I am creating an in house MDM solution and have managed to create everything I need in terms of the MDM server, SCEP server etc in order to gather information about our devices.
However, I am having an issue pushing the Enterprise Apps that we create. I can push the apps to the device (and they install without issue) but I am still presented with the 'Do you Trust this developer' prompt.
I was under the impression that Enterprise Apps should be trusted by default when deployed by MDM. I have tested this using Apples Profile Manager and indeed the application is installing without issue and does not require the user to trust the developer.
I am obviously missing something obvious but have been chasing my tail trying to find out what it is!
Any help would be greatly appreciated.
Thanks in advance
David
OK. Turns out the issue was actually not much better that a typo!
Having uploaded the app to my server, I had a manual creation of the manifest for installation. The app identifier in the manifest did not mach the actual app!
So... weirdly the app was pushed via MDM, the manifest was downloaded (and appeared under the control of MDM briefly) then iOS realised mad things were afoot so booted the app out to the normal enterprise installation process (untrusted developer dialogue etc).
Fixing the manifest bundle identifier to match the app fixes the issue.
That's many hours I'll never get back!
I am guessing you are missing a CA certificate/root certificate that you used to sign your app. Due to this iOS might have been unable to trust the app since it was not able to confirm the validity of the signing cert.
Related
I am installing the application on my phone via Xcode in release mode. It works for a while without any problems. Then, for example, I try to open the application after a few hours, but it crashes immediately. What is the reason?
You can see here:
https://imgur.com/a/ydvZEqW
this usually happens when your app is no longer signed. Have you tried checking to see if your provision profile and certificate is still active. Might be worth revoking all certs and getting Xcode to remake it
Edit: also check settings> General > Profiles to see if it’s trusted (if using a free account which I don’t think you are since it’s release)
I don't think this issue is related to Provisioning profile, You must check if on opening app you are working with some database values or APIs which might not working for particular case
I have not found any functional solution, between a great number of suggestion on internet. I don't know exactly where and when it stopped to work, but I have an app at Apple Store that is working fine and it is in the 1.7 version. One month ago, I have tried to implement Push Notification and, to this tool works, I have to create and manipulate some certificates (Apple Developer certificates, Keychain Access, etc). After that, when I try to upload a new version to Apple Store using Xcode, I receive the message “Upload Successful”. Some minutes after this, I receive this message in my email:
Dear developer,
We have discovered one or more issues with your recent delivery for "Habilidades Médicas". To process your delivery, the following issues must be corrected:
Missing or invalid signature -
The bundle 'com.IvanSinigagliaApps.ChkList' at bundle path 'Payload/HabMed.app' is not signed using an Apple submission certificate.
Once these issues have been corrected, you can then redeliver the corrected binary. Regards, The App Store team”
I really don`t know what I did. Maybe, I can have deleted a key (keychain) or deleted a certificate or both. All the posts I have found about “Missing or Invalid Signature” didn’t work for me; many don't push me to my issue and many other are out of date for Xcode 8.3. I will post some screens with some doubts I have to show most information I can and I hope they can work as clues to help me to fix it.
Fig 01: My Keychain Access: I can found to Certificates: 1) iPhone Developer: QRL…, and 2) iPhone Distribution: C3D….
Fig 02: Apple Developer Provisioning Profiles:
Fig 03: iOs Certificates
Fig 04: Xcode (Certificate iPhone Developer QRL… ) ???
Fig 05: Xcode: even when manual provisioning is set up (C3D…) it doesn’t work.
Fig 06: Uploading App (Signing identity Distribution C3D…
Fig 07: Uploading (C3D…)
Fig 08: Upload Successful
UPDATE #1
This is happening the same way to my 4 apps, that were loading fine before.
Still not working, but after following the instructions at Apple Developer Troubleshotings technical Note TN2318, section: Resolving Signature Verification Failure, I run the Terminal with these instructions:
codesign --verify -vvvv -R='anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)' /path/to/the.app
I receive this message: code object is not signed at all
Now, I will try to go on this clue.
Yes, it is done, after a lot of hard work.
I have a great help from Apple Developer technical Support and to short this issue what I did was trying to fix it editing my certificates. As the problems involved all my apps, it should be something with the certificates. So, the guy from Apple, John, told me to think about this information:
I see they were issuing an revoking their certificates throughout May
and created the latest Certificate on June 1st. It is currently the
only active certificate. When a Distribution/Development Cert is
revoked, the associated provisioning profiles are invalidated and the
apps will stop functioning. This is the expected behavior. Apps
distributed via the App Store are not subject to this behavior. Only
apps distributed using the Ad-Hoc distribution method.
So I went to my certificates, at Apple Developer site, and edited those that I had just revoked and edited them again. A new one was created for this particular app and I have downloaded it to my machine. I have done a new upload and now everything is working fine again, with all apps.
There was a big confusion with all my certificates and with all my apps that. This confusion came to create this issue. Now I have reorganized all this stuff and everything is fine.
