iOS in-house distribution of App developed by external vendor

A 3rd party has developed an App for private use in our enterprise environment. Now its come time to distribute it and they don't want to send us their code. I have a feeling this will cause an issue because the distribution profile and certificate would have to be sent to them compromising our private key which we couldn't allow.

Is this correct or can this be done without compromising our private key.

Edit: as a side note, I'm ok with sending them a private key开发者_如何学编程 if it only is useable per App, ie only with that App bundle ID and we can have different Apps with different private keys under the one enterprise licence.

I'd suggest that you ask them to do 'Archive' under the Product menu in xcode4 and send you the resulting application.

You can then import that into your system, and use xcode organizer's "share" button to resign the app using your enterprise private key and the enterprise provisioning profile.

So the overall result is that they don't have to share their source code with you, and you don't have to share your key with them.

I have seen cases where xcode's resigning doesn't seem to work; in that case you can use https://github.com/maciekish/iReSign to do the resigning part.

You had to share your developer certificate (Distribution with your private key (.p12)) with the third party in order to use your provisioning profile. But as you mentioned you could use complete qualifier like com.yourcompany.appname as a bundle identifier to restrict the provisioning profile. But it does not mean that they can't use the provisioning file, they could update bundle identifier to test their app.

Developer certificate and provisioning profile are comes with the expiry date which could be your final hope.

If I may suggest, I suggest you to trust your developers. I do manage couple of clients with certificate and I don't misuse.

I also suggest you to add a clause in your contract not to misuse your provisioning or distribution certificates. Clever developers don't need certificate as we know how to patch xcode to run on device without code signing.