These questions pertain to an iOS app for public (non-ad-hoc) distribution in the App Store:
If the app only needs distribution APNS services and does so using a key, can the app go without any certificates?
Does this app need a provisioning profile given question #1 and if all signing is managed automatically by Xcode?
If this app requires a provisioning profile, what happens when it expires while the app is currently available for download in the App Store?
If the app only needs distribution APNS services and does so using a key, can the app go without any certificates?
All native iOS apps must be signed. For that you need a digital identity, where the certificate part is issued by the Developer website.
Does this app need a provisioning profile given question #1 … ?
Yes. On iOS and its child platforms, all third-party code must be authorised by a provisioning profile. See TN3125 Inside Code Signing: Provisioning Profiles for info on what this actually does.
if all signing is managed automatically by Xcode
That’s a separate thing. It’s fine to let Xcode manage your signing assets for you but those signing assets still exist under the covers.
If this app requires a provisioning profile, what happens when it expires while the app is currently available for download in the App Store?
The App Store re-signs your app as part of its distribution process, after which the expiry date on your signing assets is no longer relevant. You just have to make sure that your signing assets are valid at the time you submit.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"