Problem
We are using Fastlane to distribute our builds. In order to avoid the manual agreement to the export compliance, we have set the following key in our info.plist:
<key>ITSAppUsesNonExemptEncryption</key>
<false/>
Out of the blue, this stopped working. Also, the encryption pop-up has changed. Is there a new key that has to be added or has something else changed? Couldn't find any information.
Solution
Ok, it is unbelievably stupid. I edited the entry in my info.plist, but I had to edit it directly via XCode in the Generals tab. Seems like the version in XCode is the one which is really used and at some point in the build process being generated from the original info.plist.
I have added the following code in the Info.plist
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAppleMusicUsageDescription</key>
<string>Play using while you are hiking</string>
<key>NSCameraUsageDescription</key>
<string>Please Allow the app to access the device camera</string>
<key>NSMicrophoneUsageDescription</key>
<string>Please Allow the app to access the device microphone</string>
<key>NSPhotoLibraryUsageDescription</key>
<string>Privacy - Please Allow the app to handle your photos</string>
</dict>
I am creating the archive in Xcode and re distributing and still getting the error Missing Purpose String in Info.plist"
As on Apple documentation for NSAllowsArbitraryLoads
Important
You must supply a justification during App Store review if you set the key’s value to YES, as described in Provide Justification for Exceptions. Use this key with caution because it significantly reduces the security of your app. In most cases, it’s better to upgrade your servers to meet the requirements imposed by ATS, or at least to use a narrower exception.
I have submitted many app builds to TestFlight, even yesterday, but today when I tried to submit my app to TestFlight via XCODE I get the following error:
ERROR ITMS-90164: "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. According to the provisioning profile, the bundle contains a key value that is not allowed: '[ ]' for the key 'com.apple.developer.healthkit.access' in 'Payload/Runner.app/Runner'."
I'm building a flutter project via XCODE. I have tried the following:
Cleaning my project.
Re-enabling automatic app signing in XCODE.
Deleting my provisioning files from ~/Library/MobileDevice/Provisioning\ Profiles/
Disabling automatic signing in xcode and creating my own provisioning profile via the Apple Developer site
But I'm still getting this error. My enablements haven't changed from the last time I uploaded my app. Please help, thank you.
UPDATE 1:
Appears to be a change made on Apples end that is causing this error. No official response/explanation from Apple has been provided yet. Some workarounds have been provided below. I went with enabling Clinical Health Records usage for the Health Kit enablement since this workaround doesn't use any non-apple approved changes. So still technically not a final solution, but a workaround.
UPDATE 2:
Apple has resolved the issue on their end, no workarounds are required anymore.
I was facing the similar error.
I believe the Apple back-end has changed and has started applying a stricter rule to entitlement keys that take array values.
I believe the Apple back-end used to accept empty arrays for entitlement keys that took array values but now require the entitlement key to either not be present at all or to contain actual values.
Evidence to back this assertion:
I have an entitlements file with a key for "com.apple.developer.icloud-container-identifiers" entitlement with an empty array like so:
<key>com.apple.developer.icloud-container-identifiers</key>
<array/>
This was fine until just yesterday (I successfully submitted a build, and have submitted builds like this for more than a year).
The Fix:
Remove or Comment out the following line from the .entitlements file:
<key>com.apple.developer.icloud-container-identifiers</key>
<array/>
The key was empty anyway so should not have an effect after being removed.
Now the TestFlight submission is successful.
Solution
What worked for me was to remove the following line in the .entitlements file
<key>com.apple.developer.healthkit.access</key>
<array/>
Validation
I double checked and the HealthKit access still works for read/write when building via Xcode
I tested the app via TestFlight and everything still looks good
My app got approved and everything works fine for existing and new users :)
Side notes
I had the same issue. I haven’t changed the entitlements for months and out of a sudden that error appeared. It might be the case that Apple changed some logic and applied stricter rules on their backend entitlement validation.
Interesting that if you create a new Xcode project and add the HealthKit entitlements it creates the entitlements like:
<key>com.apple.developer.healthkit</key>
<true/>
<key>com.apple.developer.healthkit.access</key>
<array/>
Interesting read: https://developer.apple.com/forums/thread/10738
Remove 'com.apple.developer.healthkit.access' won't help the issue. So far we can just hope to wait for Apple to fix this.
Thread on forum (i can't access the Marceeelll's thread):
https://developer.apple.com/forums/thread/671352
Related:
App Store Connect Operation Error: ITMS-90164 [] for key com.apple.developer.healthkit.access
For me solution is to remove the following line in the .entitlements file
<key>com.apple.developer.healthkit.access</key>
<array/>
!This work if you submit the app for TestFlight!
