Not getting untrusted developer prompt with Apple Enterprise with MAUI - ios

I'm signing an app using an Apple Enterprise certificate and an in-house provisioning profile. I've added the IPA, along with the manifest.plist, to an HTTPS page and I can install the icon at least, with the itms-services://?action=download-manifest&url= link. If I view the device with the Apple Configurator app I can verify the provisioning profile was installed on the device.
BUT: when I try to open the app I don't get the expected message Untrusted Enterprise Developer and I don't see the option to trust the profile in Settings > General > Device Management. Instead I get a message This app cannot be installed because its integrity could not be verified. I see the same message in console logs as well as "A valid provisioning profile for this executable was not found".
This is a MAUI app but I'm getting the same problem if I create an app in Xamarin with the same app id. HOWEVER: if I create an app with the same app id in Xcode it works fine. All three are using the same manifest.plist, app id, version, build number, etc.
It's got to be a certificate issue, right? But I've checked a million times to make sure dotnet publish is using the correct cert. I've un-zipped the IPA after it's built and verified the correct provisioning profile was added. I've re-signed with Xcode and tried using that IPA. I'm not sure what else to try and I don't know why it works with an Xcode project but not Xamarin / MAUI.
Anyone have any ideas?

After much trial and error I was able to solve this by building using the command line only and not putting any of the Codesign information in a PropertyGroup in the .csproj. According to the documentation this shouldn't be necessary but it's working for me now.
My full build command is:
dotnet publish -f:net7.0-ios -c:Release /p:RuntimeIdentifier=ios-arm64 /p:ArchiveOnBuild=true /p:CodeSignProvision="your provisioning profile name" /p:CodesignKey="Your distribution certificate name”

Related

Appcenter iOS install error "this app cannot be installed because its integrity could not be verified"

I see that this question has been asked many times but I see no solution that works for me so I'm hoping that providing more info might shed some light.
We use appcenter.ms to test iOS apps. Until our iOS certificate expired this method worked fine. We generated a new enterprise certificate and ad hoc provisioning profile for new releases of the iOS app. Which led to the first curiosity.
I see how to upload a certificate on appcenter.ms but not a provisioning profile. I thought there was an option to do this in the past but perhaps I am mistaken. However, the app is signed with a provisioning profile before upload, so perhaps this is not needed now.
Once the app is uploaded, it can't be installed. It remains grey and when you tap it, you get the "this app cannot be installed because its integrity could not be verified" error. Again, that the .ipa is created with an ad hoc certificate and profile in Xamarin (VS for Mac).
Also, I can't install the provisioning profile on a device from appcenter.ms. You basically get stuck in a loop where you seem to successfully install the profile but have to keep doing it because it never actually installs.
I hope this is enough info for some insight and thanks in advance for any feedback.
We were able to solve this by redoing and downloading development certs and via
And also downloading and double clicking the apple development certificate here
After that our keychain showed both as trusted and we could build to the iPhone again.
The issue can be the your device is simply not registered on the developer portal and/or that ad-hoc provisioning profiles have not been regenerated.
You need to register your device, regenerate a provisioning profile with this device in it and rebuild your app using this profile.
This can also happen because of
Developer ID Notary Service - Outage
which can be checked on https://developer.apple.com/system-status/
Notarization is well explained here:
Notarization gives users more confidence that the Developer ID-signed
software you distribute has been checked by Apple for malicious
components. Notarization is not App Review. The Apple notary service
is an automated system that scans your software for malicious content,
checks for code-signing issues, and returns the results to you
quickly. If there are no issues, the notary service generates a ticket
for you to staple to your software.
Work around fix:
Select your app.
Navigate to TextFlight tab
Create External Testing group
Add one tester
Add build which you want to download using TestFlight
Open TestFlight and download an app.
In my case this was caused by trying to include an entitlement for aps-environment "development" when using an Ad-Hoc provisioning profile. The value for this environment in Entitlements.plist must match what is hard coded into the provisioning profile file - if you open an Ad-Hoc profile in a text editor you will see it expects the "production" environment.
The possible solutions depending on your requirements are to either use the Development profile/certificate, or change the aps-environment to "production" to continue using an Ad-Hoc provisioning profile.
It can also happen if you have other incorrect entitlements - worth checking what entitlements are enabled under the Identifier in Apple Developer portal and removing unnecessary ones.
I had this issue because when building the app on xCode for distribution (Product->Archive then Distribute App), I chose automatic signing. After manually signing the app and choosing my own generated certificate and profile, everything worked again fine.
I removed the Entitlements file from the Addition Resources in iOS Bundle Signing and it worked.
I think the MSAL configuration was set to debug in entitlements.plist
I have also face this issue before but for me the reason was little different
First the build was enterprise one and the build was made on the earlier Xcode version on which the iOS version you are using on the device was not supported by the Xcode.
All I did was to update my Xcode and make a new build and shared the build. After that we were able to install that build over device Hope it works for you as well
This is how I solved for myself.
In you iPhone Settings > General > VPN & Device Management you should see your company name (if an app from it is installed), and if you click on it, you will see a button like "Verify" above the list of apps installed provided by the company. Just click on "Verify".

provisioning profile or entitlement error?

