Develop Reference

Why wont xcode build app on device but will build on simulator?

I have a react native app. as of the last update theres now an app extension assocaited with it. freshly created parent app provisioning profiles/certificates have been generated. the correct entitlements have been confirmed both in the apple dev portal as well as in the .entitlements file. the app group has been added correctly. the extension also has the appropriate adhoc profile and certificate associated with it.
the app has no build/install issues in the debug variant, which is automatically signed.
the app has no build/install issues for the staging/release variant when automatically signed.
Im trying to build and install the release variant
however, when the app is signed manually (which i need to do in xcode to confirm there are no issues to debug my distribution issue through microsoft appcenter), the app builds fine but will not install on the device. i get the "App not installed" error.
opening the issue it says:
"The executable was signed with invalid
entitlements". the code is -402620394.also: Domain: com.apple.dt.MobileDeviceErrorDomain, if thats helpful. theres no
other information other tha stacktrace that doesnt appear too specific
Other info:
i have an APS certificate that says its expired in my keychain access, but when i checked the apple dev portal, its still not expired.
the release/staging variant will run on a simulator, but not on a physical device
Things ive tried:
restarting xcode
clearing derived data
deleting app from device
changing to legacy build system
confirmed the correct adhoc profiles and certficates for parent app and extension
recreated profiles/certificate again to be sure
confirmed the certificate from the provisioning profile matches the correct certificate
confirmed the development team for the app target, tests target and app extension are matching
confirmed my device UDID is added to both provisioning profiles
cleaning and building
changing the APS environment value to 'production' in the .entitlements file
some screenshots:
Please dont suggest to use automatic signing. i cant for reasons stated above. i have to manually set the provisioning profile and .p12 certificate for the parent app and the provisioning profile for the app extension in my distribution tool (appcenter)
Any advice?

See here and here
In summary you can't ever install apps with App Store Distribution Certification directly into your phone. Only Apple can install apps signed with App Store Certificate.
If you want test out things, then either you test things in test flight and or you inspect the entitlements of the binary. You can do that following the instructions from dev forums here:
Check the Built Binary
The first step in debugging code signing entitlement problems is to
check the actual entitlements of the binary. Xcode’s process for
setting entitlements is quite complex, and it depends on various
inputs, so it’s important to start by checking the output rather than
looking at just the inputs.
To check the entitlements in your binary run the following command:
$ codesign -d --entitlements :- NetworkExtensionSample.app
Executable=…/NetworkExtensionSample.app/NetworkExtensionSample
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" …>
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>SKMME9E2Y8.com.example.apple-samplecode.NetworkExtensionSample</string>
<key>com.apple.developer.networking.vpn.api</key>
<array>
<string>allow-vpn</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>SKMME9E2Y8</string>
<key>get-task-allow</key>
<true/>
</dict>
</plist>

ITMS-90078: Missing Push Notification Entitlement - Your app appears to register with the Apple Push Notification service

I am getting this warn message error from apple store after uploading my app to app store connect.
ITMS-90078: Missing Push Notification Entitlement - Your app appears to register with the Apple Push Notification service, but the app signature's entitlements do not include the "apps-environment" entitlement. If your app uses the Apple Push Notification service, make sure your App ID is enabled for Push Notification in the Provisioning Portal, and resubmit after signing your app with a Distribution provisioning profile that includes the "aps-environment" entitlement. Xcode does not automatically copy the aps-environment entitlement from provisioning profiles at build time. This behavior is intentional. To use this entitlement, either enable Push Notifications in the project editor's Capabilities pane or manually add the entitlement to your entitlements file.
I have coded an ionic app, And I am trying to generate an ios version of my App with push notification.
I have created both .p12 files and I have activated push notification in apple developer and in Xcode.in capabilities. Then I have redownloaded the provisioning profile and opened it with Xcode. First I've had a red warning in 'Add the push notifications feature to your App ID'.But this problem was fixed when I restarted Xcode and Xcode detect that everything is fine.
I have generated two versions of my app the first with automatically managing signing and the other one with manual manage signing just in case that maybe Xcode wasn't able to detect my new provisioning profile but in both cases, I've got the message above.
How can I make this work? and How can I check if my app version has this app's signature entitlment.Any help please ?

Add the below code in the info.plist
<key>UIBackgroundModes</key>
<array>
<string>fetch</string>
<string>remote-notification</string>
</array>

Flutter iOS app submission issue warning: Missing Push Notification Entitlement

After uploading a Flutter app to App Store Connect, I got the following email warning:
Dear Developer,
We identified one or more issues with a recent delivery for your app,
"[APP NAME]". Your delivery was successful, but you may wish to correct
the following issues in your next delivery:
Missing Push Notification Entitlement - Your app appears to register with the Apple Push Notification service, but the app
signature's entitlements do not include the "aps-environment"
entitlement. If your app uses the Apple Push Notification service,
make sure your App ID is enabled for Push Notification in the
Provisioning Portal, and resubmit after signing your app with a
Distribution provisioning profile that includes the "aps-environment"
entitlement. Xcode does not automatically copy the aps-environment
entitlement from provisioning profiles at build time. This behavior is
intentional. To use this entitlement, either enable Push Notifications
in the project editor's Capabilities pane, or manually add the
entitlement to your entitlements file. For more information, see
https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/HandlingRemoteNotifications.html#//apple_ref/doc/uid/TP40008194-CH6-SW1.
After you’ve corrected the issues, you can use Xcode or Application
Loader to upload a new binary to App Store Connect.
Best regards,
The App Store Team
I don't use push notifications in my app? Why am I getting this warning? And how do I remove the "aps-environment" entitlement, wherever and whatever that is?
Note: This App Store issue has appeared multiple times on SO, sometimes because people needed to add push notifications (see this and this) and sometimes because they didn't (see this and this). This appears to be Flutter related in my case, though, so I am adding a new question.

