My colleague has made some changes recently to our app, and enabled Data Protection.
However, ever since, we're unable to deploy the app to any real device. The error happens at application verification with this error:
ApplicationVerificationFailed: Failed to verify code signature of /private/var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.YDQn6e/extracted/[appname].app : 0xe8008016 (The executable was signed with invalid entitlements.)
(Due to NDA requirements I have to hide any identifying information from any logs, and such, I replaced them with static labels in [] brackets).
I've checked the entitlements using Apple's own guide, using the security and codesign tools.
codesign output the following information:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>get-task-allow</key>
<false/>
<key>application-identifier</key>
<string>[teamId].[appname]</string>
<key>com.apple.developer.team-identifier</key>
<string>[teamId]</string>
<key>aps-environment</key>
<string>production</string>
<key>keychain-access-groups</key>
<array>
<string>[teamId].[appname]</string>
</array>
</dict>
</plist>
And here is the output of the security command:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AppIDName</key>
<string>[appPublicName]</string>
<key>ApplicationIdentifierPrefix</key>
<array>
<string>[teamId]</string>
</array>
<key>CreationDate</key>
<date>2017-07-06T11:55:52Z</date>
<key>Platform</key>
<array>
<string>iOS</string>
</array>
<key>DeveloperCertificates</key>
<array>
<data>[devCert]</data>
</array>
<key>Entitlements</key>
<dict>
<key>keychain-access-groups</key>
<array>
<string>[teamId].*</string>
</array>
<key>get-task-allow</key>
<false/>
<key>application-identifier</key>
<string>[teamId].[appname]</string>
<key>com.apple.developer.associated-domains</key>
<string>*</string>
<key>com.apple.developer.team-identifier</key>
<string>[teamId]</string>
<key>aps-environment</key>
<string>production</string>
</dict>
<key>ExpirationDate</key>
<date>2018-04-25T13:18:41Z</date>
<key>Name</key>
<string>[appPublicName]</string>
<key>ProvisionedDevices</key>
<array>
[provisioned devices]
[The device I'm trying to deploy to is listed here]
</array>
<key>TeamIdentifier</key>
<array>
<string>[teamId]</string>
</array>
<key>TeamName</key>
<string>[teamName]</string>
<key>TimeToLive</key>
<integer>293</integer>
<key>UUID</key>
<string>[id]</string>
<key>Version</key>
<integer>1</integer>
</dict>
</plist>
What on earth is going wrong here?
Updating entitlements in an iOS app requires a couple of steps if you are not using automatic code signing. You need to update both the application's project and the provisioning profile used to build the app. If the two are out of sync (or more precisely, if your app is trying to use an entitlement not allowed by the provisioning profile's allowed entitlements, you will get this error.
When changing entitlements, you need to update the entitlements in the project itself (as documented here) as well as in the provisioning profile. I suspect this is all you have done so far.
To update the entitlements in your provisioning profile, log into the Apple developer site and go to the "Certificates, Identifiers & Profiles" section. Select Application IDs on the left, and find the app ID for the app you are trying to build. Click the edit button and turn on the entitlement for Data Protection. Once you have done this, click "Done". The App ID is now configured, but you'll need to regenerate your provisioning profile to pick up the changes to your app ID. Go to the Provisioning Profiles link on the left, find your profile for the app ID, click Edit, then click the Generate button at the bottom. Once done, click the download button to get the new profile that has the new entitlements for the App ID.
Also, just to be safe, I would delete all your old provisioning profiles from the Mac before downloading and installing the new one. That way you can be sure it is picking up the correct provisioning profile. You can find the location of the provisioning profiles here.
Related
I'm using xamarin to build an application and I need to add my domains into Entitlement.plist for allowing me to have deep links, but when delivering app to Apple's app store, the deliver fails with a message like "parse error in plist: ."
This is my Entitlement.plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>aps-environment</key>
<string>development</string>
<!--facebook needed-->
<key>keychain-access-groups</key>
<array>
<string>X0XX000XXX.com.Bundle</string>
</array>
<!--end facebook needed-->
<key>com.apple.developer.associated-domains</key>
<array>
<string>applinks:domain.com</string>
<string>applinks:www.domain.com</string>
</array>
</dict>
</plist>
If I remove the key com.apple.developer.associated-domains and its array, everything works fine again. What I'm doing wrong?
This probably was due to no provisioning license found. Created apple developer account and setup app id and provisioning profile. In Xcode you had to download the profile too. Then you have to match the bundle identifier to the app id and assigned the identity too.
