Whether operations(certificate etc) in Apple Developer may affect applications that have already been distributed by MDM (Mobile Device Management).

If you revoke a certificate that was used to sign Enterprise apps or ditribution profiles, any app that was signed with that certificate or distributed with those distribution profiles will stop working. You will need to update the distribution profile to use the new certificate and export the .ipa file again with the new certificate and profile.

An Enterprise account can have two production certificates at the same time. They expire after 3 years. You should "stagger" them. When the first one has a year or less until it expires, create another one but don't revoke the first one. After you have updated all your distribution profiles and apps to use the new certificate, push out the new version of the apps and just let the old certificate expire. Then you can repeat the same process later when the new one is getting close to expiring.

Agreeing to new terms on the developer site will not affect your apps.

Thank you for your answer.

Can I ask you a few more questions?

(1) How long does it take for the app doesn’t run after revoke the certificate?

I tried it myself, there was a case that the app still worked after 12 hours from revoke the certificate on iPad.

I have made assumptions, such as

- It stops working immediately.

- It stops working after a certain time.

- It stops working at the time when a device be rebooted.

but I have no idea which one is correct.

(2) When did the specification come up that the app will be not run after the certificate is revoked?

I’m not quite sure but it didn’t happen like this when I did same things at few years before. (maybe around 2016)

Apple has stated that devices "periodically" check for revoked certifiates for Enterprise apps (see Apr 28, 2016 mesage from "Apple Staff" user 3ZS in this thread), but they have not given any specifics of how often it occurs, if it is a fixed interval or is triggered by certain events, etc. My guess is your device didn't check within those 12 hours. Any answer to your question (1) with more details than "It stops working after a certain time" would have to be answered by Apple, and they apparently don't want to disclose that info.

Revoking a certificate (any certificate, not just ones used by Apple for Enterprise apps) means that it should no longer be used to validate or authenticate anything. That is the point of revoking it. I'm not sure how you were able to run an app or profile that was signed with a revoked certificate, unless as mentioned above, iOS didn't check the certficate between the time you revoked it and the time when you stopped using the app or replaced it with a version using a newer certificate. Apple's page on what happens when various types of developer certificates are revoked is here.