App Center iOS build unable to verify integrity - ios

I'm working on a Xamarin application and I'm doing iOS builds to run and test on different devices using App Center.
Everything was ok, on Apple Developer I created the Ad-Hoc certificate, the provisioning file, and the identifier and it was all good.
During the last implementation, I added on Entitlements the Associated Domain due to enabling the possibility to use the App Link and let the user open the application using a link provided via email.
I updated the Identifier adding the feature also to it and I downloaded it and uploaded it again to the dedicated branch on App Center, but now when I try to download the app to the device I receive this message:
Unable To Install "App Name". This app cannot be installed because its integrity could not be verified.
I tried different ways trying to solve it:
Create a completely new certificate with a new identifier, provisioning, and .p12 file
Checked Entitlement feature list correspond to the identifier list on Apple Developer
Used different versions of SDK and Xcode on App Center
I already searched around on the web but they talk about the provisioning file list but I already checked and it is updated.
Thank you for your help and for your suggestions.

Related

How do you distribute a Xamarin Forms iOS archived container app with a share extension?

I'm having problems archiving my Xamarin iOS app which has a Share Extension.
I am using Visual Studio 2022 for Windows paired to a Mac.
I have created:
a distribution profile in App Store Connect
identifiers for app and extension with App Group entitlements
App Store profiles for app and extension
Bundle Signing for Extension:
Manual Provisioning
Distribution: Automatic
Provisioning Profile: No matching profiles found (Why not found?)
Bundle Signing for MainApp:
Manual Provisioning
Distribution: Automatic
Provisioning Profile: MyAppName
In addition, in my Identifiers I have an additional record which I did not add myself:
XC com companyname MyAppName Share (Where has this come from?)
When I try to archive I get the following errors:
Cannot create an IOS archive 'MyAppName'. Process cannot be executed on XMA server.
"ditto" exited with code 1
I've searched for documentation or examples on how to distribute a Share Extension, but can't find anything helpful. I've also been able to successfully upload an archive to the store without the Share Extension attached.
What is going on here?
UPDATE
Just tried to release through VS on Mac, and getting a whole lot of new errors. The Mac VS is horribly designed and seems like it was just thrown out as an afterthought. There is no proper output window for archiving issues; the issue messages are squashed, non-wrapped into the single line status bar at the bottom of the screen in a way that I need to open the application on a large monitor to see; I have no idea whether they are warnings or errors and if the build has stopped or not.
I hope the suggested response is not: release it on VS Mac.
Here, i would like to share the way of publishing my app with share extension using VS for MAC, for the purpose of helping others.
First, create iOS Distribution Certificate in your Apple Developer account. Before doing this, you have to generate a Certificate Signing Request file in your KeyChain.
Second, if you use AppGroup, you should generate an App Group ID, which would be used for your share extension as well as its container app. Then in Xamarin Forms project, for your share extension and its container, both set the App Group ID in the Entitlements.plist.
Third, generate App IDs for both your app and share extensions. In Capabilities, you have to configure to choose your AppGroup in previous step.
Then, generate profiles for both your container and share extension. You should select the proper iOS Distribution Certificate and App ID. Then download and refresh your profiles.
Now in Visual Studio for MAC, you could select profiles for your App and extension respectively in iOS Bundle Signing. Then you can archive them for publishing~

In an Enterprise iOS app, how to replace the *.mobileprovision file on device after existing profile expired, but without re-signing the IPA?

