Unlike web development, you cannot simply compile an iOS app and email it to your friends.
Apple operates a highly secure, closed ecosystem. To run an app on a physical iPhone, the code must be cryptographically signed proving it came from a verified developer.
Understanding Code Signing is arguably the most complex and frustrating rite of passage for every new iOS developer.
To publish apps or use advanced capabilities like Push Notifications or CloudKit, you must enroll in the Apple Developer Program (which costs $99/year).
Once enrolled, you gain access to the Certificates, Identifiers, and Profiles portal on developer.apple.com.
Every app in the world must have a completely unique identifier, known as a Bundle Identifier or App ID.
It is usually formatted in reverse-DNS style, such as com.intricatedevo.myawesomeapp.
Once you register this identifier with Apple, no one else in the world can ever use it.
To sign an app, you need two things:
When you build your app, Xcode uses your Certificate to sign the binary, and embeds the Provisioning Profile directly into the app file (.ipa).
When the app is installed on an iPhone, the iOS operating system analyzes the profile. If the profile is invalid, iOS will refuse to launch the app!
Historically, developers had to manually generate, download, and install these cryptographic keys. It was a nightmare.
Today, Xcode provides Automatically Manage Signing.
If you check this box in your project settings and log into your Apple ID, Xcode will securely contact Apple's servers, generate the certificates, create the App ID, and download the provisioning profiles entirely behind the scenes.
Always leave Automatic Code Signing enabled unless you are working in a highly complex enterprise environment!
There are several ways an app can be signed for distribution:
What is the globally unique string used to identify your application across the entire Apple ecosystem?