To code-sign apps with the policy console, specify the method for code signing and use a signing profile to specify the app-signing parameters. Unlike a policy profile, which is a collection of settings that can be applied with a policy to inject an app with security, a signing profile is a collection of code signing parameters. However, you manage the profiles with the same API methods.
Because code signing is platform-specific, each signing profile is unique to Android or iOS.
You can choose to let your policy console sign your app when securing it, or you can sign on your own. Use POST app-market/policy to specify the signing type for an app and the signing_profile_id (when using signing type SIGN_ON_CONSOLE or SIGN_EXTERNALLY; no signing profile is necessary if the signing type is SKIP_CODESIGN).
Signing method
Additional files
Signing profile
Download/export
SIGN_ON_CONSOLE: Let the policy console sign the app.
Required.
Android: keystore
iOS: provisioning profile.
Required
An apk or ipa file, secured and signed.
SIGN_EXTERNALLY: Export the app (and signing settings) for code signing externally.
Required.
Android: keystore
iOS: provisioning profile.
Required
A zip file containing the secured apk or ipa file, validated signing information, and a signing script.
SKIP_CODESIGN:
Sign the app yourself (instead of having the policy console sign the app).
When securing an app with policy options that require specific entitlements, such as grouped apps in the Data Sharing policy, consider using Sign Externally instead. Such policy options cannot be validated with Skip Code Signing.
To set the default signing type for apps on the specified platform (iOS or Android), use settings/signing-type/{platform}. Otherwise, apply the signing method and signing profile (if required) and secure the app with POST app-market/policy at the same time. See Securing an app (API) for examples.
