The provisioning profiles for my apps that come down from Apple have the keychain-access-groups entitlement turned on. My local Xcode does not have this entitlement (capability) turned on. This is resulting in local entitlements that don't match those available in the provisioning profile's entitlements and my adhoc distributed builds are not installing in our devices.
To make matters worse, I am working with multiple bundle ids within the same target (using scheme and config modifications. Not ideal, I know), so when I go to muck with the capabilities tab, it's unclear which App ID I'm editing.
I have temporarily overridden the bundle id, so I know which app id is being edited via the capabilities tab. But, nothing I'm doing seems to edit the provisioning profiles available via the dev portal. Nothing gets invalidated. (I see the local entitlements file being edited immediately just fine)
I'm using Xcode 7 (7.3.1).
I've tried restarting Xcode. I also tried running on a local device (checking and unchecking the capability) hoping that would update the used provisioning profile. Still no change seen in the dev portal.
UPDATE
Later that same day, checking/unchecking the capability started showing network activity spinners within Xcode and the dev portal started updating immediately (provisioning profiles were invalidated). However, the next day, managing a different app, back to the same issue where I'm not seeing any updates in the dev portal.
How do I edit this entitlement consistently?
Related
I see that this question has been asked many times but I see no solution that works for me so I'm hoping that providing more info might shed some light.
We use appcenter.ms to test iOS apps. Until our iOS certificate expired this method worked fine. We generated a new enterprise certificate and ad hoc provisioning profile for new releases of the iOS app. Which led to the first curiosity.
I see how to upload a certificate on appcenter.ms but not a provisioning profile. I thought there was an option to do this in the past but perhaps I am mistaken. However, the app is signed with a provisioning profile before upload, so perhaps this is not needed now.
Once the app is uploaded, it can't be installed. It remains grey and when you tap it, you get the "this app cannot be installed because its integrity could not be verified" error. Again, that the .ipa is created with an ad hoc certificate and profile in Xamarin (VS for Mac).
Also, I can't install the provisioning profile on a device from appcenter.ms. You basically get stuck in a loop where you seem to successfully install the profile but have to keep doing it because it never actually installs.
I hope this is enough info for some insight and thanks in advance for any feedback.
We were able to solve this by redoing and downloading development certs and via
And also downloading and double clicking the apple development certificate here
After that our keychain showed both as trusted and we could build to the iPhone again.
The issue can be the your device is simply not registered on the developer portal and/or that ad-hoc provisioning profiles have not been regenerated.
You need to register your device, regenerate a provisioning profile with this device in it and rebuild your app using this profile.
This can also happen because of
Developer ID Notary Service - Outage
which can be checked on https://developer.apple.com/system-status/
Notarization is well explained here:
Notarization gives users more confidence that the Developer ID-signed
software you distribute has been checked by Apple for malicious
components. Notarization is not App Review. The Apple notary service
is an automated system that scans your software for malicious content,
checks for code-signing issues, and returns the results to you
quickly. If there are no issues, the notary service generates a ticket
for you to staple to your software.
Work around fix:
Select your app.
Navigate to TextFlight tab
Create External Testing group
Add one tester
Add build which you want to download using TestFlight
Open TestFlight and download an app.
In my case this was caused by trying to include an entitlement for aps-environment "development" when using an Ad-Hoc provisioning profile. The value for this environment in Entitlements.plist must match what is hard coded into the provisioning profile file - if you open an Ad-Hoc profile in a text editor you will see it expects the "production" environment.
The possible solutions depending on your requirements are to either use the Development profile/certificate, or change the aps-environment to "production" to continue using an Ad-Hoc provisioning profile.
It can also happen if you have other incorrect entitlements - worth checking what entitlements are enabled under the Identifier in Apple Developer portal and removing unnecessary ones.
I had this issue because when building the app on xCode for distribution (Product->Archive then Distribute App), I chose automatic signing. After manually signing the app and choosing my own generated certificate and profile, everything worked again fine.
I removed the Entitlements file from the Addition Resources in iOS Bundle Signing and it worked.
I think the MSAL configuration was set to debug in entitlements.plist
I have also face this issue before but for me the reason was little different
First the build was enterprise one and the build was made on the earlier Xcode version on which the iOS version you are using on the device was not supported by the Xcode.
All I did was to update my Xcode and make a new build and shared the build. After that we were able to install that build over device Hope it works for you as well
This is how I solved for myself.
In you iPhone Settings > General > VPN & Device Management you should see your company name (if an app from it is installed), and if you click on it, you will see a button like "Verify" above the list of apps installed provided by the company. Just click on "Verify".
We're using Jenkins and Fastlane to automatically build and publish an app to App Center.
The publishing step is successful and it can be downloaded through App Center, but the app won't launch (it opens and immediately closes).
The builds we have submitted manually have a Provisioning Profile listed in the Release:
But the Fastlane builds have no value specified here, even though the logs say "All required keys, certificates and provisioning profiles are installed".
UPDATE: I've done some more digging and checked out the difference between a correct .xcarchive and an .xcarchive that leads to issues. The problematic one has no signing identity in its Info.plist ApplicationProperties SigningIdentity.
It seems that this lack of a SigningIdentity in the Info.plist file of the .xcarchive was the root of the problem.
