Request: App Store Publishing
Use this request when you want to publish an app on the public Apple App Store under the Northwestern University developer account. This applies to apps for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS.
Not what you need? See the Program Overview to choose the right service request.
Prerequisites
Before submitting this request, please ensure you have obtained or are prepared to obtain the following:
✅ Approval from Northwestern Global Marketing and Communications
All apps published on the App Store under Northwestern’s developer account must be approved by Northwestern Global Marketing and Communications. This ensures that:
- The app is branded as Northwestern University and complies with NU identity and branding guidelines.
- App name, icon, screenshots, and marketing copy accurately represent Northwestern.
- The app meets institutional standards for public-facing communications.
You must provide documentation or confirmation of this approval as part of your submission.
Information Required
Please provide all of the following information when submitting your service request.
1. App Details
| Field | Description |
|---|---|
| App Name | The display name as it will appear on the App Store |
| Bundle Identifier | The unique reverse-DNS identifier (e.g.,
edu.northwestern.myapp) |
| Platform(s) | iOS, iPadOS, macOS, watchOS, tvOS, visionOS — select all that apply |
| App Description | A brief summary of the app’s purpose and functionality |
| Department / Team | The Northwestern department or team responsible for this app |
| Primary Contact | Name and email of the person responsible for this request |
| Marketing Approval | Confirmation or documentation that Global Marketing and Communications has approved this app for App Store publication |
2. IT Security and Privacy Review
Northwestern requires a security and privacy review for all apps published under the university’s name. Please answer the following:
Data Collection and Handling
| Question | Your Answer |
|---|---|
| What data does the app collect from users? (e.g., name, email, location, health data, photos, usage analytics) | |
| How is data ingested? (e.g., user input, device sensors, APIs, third-party SDKs) | |
| How is data processed? (e.g., on-device, server-side, cloud-based) | |
| How is data stored? (e.g., local device storage, cloud database, third-party service) Where is it stored? | |
| How is data handled when the user deletes their account or the app? | |
| Is data encrypted at rest? | Yes / No — describe |
| Is data encrypted in transit (e.g., TLS/HTTPS)? | Yes / No — describe |
| Is data shared with third parties? If so, which ones and for what purpose? |
Third-Party SDKs and Services
| Question | Your Answer |
|---|---|
| Does the app use third-party SDKs or analytics services? (e.g., Firebase, Google Analytics, Crashlytics, Facebook SDK) | List all |
| Do any third-party SDKs collect data independently? | Yes / No — describe |
App Store Privacy Nutrition Labels
Apple requires all apps to disclose their data collection practices via App Privacy Details (the “nutrition label”). Please be prepared to provide accurate details for this disclosure.
Reference: App Privacy Details — Apple Developer
3. Authentication
If your app uses Northwestern NetID authentication (Shibboleth, SAML, or NU SSO):
| Question | Your Answer |
|---|---|
| Does the app use NU NetID for authentication? | Yes / No |
| Is the integration with NU Identity Services confirmed and operational? | Yes / No |
| Are all safety procedures for federated authentication in place? (e.g., token validation, session management, secure redirect URIs) | Yes / No — describe |
| Does the app enforce multi-factor authentication (MFA)? | Yes / No / Not Applicable |
| Is the app registered with NU Identity Services as a service provider? | Yes / No |
Note: If your app uses NU NetID authentication, you must work with Northwestern IT Identity Services to ensure your integration meets institutional security requirements before your request can be approved.
4. Special Capabilities and Features
Select all capabilities your app requires. Northwestern IT will provision the corresponding entitlements, keys, and certificates.
Push Notifications
If your app needs push notifications, select your preferred APNs authentication method:
| Method | Description | Recommendation |
|---|---|---|
| Token-based authentication (p8 key) | Uses a .p8 private key file to generate JSON Web Tokens
(JWT). The key does not expire (but can be revoked). A single key can be
used across multiple apps. This is Apple’s recommended
approach. |
✅ Recommended |
| Certificate-based authentication (p12 certificate) | Uses a .p12 SSL certificate tied to a specific app. The
certificate expires annually and must be renewed each
year. Requires a separate certificate for each app. |
Use if your server infrastructure specifically requires it |
Apple Documentation: - Establishing a Token-Based Connection to APNs — Token-based (p8) - Establishing a Certificate-Based Connection to APNs — Certificate-based (p12) - Registering Your App with APNs - Create a Private Key to Access a Service — How p8 keys are created
Other Capabilities
Reference: Supported Capabilities (iOS) — Apple’s full list of iOS capabilities by distribution method.
5. TestFlight Beta Testing Plan
| Question | Your Answer |
|---|---|
| Do you plan to use TestFlight for beta testing before release? | Yes / No |
| If yes, will you use internal testing (up to 25 team members) or external testing (up to 10,000 testers)? | Internal / External / Both |
| Estimated number of beta testers? |
Reference: TestFlight — Apple Developer
What You Will Receive
After your request is approved, Northwestern IT will provision and securely share:
- Distribution Certificate — Used to sign your app for App Store submission.
- Provisioning Profile — Ties your app’s Bundle ID, certificate, and capabilities together.
- Push Notification Credentials (if
requested):
- p8 key (token-based) — A
.p8file along with the Key ID and Team ID, or - p12 certificate (certificate-based) — A
.p12file with the corresponding password.
- p8 key (token-based) — A
- App Store Connect Access — Limited access to manage your specific app (as appropriate).
See the Developer Guide — Certificates, Profiles, and Code Signing in Xcode for instructions on how to install and use these assets.
Process Overview
┌──────────┐ ┌───────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
│ Marketing│ │ Submit │ │ NU IT │ │ Certs & │ │Developer │ │ App │ │ App │
│ Approval │──▶│ Request │──▶│ Security │──▶│ Profiles │──▶│ Builds & │──▶│ Review │──▶│ Live on │
│ Obtained │ │ via TDX │ │ Review │ │Provisioned│ │ Submits │ │ (Apple) │ │App Store │
└──────────┘ └───────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘
- Marketing Approval — Obtain approval from Northwestern Global Marketing and Communications.
- Submit your service request with all information above.
- Security Review — Northwestern IT reviews the security and privacy questionnaire.
- Provisioning — Certificates, profiles, and credentials are generated and shared securely.
- Development — You integrate the signing assets, build, and test your app. See the Developer Guide.
- Submission — You submit the app to App Store Connect for App Review.
- App Review — Apple reviews the app against the App Store Review Guidelines.
- Publication — Once approved, the app goes live on the App Store.
Apple Documentation References
- App Store — Apple Developer
- App Store Review Guidelines
- Submitting Your Apps — Apple Developer
- App Privacy Details — Apple Developer
- Distributing Your App for Beta Testing and Releases — Apple Documentation
- TestFlight Overview — App Store Connect Help
- Certificates Overview — Apple Developer Account Help
- Establishing a Token-Based Connection to APNs — Apple Documentation
- Establishing a Certificate-Based Connection to APNs — Apple Documentation
← Back to Knowledge Base Home · Program Overview · Developer Guide