While most of our customers prefer to have their branded app submission managed by Guidebook, clients sometimes ask if they can manage their own submissions. While we do allow a self-service option, it’s generally easier to add Guidebook to your developer account team—that way, we are able to manage all of the necessary app updates and certificate renewals when they expire. Regardless of whether you choose to proceed with a self-service or full-service app submission, you must have a current, active Apple Developer membership.
Full-Service App Submission
If you would like to add Guidebook to your developer account so that we can manage the app submission process for you, please reach out to our support team. We will require either Admin or App Manager (with developer resources) access to process a submission on your behalf.
Allowing us the ability to submit the application under your account allows us to update your application and create the necessary credentials to build and submit the app, in addition, to push notifications. You can add this user to your account as an Admin or by following the Setting Up an App Store Connect User section.
Please read through our article on Developer Accounts before getting started: Creating an Apple Developer Account.
Apple Wallet functionality for Guidebook ID will only be supported automatically on your app if Guidebook is granted Admin access to your organization's account. If you wish to enable this functionality while providing App Manager access, please reach out to support@guidebook.com.
Self-Service Considerations
Should your organization wish to submit your app to stores directly, please ensure that your IT department is familiar and comfortable with this process. We provide directions they will need to follow to re-sign your app before submitting to stores but we are unable to provide support.
If someone else in your organization is submitting your app, make sure they have all of the app metadata they’ll need.
If you own your app submission, the following Guidebook features may be limited or unavailable:
- Apple Wallet (Guidebook ID): Not supported by default for client-managed submissions. If this functionality is essential, clients will need to provide a Pass Type ID certificate (.p12) and password to Guidebook, by reaching out to support@guidebook.com to discuss.
- Google Wallet (Guidebook ID): Not supported for client-managed submissions.
- Google Maps: Will only function if the SHA-1 signature is provided to Guidebook before the application file is generated.
You will be asked to enter the following information via your Developer Account when you submit your app for the first time if Guidebook is not managing this process on your behalf.
If your app is being re-submitted to implement changes to any of these aspects, you will need to make your colleagues aware as any alterations made to these in your App Dashboard in Builder will not reflect in your app automatically.
- App Name - This information will have been entered in Builder under App Management > App full name.
- Privacy Policy URL - https://www.guidebook.com/privacy
- Primary Language - If localized app information isn’t available in an App Store territory, the information from your primary language will be used instead.
- Category - The category that best describes this app.
- App Previews and Screenshots - Screenshots must be in the JPG or PNG format, and in the RGB color space. You can create screenshots using the dimensions below following the Apple specifications found on this page or let a Guidebook team member know if you would like new screenshots shared with you and of which guide.
- Promotional Text - Promotional text lets you inform your App Store visitors of any current app features without requiring an updated submission. This text appears above your description on the App Store. This field is optional.
- Keywords - One or more keywords that describe your app. Keywords make App Store search results more accurate. This information will have been entered in Builder under App Management > Keywords.
-
Description - A description of your app, detailing features and functionality. It will also be used for your Apple Watch app.
This information will have been entered in Builder under App Management > Description - Version info - What's New in this version? Let the Guidebook team member know if you would like further details to provide here if the difference is not content-related.
- Support URL - https://www.support.guidebook.com/
- Marketing URL - https://www.guidebook.com/
-
App Store Icon - A single 1024 x 1024 px PNG master icon, submitted with no transparency and no rounded corners (Apple applies the rounded "squircle" mask automatically). Modern versions of Xcode generate all smaller required sizes automatically from this master icon via the asset catalog.
This information will have been entered in Builder under App Management > App Images > App Icon. - Rating - Age 4+, Age 18+ , etc
-
App Review Information - If your guide is public, this field is not required. If your guide is passphrase protected, provide this information. If your guide is invite-only, the Guidebook team will provide you with this information.
We would also recommend including the following: Please be sure to check out from the guide and delete any testing notes/comments in the guide. - Notes - Additional information about your app that can help during the review process. Include information that may be needed to test your app, such as app-specific settings and log-ins. Please note test credentials are required if your app contains no public guides.
