19

I have an app that crashes immediately when starting under iOS 12 on a device.

The console shows the following error:

kernel AMFI: 'AppName' does not pass CT evaluation, result: 0x80008

kernel AMFI: Unrecoverable CT signature issue, bailing out.

The app runs fine in the iOS 12 simulator, and it also runs just fine on devices with iOS 11 or iOS 10. (I can even distribute the app through enterprise OTA on older devices just fine!)

What did iOS 12 change? What is this "CT signature"?

Many thanks in advance!

hdort
  • 909
  • 1
  • 8
  • 18
  • There is a thread started on developer.apple.com regarding this issue. https://forums.developer.apple.com/thread/106711 but still no solution. We are in contact with Apple over the issue and waiting on a response. – 2Aguy Sep 25 '18 at 13:35
  • 1) Is your application an Apache Cordova iOS application or an application built completely by XCode? 2) What distribution mechanism are you using? Enterprise distribution or App store? – 2Aguy Sep 25 '18 at 13:48
  • Apache Cordova, Enterprise distribution here. However noticed some other apps on Cordova + Enterprise doesn't have this issue. – aarjithn Sep 25 '18 at 15:05
  • Also, app works in device when signed using personal apple ID team. This has something to do with certificate / provisioning profile... – aarjithn Sep 25 '18 at 15:05
  • Hi @2Aguy, my app is built completely built by Xcode. We use an enterprise ad hoc distribution, but the app won't even run when debugging directly with Xcode on an iOS12 device. – hdort Sep 25 '18 at 15:06
  • @hdort did you try if it works when deployed using a Personal Team? – aarjithn Sep 25 '18 at 15:11
  • @aarjithn We are building an Apache Cordova app with Enterprise distribution as well. We haven't tried yet if it works when signed using personal a personal Apple, that is an interesting observation. – 2Aguy Sep 25 '18 at 16:42
  • @hdort "the app won't even run when debugging directly with Xcode on an iOS12 device" Are you talking about XCode 10 or XCode 9.x? I assume XCode 10, since I don't believe it is possible to deploy to an iOS 12 device with XCode 9.x. We have noticed the following: - App runs fine when built with XCode 9.4 and deployed to iOS 11 - When built with XCode 10, app loads fine on an iOS 11 device, but fails to load on iOS 12 device - The app always loads when run on iOS 12 simulators - It doesn't matter if the app is built with XCode UI or XCode command line tools, same results on iOS 12 – 2Aguy Sep 25 '18 at 16:47
  • @2Aguy nice summary, it seems my situation is exactly the same – hdort Sep 25 '18 at 19:02
  • 3
    So this CT might be 'Certificate Trust' – aarjithn Sep 26 '18 at 06:50
  • I have submitted a bug report to Apple for this issue at https://bugreport.apple.com/web/?problemID=44831920 – 2Aguy Sep 27 '18 at 16:00
  • @2Aguy Have you ever heard something back from Apple about this issue? The bug-tracker link is down. – TMob Nov 23 '18 at 13:44
  • @TMob No, I have not heard anything from Apple, but I just submitted a support ticket to inquire as to why there has been no change in status on the ticket. – 2Aguy Nov 24 '18 at 14:09

1 Answers1

40

I'm not sure if this will fix it for everyone, but I had the exact same problem and it solved the problem for me. In Keychain Access, I set the trust settings to "Use System Defaults" for the following certificates:

  • Apple Worldwide Developer Relations Certification Authority
  • Developer ID Certification Authority
  • iPhone Developer: {email}
  • iOS Distribution

Some of them were set to "Always Trust" before, and changing it seemed to resolve the issue. When running Xcode however, it initially still did not work, so I cleaned the build and restarted Xcode, and the application finally launched.

William Nobel Chilcote
  • 515
  • 5
  • 6
  • I checked the trust settings for all of those certificates on my machine and they were all already set to 'Use System Defaults'. – 2Aguy Sep 25 '18 at 20:59
  • Wow, sure enough, this fixed the issue. – aarjithn Sep 26 '18 at 06:33
  • 4
    Thank you! The only certificate I had to change to "Use System Defaults" was the "Apple Worldwide Developer Relations Certification Authority", and indeed this solves the issue! If I recall correctly, over 2 years ago there was a problem with this certificate and I installed an update by hand, that must have messed things up. – hdort Sep 26 '18 at 07:54
  • 3
    We found that we had "Use System Defaults" for all of the certificates you mentioned, so that wasn't our issue. BUT -- we had a fourth "iOS Distribution" certificate that was also in the signing chain since our application is an Enterprise distribution app. That certificate was set to "Always Trust" instead of "Use System Defaults". I confirmed that changing the trust setting on that cert to "Use System Defaults" makes the problem go away and toggling it back to "Always Trust" makes the problem return. @william-nobel-chilcote: Nice job, you might want to update your solution with this info. – 2Aguy Sep 26 '18 at 15:40
  • 1
    I have filed a bug report with Apple for this issue at https://bugreport.apple.com/web/?problemID=44831920 – 2Aguy Sep 27 '18 at 15:59
  • 1
    I also confirm that I had to change Apple Worldwide Developer Relations Certification Authority from AlwaysTrust to Use System Defaults and app started. It took me two days to find this post. Thank you! – Yuri Zolotarev Oct 24 '18 at 10:10
  • I am also facing the same issue, And yes your solutions work like a champ and am able to run the app. Thanks for so much !! – Sagar Daundkar Dec 26 '18 at 11:15
  • Can no longer reach the bug report mentioned above, but this did indeed work for me as well. Thank you! – Topher Fangio Dec 29 '18 at 03:38
  • I confirm that I had to change Apple Worldwide Developer Relations Certification Authority from AlwaysTrust to Use System Defaults and app started.You will find it in Certificates tab but not in My Certificates tab so attention to detail is important. Also works for error "Bootstrapping failed for with error: Error Domain=BKSProcessErrorDomain Code=1 "Unable to bootstrap process with bundleID". Thank you. – Thakur Feb 21 '19 at 11:27
  • Thank you! Fixed this issue for me. – Nicholas Adams May 14 '19 at 20:42
  • Indeed changing "Apple Worldwide Developer Relations Certification Authority" to "Use System Defaults" have helped. I might have set it to "Always Trust" long time ago trying to avoid asking for password every build. – too May 31 '19 at 10:18
  • I also can confirm that this solve the same issue working on Xamarin Environment. Many thanks for your time and effort. – Lorenzo Melato Sep 02 '19 at 15:54
  • Thanks, I also faced the same issue.. and resolved when i change trust setting "Use System Defaults". Thanks again.. William. – Manish Nahar Sep 07 '19 at 05:43
  • After five hours of struggle, I could fix the issue after coming across this solution. Thank you so much !!! – Dayanithi Natarajan Nov 01 '19 at 19:57
  • I had a slightly different problem where I was getting this error but all my certs were set to "Use System Defaults". But I noticed a "certificate is not trusted" error for the distribution cert. Downloading a new Developer Relations Intermediate Certificate fixed it for me (see https://developer.apple.com/forums/thread/662300). – gumbypp Mar 08 '21 at 02:39
  • All these certs were already set to "Use System Defaults" and I'm still facing the issue. Please help – Talal Yousif Apr 27 '21 at 11:06