Skip to main content

iOS App Distribution (Overview)

This documentation explains how AppInChina manages iOS app distribution through our Apple Developer China accounts and what we need from you to onboard your app smoothly.

Shared App Store Connect model: cross-client visibility is possible

Our iOS distribution model uses a shared App Store Connect organization (multiple clients access the same organization, with role-based permissions).

Because App Store Connect was not designed for multi-tenant sharing, there are workflows where Client A may be able to see limited information related to Client B’s apps. This can happen due to how Apple surfaces data across certain screens and request flows.

Examples include:

  • App creation flows where app identifiers or related targets appear in selection lists
  • Certain App Store Connect request flows (for example, expedited review requests) where app lists or identifiers may be visible

We take practical measures to reduce this (least-privilege roles, internal process controls, and placeholder records where applicable), but we cannot guarantee zero cross-client visibility in all App Store Connect workflows.

By proceeding, you confirm you understand and accept that some cross-client visibility is possible under this shared-account model.

No direct Apple Developer account access

Your team will not have direct access to the Apple Developer account.

This means:

  • All certificates, provisioning profiles, App IDs, and related resources are created and managed by AppInChina
  • You receive signing assets securely via 1Password
  • Your build tools, CI/CD pipelines, and signing scripts must NOT depend on direct access to the Apple Developer Portal or App Store Connect APIs
  • Tools like fastlane match, fastlane sigh, or scripts that auto-generate/fetch provisioning profiles from Apple will not work
  • You must use the certificates and provisioning profiles we provide

If your current build process requires Apple Developer account access, you'll need to adapt it to work with manually provided signing assets. See CI/CD Pipelines and Signing Tools for details.

Responsibility split (who does what)

To avoid delays and confusion, here’s the typical responsibility split:

  • AppInChina manages (inside Apple Developer / App Store Connect):
    • Certificates, provisioning profiles, App IDs, capabilities, APNs certificates
    • App Store Connect role assignment (up to App Manager)
    • Renewals and re-issuing updated signing assets when needed
  • Your team manages (outside of Apple Developer access):
    • App code, builds, and CI/CD configuration
    • App metadata/content in App Store Connect (screenshots, descriptions, privacy, compliance responses)
    • Exporting the IPA and uploading builds using Apple Transporter

Our management system (high level)

We use a Shared Distribution Certificate system to efficiently manage multiple client apps within our Apple Developer China account. AppInChina takes care of:

  • Distribution certificates: issue and renew shared certificates for app signing
  • App identifiers (Bundle IDs): create and manage your unique App ID
  • Additional identifiers: App Groups, Merchant IDs, and other related services (when needed)
  • Provisioning profiles: generate development and distribution profiles
  • Test devices: register testing devices when required (development profiles only)
  • App Store Connect access: manage roles and permissions for your team members
  • Push notifications (APNs): configure APNs and provide the required credentials

Our team keeps these components up to date and securely managed.

Onboarding & maintenance process

When onboarding a new app:

  1. Information collection: we gather your Bundle ID, required capabilities, and any additional identifiers.
  2. Resource setup: we create your App Identifier, assign a shared certificate, configure APNs (if needed), and generate provisioning profiles.
  3. Secure delivery: we share the required signing and APNs files (e.g., .p12, .cer, .mobileprovision) via 1Password.
  4. Ongoing maintenance: as certificates near expiration, we renew and re-issue updated profiles/certificates and send you the updated files.
1Password access

We deliver signing assets via 1Password. To avoid delays, ensure at least one person on your team can access the 1Password shared vault we provide.

You integrate these files into your CI/CD pipeline or local environment to build, sign, and distribute your app as usual—without requiring direct Apple Developer account access.

Next steps

  1. Review the checklist: Start with Preparation Checklist to see what information you need to gather
  2. Submit your information: See Information We Need From You for detailed requirements
  3. When ready to submit builds: See Uploading Your Distribution Build Using Apple Transporter