More information you can refer to this: https://learn.microsoft.com/en-us/xamarin/ios/deploy-test/provisioning/entitlements?tabs=windows
My app crashes with an "Application initializing document picker is missing the iCloud entitlement" when either of the following two lines is executed:
UIDocumentPickerViewController* documentPicker =
[[UIDocumentPickerViewController alloc]
initWithDocumentTypes:#[#"public.data"]
inMode:UIDocumentPickerModeImport];
UIDocumentMenuViewController *documentMenu =
[[UIDocumentMenuViewController alloc]
initWithDocumentTypes:#[#"public.data"]
inMode:UIDocumentPickerModeImport];
The Document Picker Programming Guide states that "Before your app can use the document picker, you must turn on the iCloud Documents capabilities in Xcode."
However, my app is not built with Xcode: it is built using third-party tools (the cross-platform toolkit, Marmalade), so I cannot do this.
It should still be possible to turn on iCloud Documents capabilities for this app manually — the switch in iCloud simply automates the process — but my attempts to do so have not fixed the crash.
What I've tried so far
Xcode displays the steps it carries out when switching on iCloud:
Add the "iCloud" entitlement to your App ID
Add the "iCloud containers" entitlement to your App ID
Add the "iCloud" entitlement to your entitlements file
Link CloudKit.framework
I also found Apple's Entitlements Troubleshooting TechNote, which describes steps that can be taken to check that the following steps have been carried out correctly.
I have enabled iCloud on my App ID:
I'm not certain whether this is necessary to use the document picker's simple import and export operations, but I also set up an iCloud container with the id iCloud.com.[company].[app].
I have generated an updated provisioning profile that includes the iCloud entitlements:
I inspected the downloaded provisioning profile using the command:
security cms -D -i /path/to/iOSTeamProfile.mobileprovision
It includes the following entries:
<key>com.apple.developer.icloud-services</key>
<string>*</string>
<key>com.apple.developer.icloud-container-environment</key>
<array>
<string>Development</string>
<string>Production</string>
</array>
<key>com.apple.developer.icloud-container-identifiers</key>
<array>
<string>iCloud.com.[company].[app]</string>
</array>
<key>com.apple.developer.icloud-container-development-container-identifiers</key>
<array>
<string>iCloud.com.[company].[app]</string>
</array>
<key>com.apple.developer.ubiquity-container-identifiers</key>
<array>
<string>iCloud.com.[company].[app]</string>
</array>
Marmalade uses this provisioning profile to generate the entitlements file for the app.
I have inspected the generated entitlements using the following command:
codesign -d --ent :- [App.app]
Which gives the following output:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>[team-id].com.[company].[app]</string>
<key>aps-environment</key>
<string>development</string>
<key>com.apple.developer.icloud-container-development-container-identifiers</key>
<array>
<string>iCloud.com.[company].[app]</string>
</array>
<key>com.apple.developer.icloud-container-environment</key>
<array>
<string>Development</string>
<string>Production</string>
</array>
<key>com.apple.developer.icloud-container-identifiers</key>
<array>
<string>iCloud.com.[company].[app]</string>
</array>
<key>com.apple.developer.icloud-services</key>
<string>*</string>
<key>com.apple.developer.team-identifier</key>
<string>[team-id]</string>
<key>com.apple.developer.ubiquity-container-identifiers</key>
<array>
<string>iCloud.com.[company].[app]</string>
</array>
<key>com.apple.developer.ubiquity-kvstore-identifier</key>
<string>[team-id].*</string>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>[team-id].com.[company].[app]</string>
</array>
</dict>
</plist>
However, the app still crashes whenever the functions are called.
I also found this old guide to setting up iCloud in Marmalade apps. Most of the steps seem no longer to be necessary/possible, but I followed the suggestion to add the application-identifier key to my Info.plist.
What else do I need to do to add iCloud Documents capabilities to my app?
Marmalade generates the .xcent entitlements file used when signing the app by copying over the "Entitlements" dict from the provisioning profile.
The problem was caused by the value associated with the undocumented key:
<key>com.apple.developer.icloud-services</key>
<string>*</string>
This appears to be valid in the provisioning profile, but invalid when signed into the app. Replacing those elements in the generated .xcent file with the following and then re-signing the app fixed the issue:
<key>com.apple.developer.icloud-services</key>
<array>
<string>CloudDocuments</string>
</array>
(N.B. If you also use CloudKit, you will also need to add a CloudKit string to the array.)
