This might have been asked lots of times, but still I couldn't find info on why are they needed. I use DEVELOPER prov profiles to test apps on my device, that makes sense.
The Provisioning Portal explains prov profiles like this:
A Provisioning Profile is a collection of digital assets that uniquely ties
developers and devices to an authorized iOS Development Team and enables
a device to be used for testing.
By this logic they are only needed for testing, eg not for distribution. Do we need one to deploy the app on the AppStore?
Absolutely yes. The distribution profile is used for submission to the App Store. It does not have the 100 device limit that the development profiles have.
From the Tools Workflow Guide:
When you’re ready to share your app for user testing or for general distribution through the
App Store, you need to create an archive of the app using a distribution provisioning
profile and send it to app testers or submit it to iTunes Connect. This chapter shows
how to perform these tasks.
The distribution profile prevents the attackers from submitting a modified version of your app to the store - only you, who hold the private key of the distribution certificate, can submit and update your app.
Once your app is submitted, your embedded.mobileprovision
and your binary will be checked and compared to make sure that you are the legitimate author. embedded.mobileprovision
file is then discard and the app is signed again by Apple using their own certificate (which is by default accepted by all iDevices), so that all iDevices can run it.
When an iDevice downloads the app, the executable binary is then encrypted with an encryption key associated that device. At run time, only that device can decrypt the executable binary and run it.
There are two types of distibution profiles, the first one is to submit your app to the appstore and the other one (Ad-Hoc) is necessary if you can´t connect a device to your mac(developer profile). Then you can share your app wit the Ad-Hoc profile to someone else e.g. via mail.
Distribution Provisioning Profile
is used by Apple to publish an application to App Store. When Apple approve the application it is signed by Apple and became public.
Distribution Provisioning Profile
contains:
- Application ID - application which are going to run
- Distribution certificate - who can debug the app
Development Provisioning Profile
[About]