This might have been asked lots of times, but still I couldn't find info on why are they needed. I use DEVELOPER prov profiles to test apps on my device, that makes sense.
The Provisioning Portal explains prov profiles like this:
A Provisioning Profile is a collection of digital assets that uniquely ties
 developers and devices to an authorized iOS Development Team and enables
 a device to be used for testing. 
By this logic they are only needed for testing, eg not for distribution. Do we need one to deploy the app on the AppStore?
A Distribution Provisioning Profile is a combination of your App ID and Distribution Certificates. It authorizes your app to use particular services (like Push Notifications) and ensures that your app is submitted by you. This is why Distribution Certificates are tied to a specific Mac.
After logging in to the iOS Provisioning Portal, click Provisioning in the sidebar. Click New Profile. Specify the profile name, select the certificates and devices you want to associate with this profile, and choose an app ID. Click Submit to generate your profile.
Ad Hoc Distribution Authorizes a Limited Set of Devices to Run Your App. iOS developers enrolled in the Standard Program can also distribute an app outside of the App Store on up to 100 different devices for testing purposes only.
Absolutely yes. The distribution profile is used for submission to the App Store. It does not have the 100 device limit that the development profiles have.
From the Tools Workflow Guide:
When you’re ready to share your app for user testing or for general distribution through the 
App Store, you need to create an archive of the app using a distribution provisioning 
profile and send it to app testers or submit it to iTunes Connect. This chapter shows 
how to perform these tasks.
The distribution profile prevents the attackers from submitting a modified version of your app to the store - only you, who hold the private key of the distribution certificate, can submit and update your app.
Once your app is submitted, your embedded.mobileprovision and your binary will be checked and compared to make sure that you are the legitimate author. embedded.mobileprovision file is then discard and the app is signed again by Apple using their own certificate (which is by default accepted by all iDevices), so that all iDevices can run it.
When an iDevice downloads the app, the executable binary is then encrypted with an encryption key associated that device. At run time, only that device can decrypt the executable binary and run it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With