Word on the street is that as long as you really don't use push notifications this will not cause your app to get rejected. So you can safely (?) ignore this warning and continue to submit your app.
This issue was described on GitHub here, and a solution is being discussed here. It's apparently somehow related to Flutter using the UIApplicationDelegate callback:
- (void)application:(UIApplication*)application
didReceiveRemoteNotification:(NSDictionary*)userInfo
fetchCompletionHandler:(void (^)(UIBackgroundFetchResult result))completionHandler;
I'll let someone else explain the exact reason more clearly. Keep an eye on the GitHub issue.
For now I am just going to ignore the warning.
Update: I submitted my app, it was accepted, and there hasn't been any problem with it since then. So just ignore the warning.

As of today this problem is still not fixed in Flutter.
See the Issue 9984.
While this should not cause any rejects in the App Store it still needs to be fixed and there seems to be a workaround for this (also described in the issue above):
Add a file Runner.entitlements under ios/Runner/Runner.entitlements with this content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>aps-environment</key>
<string>development</string>
</dict>
</plist>

My app does use push notifications so I wanted to make sure this was working. I found this post very helpful: Flutter/App Store Connect Warning: ITMS-90078 Missing Push Notification Entitlement
Open the Flutter project (Runner) in XCode.
Under Signing & Capabilities, press '+Capability' and scroll down to find Push Notifications.
XCode will generate the “ios/Runner/Runner.entitlements” file.
Done. My build appeared on next attempt.

Missing Push Notification Entitlement: While Resigining ipa

Team,
We are releasing new update to our project, In the last version we dont have Push Notifications now are implementing all the process.
We work for a client where we used to send ipa file with our distribution profile (Push notifications are working for the ipa we are sending).
Once we send the working ipa, they will resign the ipa with there Distribution Profiles and Upload to appstore.
We have checked all the scenarios like, App Id enabled with Push Notification,SSl generated for Distribution (Is it mandatory for developing for developer also?).
The Resigning is successfull and we are able to upload the app to App Store.
But still we are getting the Below mail from Apple. Please Suggest what is the Solution for it
Missing Push Notification Entitlement - Your app includes an API for
Apple's Push Notification service, but the aps-environment entitlement
is missing from the app's signature. To resolve this, make sure your
App ID is enabled for push notification in the Provisioning Portal.
Then, sign your app with a distribution provisioning profile that
includes the aps-environment entitlement. This will create the correct
signature, and you can resubmit your app. See "Provisioning and
Development" in the Local and Push Notification Programming Guide for
more information. If your app does not use the Apple Push Notification
service, no action is required. You may remove the API from future
submissions to stop this warning. If you use a third-party framework,
you may need to contact the developer for information on removing the
API.

You have to check if you have enabled push notifications in member
center for the provisioning profile that you are using
You have to check if you have enabled push notifications in xcode
capabilities
i.e
just check Entitlements.plist for the following key values
<key>aps-environment</key>
<string>production</string>

How can I code sign an iOS .xarchive so a client can resign properly? (using push notifications)

I need to create an iOS .xarchive file using a developer profile, that a client can resign using their distribution profile(s).
(I have read this but it didn't have any real solutions: How can I send iOS app to client, for them to code-sign)
The client doesn't want to share their private keys, nor give me access above 'Developer' in the member center. And we don't want to share our source code.
We need to support push notifications, so this means we need a fully qualified app id.
I cannot figure out a way that allows me to build and export an .xarchive signed with 'aps production', 'get-task-allow' as false, BUT ALSO using the certificate that matches the clients distribution certificate.
This feels like a bug in Xcode, shouldn't the changes to 'aps production' and 'get-task-allow' be tied to the configuration, not the type of provisioning profile? I am using 'Release', but with my developer profile.
Am I missing something, or is this just not possible?

I figured out the answer to this question through trial and error. Even though tech notes and most web resources say you don't need an entitlements.plist if you are using XCode4+, there are certain cases where you do. Two cases are represented by my question above:
building Release configuration (i.e.: Archive), but signing with a Developer provisioning profile
using push notifications
My final custom entitlements.plist has 3 values:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>get-task-allow</key>
<false/>
<key>aps-environment</key>
<string>production</string>
<key>keychain-access-groups</key>
<array>
<string>L23874DF.com.your.appid</string>
</array>
</dict>
</plist>
Once I had that in my entitlements.plist, I built with the developer provisioning profile for this app id. Then I archived it, and exported the archive from the organizer. Once exported, I sent it to my client. The client was able to resign the archive with an ad hoc profile, and send me back an IPA file, which I loaded onto my device. I also successfully received a push notification from Urban Airship to this IPA!