Missing Entitlement. The bundle ... is missing entitlement 'com.apple.developer.networking.networkextension'."

Code Signing Entitlements
thehardo OP
Created Jan ’24
Replies 8
Boosts 0
Views 2.9k
Participants 4

Hello everyone, I'm encountering an issue while trying to publish an app on TestFlight. The app in question is Home Assistant, which I've compiled from the source. I am able to compile and install the app on my device without any problems. My company's developer account is properly configured, and I have set Xcode to automatically manage the provisioning profile. The archive is also created successfully, but when I attempt to upload it to Apple Store Connect for testing via TestFlight, I receive the following error: ERROR: [ContentDelivery.Uploader] Asset validation failed (90525) Missing Entitlement. The bundle 'Home Assistant.app/PlugIns/HomeAssistant-Extensions-PushProvider.appex' is missing entitlement 'com.apple.developer.networking.networkextension'. (ID: ceac6dcc-9c76-412e-8ea7-f2d2845f8013) I've made several attempts to resolve this issue to no avail. For instance, if I add the missing capability manually, then I am informed that the provisioning profile is incorrect. However, checking the network extension settings on my company's dev account, I see nothing related to push notifications, which are located elsewhere. Thus, I am stuck in a loop where either the provisioning file is correct but the entitlement is missing, or if the entitlement is present, then the provisioning profile is deemed incorrect.

