When faced with distributing Mac OS X apps, you would deal with the following possible use cases:
Distributing a development app to beta users for testing
For this you have two choices:
- Don’t code sign the app and ask your beta users to allow Gatekeeper(available 10.7.5 onwards) to install apps from anywhere. Gatekeeper setting is available in Apple Menu > System Preferences > Security & Privacy > General. You won’t need any certificates or provisioning profiles if you take this path.
- Codesign the app with a developer certificate and a development provisioning profile that contains the mac device identifier(hardware uuid) of the beta users’ macs(like in the iOS world). This uuid can be obtained from Apple Menu > About This Mac > More Info > System Report > Hardware Overview > Hardware UUID. Relevant Gatekeeper setting needs to be applied to run apps signed this way.
Distributing a production app outside of Mac App Store (say via a website)
For this no provisioning profile is required. Only these two certificates are needed – Developer Id Application Certificate, Developer Id Installer Certificate. Gatekeeper setting should be “Allows apps from: Mac App Store and identified developers”. This is the default Gatekeeper setting. However if you have changed this setting to “Allow apps from: Mac App Store”, apps signed this way won’t run on your Mac.
Distributing a production app via the Mac App Store
For this you need a distribution provisioning profile and these two certificates – 3rd Party Mac Developer Application Certificate, 3rd Party Mac Developer Installer Certificate. Mac App Store apps are not blocked by Gatekeeper.
Note: Distribution provisioning profiles don’t let you add devices as one would expect. They are only used for pushing apps to Mac App Store.