Unable to set Signing certificate in XCode. Executable contains an invalid signature - ios

I want to run my cordova iOS Application on my iOS Device for testing.
Following are my build settings:
Clicking Enable Development Signing sets the Team to None.
My build is successful. On installing, XCode shows the following error:
Does it require a developer account to run the Cordova iOS build on a device for testing? The Cordova Android version is already on Play Store.
How to set a Signing Certificate without a developer account? How to fix the invalid signature error. I haven't set any signature yet.
I am completely new to iOS.

Yes, you must have a developer account to get a signing certificate. The signing certificate pairs with your provisioning profile, which also requires a developer account to create. You need both to run on a physical device. Your device must also be registered with your account and included in your provisioning profile device list to be allowed to run the app, outside of the App Store environment.
Xcode handles much of this for you automatically, if you have a developer account set up under Xcode Preferences > Accounts > Apple IDs. On the right-hand side of that screen you have a list of "Teams" along with buttons that say "Download Manual Profiles" and "Manage Certificates..." Is anything listed in there?
Your screenshot shows a Team with your name, which should mean that you have a developer account already?
You also have a button in your screenshot that says "Enable Development Signing." Have you tried running that? Does it not take care of things automatically for you? "Automatically manage signing" enabled should be helping you get through these issues with simple clicks of those buttons.
Otherwise, you will need to go to the Developer portal and register a signing certificate manually. That's a process that many have written blogs and manuals about already. I don't think it is necessary to re-write what has been said by many others already. Here's a YouTube video that does a nice job of explaining things: https://youtu.be/OwXIJchrDdA

Related

Appcenter iOS install error "this app cannot be installed because its integrity could not be verified"

I see that this question has been asked many times but I see no solution that works for me so I'm hoping that providing more info might shed some light.
We use appcenter.ms to test iOS apps. Until our iOS certificate expired this method worked fine. We generated a new enterprise certificate and ad hoc provisioning profile for new releases of the iOS app. Which led to the first curiosity.
I see how to upload a certificate on appcenter.ms but not a provisioning profile. I thought there was an option to do this in the past but perhaps I am mistaken. However, the app is signed with a provisioning profile before upload, so perhaps this is not needed now.
Once the app is uploaded, it can't be installed. It remains grey and when you tap it, you get the "this app cannot be installed because its integrity could not be verified" error. Again, that the .ipa is created with an ad hoc certificate and profile in Xamarin (VS for Mac).
Also, I can't install the provisioning profile on a device from appcenter.ms. You basically get stuck in a loop where you seem to successfully install the profile but have to keep doing it because it never actually installs.
I hope this is enough info for some insight and thanks in advance for any feedback.
We were able to solve this by redoing and downloading development certs and via
And also downloading and double clicking the apple development certificate here
After that our keychain showed both as trusted and we could build to the iPhone again.
The issue can be the your device is simply not registered on the developer portal and/or that ad-hoc provisioning profiles have not been regenerated.
You need to register your device, regenerate a provisioning profile with this device in it and rebuild your app using this profile.
This can also happen because of
Developer ID Notary Service - Outage
which can be checked on https://developer.apple.com/system-status/
Notarization is well explained here:
Notarization gives users more confidence that the Developer ID-signed
software you distribute has been checked by Apple for malicious
components. Notarization is not App Review. The Apple notary service
is an automated system that scans your software for malicious content,
checks for code-signing issues, and returns the results to you
quickly. If there are no issues, the notary service generates a ticket
for you to staple to your software.
Work around fix:
Select your app.
Navigate to TextFlight tab
Create External Testing group
Add one tester
Add build which you want to download using TestFlight
Open TestFlight and download an app.
In my case this was caused by trying to include an entitlement for aps-environment "development" when using an Ad-Hoc provisioning profile. The value for this environment in Entitlements.plist must match what is hard coded into the provisioning profile file - if you open an Ad-Hoc profile in a text editor you will see it expects the "production" environment.
The possible solutions depending on your requirements are to either use the Development profile/certificate, or change the aps-environment to "production" to continue using an Ad-Hoc provisioning profile.
It can also happen if you have other incorrect entitlements - worth checking what entitlements are enabled under the Identifier in Apple Developer portal and removing unnecessary ones.
I had this issue because when building the app on xCode for distribution (Product->Archive then Distribute App), I chose automatic signing. After manually signing the app and choosing my own generated certificate and profile, everything worked again fine.
I removed the Entitlements file from the Addition Resources in iOS Bundle Signing and it worked.
I think the MSAL configuration was set to debug in entitlements.plist
I have also face this issue before but for me the reason was little different
First the build was enterprise one and the build was made on the earlier Xcode version on which the iOS version you are using on the device was not supported by the Xcode.
All I did was to update my Xcode and make a new build and shared the build. After that we were able to install that build over device Hope it works for you as well
This is how I solved for myself.
In you iPhone Settings > General > VPN & Device Management you should see your company name (if an app from it is installed), and if you click on it, you will see a button like "Verify" above the list of apps installed provided by the company. Just click on "Verify".

