2

iOS App Provisioning is, as most will probably agree, among the most confusing and complicated subjects an iOS developer has to deal with and I'm one of them. :-)

One of our teams needs to start beta testing their app. It's a corporate app that will eventually be released in our company's app catalogue (InTune) for use with a few thousand colleagues. As far as I've seen Inhouse distribution is for this exact purpose: Deploy to a limited number of invited non-developer testers but without having to harvest their UDIDs. For this purpose I have set up:

  • An Inhouse provisioning profile, based on the exact same AppId as the team's development profile.
  • Set up an AppCenter beta test group and invited some colleagues as testers.
  • Added a "publish to AppCenter" step in the project's build definition that deploys the .IPA file to the mentioned test group in AppCenter.

When the build runs all works fine and the app gets deployed to the test group as intended. Each tester is allowed to install the app and all looks good. But when they try to install the app they get a very non-descriptive error message saying the "the app cannot be installed".

I have checked the device log and found an error message: "The executable was signed with invalid entitlements."

I have also re-created the failed deployment from Visual Studio (Mac) by downloading the Inhouse provisioning profile (+ signing certifictate) and re-target the build/deployment to "In-house". For good measure I also selected the In-house profile manually.

When I build and deploy to a simulator all works fine but when I deploy to a physical device I get this error in Visual Studio (Mac):

ApplicationVerificationFailed: Failed to verify code signature of /private/var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.zveLv9/extracted/{name-of-app}.app : 0xe8008016 (The executable was signed with invalid entitlements.) error MT1006: Could not install the application '{path-to-app}.app' on the device '{my-device-name}': Your code signing/provisioning profiles are not correctly configured. Probably you have an entitlement not supported by your current provisioning profile, or your device is not part of the current provisioning profile. Please check the iOS Device Log for details (error: 0xe8008016).

My understanding is that entitlements are enabled with the AppId and requested with the entitlemens in code (via the Entitlements.plist file). This leads med to assume that two profiles referencing the same AppId would also enabled the same Entitlements. Is this incorrect? Obviously, I am requesting the same entitlements from code as I'm compiling the exact same branch using the two different provisioning profiles.

I suspect I have misunderstood or overlooked something ...

Jonas Rembratt
  • 1,550
  • 3
  • 17
  • 39
  • Just to confirm, you have an enterprise developer program membership? – Paulw11 Apr 17 '18 at 13:03
  • Yes, that's correct. – Jonas Rembratt Apr 17 '18 at 13:10
  • Some more digging has revealed that if I turn off the Push Notifications Entitlement (in Entitlements.plist) it deploys correctly. When I checked the AppId I noticed the "Distribution" column for Push read as "Configurable", with a yellow icon whereas the "Development" column said "Enabled" with a green icon. I tried generate a certificate for "Distribution", downloaded/installed it and tried again. Didn't work I then tried re-generating the profile and dowload/install it. Still didn't work. – Jonas Rembratt Apr 17 '18 at 13:14
  • Do you need push notification in your app? – rishi Apr 17 '18 at 13:18
  • Yes, push notifications is a requirement so it's not optional. – Jonas Rembratt Apr 17 '18 at 13:21
  • Even more digging: It turns out there's a "aps-environment" setting in the Entitlements.plist file which is set to "development". I tried changing it to "production" and now I can deploy with Push notifications. The problem now is handling this in automated builds, switching from development to production ... – Jonas Rembratt Apr 17 '18 at 13:23
  • The simplest solution, it seems, is to have two Entitlements.plist files (named slightly different, naturally) and use the bundle settings (Debug, Release, ...) to pick the correct one. Problem solved! – Jonas Rembratt Apr 17 '18 at 13:29
  • Please write up your solution as an answer and accept it as the answer. Thanks! – Owen Hartnett Apr 17 '18 at 15:19
  • Done! Thanks for the reminder. – Jonas Rembratt Apr 17 '18 at 16:01

1 Answers1

2

The problem turned out to be the "Push Notifications" entitlement.

The Entitlement.plist file contains an "aps-environment" setting (in Visual Studio Mac open Entitlements file and select the "Source" tab) which was set to "development". When deploying a release build to a physical device this caused a mismatch with the actual entitlement of the provisioning profile.

To fix this I created a second Entitlement.plist file, changed the "aps-environment" setting to "production" and saved it as "Entitlement.prod.plist" (I also renamed the original file to "Entitlement.dev.plist" for clarity).

Finally, I just changed the Bundle settings (Debug, Release, ...) to pick the correct Entitlement file and now it works as expected.

Jonas Rembratt
  • 1,550
  • 3
  • 17
  • 39