This does not work if you submit the app for review :(. Binary will be rejected ITMS-90000: This bundle is invalid - $message.
What work for me: First, when you enable your app’s HealthKit capabilities: you must also select the Clinical Health Records checkbox!
Next, you must provide a Health Records Usage string in your app’s Info.plist file.
Same error for me with "icloud-container", just comment these lines in your . entitlements file:
<key>com.apple.developer.[YOUR-ERROR]</key>
<array/>
Deleting the empty iCloud Container entitlement (array) from the entitlement files solved the issue for me. Seems like a server-side change from Apple that no longer allows an empty array there.
Apple has fixed the issue. You can now try submitting app to TestFlight without making any changes.
Thread on Apple Developer forum: https://developer.apple.com/forums/thread/671352
What worked for me
Before started trying, I checked my .entitlements file it looks like this:
...
<key>com.apple.developer.healthkit</key>
<true/>
<key>com.apple.developer.healthkit.access</key>
<array/>
...
Step 1: Remove and add HealthKit capability again.
Remove HealthKit from "Signing and Capabilities"
Add HealthKit back
Step 2: Check on "Clinical Health Records"
Once done, you shall be able to see your .entitlements file become
<key>com.apple.developer.healthkit</key>
<true/>
<key>com.apple.developer.healthkit.access</key>
<array>
<string>health-records</string>
</array>
Step 3: Add Privacy - Health Records Usage Description and its value to info.plist
Final: Then I tried to archive and upload to TestFlight, it worked.
I commented-out/removed
<key>com.apple.developer.healthkit.access</key>
in .entitlements and it works!
A key with a value that is an empty array seems to be not allowed in entitlements anymore. Just removing the key/value pair fixed it for me.
I had the same issue with Network extensions, it is also empty and deleting it from Entitlements solved the issue.
Deleting the empty iCloud container entitlement will resolve the upload issue. But the app cannot select any documents from iCloud using document picker (UIDocumentMenuViewController).
We would end up with a crash in the app as below:
*** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Application initializing
document picker is missing the iCloud entitlement. Is
com.apple.developer.icloud-container-identifiers set?'
Apple reject my app with Message:
Guideline 2.3 - Performance - Accurate Metadata
We were unable to install the app on iPad. The
UIRequiredDeviceCapabilities key in the Info.plist is set in such a
way that the app will not install on an iPad .
Next Steps
To resolve this issue, please check the UIRequiredDeviceCapabilities
key to verify that it contains only the attributes required for your
app features or the attributes that must not be present on the device.
Attributes specified by a dictionary should be set to true if they are
required and false if they must not be present on the device.
Resources
Please review the Technical Q&A 1397: Understanding the
UIRequiredDeviceCapabilities key for information on the
UIRequiredDeviceCapabilities key.
You may also wish to review the dictionary keys table in the
"Declaring the Required Device Capabilities" section of the App
Programming Guide for iOS.
App has Deployment info, Devices: Universal.
I tested app on iPad 2 Wi-Fi (model: A1397), iOS 9.3.5 (13G36). And different iPhones. App works correct.
There is following value of UIRequiredDeviceCapabilities in file-info:
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>armv7</string>
</array>
There was not problem with armv7 at previous releases .
At webpage wrote, that armv7 is supported all modern devices.
What I need to do with UIRequiredDeviceCapabilities parameter?
I removed the armv7 value at info.plist file. Application successfully passed review.
<key>UIRequiredDeviceCapabilities</key>
<array/>
It seems to be a big feature to share data between different Apps through the iOS Keychain, but how can I avoid the sharing between apps? I can't find anything for that case in the Apple documentation.
I know that the access-group and therefore the access of the keychain for an app is defined through the provisioning profile with the parameter keychain-access-groups.
<key>Entitlements</key>
<dict>
<key>application-identifier</key>
...
<key>keychain-access-groups</key>
<array>
<string>XXXXXXXXXX.*</string>
</array>
</dict>
After Apple redesigned their developer-page it is not more possible to create different App-Prefix-Ids where defines the keychain-access-groups. I hope someone can give me a hint, how to prevent the sharing of the keychain for different apps with the same code base.
Additional Note:
It is not possible to save the data with different keys.
Update:
I found an attribute that set on runtime the keychain-access-group kSecAttrAccessGroup I think this should help to fix the problem.
You misunderstood what share means here, which is you can opt to share with different apps produced by you and accepted by Apple. Arbitrary apps cannot access your app's keychain data.