In practice, we fixed this by editing Marmalade's sign_app.py script to use a pre-prepared .xcent file (copied over from the DerivedData directory of the functioning app we built with Xcode) when signing the app:
In file /Applications/Marmalade.app/Contents/s3e/deploy/plugins/iphone edit line 557:
cmd += ['--entitlements', xcentfile.name]
...replacing xcentfile.name with the path to the pre-prepared .xcent file.
I create a new App Store Distribution profile containing the beta entitlement to distribute builds via TestFlight, I create my application based on new profile that was contain beta entitlement, when I submit my application I got this error:
Generate a new App Store Distribution profile containing the beta
entitlement to distribute builds via TestFlight
Here is my provision profile:
<key>Entitlements</key>
<dict>
<key>keychain-access-groups</key>
<array>
<string>XXXXXXX.*</string>
</array>
<key>get-task-allow</key>
<false/>
<key>application-identifier</key>
<string>XXXXXXX.my.companyname.test</string>
<key>com.apple.developer.team-identifier</key>
<string>XXXXXXX</string>
<key>beta-reports-active</key>
<true/>
</dict>
I have "beta-reports-active" in my build, I do not know why I got this error I regenerate everything, does apple change/add something to the submission process/test-flight after 1 February without announcement?
Does anyone knows what is the problem?
Thanks in advance
I fixed this issue by additionally adding the beta-reports-active key to my Target's Entitlements.plist file in the Xcode project.
Apple TestFlight upload warning ITMS-90191: missing `beta-reports-active` entitlement
The beta-reports-active key must be added to the Provisioning Profile AND to the Target's entitlements.
TargetName.entitlements:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
// ...
<key>beta-reports-active</key>
<true/>
// ...
</dict>
</plist>
After adding the entitlement to my Target, I'm able to successfully upload the build to iTunes Connect TestFlight without the ITMS-90191 warning:
I'm using Xcode 9 and Swift 4
I also faced same issue when I try to create ipa file for my swift project. I search a lot but could not find any good solution. But finally my senior helped me same way as pkamb said in his comment, adding key "beta-reports-active" in your projectName.entitlements file will solve your problem. Open projectName.entitlements file as source code and edit it as follows.
My projectName.entitlements file looks like this
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>beta-reports-active</key>
</dict>
</plist>
I just added key :- beta-reports-active as shown above.
Xcode 10: you must not add the beta-reports-active manually to entitlements if you want to use Xcode automatic signing.
I'm trying to upload an app to a website that expects a .plist along with the app's ipa.
The screenshot below is from the website.
I noticed that xCode6 has removed the checkbox to save for enterprise distribution from both the "ad hoc" and "enterprise" distribution option. I'm signing the app with a profile from a 299$/year enterprise program. Still I get no plist. How can I distribute an app using xCode6 to get the enterprise plist option?
Here's what I expect and saw in xCode5(there's no such checkbox in xCode6)
This isn't using Xcode, but as a fallback you can just manually/programmatically edit the plist file. I do this because my continuous integration server distributes the builds, so I can't use Xcode's GUI to make the plist file.
Here's what an Enterprise distribution .plist looks like (copied from this gist):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>http://dl.dropbox.com/u/1001/myawesomeapp.ipa</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>com.company.application</string>
<key>bundle-version</key>
<string>0.0.16</string>
<key>kind</key>
<string>software</string>
<key>title</key>
<string>My Awesome App</string>
</dict>
</dict>
</array>
</dict>
</plist>
We have In-House distribution scheme, which includes both .ipa and manifest.plist files placed on a web-server. A simple web-page allows user to choose the app version and tap to install it. When user taps on the link in Safari on iPad with iOS 8, it asks would he like to install the app and after pressing "Install" do nothing. No errors or installation progress icon...
This scheme we used for year before and I could confirm it works with iOS 7 as well with iOS 8 beta (at the moment also). It doesn't work with iOS 8. It seems like iOS 8 blocks it. Does anybody already faced the issue or knows how to around it?
The server has MIME types set:
- application/octet-stream ipa
- text/xml plist
The manifest.plist file is below:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>http://example.com:8079/foo.ipa</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>com.example.fooapp</string>
<key>bundle-version</key>
<string>1.0</string>
<key>kind</key>
<string>software</string>
<key>title</key>
<string>Example Corporate App</string>
</dict>
</dict>
</array>
</dict>
</plist>
You can also just change the bundle id in your Manifest.plist file like:
<key>bundle-identifier</key>
<string>com.example.fooappNew</string>
Without regenerating the provisioning profiles.
Same problem with my App. Fixed by changing App bundle name, creating new App Id, and building new provisioning profile.