URL:https://contentdelivery.itunes.apple.com
 status code: 409 (conflict)
    httpBody: {
  "errors" : [ {
    "id" : "ceac6dcc-9c76-412e-8ea7-f2d2845f8013",
    "status" : "409",
    "code" : "STATE_ERROR.VALIDATION_ERROR.90525",
    "title" : "Asset validation failed",
    "detail" : "Missing Entitlement. The bundle 'Home Assistant.app/PlugIns/HomeAssistant-Extensions-PushProvider.appex' is missing entitlement 'com.apple.developer.networking.networkextension'."
  }, {
    "id" : "9ff2143b-3c00-4912-b59f-8342fa6fe5c0",
    "status" : "409",
    "code" : "STATE_ERROR.VALIDATION_ERROR.90525",
    "title" : "Asset validation failed",
    "detail" : "Missing Entitlement. The bundle 'Home Assistant.app' is missing entitlement 'com.apple.developer.networking.networkextension'."
  } ]
}
=======================================
2024-01-10 23:19:35.506 ERROR: [ContentDelivery.Uploader] Asset validation failed (90525) Missing Entitlement. The bundle 'Home Assistant.app/PlugIns/HomeAssistant-Extensions-PushProvider.appex' is missing entitlement 'com.apple.developer.networking.networkextension'. (ID: ceac6dcc-9c76-412e-8ea7-f2d2845f8013)
2024-01-10 23:19:35.506 DEBUG: [ContentDelivery.Uploader] Error Domain=ContentDelivery Code=90525 "Asset validation failed" UserInfo={NSLocalizedFailureReason=Missing Entitlement. The bundle 'Home Assistant.app/PlugIns/HomeAssistant-Extensions-PushProvider.appex' is missing entitlement 'com.apple.developer.networking.networkextension'. (ID: ceac6dcc-9c76-412e-8ea7-f2d2845f8013), NSUnderlyingError=0x6000022b6430 {Error Domain=IrisAPI Code=-19241 "Asset validation failed" UserInfo={status=409, detail=Missing Entitlement. The bundle 'Home Assistant.app/PlugIns/HomeAssistant-Extensions-PushProvider.appex' is missing entitlement 'com.apple.developer.networking.networkextension'., id=ceac6dcc-9c76-412e-8ea7-f2d2845f8013, code=STATE_ERROR.VALIDATION_ERROR.90525, title=Asset validation failed, NSLocalizedFailureReason=Missing Entitlement. The bundle 'Home Assistant.app/PlugIns/HomeAssistant-Extensions-PushProvider.appex' is missing entitlement 'com.apple.developer.networking.networkextension'., NSLocalizedDescription=Asset validation failed}}, iris-code=STATE_ERROR.VALIDATION_ERROR.90525, NSLocalizedDescription=Asset validation failed}
2024-01-10 23:19:35.507 ERROR: [ContentDelivery.Uploader] Asset validation failed (90525) Missing Entitlement. The bundle 'Home Assistant.app' is missing entitlement 'com.apple.developer.networking.networkextension'. (ID: 9ff2143b-3c00-4912-b59f-8342fa6fe5c0)
2024-01-10 23:19:35.507 DEBUG: [ContentDelivery.Uploader] Error Domain=ContentDelivery Code=90525 "Asset validation failed" UserInfo={NSLocalizedFailureReason=Missing Entitlement. The bundle 'Home Assistant.app' is missing entitlement 'com.apple.developer.networking.networkextension'. (ID: 9ff2143b-3c00-4912-b59f-8342fa6fe5c0), NSUnderlyingError=0x6000022b6640 {Error Domain=IrisAPI Code=-19241 "Asset validation failed" UserInfo={status=409, detail=Missing Entitlement. The bundle 'Home Assistant.app' is missing entitlement 'com.apple.developer.networking.networkextension'., id=9ff2143b-3c00-4912-b59f-8342fa6fe5c0, code=STATE_ERROR.VALIDATION_ERROR.90525, title=Asset validation failed, NSLocalizedFailureReason=Missing Entitlement. The bundle 'Home Assistant.app' is missing entitlement 'com.apple.developer.networking.networkextension'., NSLocalizedDescription=Asset validation failed}}, iris-code=STATE_ERROR.VALIDATION_ERROR.90525, NSLocalizedDescription=Asset validation failed}
2024-01-10 23:19:35.507 DEBUG: [ContentDelivery.Uploader] swinfo errors: (
    "Error Domain=ContentDelivery Code=90525 \"Asset validation failed\" UserInfo={NSLocalizedFailureReason=Missing Entitlement. The bundle 'Home Assistant.app/PlugIns/HomeAssistant-Extensions-PushProvider.appex' is missing entitlement 'com.apple.developer.networking.networkextension'. (ID: ceac6dcc-9c76-412e-8ea7-f2d2845f8013), NSUnderlyingError=0x6000022b6430 {Error Domain=IrisAPI Code=-19241 \"Asset validation failed\" UserInfo={status=409, detail=Missing Entitlement. The bundle 'Home Assistant.app/PlugIns/HomeAssistant-Extensions-PushProvider.appex' is missing entitlement 'com.apple.developer.networking.networkextension'., id=ceac6dcc-9c76-412e-8ea7-f2d2845f8013, code=STATE_ERROR.VALIDATION_ERROR.90525, title=Asset validation failed, NSLocalizedFailureReason=Missing Entitlement. The bundle 'Home Assistant.app/PlugIns/HomeAssistant-Extensions-PushProvider.appex' is missing entitlement 'com.apple.developer.networking.networkextension'., NSLocalizedDescription=Asset validation failed}}, iris-code=STATE_ERROR.VALIDATION_ERROR.90525, NSLocalizedDescription=Asset validation failed}",
    "Error Domain=ContentDelivery Code=90525 \"Asset validation failed\" UserInfo={NSLocalizedFailureReason=Missing Entitlement. The bundle 'Home Assistant.app' is missing entitlement 'com.apple.developer.networking.networkextension'. (ID: 9ff2143b-3c00-4912-b59f-8342fa6fe5c0), NSUnderlyingError=0x6000022b6640 {Error Domain=IrisAPI Code=-19241 \"Asset validation failed\" UserInfo={status=409, detail=Missing Entitlement. The bundle 'Home Assistant.app' is missing entitlement 'com.apple.developer.networking.networkextension'., id=9ff2143b-3c00-4912-b59f-8342fa6fe5c0, code=STATE_ERROR.VALIDATION_ERROR.90525, title=Asset validation failed, NSLocalizedFailureReason=Missing Entitlement. The bundle 'Home Assistant.app' is missing entitlement 'com.apple.developer.networking.networkextension'., NSLocalizedDescription=Asset validation failed}}, iris-code=STATE_ERROR.VALIDATION_ERROR.90525, NSLocalizedDescription=Asset validation failed}"
)
Replies  8
Boosts  0
Views  2.9k
Participants  4
DTS Engineer OP
Apple
Jan ’24

The name HomeAssistant-Extensions-PushProvider.appex suggests you’re building an app push provider, as documented in Local Push Connectivity. Is that right?

If so, such providers need a app-push-provider entry in their com.apple.developer.networking.networkextension entitlement. Access to that specific value has to be granted by Apple. Have you applied for, and been granted access to, that value?

IMPORTANT The NE entitlement works differently than most other entitlements in that it’s not a simple Boolean. Rather, the entitlement is an array, where each array entry claims a specific NE provider type. Each entry that you claim must be authorised by a corresponding entry in your provisioning profile. Originally you had to apply to Apple to use any of these values, but in 2016 we changed that (see Network Extension Framework Entitlements). You now only have to apply for access if you’re using specific values. IIRC app-push-provider is the only one that falls into that category.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
thehardo OP
Jan ’24

Thank you very much for your response.

I'm still encountering the same issue and would like to ensure that I'm not making any mistakes.

