I have the following situation: we have an enterprise developer account, and for the application we work with an external developer.
At the moment, we do not have access to the source code, so we cannot create assemblies, but we still need to have weekly assemblies that can be installed on devices ... therefore an external developer should be able to build ipa.
The developer is now a member of the developer program and has his own developer certificate. However, there can be only one distribution certificate.
From a security point of view, is it safe / recommended for us to distribute the distribution certificate (and private key) and provisioning profile so that they can create ipa files?
Are there any other (safer) options?
PS: I also thought that we can cancel ipa with our distribution certificate, but it still leaves us in a situation where they should be able to create ipa - and this is possible only if there is a distribution certificate + installation,
source
share