We have a series of iOS Enterprise applications that were built with Telerik Cordova (discontinued in May 2018). Those apps are in the process of being converted to a new platform, but in the mean time they must continue to service client needs.
The distribution certificate the apps were built with is valid for another 14 months or so, but the provisioning profiles expire in a few days. Since these are Enterprise apps they will expire with the profiles.
Unfortunately, Telerik can no longer rebuild the apps using an updated profile for us. We have re-signed the apps using new provisioning profiles (using both iReSign and Terminal). When we try to side-load the resulting IPAs through the XCode Devices panel, we get an error stating that the entitlements do not match and the apps are not installed.
The question was raised as to whether or not we not need to re-sign the apps since the certificates are still valid. Perhaps it would be possible to just replace the .mobileprovision file on the device somehow? I gave it a try using iTunes Sync but I cannot confirm whether the file actually went to the device or not.
Question: Is it possible to just update the *.mobileprovision on the device without re-signing the app? If so, could someone please give me the steps or direct me to a link to perform the steps?
Alternate Question: Otherwise, any thoughts on how to resolve my Entitlements issue? The app only needs Push Notifications, but Game Center and In-App Purchases are also enabled. These are reflected in the App ID and provisioning profile, and the distribution certificate is of type Apple Push Services.
I should point out that I am not an admin on the Apple Developer portal for the project as I am an outside consultant, so my portal access is strictly read-only.
Thanks in advance for any direction provided!
If the applications were distributed to the devices by an MDM, then you can push a new provisioning profile to them using the MDM.
If the applications were installed over the air from a web server or directly using iTunes or Apple Configurator, then you need to replace the entire application package on the device. This requires the app to be re-signed, since the changed .mobileprovision file will change the package signature.
If you don't have the original, app ID with matching entitlements in the developer portal, then you will need to delete the existing application from the device before installing the new, re-signed application. You won't be able to do an in-place upgrade.

iOS certificated on developer account and their role in App building

I have been an android developer and was thinking the life is not easy but then I found the iOS developer account and its relativity with project creation and other certifications.
I have developed the app, then in that App, I need to add FCM notifications. For this, I have installed FCM pod. And made necessary changes in the project.
Now its turn for me to connect my project with FCM ios ( and ios APNS with FCM server)
So good so far. Now I want to create a different team for this project. But When I create a distribution certificate it always creates a file with the name of the team I was using before i.e ABCD. I tried to create another profile but it just creates ABCD named file.
Can anyone tell what could be the problem?
2nd what are the steps required to create a production certificate for FCM to launch the app in the store?
Please discuss the first point in detail why it is happening? Why I can't change the name of the certificate.
Note: Whenever I try to create a development certificate it take another name
Please let me know what is going on..........
Xcode generates certificate fully automatic these days. You should let it automatically build them for you till you experienced more with apple signing process.
you can change any identifiers you want before sending any kind of build to appStore, (for example for test flight)
If you didn't upload to appstore yet, you can just login with your other account in Xcode and choose it from the team dropdown in signing section of general tap in Xcode. Then Xcode tries to sign the app with new credentials.
For FCM, follow the original documentation of FCM.
And at the end, Welcome to iOS world ;)

iOS code sign error

Apologies if this has been asked before. I am new to iOS mobile app development. I am further developing an iOS app that has been developed by another person. They sent me the source code and told me that all the signing keys/certificates/provisioning profiles are stored against the Apple Developer's Account (which I have access to). When I try to build/run the app through XCode it complains about Code Sign error (not having a matching certificate in my keychain) . How can I fix this error please? is the a way to download the.p12 file from the app's Apple Developer Account? Since the app provisioning profile and signing identity is only needed for running the app on actual devices (at least in my understanding), is there away of getting xcode to ignore about it just for the purpose of running the app on the simulator?
If you have a developer account add it to Xcode Preferences -> Accounts , then click Automatically manage signing
If you want to distribute the app, make sure you have a distribution private key in your keychain, from the old mac or create the new one

How to build an iOS binary without setting an Apple Developer account and team?

