Third party development - best practice (iOS)

Discussion in 'iOS Programming' started by rh37hd, Jan 19, 2018.

  1. rh37hd macrumors newbie

    Joined:
    Jan 19, 2018
    #1
    Hello,

    What is the best practice for getting an iOS app signed with the correct certificate before being uploaded to the app store? I am new to this space, and trying to determine a strategy as my organization often outsources the development of apps, but still wants to sign the app with our certificate.

    Currently, I can think of two options:
    1. Get the source code of the app and resign with our certificate in Xcode
    2. Resign the application using an unsupported third party tool

    I know that option 1 is best practice, but sometimes the developers will not give us the source code, and we cannot give them our certificate so using a third party tool seems to be the only option.

    I have recently heard of some type of developer certificate that may be able to be delegated to the developer and would solve this dilemma. I am not familiar how this works, could someone explain this process or provide advice?

    Appreciate the responses!
     
  2. BarracksSi Suspended

    BarracksSi

    Joined:
    Jul 14, 2015
    #2
    You aren't talking about stealing an existing app and rebranding it as your own, are you?
     
  3. rh37hd thread starter macrumors newbie

    Joined:
    Jan 19, 2018
    #3
    Not at all. I'm talking about outsourcing the development of an application to a third party, and then getting it uploaded to the app store under my company's certificate. (My company does not have iOS developers - we pay others to write apps for us, and they have full knowledge and understanding of what we are trying to accomplish).

    For example, the apps may pair with products that my company produces, hence the reason for wanting them to show up under my company's name, and not the company we outsourced the app development to.
     
  4. TheWatchfulOne macrumors 6502

    TheWatchfulOne

    Joined:
    Jun 19, 2009
    #4
    If it's code you paid them to develop, then I believe it's considered work-for-hire and they should be providing you access to it. Better yet, you should be owning/managing that code and providing the developers access to it.

    The developer might have a component they've developed which they use in all their clients projects. The source code for that component might be a different story.
     
  5. PhoneyDeveloper macrumors 68040

    PhoneyDeveloper

    Joined:
    Sep 2, 2008
    #5
    1 is the simplest. Even if you're outsourcing development it's best if you get the source code at the end. However, I do know there are dev shops that have an existing app that they customize for each customer and don't provide the source code.

    2 is easily done. You're not using unsupported third party tools. The code signing is done by Apple's tools using your credentials. In fact this is what Xcode does when you upload to the app store. It resigns the app. When I've done this repeatedly I wrote a shell script that does the various steps. You might ask your developers to provide you with this.
     
  6. firewood macrumors 604

    Joined:
    Jul 29, 2003
    Location:
    Silicon Valley
    #6
    1. Negotiate whether you are getting source code ahead of contracting for an app. If you pay for code, you should get the code.

    2. If getting source code is too expensive (or tied up with patents/trade-secrets/etc.), then put together a signed written contract that the developer can act as your legal agent on ITC for a certain day for limited purposes, give him/her your agent credentials, let them get certificates, sign and submit the app(s). Then you can revoke those certificates and change your agent passwords, right afterwards if needed.

    3. If you don't get the source code, and don't trust giving out your agent password to that developer for one day even with a signed contract, do you trust what the developer put in the code inside your app? Do you really want to be legally liable for that code? (Check your developer agreement.)
     

Share This Page