

2. Remove the old code signature

rm -r Payload/SocialApp.app/_CodeSignature/

. Copy the new provisioning profile over the existing embedded.mobileprovision

cp ReplacementAppAdhoc.mobileprovision Payload/SocialApp.app/embedded.mobileprovision

4. Update the plist bundle id

/usr/libexec/PlistBuddy -c "Set CFBundleIdentifier com.ourcompany.SocialApp" Payload/SocialApp.app/Info.plist

Create a new entitlements file with the new bundle id

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
 <dict>
  <key>application-identifier</key>
  <string>SR1AB12323.com.ourcompany.SocialApp</string>
  <key>com.apple.developer.team-identifier</key>
  <string>SR1AB12323</string>
  <key>get-task-allow</key>
  <false/>
  <key>keychain-access-groups</key>
  <array>
   <string>SR1AB12323.*</string>
  </array>
 </dict>
</plist>

6. Resign the app the new cert and new entitlements file

codesign -f -s "iPhone Distribution: Our Company Ltd (XXXXXXXX)" --identifier "com.ourcompany.newMyApp" --entitlements "entitlements.temp" "Payload/MyApp.app"

7. Zip the payload back up

zip -qr SocialApp-resigned.ipa Payload

The ipa can now be submitted or distributed using the your Apple account credentials.

In summary, to resign and package an ipa you will need:-

zip, codesign and plistbuddy command line apps installed
Your App store provisioning profile
The publishable bundle id
The team identifier
Your distribution certificate

Manually re-signing iOS Apps

Using the Payment Request API on Android