You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/tutorials/advanced/MobileDeployment/04_publishing/index.md
+25-1Lines changed: 25 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ There is a fee for both of these stores to allow you to publish your game.
11
11
12
12
As part of the publishing process, a **bundle identifier** is a unique string, that distinctly identifies a mobile game or app across iOS and Android ecosystems for deployment.
13
13
14
-
###Understanding the Bundle Identifier
14
+
## Understanding the Bundle Identifier
15
15
16
16
The **bundle identifier** is a unique string that identifies your app. It follows a reverse domain name notation, such as `com.companyname.gamename`.
17
17
@@ -24,3 +24,27 @@ This identifier is used by Apple and Google to distinguish your app from all oth
24
24
- Changing the bundle identifier after publishing will create a new app entry, not update the existing app, so carefully choose it.
25
25
26
26
**Tip:** Choose a bundle identifier that reflects your organization and app name, and keep it consistent across your project files and provisioning profiles.
27
+
28
+
## Why App Signing is Essential
29
+
30
+
Signing your app is a mandatory security measure for both the iOS App Store and the Google Play Store. It serves three primary purposes: *authenticity*, *integrity*, and *updates*.
31
+
32
+
### Authenticity: Proving It's You
33
+
34
+
Signing your app with your private developer key is how you prove that the app came from you and not an imposter. When a user downloads your game, their device checks this digital signature to verify its origin. This builds trust and protects your users from malicious actors distributing fake or harmful versions of your app.
35
+
36
+
### Integrity: Ensuring the Code is Unchanged
37
+
38
+
The digital signature guarantees that the code has not been altered or corrupted since you signed it. If even a single bit of the application is changed after signing (for example, by a hacker injecting malware), the signature will become invalid. The operating system (iOS or Android) will then refuse to install or run the app, protecting the user's device and data.
39
+
40
+
### Updates: Authorizing Future Versions
41
+
42
+
The app stores use the signature to verify that updates for your game are coming from the original developer. Only an update signed with the same private key as the original app will be accepted by the store and installed on users' devices. This prevents other developers from hijacking your app by releasing an unauthorised update. This is why it is crucial to keep your signing keys safe!
43
+
44
+
## How It Works on Each Platform
45
+
46
+
While the core concept is the same, the implementation differs slightly between Apple and Google.
47
+
48
+
**iOS App Store**: Apple uses a system involving a Certificate, an App ID (which includes your bundle identifier), and a Provisioning Profile. These components work together to sign your app, ensuring it can be installed on specific devices for testing and submitted to the App Store for public release. The certificate is linked to your Apple Developer account.
49
+
50
+
**Google Play Store**: Android uses a keystore, which is a file containing one or more private keys. You use this keystore to sign your app bundle. Google Play also offers a service called "Play App Signing," where Google manages your app signing key for you, adding an extra layer of security.
0 commit comments