I am trying to understand what happens to Development apps already installed onto devices, running with invalidated 'Development provisioning Profile'
And would I be able to install a Development app signed with Invalid Development Provisioning Profile onto my registered devices.
In consideration, Provisioning profile has the right App ID, Development Certificate and Devices.
I have faced a scenario where the so called Firstly generated build was not installable when Provisioning profile was invalidated, so edited to make it valid. Perhaps secondly generated build was installable though profile was invalid again.
Confused with these scenarios to consider the right answer!
When Development profile expired/invalidated:
Already installed app won't be affected and It should be still working fine.
You can't generate new builds for devices.
If you generated the build with valid profile and invalidated that profile, you should generate build again once you made it valid.
Related
I see that this question has been asked many times but I see no solution that works for me so I'm hoping that providing more info might shed some light.
We use appcenter.ms to test iOS apps. Until our iOS certificate expired this method worked fine. We generated a new enterprise certificate and ad hoc provisioning profile for new releases of the iOS app. Which led to the first curiosity.
I see how to upload a certificate on appcenter.ms but not a provisioning profile. I thought there was an option to do this in the past but perhaps I am mistaken. However, the app is signed with a provisioning profile before upload, so perhaps this is not needed now.
Once the app is uploaded, it can't be installed. It remains grey and when you tap it, you get the "this app cannot be installed because its integrity could not be verified" error. Again, that the .ipa is created with an ad hoc certificate and profile in Xamarin (VS for Mac).
Also, I can't install the provisioning profile on a device from appcenter.ms. You basically get stuck in a loop where you seem to successfully install the profile but have to keep doing it because it never actually installs.
I hope this is enough info for some insight and thanks in advance for any feedback.
We were able to solve this by redoing and downloading development certs and via
And also downloading and double clicking the apple development certificate here
After that our keychain showed both as trusted and we could build to the iPhone again.
The issue can be the your device is simply not registered on the developer portal and/or that ad-hoc provisioning profiles have not been regenerated.
You need to register your device, regenerate a provisioning profile with this device in it and rebuild your app using this profile.
This can also happen because of
Developer ID Notary Service - Outage
which can be checked on https://developer.apple.com/system-status/
Notarization is well explained here:
Notarization gives users more confidence that the Developer ID-signed
software you distribute has been checked by Apple for malicious
components. Notarization is not App Review. The Apple notary service
is an automated system that scans your software for malicious content,
checks for code-signing issues, and returns the results to you
quickly. If there are no issues, the notary service generates a ticket
for you to staple to your software.
Work around fix:
Select your app.
Navigate to TextFlight tab
Create External Testing group
Add one tester
Add build which you want to download using TestFlight
Open TestFlight and download an app.
In my case this was caused by trying to include an entitlement for aps-environment "development" when using an Ad-Hoc provisioning profile. The value for this environment in Entitlements.plist must match what is hard coded into the provisioning profile file - if you open an Ad-Hoc profile in a text editor you will see it expects the "production" environment.
The possible solutions depending on your requirements are to either use the Development profile/certificate, or change the aps-environment to "production" to continue using an Ad-Hoc provisioning profile.
It can also happen if you have other incorrect entitlements - worth checking what entitlements are enabled under the Identifier in Apple Developer portal and removing unnecessary ones.
I had this issue because when building the app on xCode for distribution (Product->Archive then Distribute App), I chose automatic signing. After manually signing the app and choosing my own generated certificate and profile, everything worked again fine.
I removed the Entitlements file from the Addition Resources in iOS Bundle Signing and it worked.
I think the MSAL configuration was set to debug in entitlements.plist
I have also face this issue before but for me the reason was little different
First the build was enterprise one and the build was made on the earlier Xcode version on which the iOS version you are using on the device was not supported by the Xcode.
All I did was to update my Xcode and make a new build and shared the build. After that we were able to install that build over device Hope it works for you as well
This is how I solved for myself.
In you iPhone Settings > General > VPN & Device Management you should see your company name (if an app from it is installed), and if you click on it, you will see a button like "Verify" above the list of apps installed provided by the company. Just click on "Verify".
Quick sanity check - I've read through several related questions and I'm still confused about this topic.
I have build the app with a provisioning profile(in-house) with enterprise account.
That provisioning profile is getting expired in next few days and the distribution certificate used for that provisioning profile expires in next year.
If the provisioning profile gets expires will the apps which were distributed stops working or they will keep working as distribution cert is intact?
The answer is: MAYBE (but they will probably stop working)
So, the thing you need to realize is that, while your provisioning profile is installed with the app, at install time, it is simply added to the set of installed profiles on the device. When you go to run an app, iOS simply checks if there is a valid profile that works for the app. It doesn't have to be the one installed with the app.
So, let's say you have an enterprise provisioning profile that uses a wildcard app ID. You install your app (app A) with a provisioning profile that is set to expire on 4/12/2020. If that is the only enterprise app you have on the device, and you do not install a new provisioning profile through another means (like MDM - mobile device management), the app will not run on 4/13.
