Last year I used the iOS Distribution Managed Certificate (Enterprise Program) to sign an App and to distribute it internally. The Cert is still valid until May 2026. But its associated Provisiong Profile (which is not visible in the Apple Portal, but within Xcode when you export your archive) expired last week. Until then it was impossible for me to somehow force renew the profile and that lead to the fact that my app was not usable for a day, because the renewal was done after the expiration of the old one. Whats the whole point of the managed signing if can't influence the provisioning update. To be clear: I don't speak about the certificate - just about the profile. Or am I using it wrong?

Hello, I’m facing an issue with enabling In-App Purchases (IAP) for my iOS app, and it’s causing provisioning errors during the build process. Issue: • In Apple Developer Portal → Certificates, Identifiers & Profiles, the In-App Purchase capability is checked but grayed out, so I can’t modify it. • In Xcode, under Signing & Capabilities, I don’t see In-App Purchase listed. • When trying to build, I get the following error: Provisioning profile “BillionMines_Dev_Profile” doesn’t include the com.apple.developer.in-app-purchase entitlement. • Automatic signing in Xcode fails with: Xcode failed to provision this target. What I Have Tried: 1. Verified that my App ID is explicitly defined (not a wildcard ID). 2. Regenerated and downloaded a new Provisioning Profile, ensuring it matches my app. 3. Confirmed that In-App Purchase is enabled in App Store Connect under Features. 4. Cleaned the build folder and restarted Xcode. 5. Manually added com.apple.developer.in-app-purchase to my .entitlements file. Questions: • Why is the In-App Purchase option grayed out in Certificates, Identifiers & Profiles? • How can I ensure my provisioning profile includes the com.apple.developer.in-app-purchase entitlement? • Are there additional steps required to fully activate In-App Purchases? Any help would be greatly appreciated! Thanks in advance.

As of this morning, I get the following error message when trying to build on any of my Macs (including my desktop, as well as my CI/CD systems): Provisioning profile "Mac Team Provisioning Profile: com.stairwell.Inception.Forwarder" doesn't support the App Groups capability. When I check the identifier in the developer portal, it does show the "App Groups" capability, and the same group is selected as has been there before. We have to build this project with Xcode 15, because we have another issue with provisioning profiles on Xcode 16, that I haven't gotten resolved yet. To be clear - I built, notarized, and released a Developer ID build of this same project last night, and today it just fails to build. I should have never switched to "Xcode managed Profile", I guess. Manually configuring all of this was annoying, but at least it worked. I assume at this point, I'm just going to be regenerating provisioning profiles until the issue randomly goes away...

I am trying to build/deploy app to my phone however I get this message: "provisioning profile doesn't include the currently selected device" My developer account is pretty old one and used to be one the paid-version one. My understanding is that I should be able to deploy apps using free account but I don't see where I can add or delete devices....stuck in the loop over here! :-) I've created support request via email but I don't know if that is being worked or not...four days since I put it in. I suppose my other options are new apple-id or pay $99 and hope apple pays attention then? Any other suggestions?

I am managing provisioning profiles manually, including the one for my Notification Service Extension. I am wondering what happens if the provisioning profile for the Notification Service Extension expires. I have two types of apps: An App Store-distributed app An Enterprise-distributed app Can someone clarify how the expiration of the Notification Service Extension's provisioning profile affects both cases? Will the extension stop functioning, or will it continue to work normally?

