The company I work with provided a third-party iPhone application development program to another company. They want the binaries to be signed with our certificate for distribution, but they asked for the private key (certificate.p12) used to create our certificate to another company. I am very worried about providing the opportunity to sign applications for us with another company.
How can I convince my boss this is a really bad idea? What alternative solutions can I offer him? I already asked him to get a source from them so that we could sign and send it ourselves, but without the possibility to finally state that giving them a certificate is a bad idea, I’m kind of stuck in “just look at it” me “limbo.
source
share