Xcode 8 asks for a device to be registered to create provisioning profile

I am trying to publish an app for testing, without having to connect a device in my mac.
I have created a developer account, created an app in itunes, generated bundle id, signed into xcode with the developer account, generated a distributor certificate.
When I tried to archive the app, I got the error "conflict provisioning setting. app is automatically signed for development ..."
I read in this post and followed the tip of unchecking and rechecking the option "Automatically manage signing". After re-choosing my team, I get the error "There are no devices registered in your account on the developer website. Plug in and select a device to have Xcode register it".
The goal all along was that I wouldn't need an ios device, because I intended to immediately publish the application and invite people to test it via testflight. Is it not possible to do it like this? Am I missing something.
I have read lots of documentation, but being a first timer in this, everything seems confusing.
Edit: I created a provisioning profile as distributor. Even after creating and installing the distributor profile (it now appears also in xcode at Account -> provisioning profiles), I still get that same error. I also noticed that in signing, The signing certificate is iOS Developer. I am sure
I fixed it by plugging in my iPhone and going to the Product menu > Destination > iPhone (my device).
Then after clicking Try Again on this properties page the warnings went away.
Source
The solution (though I would welcome more elaborate, insightful explanations):
#General -> Signing, disable the option "Automatically manage signing"
#General -> Signing and certificates choose your team
Though in my case that was not the issue, I would recommend making sure that in the device list, you choose Generic iOS device in your target devices.
This really sucked to figure out.
What you do is add a distribution profile in https://developer.apple.com/account/resources/profiles/add. Don't choose development! Don't let the Xcode Automatically manage signing!!
Then, you download the provision.
Then, in the Signing & Capabilities -> Signing Section of the project.xcodeproj file, turn off Automatcially manage signing, choose import and import the file you just downloaded.
Then, in the top, you choose Any iOS Device (arm64, armv7) and then you go Product -> Archive.
What happened to me was that I was about to run my app on a physical device for the first time and I didn't have a Team. So I created it in the process before connecting my phone with the USB cable. After I created the team a message like the listed above appeared. I did some research on internet but nothing found.
So here's what I did: I connected my phone, did all the trusted process, then restarted Xcode, and it worked. I am not sure what happened, but it was some of my first experiences using Xcode. It could sounds silly but it helped me. Hope to you too.
If you do not wish to register a device follow this advice:
https://stackoverflow.com/a/44157307/499581
* In short use "Generic" as the device while archiving.
If you do wish to register a device then the solution to:
"There are no devices registered in your account on the developer
website. Plug in and select a device to have Xcode register it".
Is to physically plug-in your device (an actual iPhone, or iPad) so that Xcode can register it for development use (note: this will not affect the normal everyday use of the device). After the device is registered it can then be used for development testing, load provisioning profiles onto it, etc.
↳ Disabling and Enabling Devices Using Your Developer Account
For those who are trying to develop without a mac computer using MacInCloud don't follow the standard advice out there. Its will lead you down a hole. I have wasted hours of my time.
The reason it say something about "a device to be registered to create provisioning profile" is that you need to provision an iOS device that you can test on before you can get it signed. If you are using MacInCloud you probably can't physically connect an iPhone or iPad to the MacInCloud and therefore it can't automatically provision devices for you.
Before you get to far into this you will need to get your iPhone/iPad UDID. Which I was able to do with https://get.udid.io/ on my iPhone, but it didn't work on my iPad. Instead, with the iPad I had to download iTunes from the Windows store and connect my iPad. Then click on the little gray square in the menu that's inline with Library tab.
image of itunes
Then when it pops up with your device info (mine didn't come up with my info at first, I had to sync my device). You will see your SN. Click on your SN and it will change to your UDID. Once you have your UDID you are ready to create a provisioning profile. What is confusing is this isn't done in the appstoreconnect section of your account online. Its done in your developer account: https://developer.apple.com/account
developer.apple.com account screen shot
When you go there you will want to click: Certificates, Ids & Profiles
Here you will need to add your devices and then with auto signing checked in Xcode that made the problem go away. NOTE: I originally tried to create a profile, download it, and import into Xcode under the Provisioning Profile dropdown in Signing & Capabilities. As described in another answer here, but that proved more problematic and wasn't necessary.
Then you can chose Any iOS Device from emulator device drop down then go to Product > Archive > Distribute App and create a certificate to place it on the app store (TestFlight).
you can also plug an iphone, run the app the app on your iphone as the target, it will ask you to register the device and then the certificates will be generated
Have you paid the $99/year developer fee? TestFlight is only available for paid developers. I would highly recommend plugging in an iOS device, though. It's more fun and rewarding testing that way.