Howdy, I thought this would be an easy question, but it turns out it's really not! In fact, it flies in the face of how the Apple ecosystem is set up. That said, I still need an answer to be able to inform our customers of what their app update options are. The question: Does app store provisioning ever expire? Based on the very limited information I can find, it either expires in one year, two years, or never. Anecdotal evidence seems to indicate that the answer could be never, but I need to confirm this. The use case: Some of our customers are very old school. They tend to find a technical solution and stick with it. As such, they do not update apps regularly on their field iPads. They generally only update when they are forced to. They use MDM to deploy the app, and would set the MDM not to pull updated apps from the app store when available, essentially keeping the same version of the app in use for as much as 3 years or more. If this were to happen, I need to know if the provisioning for the old version of the app will ever expire if they get it from the app store. I know with an enterprise deployment of .ipa files via MDM, the app provisioning/certificate will expire after 1 or 2 years (can't remember which atm), but I can't find an answer about app store provisioning. Hopefully someone can provide me with an answer on this forum. Thanks in advance, Mapguy

In an expo managed project which utilizes custom expo plugins, we're having trouble getting the keychain-access-groups entitlement inserted to our provisioningprofile for signing. The provisioning profile we download from apple dev portal contains: <key>keychain-access-groups</key> <array> <string>56APMZ7FZY.*</string> <string>com.apple.token</string> </array> and this is not recognized by xcode for signing; an error is thrown: Provisioning profile "ccpp" doesn't include the com.apple.developer.keychain-access-groups entitlement. A matching error is thrown during EAS build. So we need to find a way to modify the ccpp.mobileprovision locally and then sign the build using the modified ccpp.mobileprovision. Or, we need guidance on the proper way to resolve this situation. Questions: why does the downloaded mobileprovision file have the keychain-access-groups key, and not com.apple.developer.keychain-access-groups? Both Xcode and EAS appear to demand the latter keyname. when I use expo prebuild, I am able to see the following in the .entitlements file: <key>com.apple.developer.keychain-access-groups</key> <array> <string>$(AppIdentifierPrefix)com.myapp</string> </array> I am adding this entitlement using a custom expo plugin. However, the mobileprovision file downloaded from apple developer portal has no knowledge of this setting which is only applied through expo prebuild. So what I am left with at the end is an entitlements file generated by my expo prebuild which has the correct setting, and a provisioningprofile downloaded from dev portal with an incorrect setting, and I don't know how to mend the downloaded provisioningprofile (incorrect setting) with my local entitlements file (correct setting).

Backup and restore Personal IOS data to a Supervised device? We currently have around 200+ iPhone users that are using their devices as personal devices. We are planning on moving them to Intune using Automated Device Enrollment (Supervised). Is it any way possible to backup their devices, do a factory reset, enroll them in Intune, then restore the old data? Is it possible to do backup and restore in this situation? Is there an alternative way to restore the data back to a supervised device?

Hello! I'm suddenly having some difficulty debugging a Flutter-based app. When I run an app from VS Code, it launches Xcode and builds & installs the app on an iPhone running 18.1. However, once the app is installed on the phone, it disappears and in Xcode, a dialog appears with: Failed to install embedded profile for : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.) However, when I look at the provisioning profile being used, it seems to have the correct entitlement: I've also tried enabling automatic signing (instead of the current manual signing using match), as well as generating an adhoc profile and re-adding the device UDID in developers.apple.com. None of these have worked. This issue appeared within the past day or so and was working fine yesterday with no code changes, so I've been stumped. All my certs are relatively new and were issued within the past few months. I've tried regenerating the provisioning profiles using match, but this gives the same thing. What's odd is that I can run the build and upload to testflight, then download and install the app just fine through there. But this obviously makes debugging an issue.

Hey, I'm trying to update my old app that used DarkSky to WeatherKit, and struggling. I always get: ailed to generate jwt token for: com.apple.weatherkit.authservice with error: Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" This is regardless if I do it on my iPad, or in the simulator. I have done the following: Selected WeatherKit on the Capabilities and App Services tabs of the Identifier section on developer. Put it under signing and capabilities in XCode I've tried making a new provisioning profile, cleaning build folder, etc. Not sure what to do here. I suspect part of this problem is that I developed this app in 2018 and now I'm trying to update it. I am able to run the app on TestFlight, but not as an internal tester. Apple won't let me, so I have to add myself as an external tester. Thanks for any help you can provide!

