Request: App Store Publishing

Use this request when you want to publish an app on the public Apple App Store under the Northwestern University developer account. This applies to apps for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS.

Not what you need? See the Program Overview to choose the right service request.


Prerequisites

Before submitting this request, please ensure you have obtained or are prepared to obtain the following:

✅ Approval from Northwestern Global Marketing and Communications

All apps published on the App Store under Northwestern’s developer account must be approved by Northwestern Global Marketing and Communications. This ensures that:

You must provide documentation or confirmation of this approval as part of your submission.


Information Required

Please provide all of the following information when submitting your service request.

1. App Details

Field Description
App Name The display name as it will appear on the App Store
Bundle Identifier The unique reverse-DNS identifier (e.g., edu.northwestern.myapp)
Platform(s) iOS, iPadOS, macOS, watchOS, tvOS, visionOS — select all that apply
App Description A brief summary of the app’s purpose and functionality
Department / Team The Northwestern department or team responsible for this app
Primary Contact Name and email of the person responsible for this request
Marketing Approval Confirmation or documentation that Global Marketing and Communications has approved this app for App Store publication

2. IT Security and Privacy Review

Northwestern requires a security and privacy review for all apps published under the university’s name. Please answer the following:

Data Collection and Handling

Question Your Answer
What data does the app collect from users? (e.g., name, email, location, health data, photos, usage analytics)
How is data ingested? (e.g., user input, device sensors, APIs, third-party SDKs)
How is data processed? (e.g., on-device, server-side, cloud-based)
How is data stored? (e.g., local device storage, cloud database, third-party service) Where is it stored?
How is data handled when the user deletes their account or the app?
Is data encrypted at rest? Yes / No — describe
Is data encrypted in transit (e.g., TLS/HTTPS)? Yes / No — describe
Is data shared with third parties? If so, which ones and for what purpose?

Third-Party SDKs and Services

Question Your Answer
Does the app use third-party SDKs or analytics services? (e.g., Firebase, Google Analytics, Crashlytics, Facebook SDK) List all
Do any third-party SDKs collect data independently? Yes / No — describe

App Store Privacy Nutrition Labels

Apple requires all apps to disclose their data collection practices via App Privacy Details (the “nutrition label”). Please be prepared to provide accurate details for this disclosure.

Reference: App Privacy Details — Apple Developer

3. Authentication

If your app uses Northwestern NetID authentication (Shibboleth, SAML, or NU SSO):

Question Your Answer
Does the app use NU NetID for authentication? Yes / No
Is the integration with NU Identity Services confirmed and operational? Yes / No
Are all safety procedures for federated authentication in place? (e.g., token validation, session management, secure redirect URIs) Yes / No — describe
Does the app enforce multi-factor authentication (MFA)? Yes / No / Not Applicable
Is the app registered with NU Identity Services as a service provider? Yes / No

Note: If your app uses NU NetID authentication, you must work with Northwestern IT Identity Services to ensure your integration meets institutional security requirements before your request can be approved.

4. Special Capabilities and Features

Select all capabilities your app requires. Northwestern IT will provision the corresponding entitlements, keys, and certificates.

Push Notifications

If your app needs push notifications, select your preferred APNs authentication method:

Method Description Recommendation
Token-based authentication (p8 key) Uses a .p8 private key file to generate JSON Web Tokens (JWT). The key does not expire (but can be revoked). A single key can be used across multiple apps. This is Apple’s recommended approach. Recommended
Certificate-based authentication (p12 certificate) Uses a .p12 SSL certificate tied to a specific app. The certificate expires annually and must be renewed each year. Requires a separate certificate for each app. Use if your server infrastructure specifically requires it

Apple Documentation: - Establishing a Token-Based Connection to APNs — Token-based (p8) - Establishing a Certificate-Based Connection to APNs — Certificate-based (p12) - Registering Your App with APNs - Create a Private Key to Access a Service — How p8 keys are created

Other Capabilities

Reference: Supported Capabilities (iOS) — Apple’s full list of iOS capabilities by distribution method.

5. TestFlight Beta Testing Plan

Question Your Answer
Do you plan to use TestFlight for beta testing before release? Yes / No
If yes, will you use internal testing (up to 25 team members) or external testing (up to 10,000 testers)? Internal / External / Both
Estimated number of beta testers?

Reference: TestFlight — Apple Developer


What You Will Receive

After your request is approved, Northwestern IT will provision and securely share:

  1. Distribution Certificate — Used to sign your app for App Store submission.
  2. Provisioning Profile — Ties your app’s Bundle ID, certificate, and capabilities together.
  3. Push Notification Credentials (if requested):
    • p8 key (token-based) — A .p8 file along with the Key ID and Team ID, or
    • p12 certificate (certificate-based) — A .p12 file with the corresponding password.
  4. App Store Connect Access — Limited access to manage your specific app (as appropriate).

See the Developer Guide — Certificates, Profiles, and Code Signing in Xcode for instructions on how to install and use these assets.


Process Overview

┌──────────┐   ┌───────────┐   ┌──────────┐   ┌──────────┐   ┌──────────┐   ┌──────────┐   ┌──────────┐
│ Marketing│   │  Submit   │   │ NU IT    │   │  Certs & │   │Developer │   │  App     │   │   App    │
│ Approval │──▶│  Request  │──▶│ Security │──▶│ Profiles │──▶│ Builds & │──▶│  Review  │──▶│  Live on │
│ Obtained │   │  via TDX  │   │  Review  │   │Provisioned│  │ Submits  │   │ (Apple)  │   │App Store │
└──────────┘   └───────────┘   └──────────┘   └──────────┘   └──────────┘   └──────────┘   └──────────┘
  1. Marketing Approval — Obtain approval from Northwestern Global Marketing and Communications.
  2. Submit your service request with all information above.
  3. Security Review — Northwestern IT reviews the security and privacy questionnaire.
  4. Provisioning — Certificates, profiles, and credentials are generated and shared securely.
  5. Development — You integrate the signing assets, build, and test your app. See the Developer Guide.
  6. Submission — You submit the app to App Store Connect for App Review.
  7. App Review — Apple reviews the app against the App Store Review Guidelines.
  8. Publication — Once approved, the app goes live on the App Store.

Apple Documentation References


Back to Knowledge Base Home · Program Overview · Developer Guide