Not necessarily. Jailbroken device is needed to produce decrypted dump which is packaged back into an application file. This file then can be signed with a third party service using either an enterprise account or the personal user account (in which case it must be re-signed periodically).