Technical Q&A QA1713

When should I use a wildcard App ID?

Q: When should I use a wildcard App ID vs. an explicit App ID?

A: You should use a Wildcard App ID for all apps and app targets that do not enable app-specific capabilities. However, because Xcode 8 offers to manage signing automatically, it prevents the need to create App IDs manually. Therefore, the explanations in this document are only useful to developers who find a need to opt out of Xcode's automatic signing.

**Figure 1** App targets opting into Xcode's automatic signing do not need to create and configure App IDs manually.

If you do find a need to manually create an App ID, read on to learn about the difference between the two types. The first type is called a Wildcard App ID.

**Figure 2** Creating a Wildcard App ID on the Certificates, Identifiers and Profiles website.

The wildcard portion of the string entered for Bundle ID is the asterisk character. All Wildcard App IDs must end with an asterisk, and an associated provisioning profile can be used to code sign any app whose Bundle ID is compatible with the wildcard string, such as:

com.myGreatCompany.app1
com.myGreatCompany.app2
com.myGreatCompany.anything
... and so on.

The second type of App ID is called an Explicit App ID.

**Figure 3** Creating an Explicit App ID on the Certificates, Identifiers and Profiles website.

The Bundle ID specified for an Explicit App ID cannot contain a wildcard asterisk character, and its associated provisioning profile can be used to code sign one app only - the app that declares this bundle Identifier as its own.

How do I choose one or the other?

Because an App ID specifies a unique configuration of entitlements, Wildcard App IDs are for use with code signing all apps that do not enable app-specific capabilities. Those capabilities are pictured as follows:

**Figure 4** Xcode 8's target capabilities pane.

Even when using a Wildcard App ID, remember to remove the asterisk and fully-qualify the string when entering the Bundle Identifier field in your Xcode project:

**Figure 5** Defining the target Bundle ID in Xcode.

Using a Wildcard App ID is convenient for all apps that do not use capabilities, as they can reuse the same provisioning profile for code signing. For example, if App1's targets do not enable capabilities, they may reuse the provisioning profile associated to the Wildcard App ID in Figure 2 to code sign all targets.

In this example, App1 has four targets whose Bundle IDs are:

com.myGreatCompany.app1-watch
com.myGreatCompany.app1-macOS
com.myGreatCompany.app1-tvOS
com.myGreatCompany.app1-iOS

Since Explicit App IDs are for use with a single Bundle ID, it can be used to code sign only one app or app target.

Document Revision History

Date	Notes
2016-08-23	Major rewrite.
2010-08-20	New document that describes the differences between wildcard and explicit App IDs