Hi, We are developing software that configures a network extension via a system extension on MacOS. The host application (run as service) enables network extension and system extension capabilities. It registers the network extension. The network extension has network extension capabilities and configures an app-group to be bundled into the service. What we have built is already working, i.e. we build, sign, notarize and ship the code (it's already running on hundreds of SIP enabled customer devices in production). But, we are currently falling back to manual profile management (i.e. download and import the profile) so that Xcode accepts the entitlements suffixed with -systemextention. Recently we are testing deployment on iOS devices. For iOS profiles we cannot overcome the issues with setting the profile manually, XCode complains about mismatching networkextension entitlements even when manually importing the profile. So I thought I get to the bottom of why automated signing is not working and hopefully overcome the issues with iOS. Upon configuring automatic signing we ran into the following problem: For a network extension that is installed via a system extension the network extension capabilities are expected to be defined with a -systemextension suffix, i.e.: <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> <string>dns-settings</string> <string>relay</string> When using automated signing the profile in our development account reflects these settings, i.e. the profile is correctly generated with the values above. However, XCode complains that the network extension capabilities don't match. I went as far as to configuring a new application-ID so that XCode would generate a new profile in the development account. I then downloaded and decoded the generated profile. The capabilities of the development portal profile were created as expected (as above), but somehow, the locally generated profile that is generated by XCode auto-sign expects: <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>packet-tunnel-provider</string> <string>dns-proxy</string> <string>dns-settings</string> <string>relay</string> What XCode auto-sign expects is not reflected in the development account profile (!). I tried to overcome this by changing the entitlements of the project to omit the -systemextension suffix. XCode auto-sign seemingly works then, but once the application is actually signed by CodeSign the signing fails because the capabilities don't match with the development account profile. I tried profile re-generation by clearing Library/Developer/Xcode/UserData/Provisioning Profiles, but it always results in the same problem - either XCode is happy and the code signing fails when building, or the other way round. Bottom Line: I think that somehow XCode evaluates the profile validity differently from CodeSign; somehow when using automatic signing XCode does not take the network extension + system extension into account, but only expects the capabilities of the network extension. If anybody know how to overcome this problem please help :)

When connected to the company's internal network without accessing the Internet, can an IPA installation package be generated if the certificate files are imported in advance?

I'm trying to download a profile for a developer download for an app, but I get this error and can't install the profile. I've already registered the device and UDID and added it to the profile. Please let me know what I need to do.

Hi, I know my swiftui, but I'm completely new to macOS development. Using Xcode 16.2 I wrote a backup app that fits my needs. I got it to use iCloud Documents in its own container. It runs beautifully on my developing Mac. When I copy it over to my other Mac and try to open it, I just get a message that macOS can't open the app ("Das Programm kann nicht geöffnet werden") In terminal I get this message: "embedded provisioning profile not valid: file:///Users/niko/FlexBackup.app/Contents/embedded.provisionprofile error: Error Domain=CPProfileManager Code=-212 "Provisioning profile does not allow this device." I have "automatically manage signing" turned on and a Xcode Managed Profile. How can I run my app on all of y Macs?

Hi, I have an enterprise account, and i added the capability "main camera access" to my app. Although have an enterprise license and the entitlement is correctly setup, the inhouse provisioning profile that I am creating still says that the capabilities are missing. Not sure what i am missing here.

Hello, I am trying to distribute an app that is using the Enterprise entitlements for Vision OS. It is failing to upload to Test Flight because it says I have not the entitlements for the provisioning. This does not happen when deployed directly from Xcode. I can deploy to the headset and ha Is there anything I can do about it ? Part of the log below: 2025-01-10 17:02:06 +0000 Provisioning profile "iOS Team Store Provisioning Profile: com.appmr2.3d-Playbook" failed qualification checks: Profile doesn't support Main Camera Access and Passthrough in Screen Capture. Profile doesn't include the com.apple.developer.arkit.main-camera-access.allow and com.apple.developer.screen-capture.include-passthrough entitlements. 2025-01-10 17:02:06 +0000 2025-01-10 17:02:06 +0000 IDEProvisioningRepair(3d-Playbook.app): 2025-01-10 17:02:06 +0000 IDEProvisioningRepair(3d-Playbook.app): Using account <DVTAppleIDBasedDeveloperAccount: 0x600003cba400; username=''> for repair Thanks, Andres