I have set the Network Extensions in the Apple Developer Identity section.

Then I found these two configuration files for the Entitlements:

App-ios.entitlements

Extension-ios.entitlements

I added the following lines to both files:

<key>com.apple.developer.networking.networkextension</key>
<array>
   <string>app-push-provider</string>
</array>

Then, I cleaned the project (Product -> Clean) and archived it (Product -> Archive). The build succeeds as shown in the screenshot below:

When I click on "Distribute", I encounter the same two errors again.

I'm at a loss to understand what's wrong.

0
DTS Engineer OP
Apple
Jan ’24

Earlier I wrote:

Have you applied for, and been granted access to, that [app-push-provider] value?

You didn’t reply to that question, and the answer to that is pretty critical as to how you should move forward here.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
thehardo OP
Jan ’24

Actually I don’t know what you mean.

I cannot find app-push-provider in the portal.

I added app-push-provider in the two entitlements files.

The problem can be there. Can you point me to the right section of the dev portal?

Thanks!

0
Scott OP
Jan ’24

Can you point me to the right section of the dev portal?

Please review again the information at Local Push Connectivity, particularly the box labeled Important.

0
thehardo OP
2w

I keep getting rejected when I ask for permission to use the API.

Describe your app and how it will use the Local Push Connectivity API.

Smartotum is a home‑automation console for on‑premises gateways that control a professional intrusion alarm and a VoIP video intercom. On restricted local networks with no WAN route, Smartotum uses Apple’s Local Push Connectivity via an App Extension (NEAppPushProvider). The extension is activated only on whitelisted SSIDs and maintains a persistent, TLS‑secured connection to the on‑prem gateway to receive two types of time‑critical events: security alarm triggers and intercom calls. For alarm events, the extension posts local notifications to alert the user immediately while the device is on the restricted SSID. For intercom, the extension reports the incoming call to the system, and the containing app presents the CallKit UI, per Apple’s model for VoIP calls. Outside of those SSIDs, Local Push is disabled; the app uses APNs / PushKit on networks where APNs are available. The entitlement will not be used for marketing, analytics, or any non‑essential traffic.

Describe the isolated network environment in which your app is used.

Deployments provide a dedicated Wi‑Fi SSID with no Internet connectivity (no route to APNs by design). The gateway broadcasts this SSID solely for local automation and intercom services. The app configures NEAppPushManager.matchSSIDs with only these SSIDs so that the provider extension runs exclusively on those networks; when the device leaves them, the system stops the extension. This satisfies the Local Push requirement that notifications be delivered on networks isolated from APNs. We apply the entitlement to both the app target and the provider extension, as Apple requires.

Explain why PushKit is not a solution for your app. PushKit depends on APNs' reachability. In our restricted deployments, the SSIDs intentionally have no WAN path, so APNs—and therefore PushKit—cannot function. Local Push Connectivity is the only compliant mechanism that allows the gateway to wake the app and deliver time‑critical alarm and VoIP intercom events on these offline networks. When the device is connected to any network with Internet connectivity, Smartotum does not use Local Push; it reverts to APNs/PushKit and reports calls through CallKit, consistent with Apple guidance to prefer APNs where available.

I tried to explain in different ways why I need it, but the reply is always:

Hi,

After reviewing your request, the engineering team has declined your request.

This API is intended to replace APNS for VoIP and other communication apps that are designed to operate in environments where APNS cannot function.

Best Regards, Apple Developer Relations

So the situation is like: we forked Home Assistant and added some features. The mainstream app has the local push notifications, we need it because in case of internet shortage, the user is not receiving critical push notifications for the alarm system and/or the VoIP video intercom.

Could someone help me get the local push notification API?

0
DTS Engineer OP
Apple
2w

Could someone help me get the local push notification API?

No, I don't think that will be possible. Expanding on what was described here:

After reviewing your request, the engineering team has declined your request. This API is intended to replace APNS for VoIP and other communication apps that are designed to operate in environments where APNS cannot function.

The point of local push connectivity was specifically to support VoIP and other communication apps operating in "inherently" isolated environments. The canonical example here is "cruise ships", which often have very high-quality Wi-Fi infrastructure and EXTREMELY poor internet connectivity, assuming any is available at all. It was never intended to support more "general" connectivity use cases (like IoT) or be used in broader environments where PushKit could work.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

0
thehardo OP
2w

But the official Home Assistant app has this API. I can see it in the open source code released on GitHub. So I am wondering how their devs were able to have it granted. I forked their app; the use case is the same.

0
Missing Entitlement. The bundle ... is missing entitlement 'com.apple.developer.networking.networkextension'."
First post date Last post date
 
 
Q