Transfer ownership of Standalone app

Please provide the following:

  1. SDK Version:38.0.0
  2. Platforms(Android/iOS/web/all): Android and iOS

I have an app that is on the Apple App Store and Android Google Play Store.

I let Expo ''handle the process" for Android.
It was for a client and I uploaded it to their Google Play Store account.

I used a developer account of mine to build to app, but my account was given developer permissions to the client’s Apple App Store Connect account.

How do I hand them the source code and all necessary items alongside? I saw a post in 2018 that suggests I can’t easily do this. Not sure if that’s the case. They want the source code and they’ll need everything else necessary to build future releases.

Hey @michael1991,

Are you talking about transferring within the Apple and Google scope or with Expo? Here’s some documentation we have on App Transfers in the mean time: https://docs.expo.io/distribution/app-transfers/

Cheers,
Adam

Hey @adamjnav,

Both projects are in the respective app stores and were built as standalone apps. But I used Expo to handle the Android Built. I don’t know how much it handled the iOS build, I think that’s less integrated with Expo? I think the keystore is managed by Google, but is there not anything being ‘handled’ by my Expo account? I’m worried I’ll hand the code over and my client won’t be able to build without my Expo login.

Hi

Based on what you said and my shaky understanding of this stuff, it sounds to me like you are OK in terms of the App Store and Play Store, as long as you get the right upload keys/provisioning profile etc.
See the following:

$ expo --help | grep fetch
    fetch:ios:certs [options] [project-dir]             Fetch this project's iOS certificates/keys and provisioning profile. Writes files to the PROJECT_DIR and prints passwords to stdout.
    fetch:android:keystore [options] [project-dir]      Fetch this project's Android keystore. Writes keystore to PROJECT_DIR/PROJECT_NAME.jks and prints passwords to stdout.
    fetch:android:hashes [options] [project-dir]        Fetch this project's Android key hashes needed to set up Google/Facebook authentication. Note: if you are using Google Play signing, this app will be signed with a different key after publishing to the store, and you'll need to use the hashes displayed in the Google Play console.
    fetch:android:upload-cert [options] [project-dir]   Fetch this project's upload certificate needed after opting in to app signing by Google Play or after resetting a previous upload certificate.

If you search for keystore and certificate in the Expo docs you will find several pages that seem relevant, although ignore the stuff about turtle-cli if you’re using the Expo build service.

e.g.



@adamjnav would you mind confirming/clarifying?

Thanks for taking the time in your response @wodin, will wait for @adamjnav confirmation but it’s nice to see i’ll probably be okay. the reason i was worried was this answer from 2018

I think he’s talking about a proper standalone app, not an ‘Expo’ app,

I think the situation that the poster on that thread was in was slightly different, because it seemed like they had deployed the app to the App Store/Play Store with their own dev accounts. If I understand correctly you used the client’s Google Play account and App Store Connect account.

So I think the only real potential issue is that your app is associated with your Expo account, so the apps that are deployed to the App/Play stores will not download OTA updates if your client publishes an update using their own Expo account.

But if your client rebuilds the app using their Expo account and then deploys this new app to the App/Play stores, the users can download this update and will get any future OTA updates (as long as the SDK version and release channel match the SDK version and release channel that the app was built with.)

In order for your client to be able to submit the rebuilt apps, they will need the relevant keys/provisioning profiles/etc.

So unless I’m missing something @quinlanj’s last paragraph applies, and you’ll also need to do something similar with the keys for Android.

Hi @wodin,

Thank you for the reply. So basically, they won’t need to delete the existing app and re-upload if they rebuild with their expo account… they can basically just pick up where I left off?

I’m a bit unclear of what this means in layman’s terms, apologies if I’m missing an obvious answer.

“…publish their expo project under that account (existing standalone apps will not receive updates since it’s from another developer), then download your distribution certificate and push notification certificate from apple’s developer center, and reupload those credentials when running exp build:ios with the new account.”

Hi @michael1991

I still have gaps in my knowledge, especially wrt. deploying to the App/Play store, but I hope I can clarify.

Expo cares about the Expo username of the person who publishes/builds the app and expo.slug (from app.json). The App/Play stores do not care about those.

The App Store cares about expo.ios.bundleIdentifier and the Apple developer account (along with the keys used to sign the app. There’s also something called a provisioning profile. This part I’m a bit unclear on.)

The Play Store cares about expo.android.package and the keys used to sign the app. (Again the signing stuff is a bit unclear to me.)

So as I understand it, Expo generated the keys/certs/provisioning profiles etc. for your app. So you need to fetch them using expo fetch:*, so that your client can make use of them when building the app after you have handed it over to them.

Since the App and Play stores don’t care about the Expo username, you will be able to give your client the source code, they will be able to set up a new Expo account. They will be able to get Expo to build the app for them. But if they try to upload it to the App/Play stores, I think they will run into problems, unless they have used the keys/certs/provisioning profiles that Expo used on your behalf when you built the app.

Also, if your client were to only publish an update (without building a new app and getting it uploaded to the App/Play stores), the existing users would not see this update, because the existing users’ apps would be looking for updates on Expo’s servers that are associated with your username. In order to fix this, your client needs to build the source code using their own Expo account, and the keys/certs/provisioning profiles that you fetched from Expo and get them deployed to the App/Play stores. Then the users would have to upgrade the app from the App/Play store. After that, your client should be able to publish updates and the users’ apps would download the updates.

Of course, when the client wants to upgrade to a later Expo SDK, they will need to rebuild the app and publish to the App/Play stores again, because the app will only “see” OTA updates that were built with the same SDK version (and Expo username and slug and release channel) as they were.

I hope that clarifies some things for you.

@charliecruzan could you please correct anything I might have messed up and maybe clarify exactly what needs to happen wrt. the keys/certs/provisioning profiles?

@wodin that is all spot on :+1:

1 Like

Thank you, really appreciate the detailed response here.

So I used my apple dev credentials to build the app using expo build:ios in my terminal. This account was set as admin to their company’s apple account, to which the app store listing is under. So is this an issue for them making future builds, etc?

And also, what are the steps my client will need to take to remove my expo account from a project and link there’s? Do I just send the source code as it is or are there files I need to delete/amend? I saw you mentioned the expo.slug in the app.json file, is that all I need to look at?

This sounds to me like it should be fine. @charliecruzan, sorry to invoke your name again, but would you mind confirming?

You/they shouldn’t need to do anything special here. They can change the slug if they want to before building/publishing for the first time, but it’s totally optional. Basically you give them the code, they login with their Expo account and build/publish. The only possible thing that would need to change in the unlikely event that you set it is expo.owner in app.json.

(I think the description for the owner option is not 100% right. You can set it as a non-team user. e.g. if you ever have to switch between accounts (e.g. a work account vs. a personal account) you can set the owner to prevent accidentally publishing to the wrong account.)

By the way, I think getting future clients (and maybe this current client) to create a team account and adding you as a team member should probably avoid the Expo part of this sort of problem in future. I have never used a team account/been part of a team so I’m not sure if you could belong to team accounts of multiple clients at once. @charliecruzan :pray: any chance you could elaborate on this or correct me?

1 Like

Yeah, your client can build from their company account since I’m assuming they’ll have access to the same credentials

And yep- you can be a part of as many teams as you’d like. For collaboration/consulting, I think the teams feature would help smooth a lot of this process out

1 Like

:pray: Thanks so much for the advice guys.

2 Likes