That's my lesson from this issue: keep all your work organized.
I really hope someone with the same issue can fix them after reading all this post or at least find an orientation.
Thank you Apple Developer Support and everybody who has read this.
SCENARIO
Our team is working on an enterprise application that we have delivered to one of our clients via HockeyApp. This particular client is having issues logging in. The issue does not happen when we use our environment, but it always happens to our client who is on a VPN using their own environment and data. The issue must be debugged by us. The client has deployed the application using Airwatch and
WHAT'S BEEN DONE
I create IPA to deploy over HockeyApp to the client.
The client has resigned the application and deployed it over Airwatch.
I have downloaded the app from their Airwatch catalog to my device.
Built+Run from Xcode to run the app to debug on my device.
WHAT HAPPENS
Before it installs to my device I get the following message:
"This application's application-identifier entitlement does not match that of the installed application. These values must match for an upgrade to be allowed."
QUESTIONS
1) "application-identifier entitlement". What is this?
2) (broader question) How do I debug an application that was installed from Airwatch?
Go to Entitlements.plist and verify the application identifier, that should match what is already installed.
I remember using Airwatch which has lot of issues, Ask the client to run your app directly without using Airwatch, If that works fine Airwatch is the culprit.Airwatch modifies your app to make it controllable, that might have caused the issue.
The client should not have to re-sign the app for it to work in their environment. I suspect that is the issue, as I've run into something similar. If you are using an enterprise iOS account, you can sign the app and send them that. Have them try installing/deploying without re-signing (no need for them to do so using their enteprise iOS acct).
If it works with the signed app from your side, problem solved. AirWatch does not require the client to 'sign' from their iOS developer account at all. It just needs to have the app and matching provisioning profile from 'a' developer account. Using your own signed app should work without any issue. That was the fix to a very similar issue where a vendor repeatedly told our team it was an 'AirWatch' problem and had our devs repeatedly resign unnecessarily. Once they sent us their signed .ipa and provisioning profile everything worked without any further problem.
AirWatch does not 'modify' any app to make it manageable unless your client is using app wrapping which is likely unnecessary. If just providing an app that requires zero modification, the most likely culprit is the re-signed app the client has; and the solution is simply providing the client with the signed app you have already with the provisioning profile already embedded in the .ipa from your own enterprise iOS dev account. Again, no resigning should be necessary and is typically the root cause of the issue for these types of problems.
When I try to test my app on my jailbroken 5s I keep getting this error for some reason, it just started happening as well... I was able to test on my apps on my device this morning but now it doesn't work, and yes I tried restarting xCode.
Error message:
The identity used to sign the executable is no longer valid. Please
verify that your device’s clock is properly set, and that your signing
certificate is not expired. (0xE8008018).
My device time is set to automatic so I don't see how it could be incorrect, and the certificate is still valid, I just made a new one...
Please don't tell me I need to pay the 99 dollar developer fee to do this. I am jailbroken and I will not do this, nor will I install app sync as I didn't need it installed before. I have already created a self signing certificate and everything, even edited all the plist files and changed the build settings in my app, nothing works.
Did you try to reverify the device in Xcode? If not try that. Else something tells me the system discovered your self made certificate.
You can't use self-signed certificates with Xcode to my knowledge. You must use an Apple-issued certificate to publish using Xcode. There are special ways to install self-signed apps on jailbroken phones, and Xcode isn't one of them. In theory, you could modify the Xcode project's build procedure to use this special method, but it really isn't worth the hassle in my opinion. If $99 is honestly too much for you to have access to Apple's awesome developer community, then Android will always accept new developers. Just remember that $99 is not much money for most in the developed world, and if you own a Mac and an iPhone (or several) then you certainly can afford it, and it's definitely worth the money considering what it gets you.
I've been browsing the internet for a solution to this issue and have found plenty of threads about the same problem, but there was either no solution found or the ones proposed didn't work.
I followed along with the tutorial linked in the iOS text file in the Air project template for FlashDeveop. Since I do not currently have an iOS device, I've been sending the IPA to a coworker to have him test it. When he attempts to load the application onto the iTouch, he gets an "app failed to install" with no further information on why it failed. Does anyone know what could cause this?
Here's what I've already done/checked:
made sure the app ID in the apple portal matched the ID in the application.xml
sent my co-worker the provision profiled used to create the IPA
tried the test targets (fast test, fast debug, etc) as well as an "ad-hoc" build
recreating the certificates
Its also worth noting that the app runs fine on my Android device, so I'm fairly certain that I've missed something in the certification process for iOS.
Yeah sounds like a provisioning problem. Make sure the UDID of all devices you are targeting are in each listed provisioning profile (Note: You will need to add any additional UDID's added to the developer portal again to any provisioning profile).
Although I strongly recommend using Testflight for your circumstance, makes sending an .ipa extremely easy. https://testflightapp.com/