Multiple developers on same individual iTunes account

I have an Apples Individual Developer account.
Now I have one more developer to assist me.
I have added him as my Team admin from iTunes Connect.
When he pulled the Xcode project, there is an error saying "No matching provisioning profiles found" in General > Identity.
Why cant he compile the project even though I have added him as a team admin?
Also can he submit the build to iTunes connect?
Image below clearly states that team admin can Create Apps and Submit Version
I have referred to couple of answers on SO, but most of them are outdated(for iOS 3 and above), so I was wondering if Apple has revised the policy in recent days.
I use Xcode 7.3 on OS X 10.11
On iTunesConnect manipulations only with app publishing.
What you might want, is to add him into your Team at developer.apple.com/membercenter.
Then developer via that site generates the Developer Certificate(s) and then creates Provision Profile via Xcode.
You might be getting this error due to missing provisioning profiles in your system. You can download the profiles linked to your account by doing the following steps:
Open XCode
Go to Preferences
Select your Apple ID. If not signed in, sign in to your individual Apple Developer Account
Select your Team from the right pane
Click View Details
Click Download All
Once all the profiles are downloaded, go to Build Settings -> Code Signing and choose the appropriate profiles for each.
In case you get an error again while building, do the following steps:
From your main machine (where you have been using your Developer account before), open Keychain Access
From the left pane, select login
Export the following to any location. It will be saved as a .p12 file. Give a password for them:
iPhone Developer Certificate
iPhone Distribution Certificate
Install these p12 files in your teammate's system.
You should be good to go now!

Invalid team ID in signature

We are working on an app, that was originally created by other developers. They added our account to iTunes Connect as Admin role and to Member Center as Admin too. We added that account to Xcode and we've chosen "Team" setting under Target to match the right team.
When we are trying to archive and upload new version, Xcode returns error:
No accounts with iTunes Connect access.
But if I try to log in to iTunes Connect, it works normally.
I tried uploading new version by exporting .ipa and uploading in via Application Loader. After unsuccessful upload, I get a mail like the following:
Invalid team ID in signature - The code signature in bundle 'com.example' at 'example.app' has a team identifier value that is different from your team identifier 'EXAMPLE'.
Under keychain certificates, there is iPhone Distribution Certificate with that team name. How to resolve this whole problem?
Under the target of your Xcode project in the main settings page (when you first click on the target) you will see a drop down called Team. You need to make sure you have the right team selected that goes with the proper bundle I'd
I am not sure if this question is still relevant.
So what you would normally need to do is:
Go to the developer portal, and in the Certificates, IDs and Profiles choose Certificates > Production. You should be able to download the Distribution certificate.
Go to the Provisioning Profiles > Distribution (same page, menu on the left) and choose and download and double click the provisioning profile for your app.
Now you should be able to choose this Distribution Certificate/Provisioning profile combo in xcode to build and sign your app.
We develop white labelled apps, so our account actually manages over 40 other apple dev accounts (since apple guidelines say that apps need to be submitted by content provider even when developed by 3rd party).
About the error you received: when we transfer app from our main apple dev account to respective apple account of the client, we do get the warning you mentioned as well. Yet even after receiving the warning, our apps get uploaded/approved. This happens because in past the app has been developed under a different team (and apple prefixes the team-id from dev portal to the bundle-id to finally identify apps on dev portal/appstore connect, it seems).
So what happens to you I think is that you dont have the distribution certificate/provisioning profile sorted out properly. Do you use just xcode, or a different tool to build/sign your app(s) - like Visual Studio for Mac? You would need to sort the provisioning combo there as well.
If you look to your keychain, in the "My Certificates" section you should see the team that invited you as admin to manage their apple account, and this entry should have a little arrow next to it, if you click it, you should also see that there is a private key associated to this certificate.
You might need to manually download all of the provisioning files in the xcode tho, in my experience double clicking the provisioning profile file downloaded from portal sometimes doesnt do the trick. If its the same for you, go to the xcode > Preferences > Account > click on your account in xcode, and on the right you should see all the teams that you are part of. Click on the team and click on "Download manual profiles".
If you use Visual Studio for Mac, you also need to add your account in the Visual Studio for Mac > Preferences > Publishing > Apple Developer Accounts. If this is empty, just add your Apple dev account, login, and you will also see a list of teams you are part of. If it syncs well, you can actually just leave the certificate/provisioning combo on Automatic in Visual Studio, and it will manage it for you.

How to build an iOS binary without setting an Apple Developer account and team?