However, let's say your organization uses a wildcard id in their provisioning profile, and you (or another team) builds a second app (app B) that is installed afterwards, but it is installed with a provisioning profile that is set to expire on 1/1/2021. If that app is installed on the same device as app A, when the user launches app A, and it will check for a valid provisioning profile on the device, find the one installed with app B, and be allowed to run. This scenario is likely why #Shubham thinks that the app will continue to run - he has probably experienced this, but thought it was due to the certificate expiration. It definitely was NOT!
So, I would recommend you get a new provisioning profile installed on devices running those apps as soon as possible. The easiest way to do that is to create a new build of the app with the new provisioning profile and install the new version. If these are managed devices and your MDM software allows it, you could simply install a new provisioning profile directly.
But, whatever you do, don't believe that you don't need to worry about it because the certificate is still good. You need to get a newer profile on your devices or you will have a lot of apps that appear to crash on start up. Believe me, I've been there.
However, when you get close to the certificate expiring, you will definitely need to rebuild a new binary, so plan ahead for that. Pushing a new profile onto the device won't work then, because the binary on the device is signed with the cert, so the only way to fix an expired cert is to build a new binary signed by the new cert.
Your enterprise app needs to contain a valid provisioning profile. This means that it will need to be updated at least once every 12 months.
If your enterprise app is distributed by MDM then you can use your MDM to distribute a new provisioning profile without updating the entire app. A new app version will be required at least once every 2 years as the signing certificate will expire.
For more information refer to this 2014 WWDC session - Transcript
It was also covered briefly in this 2019 WWDC Session
I hope you can help me with this...
Situation: Regenerating a provisioning profile but still using the same developer certificates and app id:
What would happen to the app using the previous provisioning profile installed to users' device when the provisioning profile is regenerated in Apple Developer Center? Would the app still behave normally or no longer run?
If the app with the regenerated provisioning profile is being installed to a device where the app with the previous provisioning profile is already installed, would it be considered as an update or new install?
Thank you in advance!
As of questions #1, the app will work normally as long as:
The old provision profile has not yet expired.
The device UDID is included in the provision profile (relevant only
for developer certificate)
As of question #2:
As long as both apps has the same bundle ID it will be considered as
an update.
If both apps does not have the same Bundle ID, it will be considered
as a new install.
If the old app was deleted before installing the new one, it will be
considered as a new install.
If provisioning file is regenerated for same certificates i.e.., same bundle Id then it will be considered as an newly signed identity rather than an update. But if you revoke the certificates then the previous apps built with existing certificate will stop irrespective of provisioning files regenerated.The above situation applies only for Enterprise builds and not for Ad-Hoc builds.
My first question here, and I have tried everything and googled like hell and couldn't find an answer to this issue.
So I have a client for whom I have to make an iOS distribution via in House distribution system (they don't want their app on the store but will use it in corporate use with over 20 devices, so the AdHoc UDID system is out of the question).
Now, the client has given me Admin roles on their Enterprise account and I have done the following:
Downloaded the production certificate
Installed the .p12 file from the client on my keychain
Created the app id
Created the provisioning profile and downloaded it too
Now, I do manage to archive the app and install it on my device, but then the app crashes like right after the splash screen. It is to my understanding that there is an issue with the production certificate, and I am clueless. Any help or advice would be greatly appreciated.
An enterprise-signed app won't allow a debug connection. if you want install app in device, you should create archive .ipa and install.
for debug app in device you need to signed app using AdHoc provisional profile of individual developer account.
After some time I have managed to solve this little issue. The main problem was not the .p12 but the bundle ID itself. Since most of the times I was getting an error that the bundle ID was not matched with the provided provisioning profile. So what I did is:
Edited the app id on the Apple Dev Site from an old name, i.e. com.potato.PotatoApp into com.lemon.PotatoApp (the main reason I had to do this is cuz' my default ID is my company's ID, and in this scenario I had to use the client's Apple Dev Account, and thus the ID itself.
Edited the provisioning profile by selecting the newly edited app id, and then changing the name from "PotatoApp" to "PotatoApp inHouse"
Downloaded the newly edited profile.
On the Debug settings, this was the corresponding list:
-Provisioning profile (debug & release): "PotatoApp inHouse"
-Code signing identity (debug & release): "iPhone distribution: Lemon Company Ltd."
Also on the team list changed from "Potato Company Ltd." to "Lemon Company Ltd.", after that a simple Archive and the build was created without any issues.
I'm looking to add a new device to a provisioning profile for an app I'm developing. My concern is that there are already a few devices outside our office running a test build that was installed using an existing version of the provisioning profile.
If I update the the provisioning profile to include the new devices, will the provisioning profile on the existing devices become invalid and stop that existing version of the app from running properly?
No, the old provisioning profile(s) will remain valid. The only way for an app to expire is if the development certificate used to sign the code/profile is revoked or expires.