Deployment of Xamarin apps onto Apple devices is complicated. Not only is the Apple developer system quite complex and unforgiving, but because build requires an Apple computer somewhere in the chain, and Visual Studio essentially remote controls Xcode running on the Apple machine to function as a build server, it is not always clear where settings should be made, especially to fix any errors should they occur.
Firstly, let’s give an overview of the Apple developer account.
To distribute apps, even using ad-hoc methods to sideload, you need to enrol in the Apple Developer Program for $US99/year. Once you have signed up, you’ll have an account at deveoper.apple.com, which will look something like this:
The key page here is ‘Certificates, IDs & Profiles’. The other pages are less used, with App Store Connect being the page where you register a profile for App Store evaluation on the other pages essentially Bing support and resource pages.
Certs/IDs/Profiles
Let's look at the profiles section first. A profile is a way of gathering together all of the information needed to debug or distribute an app. We have a distribution type, we can list capabilities, we define an app ID and certificates and devices can be associated with the profile. Generally we would want one profile per app that we are going to develop.
Note that we can download a profile and on OS X, if we double click the profile, the certificates will be installed and the devices linked against the profile will be approved for installation in ad hoc mode. If devices are added to a profile, then the profile should be re-downloaded and double clicked again.
The devices section lists the UUIDs (universal unique identifiers) of all of the devices approved for use. It's a little bit tricky to get the UUID for an iPad or iPhone (see whatsmyudid.com), and I recommend using a cable to do so rather than installing one of the various pieces of software available. It's not a good idea in principle to give an app the level of permission that's required to find the UIID, no matter how useful those apps might be.
You can list up to 100 of each type of device, and these can be used for testing or add hoc distribution. Note that you can only remove a device once every year when your account is renewed, so it's important to remove all unused devices at this time.
Editing the profile (click the profile in the ‘Profiles’ page, then click ‘Edit’ in the summary screen that appears) allows you to associate particular certificates and devices with particular profiles.
Identifiers are a handle used to identify and control access to a particular app or a range of services, including music notifications gift cards etc. The app identifier is fairly straightforward, just containing a description, a bundle ID which looks a lot like a domain descriptor (eg. com.mybusiness.-), and a list of capabilities.
Once an app marked with an identifier has been submitted for App Store evaluation, through App Store Connect, then the identifier cannot be deleted after that point, even if the submission was not approved.
The Certificate section contains a list of certificates used to sign app bundles or activate developer functions. Xcode help (help.apple.com/xcode/mac/current/) is a valuable resource in relation to how the screen works. There is a lot of automated functionality in Xcode associated with this page which can be quite confusing.
The first thing to note is that a range of certificate types are obsolete now such as the iOS development and iOS distribution certificates, Mac development and Mac distribution certificates. These have been replaced by Apple distribution and Apple development. Have a look at the range of certificate types here (https://help.apple.com/xcode/mac/current/#/dev80c6204ec). For ad hoc app development only the Apple development and distribution certificates are used.
Certificate Management in XCode
Certificates must be managed and generated in XCode as well, and will automatically load back up to the developer site, so let's have a quick look at the XCode screen under preferences > accounts > manage certificates.
Note that the certificates are not actually stored in Xcode but are stored in the OS X keychain which is available under utilities > keychain in applications. Type ‘Apple D’ into the search bar to list just the relevant certificates. They can be deleted there if necessary. However it appears that creating certificates in the KeyChain using a Certificate Request is not to be recommended, as the private key is not saved. XCode will generate and configure the certificates automatically.
You'll notice there are some obsolete certificates plus some marked ‘not in keychain’ or ‘missing private key’. These certificates have probably been generated on a different Mac machine which has then automatically uploaded them to the central site. However the private key file is present only on the computer which generated them: it is necessary for the certificate to be exported from that computer, and then installed on the local computer, in order for the private key file to be present.
The best way to synchronise certificates, profiles, etc, between development machines is to select the AppleID in the Xcode preferences ‘accounts’ screen, and ‘Export Apple ID and Code signing Assets’ using the gear icon menu.
So just to reiterate: if a new certificate is created using XCode, that certificate is automatically stored locally in the Keychain, and is automatically uploaded to the Apple Developer website. Note that the Apple Developer Profile must now be updated locally by downloading and double clicking to ensure that the certificate is included in the build profile (the build will not succeed until this is done). But the private key used to unlock the certificate remains only on the local computer. It must be exported manually, or can be exported as one of all local certificates for the Apple ID, using the ‘Export code signing assets’ method described above.
Checklist: Adding a new Ad-Hoc device
1) add UDID to Device page
2) Go Profiles, click the profile, then click ‘Edit’ on the page that comes up. Add the device.
3) Download the new profile in Visual Studio on Windows (Tools > Options > Xamarin > Apple Accounts > View Details > Download All Profiles), or in XCode on the Mac (Preferences > Accounts > Download Manual Profiles)
