Operating systems have slightly different signing procedures, but conceptually they are the same. Apps that are distributed for use by others must be signed. Even though ArcGIS AppStudio will perform the app signing and build process for you, you must still obtain signing files from each operating system vendor to supply as inputs to AppStudio.
Prepare a new app
Before you sign and release your app, it should be given an ArcGIS Client ID, a redirect URI, and a license string. While an app can still be built without a Client ID or redirect URI, both are important in an app using ArcGIS services.
An ArcGIS Client ID—also called the AppID—is needed for named user sign-in for all apps. To obtain a Client ID, go to https://developers.arcgis.com, sign in with your developer credentials, click the drop-down arrow next to Dashboard, and choose New Application. Once registered, you'll receive a Client ID, which you can copy into your AppStudio app. If you're using ArcGIS AppStudio, a Client ID can also be generated in Settings > Licensing by clicking the Register button.
If your app requires named user sign-in, you also need to provide a redirect URI. Redirect URIs represent valid places that a user can be redirected to after completing an OAuth sign-in. To add a new redirect URI for your app, go to the Authentication tab for your application on https://developers.arcgis.com. Here, register your app if you haven't already, and add your own redirect URI, or add urn:ietf:wg:oauth:2.0:oob to use the hosted redirect page back to your app on ArcGIS Online. The urn:ietf:wg:oauth:2.0:oob URI is also automatically set for any apps made and registered in ArcGIS AppStudio.
A license string is required to build apps that use ArcGIS Runtime version 100.x. An app cannot be built without a license string, which also denotes the functions of the ArcGIS platform that the app is authorized to perform. For information on how to obtain a license string, see License your app.
Sign your iOS app
All iOS apps need to be signed. Apps created for testing must be signed by a developer certificate that is tied to your Apple developer account and the device on which you do your testing. A production certificate is tied only to your Apple developer account.
Before running the Make tool found in the AppStudio gallery side panel, either cloud or local, ensure that you have provided the following in the iOS tab of Settings, found under the Platforms heading:
- Bundle ID—Always use a reverse internet domain name, for example, com.companyname.applicationname. The package name is a unique identifier for the app and is the default name for the application process. Once you publish your app, you cannot change the package name. For additional details, see the bundle ID explanation in Prepare for app distribution.
- Provisioning profile—Indicates the devices where you plan to run your app.
- Certificate (.p12 file)—Certificate for either the App Store or in-house distribution. This file is created in Keychain Access. If you do not supply both this information and the bundle ID in AppStudio, installation files will not be generated. For more information, see What is app signing?
At the time of running the Make tool, you will be prompted to supply the certificate password.
To create the certificate file required for signing, the following steps need to be performed once per developer and require a Mac:
- Download your developer certificate (for example, ios_developer.cer) from the iOS Dev Center.
- Download your mobile provisioning profile (for example, ios_developer.mobileprovision) from the iOS Dev Center.
- Use Finder to browse to Applications > Utilities > Keychain Access.
- Import your certificate into Keychain Access.
- In Keychain Access, from the Keychain list, choose login, and from the Category list, choose My
Certificates. Choose the certificate named phone Developer: Your Name and export the certificate with the private key with a password (for example,
john_doe_private_key.p12).
Your certificate file is created.
- In AppStudio, browse to Settings > Platforms > iOS.
- Set the provisioning profile path.
- Set the distribution type for your app. For more information on the options, see the Xcode documentation on distribution methods.
Note:
Double-click the .p12 certificate file and mobile provisioning profile to import the files.
If you're using AppStudio on macOS, two additional properties must be set for building iOS apps with local Make. The contents of these fields can be found in your development or distribution certificate, which can be seen using Finder to browse to Applications > Utilities > Keychain Access.
Provide the certificate's organizational unit in the Team ID field.
Provide the certificate's common name in the Code Signing Identity field.
Sign your Android app
To prepare an Android release build, you must first generate a signing keystore file. For detailed information on how to create this file, see the Android documentation.
Before running the Make tool, either cloud or local, ensure that you have provided the following in the Android tab of Settings, found under the Platforms heading:
- Package name—Always use a reverse internet domain name, for example, com.companyname.applicationname. The package name is a unique identifier for the app and is the default name for the application process. Once you publish your app, you cannot change the package name. For additional details, see the package name explanation in the manifest element of the Android SDK.
- Keystore file path—The location of the keystore file on your desktop machine.
- Key alias—Key name created at the time of keystore creation.
If you do not supply this information, your installation files will still be created, but they will be unsigned. Unsigned files can be installed for testing purposes but cannot be submitted to the Google Play store or Amazon Appstore.
At the time of running the Make tool, you will be prompted to supply the keystore and key passwords.
To create a keystore, the following steps need to be performed once per developer:
- Download and install the Java Development Kit (JDK) from https://www.oracle.com/technetwork/java/javase/downloads/index.html.
- Create an environment variable named JAVA_HOME on your desktop machine: https://docs.oracle.com/cd/E19182-01/820-7851/inst_cli_jdk_javahome_t/index.html.
- Add the JDK bin folder path to your PATH environment variable.
- In a command window, use the following to create the key: keytool -genkey -v -keystore [keystore_name].keystore -alias [alias_name] -keyalg RSA -keysize 2048 -validity 10000, where keystore_name is the name you choose for the resultant keystore file, and alias_name is the name you choose as an alias.
- Enter a keystore password and confirm.
- Enter additional information and confirm.
- Enter a key password. This password can be unique, or press Enter to use the same password as the keystore password.
Your keystore file will be created in the folder where you ran this command.
Sign your macOS app
Similar to Android, if you do not supply a certificate when you request macOS installation files, they will still be created, but they will be unsigned. Unsigned files can be installed for testing purposes but cannot be submitted to the Mac Store. The following steps are similar to iOS; however, a provisioning profile is not required for macOS. For more information, see What is app signing?
Before running the Make tool, either cloud or local, ensure that you have provided the following in the macOS tab of Settings, found under the Platforms heading:
- Bundle ID—Always use a reverse internet domain name, for example, com.companyname.applicationname. The package name is a unique identifier for the app and is the default name for the application process. Once you publish your app, you cannot change the package name. For additional details, see the bundle ID explanation in Prepare for app distribution.
- Certificate (.p12 file)—Certificate for either the App Store or in-house distribution. This file is created in Keychain Access. If you do not supply both this information and the bundle ID in AppStudio, installation files will not be generated. For more information, see What is app signing?
At the time of running the Make tool, you'll be prompted to supply the certificate password.
To create the certificate file required for signing a macOS app, follow the same steps as described above for iOS apps.
Sign your Windows app
Similar to Android, if you do not supply a certificate when you request Windows installation files, they will still be created, but they will be unsigned.
Before running the Make tool, either cloud or local, ensure that you have provided a certificate file in the Windows tab of Settings, found under the Platforms heading. This certificate (.p12 or .pfx file) is for either the Windows Store or in-house distribution. See Create a certificate for package signing in Microsoft's developer documentation for more information.