Tooling

Mobile — Fastlane & Code Signing

The Apple/Google signing gauntlet — Fastlane match, App Store Connect API, Play App Signing.

Code signing is the most failure-prone part of mobile CI. Apple's certificates and provisioning profiles are stateful, opaque, and time-bound. Android's keystore is simpler but losing it is catastrophic. For full CI orchestration see Mobile — CI/CD & Build Tools.

Fastlane (the Swiss army knife)

  • Fastlane — Ruby; the long-standing default for both iOS and Android automation. Free, MIT.
  • fastlane match — stores certificates and profiles in a private Git repo (or S3 / GCS / GitLab) encrypted; teams share signing state without manually exchanging .p12 files.
  • fastlane gym — wraps xcodebuild for iOS builds.
  • fastlane scan — runs iOS tests.
  • fastlane pilot — TestFlight uploads.
  • fastlane deliver — App Store metadata and screenshots upload.
  • fastlane supply — Play Store metadata, AABs, listings.
  • fastlane gradle — Android builds.
  • fastlane screengrab — Android screenshots.
  • fastlane snapshot — iOS UI test screenshots across simulators/locales.
  • fastlane frameit — wrap screenshots in device frames.
  • fastlane spaceship — Apple Developer Portal / App Store Connect API client (used internally).

iOS signing without Fastlane

  • App Store Connect API keys — issued from App Store Connect; replace many Fastlane lanes with direct REST calls.
  • Xcode automatic signing — fine for a single dev; doesn't scale.
  • xcodebuild with manual signing — possible; tedious.
  • Tuist signing helpers — Swift-driven; pairs cleanly.

Android signing

  • Play App Signing — Google holds the upload key; the signing key never leaves Google. The default since 2021. Free.
  • keytool + apksigner — manual JKS-based signing for non-Play distribution.
  • bundletool — generate APKs from AABs locally.
  • F-Droid reproducible builds — F-Droid signs releases server-side from a reproducible build.

Cert / profile management at scale

  • fastlane match — encrypted Git as source of truth.
  • MDM-managed certificates — Jamf / Kandji push enterprise certs to dev devices.
  • Keychain in CIsecurity create-keychain; common in raw CI scripts.
  • Apple Business / Enterprise account — for in-house apps.

What goes wrong (and how to mitigate)

  • Profiles expire (1 year) — match handles renewal; otherwise schedule a calendar reminder.
  • Distribution cert expires (1 year for individuals, 1-3 for orgs) — same.
  • Push notification certs vs APNs auth keys — prefer APNs auth keys (don't expire) over per-app push certs.
  • Lost upload keystore (Android) — disastrous if you don't use Play App Signing; with Play App Signing you can request a key reset.
  • App Store Connect API keys leaked — rotate and revoke immediately; scope keys narrowly.
  • match shared repo — encrypt with a long passphrase stored in your CI secret store.

Apple-specific 2026 details

  • Apple Developer Program $99/yr — required to sign for distribution.
  • Apple Enterprise $299/yr — in-house only; no public store; abuse-monitored.
  • Privacy Manifests (PrivacyInfo.xcprivacy) — required since 2024 for SDKs and apps that touch "required reason APIs."
  • TestFlight uploads require valid distribution provisioning + bumped build number.

Pick this if…

  • Default for any team: Fastlane + match + Play App Signing for Android.
  • Solo dev wanting minimal Ruby: App Store Connect API keys + plain xcodebuild + bundletool.
  • Big team scale: Fastlane lanes versioned per release-train; secrets in 1Password CI / Doppler / Vault.
  • MDM-managed dev fleet: sync certs via Jamf / Kandji + match for CI.

On this page