Please note, it can take up to two weeks for an app (or app update) to appear in stores after you submit your app, however, they will often go live within 3/4 business days.
Self Service App Submission
If you are submitting your branded application under your own developer account or through your own distribution system, you will need to sign the application files with your distribution certificates and create the certificates needed to allow us to send push notifications to your application. The iOS and Android applications have separate re-signing processes which are outlined below.
While there are typically developer resources available to handle the process of re-signing an application, this is not something that a mobile app developer will frequently run into and the information needed to accomplish this task is sparse throughout the web. The purpose of this document is to condense this information and walk a developer through the process of re-signing their Guidebook-built application file. It will walk you through how to re-sign the application for both Android and iOS including both the resources needed and steps you need to take from when you receive your branded application built by Guidebook to end up with the re-signed application file.
This document assumes that you are familiar with the Apple Developer portal and App Store Connect, and that you’re comfortable using command line tools.
Re-signing an iOS App
Requirements
- A Mac running a current, supported version of macOS with the latest stable version of Xcode installed. Apple's submission tooling generally requires the most recent Xcode release; check Apple's Minimum Requirements page before starting.
- An active Apple Developer membership, and access to your team’s App Store Connect portal.
- Your team’s Application Signing Certificate installed in your keychain. See Apple's Certificates overview for guidance.
- An Apple Certificate Signing Request (CSR) file, used to create your app’s push certificate. See Apple's Create a Certificate Signing Request documentation.
- A custom
Entitlements.plistfile (instructions provided below). This is required for login links (universal links) to work after re-signing.
Instructions
Create Your App ID
Each app that you submit has to be signed with a provisioning profile that originates from your account to verify the authenticity of the application being submitted. Because our apps utilize push notifications, you will need to create an explicit app ID. Instructions on how to do this can be found on this page. Note that this requires your apps bundle Id which can be shared with you by contacting a Guidebook team member. This application identifier also needs to be configured with the following capabilities enabled for the production environment:
- Associated Domains
- Push Notifications
- Background Audio - only required if your app includes a Tours guide (audio tour functionality). If you are unsure whether this applies to your app, please confirm with your Guidebook support before creating the App ID.
You can input whatever name you would like for the application ID. However, please be sure to share your application ID with Guidebook so we can ensure all features function properly (i.e. push notifications).
When creating your app listing in App Store Connect for the first time, you will also need to complete the App Privacy information required by Apple. Please reach out to a Guidebook support who can share guidance on the data types Guidebook collects so this can be completed accurately.
Create Your Provisioning Profile
Once your app ID has been created, you’ll need to create a provisioning profile for that app ID (which is used to verify that you are uploading the application file to App Store Connect).
Distributing on App Store Connect:
If you’re going to distribute the app on App Store Connect, refer to the documentation for how to Create an App Store provisioning profile.
Distributing on your private app store / MDM system:
If you will be uploading your app to your own private app store or Mobile Device Management solution, please check the requirements for your system to create the provisioning profile needed for that solution.
Create Push Certificate
Our applications utilize push messaging. In order for our system to send push messages through the app, you will need to create a push certificate for the app and send it to the Guidebook team.
When an APNS Certificate expires, you must share a new certificate with us so we can deliver push notifications to your app.
Navigate to the app ID that you created in the Apple Developer Portal. Click edit, and under Push Notifications select Create Certificate under Production SSL Certificate. Upload your Apple Certificate Signing Request (CSR) file and download your certificate once it’s been created. Once you have this certificate, install it into Keychain Access by double-clicking the .cer file that you just downloaded from the Apple Developer Portal. Then, locate the certificate file in Keychain Access, right-click the file, select Export, enter in a password to use, select the .p12 file format, and click Save. Please send this .p12 file (and the password that you saved it with) to your point of contact at Guidebook so that we can register it in our system and enable push notifications for your app.
