iosxcodeipaios-app-group

Do I need to change AppGroup Identifier when exporting my app to IPA or xarchive to be used by third party?

I am creating an ipa or xarchive file for a third party that will internally distribute my app for their company.

So far they are having the following error message:

error:container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled

They are creating their own bundle id for the app group using their own reverse domain. Do I need to change the entitlements file or group id in my app to match theirs in my build? Or should they be matching my app group id? Or is this problem not related to that? Not really sure how to resolve this.

Solution

  • You can't set your ipa's group to their's precisely because it is their's and tied to their Apple account. Conversely, they can't set the group of the final app to yours because it's yours and tied to your Apple account.

    You can't use a group id and bundle ids registered with one Apple account and build and distribute using development and distribution profiles from another account.

    There's a few options:

    1. They give you their developer provisioning profiles and developer certificate so that you can build it as it it was theirs. They don't need to give your their distribution certificate for this, and that way they can feel safe that you can't maliciously distribute apps with their Apple account. You would build it as their app, but you can't distribute it /upload it to Testflight as you don't have their distribution certificate.

    2. A step further than 1). They add you as a member of their Apple account, assuming they they trust you not to abuse that power. Then you can build it directly as their app and upload it to Testflight etc.

    3. They strip out your signing signatures and group and resign it with their developer profile etc. after having changing all the bundle and group ids that are in your ipa. If they don't know what they are doing you would have to research and experiment and document this

    I work for a company that makes a couple of apps for other companies and we've used all three of these approaches and they all work. Option 3 is the most complex and if they have no experience in resigning they'd need handholding and clear instructions on how to replace the bundle and group ids and resign things.