After several years' lapse, I am coming back into app development for iPhone. Here's what I did: Renewed my membership to Apple developer I created a wildcard identifier, "me.joymaker.*" I created a certificate Using Xcode, I introduced my newest iPhone (a 12 mini) to Apple developer. Unlike my older models, this one has a UDID with a hyphen in it. To get it to take the UDID I had to remove the-and then paste the remaining continuous number into the field. But then it accepted it, and showed it back to me complete with hyphen. I created a development provisioning profile using that certificate and ID, checking the box that said "Select all", so that every device registered to my account was included. Using Xcode, I tried to upload the provisioning profile to the phone. OOPS. Xcode replies, "Failed to install one or more provisioning profiles on the device. Please ensure the provisioning profile is configured for this device." Yes, I am very that it was! There was an older identifier in the account, left over from years ago, named "XCode: Wildcard AppID", with an identifier of simply '*'. I tried building a provisioning profile with that one. Same results. Now what? How to diagnose, how to pursue this? BTW, although XCode sees this phone without difficulty, Music and Finder don’t. Relevant?? See this question for more details.

I have the same problem as this question: https://developer.apple.com/forums/thread/757605 "That indicates you’re using a unique App ID prefix. This is a legacy feature that’s not supported on macOS." Mine is a macOS App distributed in 2021, that now needs an update. It has always been under Xcode automatically managed signing with a Team. (Still have the project files from 2021: automatic) Now validating a new version gives me that error : Invalid Provisioning Profile. The provisioning profile included in the bundle com.*** [***.pkg/Payload/***.app] is invalid. [Invalid 'com.apple.application-identifier' entitlement value.] For more information, visit the macOS Developer Portal. (ID: ***) And even re-validating the old archive from 2021 gives me this error. I have looked at my Apple Id's on "Certificates, Identifiers & Profiles", and I can indeed see that this app has an "App ID Prefix" that is not my Team, but something I don't recognise. I can not make a new App ID Configuration for the bundle id I have been using: "An App ID with Identifier 'com..appname' is not available. Please enter a different string." Removing the existing App ID Config does not work either: The App ID '.com..' appears to be in use by the App Store, so it can not be removed at this time. So, I'm a bit stuck. (Help!)

I get the error message in Xcode signing certificate Provisioning profile "iOS Team Provisioning Profile: com.example.app" doesn't include the pushkit entitlement. I have push notifications ticked in my Identifier in the online developer account. There is no other dedicated pushkit capability available to select. Push notifications, time sensitive notifications and background mode-> voice over ip are added as capabilities in the Xcode project. The team provisioning profile for the app states under its enabled capabilities: both push notifications and time sensitive notifications. Is pushkit part of another capability that I need to select? I have read the guide below and it just says to add the push notification capability. https://developer.apple.com/documentation/pushkit/supporting-pushkit-notifications-in-your-app I have gone round and round in circles trying to get this profile to work for this, so any pointers would be much appreciated. Thanks

Hi, I am trying to make my app build on GitHub Action CI pipeline. App builds fine on xcode on my mac. For CI I am using command line xcode. I am getting following error: No profiles for 'com.snslocation.electricians-now' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'com.snslocation.electricians-now'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target 'myapp' from project 'myapp') You can see full log of the build here: https://github.com/nbulatovi/ElectriciansNow/actions/runs/12603115423/job/35127512689 The provisioning profile is present, and verified in the previous steps in the pipeline, however xcode refuses to find it. If I add -allowProvisioningUpdates error stays. I tried manually mapping app id to profile name. Is there a way to get any debug log from xcode profile search, to see why is it not picking up the correct profile? Or can you maybe help in some other way? xcode version is 15.4, iOS SDK 17.5