Re-Sign Your App
Why a custom entitlements file is required
When Guidebook builds your app, the IPA is re-signed with our wildcard provisioning profile, which strips all entitlements from the binary. You receive a clean IPA with no Guidebook-specific data — but also no entitlements. When you re-sign with your own distribution certificate and provisioning profile, two key capabilities behave differently:
-
Push notifications work automatically. The
aps-environmentvalue is derived from your provisioning profile during code signing, so push works as long as Push Notifications is enabled on your App ID. - Login links (universal links) will not work without a custom entitlements file. Your provisioning profile only enables the Associated Domains capability — the actual domain URLs must be explicitly listed in an entitlements plist that you pass to the resign tool.
Creating your Entitlements.plist
You have two options:
-
Option A — Create manually: copy the XML template below into a file named
Entitlements.plistand replace the placeholders. -
Option B — Use Xcode: create a throwaway project, enable the Associated Domains and Push Notifications capabilities, copy the generated
.entitlementsfile, then add the Guidebook-specificapplinks:URLs manually.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>get-task-allow</key>
<false/>
<key>application-identifier</key>
<string>YOUR_TEAM_ID.YOUR_BUNDLE_ID</string>
<key>com.apple.developer.team-identifier</key>
<string>YOUR_TEAM_ID</string>
<key>aps-environment</key>
<string>production</string>
<key>com.apple.developer.associated-domains</key>
<array>
<string>applinks:YOUR_APP_ID.applinks.guidebook.com</string>
<string>webcredentials:guidebook.com</string>
<string>webcredentials:builder.guidebook.com</string>
</array>
</dict>
</plist>Placeholders:
-
YOUR_TEAM_ID— your 10-character Apple Team ID.
Note for older Apple Developer accounts (pre-2011): the App ID Prefix may differ from the Team ID. If so, use the App ID Prefix forapplication-identifierand the actual Team ID forcom.apple.developer.team-identifier. The App ID Prefix can be found in the Apple Developer Portal under Certificates, Identifiers & Profiles. -
YOUR_BUNDLE_ID— your app's bundle identifier (e.g.com.example.myapp). -
YOUR_APP_ID— your Guidebook app object ID. Please contact Guidebook support if you don't have this.
Running the resign
If you have a resigning tool that you are comfortable with, please feel free to use that to resign your app — just make sure you pass your Entitlements.plist file to it. If you do not, we recommend using the re-signing command available through Fastlane, with the -e flag to apply your entitlements:
fastlane sigh resign app.ipa \
-i "your distribution certificate" \
-p path/to/profile.mobileprovision \
-e path/to/Entitlements.plistIf you are prompted to disable associated domains, do not accept. This will cause push notifications and login links to fail — Associated Domains is required for both. Due to caching, it can take up to 24 hours for any push notification issues to resolve after a corrected re-sign.
Verify Your Re-Signed IPA
We strongly recommend verifying your re-signed IPA before uploading to App Store Connect. This catches the most common failure modes (missing entitlements, wrong profile type) before you waste an upload cycle.
Advanced: verification commands
Run these two checks on the IPA you just re-signed. Both should pass before you upload anything to App Store Connect.
Check 1 — Entitlements in the binary
unzip -o app.ipa -d /tmp/resigned
codesign -d --entitlements :- /tmp/resigned/Payload/*.appExpected output should include:
-
application-identifier=<YOUR_TEAM_ID>.<YOUR_BUNDLE_ID>— exact match, case-sensitive -
com.apple.developer.team-identifier=<YOUR_TEAM_ID>— matches the prefix above -
aps-environment=production -
get-task-allow=false(must befalsefor App Store / TestFlight; if it'strue, you've re-signed with a development cert/profile) -
com.apple.developer.associated-domainscontainingapplinks:<YOUR_APP_ID>.applinks.guidebook.com
If any of these are wrong or missing, fix your Entitlements.plist and re-sign.