I'm using Xcode 6.3.2, and I'd like to let another people to build and create the .ipa files of my projects, but I don't want neither to expose my Apple Developer account information, nor create users for them in my team... is that possible? Either by using Xcode, either by commands line.
Thanks in advance
EDIT: The goal is to prevent those external people from being able to submit apps to the App Store by means of my Apple Developer account and from being able to see the other apps managed in the account.
EDIT2: Does providing the distribution certificate to external people make possible to them to submit binaries to the App Store?
After reading your edits, I think I understand more clearly what you are trying to do. Basically, you will simply need to provide the other members of your team with the following:
The private key used to generate your app store distribution
certificate.
The distribution certificate
The app store distribution
provisioning profile
This will allow those team members to work on, and build the app for the app store. Without your Apple developer ID password, they will not be able to log into iTunes Connect to see the other apps you have. While they will be able to build the app for app store distribution, you (as the only one with the apple ID password) will have to be the one to submit the compiled app to the store.
So basically, your development team will create the apps. When you're ready for release, they can do an "Archive" in Xcode to create the .app that has been signed for the app store (using the provisioning profile and signing identity that you provided them in the three files I mention above. They will zip up the .app and the .dSym files into a .zip and send it to you. You will then log into iTunes Connect and set upt the app to be ready for the new binary, and then use the Application loader to upload the .zip to apple for review. Once you have gotten a successful review, you will again log into iTunes Connect to release the app. So at no point will the developers have access to submit apps or see other apps you have in the store.
Also, the development team will not need the provisioning profile, cert, and key until they need to build for the app store. During the development phase, there is no problem with them using their own developer accounts to build and test the app.
One additional thing to note is that Apple is changing the roles that are available in iTunes connect. You may want to review those new roles to see if some combination of those roles my work for your team setup.
From http://9to5mac.com/2015/06/12/wwdc-itunes-connect-testflight-limits-account-switching/
After several apps are added to an account by its admin, developers
can now assign user roles to individuals on their team— app manager,
developer, or marketer— with each allowing varying access to iTunes
Connect features. App managers, for example, will be able to create
users, assign user roles, change pricing, and submit apps for review.
Marketers will get access to updating store metadata, uploading promo
material, and requesting promo codes. Users assigned the developer
role will be able to upload binaries, and view crash logs and store
metadata.
Apple recently introduced Free-provisional-profile and/or free-developer-certificate support.
But it's limited (see below note).
To utilise that follow below steps suggested by Apple,
In Xcode, add your Apple ID to Accounts preferences, described in Adding Your Apple ID Account in Xcode.
In the project navigator, select the project and your target to
display the project editor.
Click General and choose your name fromthe Team pop-up menu.
Connect the device to your Mac and choose your device from the Scheme toolbar menu.
Below the Team pop-up menu, click Fix Issue.
Xcode creates a free provisioning profile for you and the warning text under the Team pop-up menu disappears.
Click the Run button.
Note that said support is limited, for example, the capability to sell things with "Apple Pay" would not even build with a free-certificate.
Yes, there are several ways to solve your problem.
You can create .ipa file with you provisioning profile and give them the file, they can you use application called "Application Loader", they can use this application to upload the .ipa, this should resign your application with their provisioning profile. I did not try this but it should work.
When you create an archive of you application, it will be listed in "Organizer", go to that location, and give them that .app file alone. Then they can use any third party application(can be downloaded from Mac Appstore) to resign the application with their profile. In this case, you are completely hiding your information. They can even change the application icon, default image.. etc during the resigning process.
When you build your application in release mode an .app file is created, this is unsigned binary. You can search for .app file in your Xcode project itself. Just find the location, and give them that .app file alone. Then they can use any third party application(can be downloaded from Mac Appstore) to resign the application with their profile. In this case, you are completely hiding your information. They can even change the application icon, default image.. etc during the resigning process.
Hope this helps.
No, There is no way to compile a .ipa without a provisioning profile (device compile, not simulator compile). To do this, you would go XCode->{AppTarget}->Build Settings->Code Signing->Code Signing Identity, and set 'Don't code sign".
Trying to compile afterwards will fail with
CodeSign error: Code signing is required for product type
'Application' in SDK...
EDIT: The goal is to prevent those external people from being able to
submit apps to the App Store by means of my Apple Developer account
and from being able to see the other apps managed in the account.
You have two options:
Send them your Source code + XCode Project, and not the library.
Compile the code using "iOS Developer" Code Signing identity, and not "iOS Distribution" identity.
Anything signed with iOS Developer can never be sent to the AppStore.
Anything signed with iOS Distribution can never be run on a device
unless it is downloaded from the AppStore.
They can never see what you have for sale, nor publish anything unless they have your AppleID username and password

Resources