I need to put on my xamarin project the provisioning profile and the certificate...
But I am working with xamarin forms on my windows that is connectected to a physical mac...What happend is: when I need to run my project in a ios I run it through the windows and my mac does that...but for a physical device I need this cert. and prov. profile...
Will it work if I pass my project to my virtual mac and put there the certificate and provisioning profile and then pass it again to my windows? How my project will access the keychain in my windoews for my project? Do i need need to install the certificate in my windows ?? How do this things work? I'm a little confuse...I really need to do that
please, help me if you can
I did all this things and now my certificate works...but this error appears...I tried disabled keychain...but is still in this way...
My error
Installation failed: Your code signing/provisioning profiles are not correctly configured. Probably you have an entitlement not supported by your current provisioning profile, check the iOS Device Log for details (error: 0xe8008016)
My provisioning profile appears normally on my developer account and in my project...its is linked to my certificate as well and my device is registered on apple developer account as well and its linked to my certificate too
I downloaded de provisioning in my mac to...Is there a specific folder where it must to be ?
My IOS Device Log says:
The executable was signed with invalid entitlements
It sounds like you have everything set up correctly do develop on a windows PC and use a physical mac as a build device. I'm guessing you can run the app on a simulator and now need to connect and run it on an actual device.
I'm not sure what you mean by "virtual mac".
You need to follow the steps in this guide to create a certificate and provisioning profile.
I disabled all:
keychain
groups
pushnotifications
then, it worked...
the problem really was in entitlements
You need to remove the "Entitlements.plist" from your configuration.
Project Option > IOS Bundle Signing > Custom Entitlements (Keep it blank).

Project is not working on IPhone where as it's working fine on Simulater

I am working on xamarin IOS and my project is working fine on IOS simulator but when i run on IPhone 6. it's giving some issue.
"No valid iOS code signing keys found in keychain. You need to request a codesigning certificate from https://developer.apple.com. RSystemApp.iOS"
Please tell me what will i do to solve this issue. if anyone have any idea to solve this issue or have any link to solve the issue please suggest me so that i can run my app on Iphone also
thanks
When we have to run the iOS app on a device, we have to code sign the build. For that a valid provisioning profile and certificate is required.
Provisioning profile and developer certificate should be there on developer.apple.com, If not ten you have to create those there. Download those from there. Make sure you have added the device UDID while creating the provisioning profile.
Install provisioning and cert in your iPhone configuration utility and key chain.
Your bundle identifier should match with your AppID. You can confirm this by checking the provisioning profile in iPhone Configuration utility.
In Build Setting of your project, select these provisioning and certificate in code signing section.
If everything will be in this way, Your app will run on Device.
Login to your Apple developer account and verify that you have everything in place to deploy an app on to an actual device:
Do you have your certificates created and installed?
Did you create your App ID?
Have you registered your device(s)?
Do you have a Provisioning Profile?
Are all these marked as correct on your build Mac? Best way is to check that with XCode before doing it with Xamarin Studio or Visual Studio.
Create a little test app in XCode if necessary and deploy it to your app.
Is that works, import the profile and certs into Xamarin/Visual Studio and it should work.

Missing code sign certificate when trying to deploy app to new TestFlight

We've been developing an app based on Appcelerator Titanium the last couple of months and to deploy the app to our testers, we've used TestFlight. Now, Apple have shut down the "old" TestFlight and integrated it into ItunesConnect.
Now we want to deploy an update to our testers. So we created a new app within Itunes Connect with the same app bundle as the app bundle the provisioning profile we're building the app with are using. We build an IPA file which we try to deploy using Apples tool "Application Loader".
When we try to deploy the app, we get the following error:
ERROR ITMS-90161: "Invalid Provisioning Profile. The provisioning profile included in the bundle nu.kodfabriken.ourapp [Payload/OurApp.app]" is invalid. [Missing code-signing certificate.] For more information, visit the iOS Developer Portal"
Some Googling and trial-and-error told us to recreate our certificates and provisioning profiles. So we did, and got the same result. We don't know what to do here. Feels like we are stuck, with no clue what to do.
Worth noting is that when Apple switched to "new TestFlight" we didn't change anything at first. We used the very same provisioning profiles as we used with old TestFlight, which worked.
What are we doing wrong? Is this somehow related to how Titanium packages the apps (as far as I know, it's actually Xcode which creates the final build)?

Device Anywhere - App may not be signed

I am building my application using XCode 6 and App Store provisioning profile. After creating the application, I tried to upload it in Device Anywhere (Keynote), but it is giving me an error saying the app might be unsigned and that I need to sign it. I also tried it with AdHoc profile, but it is the same.
To verify, I installed the application on my test device, the one signed with AdHoc and it is working properly. I also verified the IPAs with security cms command and the IPA are getting generated properly.
Any help regarding this will be helpful.
Is the device in which you are trying to deploy the code, registered under the same provisioning profile you are trying ? Please check on this.
A provisioning profile binds
Certificate
App ID
Device UDID.
So basically only if your device is under this particular provisioning profile, you will be able to deploy.
The issue has been resolved. Build the application using AdHoc profile and during upload selection the option to re-sign it. Also using Device Anywhere version 7.0 or the latest one. That will resolve the issue.

Resources