app store binary: the executable was signed with invalid entitlements - ios

I'm about to build my first ipad application. I followed the steps listed here for creating the binary: How do I build an xcode project for the itunes store? (see first answer).
Unluckily, I get the already mentioned alert when trying to build on my ipad. I can build with the simulator, though, without any problem. Is it possible to make an app store build with an app store distribution profile on an ipad? When I select the distribution profile on the organizer, I read the text: This profile cannot be installed on devices.
Sorry if this is a question that has been asked before. I searched on stackoverflow and on the internet and couldn't find any answer. By the way, I had created an ad hoc distribution and that worked perfectly on the ipad. I don't have any Entitlements.plist since I didn't need it for the ad hoc distribution.

You'll need two provisioning profiles. The development one is for putting your app on devices for testing. The distribution is for submitting your application to iTunesConnect.
You have to swap between the two provisioning profiles when you want swap between putting the app on the device and the store. Consider creating targets to achieve this.

Related

Appcenter iOS install error "this app cannot be installed because its integrity could not be verified"

I see that this question has been asked many times but I see no solution that works for me so I'm hoping that providing more info might shed some light.
We use appcenter.ms to test iOS apps. Until our iOS certificate expired this method worked fine. We generated a new enterprise certificate and ad hoc provisioning profile for new releases of the iOS app. Which led to the first curiosity.
I see how to upload a certificate on appcenter.ms but not a provisioning profile. I thought there was an option to do this in the past but perhaps I am mistaken. However, the app is signed with a provisioning profile before upload, so perhaps this is not needed now.
Once the app is uploaded, it can't be installed. It remains grey and when you tap it, you get the "this app cannot be installed because its integrity could not be verified" error. Again, that the .ipa is created with an ad hoc certificate and profile in Xamarin (VS for Mac).
Also, I can't install the provisioning profile on a device from appcenter.ms. You basically get stuck in a loop where you seem to successfully install the profile but have to keep doing it because it never actually installs.
I hope this is enough info for some insight and thanks in advance for any feedback.
We were able to solve this by redoing and downloading development certs and via
And also downloading and double clicking the apple development certificate here
After that our keychain showed both as trusted and we could build to the iPhone again.
The issue can be the your device is simply not registered on the developer portal and/or that ad-hoc provisioning profiles have not been regenerated.
You need to register your device, regenerate a provisioning profile with this device in it and rebuild your app using this profile.
This can also happen because of
Developer ID Notary Service - Outage
which can be checked on https://developer.apple.com/system-status/
Notarization is well explained here:
Notarization gives users more confidence that the Developer ID-signed
software you distribute has been checked by Apple for malicious
components. Notarization is not App Review. The Apple notary service
is an automated system that scans your software for malicious content,
checks for code-signing issues, and returns the results to you
quickly. If there are no issues, the notary service generates a ticket
for you to staple to your software.
Work around fix:
Select your app.
Navigate to TextFlight tab
Create External Testing group
Add one tester
Add build which you want to download using TestFlight
Open TestFlight and download an app.
In my case this was caused by trying to include an entitlement for aps-environment "development" when using an Ad-Hoc provisioning profile. The value for this environment in Entitlements.plist must match what is hard coded into the provisioning profile file - if you open an Ad-Hoc profile in a text editor you will see it expects the "production" environment.
The possible solutions depending on your requirements are to either use the Development profile/certificate, or change the aps-environment to "production" to continue using an Ad-Hoc provisioning profile.
It can also happen if you have other incorrect entitlements - worth checking what entitlements are enabled under the Identifier in Apple Developer portal and removing unnecessary ones.
I had this issue because when building the app on xCode for distribution (Product->Archive then Distribute App), I chose automatic signing. After manually signing the app and choosing my own generated certificate and profile, everything worked again fine.
I removed the Entitlements file from the Addition Resources in iOS Bundle Signing and it worked.
I think the MSAL configuration was set to debug in entitlements.plist
I have also face this issue before but for me the reason was little different
First the build was enterprise one and the build was made on the earlier Xcode version on which the iOS version you are using on the device was not supported by the Xcode.
All I did was to update my Xcode and make a new build and shared the build. After that we were able to install that build over device Hope it works for you as well
This is how I solved for myself.
In you iPhone Settings > General > VPN & Device Management you should see your company name (if an app from it is installed), and if you click on it, you will see a button like "Verify" above the list of apps installed provided by the company. Just click on "Verify".

Add devices option missing from iOS Provisioning Profile?

I don't know if this is something to do with the new TestFlight integration or a glitch or what, but I just created a new Distribution Porfile for an iOS app and there is nowhere to add my test devices. Normally there is a list of all my test devices in a scrolling window where indicated, but it's not there on this new profile. If I go to a different existing distribution profile that was set up months ago, there is a list there of all devices.
I checked the app store docs here: https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingProfiles/MaintainingProfiles.html#//apple_ref/doc/uid/TP40012582-CH30-SW28, and you can see in the image for step 4, where the list normally appears.
Anyone else seeing this? Any suggestions?
There will not be a device list if you are making a Distribution provisioning profile for the App Store. Make sure you are either creating a Development provisioning profile or you are selecting "Ad Hoc" when creating a Distribution one.

