Cannot update iPad app via MDM (jamf)

Hi all,

We deploy custom iOS/ipadOS apps to our iPads via jamf cloud. The apps are add-hoc releases using our distribution profile that includes all the iPads UUID. We then upload the apps to jamf and from there send it to our iPads.

When we deploy new versions of existing apps, we ran into issues where jamf would not update the app. After checking the iPad logs on the console, we found the follow errors that occurs every time jamf tries to push the new app:

default	12:47:03.239756-0700	dmd	container_acquire_sandbox_extension: success
default	12:47:03.239780-0700	dmd	container_acquire_sandbox_extension com.myCompany.myApp succeeded for path '/private/var/mobile/Containers/Data/Application/93DBC421-803E-48B5-B704-429908066041'
error	12:47:03.240395-0700	cfprefsd	rejecting read of { com.myCompany.myApp, mobile, kCFPreferencesCurrentHost, /Library/Managed Preferences/mobile/com.myCompany.myApp.plist, managed: 1 } from process 122 (dmd) because accessing these preferences requires user-preference-read or file-read-data sandbox access
fault	12:47:03.240600-0700	dmd	Couldn't read values in CFPrefsManagedSource<0xda8a2c9a0> (Domain: com.myCompany.myApp, User: kCFPreferencesCurrentUser, ByHost: Yes, Container: (null), Contents Need Refresh: Yes): accessing these preferences requires user-preference-read or file-read-data sandbox access
default	12:47:03.240695-0700	dmd	Revoking sandbox extension; key = 43

It seems as if the MDM process cannot update the app because of missing entitlements? Weird enough, this does not happen on all our iPads, only on a subset and we have not found the pattern yet to narrow down what the issue is.

We reached out to jamf but they claim the issue is with our app. But we can't really figure out what we would have to do to our app to let the MDM process update it.

When searching for this on google we found some related issues for macOS apps but nothing for iOS/ipadOS. Any hints or pointers what the issue with our app could be? Thanks!