Hello, I'm currently trying to upload a new version of an existing application. But each time I try to validate the archive of the application, I got the following error in Xcode (v16.2) :
Invalid code signing entitlements. Your application bundle’s signature contains code signing entitlements that aren’t supported on macOS. Specifically, the “37CG5MY799.com.example.app” value for the com.apple.application-identifier key in “com.example.app.pkg/Payload/app.app/Contents/MacOS/app” isn’t supported. This value should be a string that starts with your Team ID, followed by a dot (“.”), followed by the bundle ID.
I suspect that there is a problem with the App ID Prefix (that is 37CG5MY799 for the app) when our team ID is E4R7RJ7LA3 but I cannot find a solution.
I asked the Apple Developer Support for help and I have read the documentation they sent but it couldn't solve this problem so they redirected me to the forums.
https://developer.apple.com/library/archive/qa/qa1879/_index.html
There isn't any obvious App ID Prefix mismatch in the entitlement between the Application's signature entitlement and the Embedded provisioning profile entitlement .
Application's signature entitlement :
<dict>
<key>com.apple.application-identifier</key>
<string>37CG5MY799.com.example.app</string>
<key>com.apple.developer.team-identifier</key>
<string>E4R7RJ7LA3</string>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.example.app</string>
</array>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
</dict>
Embedded provisioning profile entitlement :
<dict>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.example.app</string>
<string>E4R7RJ7LA3.*</string>
</array>
<key>com.apple.application-identifier</key>
<string>37CG5MY799.com.example.app</string>
<key>keychain-access-groups</key>
<array>
<string>37CG5MY799.*</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>E4R7RJ7LA3</string>
</dict>
The app also have a browser extension that correctly use the Team ID.
How to solve this problem ?
Thanks for your time, Qeg
I suspect that there is a problem with the App ID Prefix (that is 37CG5MY799 for the app) when our team ID is E4R7RJ7LA3
Right. Unique App ID prefixes are not supported on the Mac [1] and, AFAIK, they never have been.
I'm currently trying to upload a new version of an existing application.
It’s hard to say anything for sure without know which App ID we’re talking about, but I usually see this problem in one of two cases:
- When someone tries to take an iOS app with a unique App ID prefix and create a Mac Catalyst version.
- When someone tries to replace a Mac-specific app with an universal app.
The canonical fix for this is to switch the iOS app to using your Team ID as its App ID prefix. This resolves this problem and is a good idea in general. Specifically, it allows you to share more resources, like keychain access groups, between the various apps in your team.
IMPORTANT Changing your App ID prefix can have some serious consequences. The one I’m most familiar with is keychain access, as explained in App ID Prefix Change and Keychain Access.
If you decide to move away from your unique App ID prefix, Apple Developer Program Support can help you with that. Start at Apple > Developer > Contact Us.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Well, aren’t supported for Mac apps. They work for iOS apps that you run via the iOS Apps on Mac feature.