My company is using enterprise distribution profiles to sign our iOS app for easy distribution to in-house and external testers. Everything has been working fine locally and in our CI system, but we recently started working on a WatchKit app, and we can't figure out how to codesign it correctly for enterprise distribution.
We've created app identifiers for the iOS app, the WatchKit extension, and the WatchKit app, as well as an app group. Development provisioning is working fine and we can test the watch app on hardware without issue. However, when trying to sign using our enterprise profiles, everything appears to work but the app will not install on the Apple Watch, showing an "Application could not be verified" error on the watch screen and the following in the console:
Warning: failed to install WatchKit application, error: (Error Domain=LaunchServicesError Code=0 "The operation couldn’t be completed. (LaunchServicesError error 0.)" UserInfo=0x15d6e0d0 {Error=ApplicationVerificationFailed, ErrorDetail=-402620394, ErrorDescription=Failed to verify code signature of [redatcted] : 0xe8008016 (Entitlements found that are not permitted by provisioning profile)})
Is it even possible to use enterprise distribution provisioning profiles to sign a WatchKit app? There doesn't seem to be any documentation about this anywhere I can find, and the error description is of very little help.