Check 2 — Embedded provisioning profile authorizes the entitlements
This is a different file and a different check from Check 1. Check 1 inspects what the binary claims it wants. Check 2 inspects what your provisioning profile is allowed to grant. Both must agree for an entitlement to actually work on device.
security cms -D -i /tmp/resigned/Payload/*.app/embedded.mobileprovision | plutil -p -You'll get a long plist dump. What you're looking for at the top level:
-
NameorAppIDName— should clearly identify your app, not something like "Wildcard" or a stale unrelated profile. -
TeamIdentifier— an array; its first entry should equal your 10-character Apple Team ID (same asapplication-identifier's prefix in Check 1). -
ExpirationDate— must be in the future. -
ProvisionedDevices— this key should be absent. If it's present and lists UDIDs, you've re-signed with a development or ad-hoc profile, not an App Store distribution profile. Apple won't accept that on TestFlight or App Store.
Inside the nested Entitlements dict:
-
application-identifier— must exactly match the same key from Check 1. -
com.apple.developer.team-identifier— must match. -
aps-environment=production. -
get-task-allow=false. -
com.apple.developer.associated-domainsmust be present. It will be either:-
"*"— wildcard, authorizing anyapplinks:orwebcredentials:entry the binary claims. Valid and common for App Store distribution profiles. - An array of specific strings — valid as long as every entry your binary claims in Check 1 also appears here.
- Missing entirely — this is the failure mode. Your profile was generated before Associated Domains was enabled on your App ID. Fix by opening the profile in developer.apple.com → Profiles → Edit → Save → re-download, and re-sign with the new profile.
-
Upload Your App
If you’re going to submit the application to App Store Connect, do the following:
- Follow the steps in this article to create your app listing in App Store Connect (if you have not already).
- Once your listing is created, upload your signed IPA using one of Apple's supported methods:
- Xcode Organizer (Window > Organizer in Xcode) — the most common option for developers already working in Xcode.
- Transporter — a free Mac App Store app dedicated to uploading binaries.
-
Command line via
xcrun altool --upload-app— useful in CI/CD pipelines.
If you’re using a private store or MDM solution, follow the steps to distribute your app as recommended by your solution provider.
Once the app has been signed, you’ll find many helpful resources provided by Apple on their Developer site. If you would like to complete the app submission process on your end, the following articles are a good starting point:
Apple Wallet (Guidebook ID) is not enabled by default for client-managed submissions. If your organization requires Apple Wallet functionality, you will need to generate a Pass Type ID certificate (.p12 format) and provide it along with the password to Guidebook support. Our engineering team will then need to upload this on the back end before Apple Wallet will function in your branded app.
Re-signing an Android App
These instructions are specific to re-signing an APK file. Google Play requires that all new apps and all updates to pre-existing apps be uploaded as an Android App Bundle (AAB); AAB files do not need to be re-signed. APK re-signing is generally only needed for distribution outside of Google Play (e.g. private stores or MDM solutions).
The SHA-1 and SHA-256 fingerprints associated with your keystore must be provided to Guidebook support before we generate your application file. These signatures are required for Google Maps, App Links, and login links to function correctly in your live app. If they are not provided in advance, these features will need to be reconfigured after submission, which may require a re-build and re-submission.
You can find your SHA-1 and SHA-256 fingerprints in the Google Play Console under Test and Release > Setup > App Signing.
When creating your app listing in Google Console for the first time, you will also need to complete the Data Safety Form declaring how user data is collected, used, and shared. Please reach out to a Guidebook support who can share the standard responses for the form so this can be completed accurately.
Requirements
- A keystore to sign your app with. If you do not already have a keystore file for signing your Android applications, see the section “Build and sign your app from command line” in the Android Developers documentation.
- Android SDK Build Tools revision 33.0.1 or higher (which includes the
apksignertool used below).
Instructions
Re-Sign Your App
Run the following command to re-sign your application file:
apksigner sign --ks release.jks com.myguidebookapp.android.apkwhere “release.jks” is your keystore file and “com.myguidebookapp.android.apk” is your Guidebook application file. This will re-sign your application that you can then upload to the Google Play store or the distribution source of your choice.