Roger - you are right. Expired certs are not meant to cause this problem, in theory the application should continue functioning if the certificate has expired, although I’ve run into situations where they don’t.
The problem here is that the provisioning profile required for iCloud is tied into the certificate and that’s the situation that Apple hadn’t handled very well. If you’re not using a provisioning profile, you should be fine.
Unless one of Apple’s intermediate certificates expire or become revoked and at which point your certificate also expires and is revoked.
The main issue: if an app has a Provisioning Profile (which is rare) and the developer ID certificate used to sign that app expires, then the app won’t launch. This seems like an Apple bug and has been reported. This shouldn’t affect Xojo authors unless you are using Provisioning Profiles (and if you are, you probably know it).
A secondary issue: if you have an auto-update feature inside your app, be careful how you validate the signature as Apple recently changed the Common Name field in certificates.
It confirms that Apps that are using a “Provisioning Profile” are affected.
[quote]The presence of the provisioning profile will depend on your use of app services.
In our case it is used to declare a keychain access group.[/quote]