Mobile — Fastlane & Code Signing
The Apple/Google signing gauntlet — Fastlane match, App Store Connect API, Play App Signing.
Code signing is the most failure-prone part of mobile CI. Apple's certificates and provisioning profiles are stateful, opaque, and time-bound. Android's keystore is simpler but losing it is catastrophic. For full CI orchestration see Mobile — CI/CD & Build Tools.
Fastlane (the Swiss army knife)
- ★ Fastlane — Ruby; the long-standing default for both iOS and Android automation. Free, MIT.
- ★ fastlane match — stores certificates and profiles in a private Git repo (or S3 / GCS / GitLab) encrypted; teams share signing state without manually exchanging .p12 files.
- fastlane gym — wraps
xcodebuildfor iOS builds. - fastlane scan — runs iOS tests.
- fastlane pilot — TestFlight uploads.
- fastlane deliver — App Store metadata and screenshots upload.
- fastlane supply — Play Store metadata, AABs, listings.
- fastlane gradle — Android builds.
- fastlane screengrab — Android screenshots.
- fastlane snapshot — iOS UI test screenshots across simulators/locales.
- fastlane frameit — wrap screenshots in device frames.
- fastlane spaceship — Apple Developer Portal / App Store Connect API client (used internally).
iOS signing without Fastlane
- ★ App Store Connect API keys — issued from App Store Connect; replace many Fastlane lanes with direct REST calls.
- Xcode automatic signing — fine for a single dev; doesn't scale.
xcodebuildwith manual signing — possible; tedious.- Tuist signing helpers — Swift-driven; pairs cleanly.
Android signing
- ★ Play App Signing — Google holds the upload key; the signing key never leaves Google. The default since 2021. Free.
keytool+apksigner— manual JKS-based signing for non-Play distribution.bundletool— generate APKs from AABs locally.- F-Droid reproducible builds — F-Droid signs releases server-side from a reproducible build.
Cert / profile management at scale
- fastlane match — encrypted Git as source of truth.
- MDM-managed certificates — Jamf / Kandji push enterprise certs to dev devices.
- Keychain in CI —
security create-keychain; common in raw CI scripts. - Apple Business / Enterprise account — for in-house apps.
What goes wrong (and how to mitigate)
- Profiles expire (1 year) — match handles renewal; otherwise schedule a calendar reminder.
- Distribution cert expires (1 year for individuals, 1-3 for orgs) — same.
- Push notification certs vs APNs auth keys — prefer APNs auth keys (don't expire) over per-app push certs.
- Lost upload keystore (Android) — disastrous if you don't use Play App Signing; with Play App Signing you can request a key reset.
- App Store Connect API keys leaked — rotate and revoke immediately; scope keys narrowly.
matchshared repo — encrypt with a long passphrase stored in your CI secret store.
Apple-specific 2026 details
- Apple Developer Program $99/yr — required to sign for distribution.
- Apple Enterprise $299/yr — in-house only; no public store; abuse-monitored.
- Privacy Manifests (
PrivacyInfo.xcprivacy) — required since 2024 for SDKs and apps that touch "required reason APIs." - TestFlight uploads require valid distribution provisioning + bumped build number.
Pick this if…
- Default for any team: Fastlane +
match+ Play App Signing for Android. - Solo dev wanting minimal Ruby: App Store Connect API keys + plain
xcodebuild+bundletool. - Big team scale: Fastlane lanes versioned per release-train; secrets in 1Password CI / Doppler / Vault.
- MDM-managed dev fleet: sync certs via Jamf / Kandji +
matchfor CI.