I solved it by going to Keychain Access and setting When using this cerficate: to Use System Defaults on my distribution certificate.
With this in place, the SigningIdentity is set properly when creating an archive, and the generated .ipa successfully launches on my device.
So it turns out this had nothing to do with Fastlane, just the settings on my Build Server.
I didn't figure this out on my own, this post saved me: iOS 12 enterprise apps crash upon launch
I recently decided to add Push Notifications to my iOS App. I had to create new certificates, then I realised the devices included in the Apple Developer Website weren't up to date. So I had to add my new device with the correct UDID. That's where the issues started. I can't exactly explain all the steps I've taken because I've been constantly deleting and adding new Provisioning Profiles today. Here is the status now:
I have a iOS Team Provisioning Profile, in iOS Development, Managed by xCode, for my app.
Then, I created my own iOS Production App Store Provisioning Profile, but it always indicates that there are "0 devices" linked to the profile. Impossible to add a device. This obviously creates issues in xCode, because whenever I try to generate new archives, or builds, I'll get issues that my device is not included in the provisioning file.
I've tried deleting them all and recreating them multiple times to no avail.
Whenever I let xCode try to fix the issue, it ends up with the Provisioning Profile in Build Settings being switched to Automatic, and the Code Signing Identities ALL switch to "iOS Developer". But that obviously fails when I try to build a Release build of my app.
From scratch, what are the steps to generate a valid iOS Distribution Profile for my app, that includes my device, and that I can use for Push Notifications?
EDIT: I now understand that I can't add a Device to a Distribution Profile and that this is not necessary. Thanks a lot. Still, I get the following message whenever I try to build on my device:
Your build settings specify a provisioning profile with the UUID “...”, however, no such provisioning profile was found.
Xcode can attempt to fix this issue. This will reset your code signing and provisioning settings to recommended values and resolve issues with signing identities and provisioning profiles.
ANd when I click on fix, it switches back to everything I explained above.
I have followed a tutorial to enable Push Notifications on the App. It's still in development phase and internal testing only.
Using that, I have correctly enable development push notifications on the App ID, and the development provisioning profile accordingly. So much that the first three or so bundles that I have uploaded worked correctly and the Push Notifications went just fine.
Now, with the last update I've done, I've received an Email with an issue and the Push Notifications stopped working:
"Missing Push Notification Entitlement - Your app appears to include API used to register with the Apple Push Notification service, but the app signature's entitlements do not include the "aps-environment" entitlement... etc."
What I realized since then is that when I run "archive" to build the app, after I choose the team (the only one I have and always have used), when I come to chose the Binary and Entitlements, the Provisioning Profile is a DISTRIBUTION one and not the development one I have created.
I've tried countless things from my search on the internet. Including forcing in Code Signing on my target Build Settings the iPhone Developer:MyName and the development profile I've created in the Provisioning Profile row (wich is available to select here).
Still, no-go. I have no idea what changed in the process since I didn't mess with certificates or changed anything in that field, just plain app code.
Thanks for the input.
EDIT: I'll add some screenshots that maybe can shine some light.
The XC:profile is the default distribution provisioning profile that XCode is creating.
Note : without knowing the root cause i can only help you confirm whether you have all the certificates on proper place and using correct one.
Please go this way..
Just check in your Keychain and developer.apple account, if developer certificate is valid, if yes then
Check Provisioning profiles for Development and Distribution with Notification service enable in Provisioning section on developer.apple account.
So far everything is proper then.
Go to Xcode -> Preferences -> account -> refresh all certificate for the same apple account. and hit download.
Now go to Project settings -> general -> confirm you should have selected appropriate team.
finally to to project settings -> build settings -> search "code signing"
now select correct Provisioning profile and developer here.
please let me know if you find any trouble in this.
In my case, I had changed the bundle identifier for the app, but the App ID listed on the provisioning profile was still wrong. Turns out that in the "Packaging" section under build settings, there's another place where the bundle id needs to be changed ("Product Bundle Identifier"), and that's what the code sign-y thing was looking at.
Using Local Signing assets while exporting solved the issue for me
So, create a vanilla project, build & run... App does not appear. Open console:
"1/10/12 6:32:29.967 PM taskgated: killed com.myapp.TEST[pid 28092] because its use of the com.apple.developer.ubiquity-container-identifiers entitlement is not allowed"
Pretty much the same question as here
Turning Entitlements on in Xcode Prevents Bare Bones App From Launching
And here.
Mac application crashes (killed due to entitlements) regardless of whether entitlements are enabled
I am not using iCloud. In fact I haven't even changed the default project. Any solutions or ideas? Thanks to anyone who has overcome this.
It turns out, from the docs even, that the XCode "default provisioning profile" which it automatically creates and updates ALSO includes iCloud permissions. Since those permissions are app specific, presumably this breaks every app using the default xcode profile.
I'm not sure why this isn't an epidemic, but in my case it meant that instead of using the "XCode wildcard app id", I had to create a new "basic wildcard app id" without iCloud. Using this and creating a new provisioning profile, adding it, etc, worked. It means I can't let XCode handle the profiles anymore :(
I was able to make this work by going into the provisioning portal, disabling iCloud on my wildcard App ID, going back to Xcode, and refreshing the provisioning profiles list.