Xcode 5 - Can no longer validate archives

I upgraded from Xcode 4 to 5 and I can no longer validate archives created for Ad-Hoc distribution.
After creating an archive, I hit Validate, log into iTunes Connect (as prompted) and get the error "No identities are available for signing":
If I click 'Download Identities...' then pick my team name (me) it just takes me back to this error prompt.
Specifics
I have created and signed an Ad Hoc distribution profile called 'survey_dist_9'
The Code Signing settings in my Target look like this, although I have tried many combinations of these profiles:
My unchanged, existing project that worked fine in Xcode 4 no longer works in Xcode 5. I validated 15 versions of my app without fail before upgrading to XCode 5.
In My Xcode organizer it shows no provisioning profiles except under my iPad device. Has this changed since Xcode 4? (Sure they used to be there)
There are similar sounding questions here but the solutions I've found are not applicable.
No crashes are occurring as described in similar sounding questions. I can distribute as Ad Hoc. The problem is we're using Ad Hoc as a production solution (distributing an in-house app to a small company) so I'm reticent to skip the Validation process.
Any suggestions?
Make sure that the bundle identifier in Xcode matches your App's bundle ID in iTunes connect.
Here you go, follow the screens below, it should help you..
And yes they have removed Profiles from Organizers, instead you can use iPhone Configuration Tool.
Hope it helps..
Cheers
It looks like Apple disabled the ability to validate with just an ad hoc provisioning profile in XCode 5.
If you wish to validate an app that is intended only for Ad Hoc distribution, you must also have an App Store provisioning profile for the app too, against which to validate it.

iOS Developer Builds vs Distribution Builds

I've been under the impression for some time that for iOS, signing a build with a developer provisioning profile allows the app to run (and get debugged) on an authorized device (listed in the development provisioning profile) through an XCode build, whereas signing with a distribution profile allows the app to be run (but not debugged) on other iOS devices that have been specifically added to the distribution provisioning file for the purposes of QA/beta testing/etc (and installed via iTunes sync or OTA distribution), without the need for those QA/beta-testers to even know what an XCode is.
Seems to match several of Apple's own docs:
"When you’re ready to share your app for user testing [...], you need
to create an archive of the app using a distribution provisioning
profile and send it to app testers" (source)
and
Code Signing with a development profile allows your app to run on
device through Xcode, and signing with a distribution profile allows
you to create distribution builds.
The certificate named "iPhone Developer" allows you to run/debug your
app on iOS devices through Xcode, and the certificate named "iPhone
Distribution" allows testing your submission build with Ad Hoc
distribution (source)
This seems to imply that using a distribution profile is necessary to do app sharing outside of the App Store, and for years I've always assumed this to be true. Recently however, I've been shown a use case from another colleague where they've been able to share builds with many other people using only a development provisioning file. Another user has described a similar discovery here: Why not use development provisioning instead of ad hoc?
I'm worried I might be missing something here, I'm now suspicious that there are cases where as long as another user has access to a relevant developer provisioning profile that includes their device's UUID, and installs it on their device (drag into iTunes, config utility, etc), that they would be able to sync Developer builds through iTunes as well, without the need for making separate Distribution builds.
This has led me to question some of the assumptions I've had about the nature of the differences between developer and distribution builds in general. I'm starting to think that it's more about debug support and general ease of installation, rather than the nature of how it's installed (XCode vs iTunes/OTA explicitly).
In short, if a device has it's UUID included in a developer provisioning profile, do I really need to make separate distribution builds, or can I simply share a Release Development build and assume that will work with an iTunes sync as well? Does the "Use for Development" button in organizer have any real relevance to this?
More broadly: what are the fundamental differences between Developer and AdHoc builds in terms of how they can be shared among other people within an organization in the development/testing phase before being submitted to the App Store?
Check this SO Post for the differences listed out between developer and distribution builds. From a developer perspective, there is not much difference whether you want to distribute your app either by signing it with a developer profile or distribution profile, provided you are not testing push notifications.

Archived IPA won't install onto my phone

I've done this a few times before with my own apps.
I've started working for a client and using there account I've created the necessary files on the dev portal. Downloaded and install them on my machine.
Followed the instructions to create an archived IPA for adhoc distribution.
Drag it into iTunes.
Then drag it to my device in iTunes. When i start dragging the app icon a red badge appears, but the app never starts to sync onto the phone.
I opened the ipa and looked at the mobile provisioning file and I see that my phones UDID is
included there.
Can anybody give me some insight into what the problem may be?
I had this happen when I could see myself in the provisioning profile under its code-signing identity but I was not on the distribution profile. And the issue relied on the build settings.
Go to your project -> Build Settings and check under Code Signing. Confirm that you are using the correct developer profile. Pay extra attention to mismatches between bundle identifiers.
Check the validity of the distribution profile in the same area.
Archive and make sure you are using the correct build configuration. When creating the ipa file confirm for the correct distribution profile again.
Hope that helps
There can be many reasons for that. one thing that cross my mind:
Check if their device iOS version is not higher then the SDK you are using or lower then your deployment target.
I can also recommend to use Testflight service (search Test Flight iOS in google), it is perfect for distributing builds to customers.

Resources