I'm using Xcode 6.3.2, and I'd like to let another people to build and create the .ipa files of my projects, but I don't want neither to expose my Apple Developer account information, nor create users for them in my team... is that possible? Either by using Xcode, either by commands line.
Thanks in advance
EDIT: The goal is to prevent those external people from being able to submit apps to the App Store by means of my Apple Developer account and from being able to see the other apps managed in the account.
EDIT2: Does providing the distribution certificate to external people make possible to them to submit binaries to the App Store?
After reading your edits, I think I understand more clearly what you are trying to do. Basically, you will simply need to provide the other members of your team with the following:
The private key used to generate your app store distribution
certificate.
The distribution certificate
The app store distribution
provisioning profile
This will allow those team members to work on, and build the app for the app store. Without your Apple developer ID password, they will not be able to log into iTunes Connect to see the other apps you have. While they will be able to build the app for app store distribution, you (as the only one with the apple ID password) will have to be the one to submit the compiled app to the store.
So basically, your development team will create the apps. When you're ready for release, they can do an "Archive" in Xcode to create the .app that has been signed for the app store (using the provisioning profile and signing identity that you provided them in the three files I mention above. They will zip up the .app and the .dSym files into a .zip and send it to you. You will then log into iTunes Connect and set upt the app to be ready for the new binary, and then use the Application loader to upload the .zip to apple for review. Once you have gotten a successful review, you will again log into iTunes Connect to release the app. So at no point will the developers have access to submit apps or see other apps you have in the store.
Also, the development team will not need the provisioning profile, cert, and key until they need to build for the app store. During the development phase, there is no problem with them using their own developer accounts to build and test the app.
One additional thing to note is that Apple is changing the roles that are available in iTunes connect. You may want to review those new roles to see if some combination of those roles my work for your team setup.
From http://9to5mac.com/2015/06/12/wwdc-itunes-connect-testflight-limits-account-switching/
After several apps are added to an account by its admin, developers
can now assign user roles to individuals on their team— app manager,
developer, or marketer— with each allowing varying access to iTunes
Connect features. App managers, for example, will be able to create
users, assign user roles, change pricing, and submit apps for review.
Marketers will get access to updating store metadata, uploading promo
material, and requesting promo codes. Users assigned the developer
role will be able to upload binaries, and view crash logs and store
metadata.
Apple recently introduced Free-provisional-profile and/or free-developer-certificate support.
But it's limited (see below note).
To utilise that follow below steps suggested by Apple,
In Xcode, add your Apple ID to Accounts preferences, described in Adding Your Apple ID Account in Xcode.
In the project navigator, select the project and your target to
display the project editor.
Click General and choose your name fromthe Team pop-up menu.
Connect the device to your Mac and choose your device from the Scheme toolbar menu.
Below the Team pop-up menu, click Fix Issue.
Xcode creates a free provisioning profile for you and the warning text under the Team pop-up menu disappears.
Click the Run button.
Note that said support is limited, for example, the capability to sell things with "Apple Pay" would not even build with a free-certificate.
Yes, there are several ways to solve your problem.
You can create .ipa file with you provisioning profile and give them the file, they can you use application called "Application Loader", they can use this application to upload the .ipa, this should resign your application with their provisioning profile. I did not try this but it should work.
When you create an archive of you application, it will be listed in "Organizer", go to that location, and give them that .app file alone. Then they can use any third party application(can be downloaded from Mac Appstore) to resign the application with their profile. In this case, you are completely hiding your information. They can even change the application icon, default image.. etc during the resigning process.
When you build your application in release mode an .app file is created, this is unsigned binary. You can search for .app file in your Xcode project itself. Just find the location, and give them that .app file alone. Then they can use any third party application(can be downloaded from Mac Appstore) to resign the application with their profile. In this case, you are completely hiding your information. They can even change the application icon, default image.. etc during the resigning process.
Hope this helps.
No, There is no way to compile a .ipa without a provisioning profile (device compile, not simulator compile). To do this, you would go XCode->{AppTarget}->Build Settings->Code Signing->Code Signing Identity, and set 'Don't code sign".
Trying to compile afterwards will fail with
CodeSign error: Code signing is required for product type
'Application' in SDK...
EDIT: The goal is to prevent those external people from being able to
submit apps to the App Store by means of my Apple Developer account
and from being able to see the other apps managed in the account.
You have two options:
Send them your Source code + XCode Project, and not the library.
Compile the code using "iOS Developer" Code Signing identity, and not "iOS Distribution" identity.
Anything signed with iOS Developer can never be sent to the AppStore.
Anything signed with iOS Distribution can never be run on a device
unless it is downloaded from the AppStore.
They can never see what you have for sale, nor publish anything unless they have your AppleID username and password

Resources