Are there any risks in giving out distribution certification/private key/provisioning profile to a freelancer?
The freelancer needs to build the binary for me to submit (I am okay with this because I don't own the source code of the app), I just want to know if there is any risk involved in sending the distribution cert/private key/provisioning profile to him?
p.s. They don't have the iTunes connect/portal login.
Updated: The freelancer will build the binary for me, and I will upload for them.
Best Answer
To upload an app from the freelancer's Xcode, you'll need to go into iTunes Connect and create the app/version setup. They'll then need your iTunes Connect login info to log into your account IN Xcode, so that Xcode can match up their binary with your app "slot". They might not log into iTunes Connect itself, but they'll need to give Xcode those same creds.
And yes, to compile and sign the binary, they'll need a developer key and provisioning profile that was created from inside your portal. Just giving him those shouldn't be any real risk, but that's not all they'll need.
The simplest thing, in my experience, is to give your developer your iTunes Connect credentials and turn them loose. I always need to take a couple shots at getting the certificates hooked up right. Much easier for him to do all that on his own.
And then yes, it's risky, because he now has access to all your banking stuff and everything else. If you are concerned about this person's reliability and trustworthiness... Well perhaps you should have hired somebody more like me. ;-)