(I posted this in the "Distribution >> App Submission and Review" forum 2 days ago but it has not received a response. Trying here...)I had to rebuild my iMac a few months ago and I restored from my Time Machine backup.I now need to make a change to an app but what used to compile without error is now failing at the codesign step with:Signing Identity: "-"As far as I can see, all of the account profiles are valid with expiry dates in the future. The only 'odd' thing is that some have a 'Download' button in the 'Action' column of the 'Provisioning Profiles' seciotn of the account details - when I select the "Download All Profiles" button, they turn grey but never seem to download or disappear (even after aiting for several hours!). Looking at the 'developer' web page, all of my certificates and provisioning profiles are all active.Any ideas welcomedThanksSusan

Hi,my apps run on the iOSSimulator without problems and used to run on devices as well, but after updating to latest XCode-Version I am getting the above error message when trying to run an app on my iPhone 7. It says :"codesign wants to access key "access" in your bunch of keys . To allow this enter your password".... but my apple-Developer-ID-Password doesn't work. And until updating to latest XCode-Version I never had any problems with codesign when running an app on iPhone device.Any hints what's going wrong ?XCode Version 9.1 (9B55)iOS Version 11.1.2 (15B202)Latest High Sierra Version, macbook Pro 2015

Hello,I am new to ios development. On the internet I have found tutorials how to create a free (restricted) developer account however in this tutorials there are different descriptions how to register an iOS device with the acount in xcode in order to install apps that I develop.Is there any official tutorial from apple how to do this?Or can some member of Apple staff confirm that this tutorial https://developer.xamarin.com/guides/ios/getting_started/installation/device_provisioning/free-provisioning/ work for Xcode version 9.2, please?Thanks in advancePetra

I have tried everything and still I am getting this. Just for a test I created a new app (Master-Detail template Xcode 11.5) I have created an entry in the iTunes Connect to receive the app upon archiving and uploading. I regenerated all new certificates for iOS Development and Distribution. I created all new Provisioning profiles. The Dev profile builds deploys and runs on my device The Dist profile builds but when I select the distribution profile I get the "Profile doesn't include the com.apple.application-identifier entitlement." error. When I download the profile within Xcode all looks good for the distribution profile: App ID: matches correctly Certificated: 1 Included includes the new signing certificate "iPhone Distribution...." Capabilities: 3 Included Includes Game Center, In-App Purchase, and Keychain Sharing Entitlements: 5 Included Includes application-identifier, keychain-access-groups, beta-reports-active, get-task-allow, and com.apple.developer.team-identifier. Im not sure what is going on. This is a standard process I have performed for quite a while. As a matter of fact I just submitted 3 applications last Sunday. Thank you for any suggestions.

To support an older version of an iOS app, I needed to install Mojave with Xcode 9. I create a CSR and from there generate an iOS Distribution certificate online, which I download and double click to install in Keychain. However, when viewing in Keychain, it shows in red "iPhone Distribution: CompanyName certificate is not trusted". I'm not sure what I'm doing wrong as I follow the instructions to the T and have done this in the past with success. NOTE: I tried this with Sierra as well and got the same issue. It only seems to work on Catalina, which doesn't help me because I need an older version of Xcode.

I am trying to implement sign in with apple with firebase. I cannot get around an issue where I get the following error when attempting a sign in: When running: Auth.auth().signIn(with: credential) { (authResult, error) in I get: nil credential = OAuthProvider.credential Optional(Error Domain=FIRAuthErrorDomain Code=17004 "The audience in ID Token [com.name.app] does not match the expected audience." UserInfo={NSLocalizedDescription=The audience in ID Token [com.name.app] does not match the expected audience., FIRAuthErrorUserInfoNameKey=ERROR_INVALID_CREDENTIAL}) Optional("The audience in ID Token [com.name.app] does not match the expected audience.") I have added my URL as stated on firebase to my identifier. To complete set up, add this authorization callback URL to your app configuration in the Apple Developer Console. Additional steps may be needed to verify ownership of this web domain to Apple.  More code: func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {   if let appleIDCredential = authorization.credential as? ASAuthorizationAppleIDCredential {    guard let nonce = currentNonce else {     fatalError("Invalid state: A login callback was received, but no login request was sent.")    }    guard let appleIDToken = appleIDCredential.identityToken else {     print("Unable to fetch identity token")     return    }    guard let idTokenString = String(data: appleIDToken, encoding: .utf8) else {     print("Unable to serialize token string from data: \(appleIDToken.debugDescription)")     return    }           print("credential = OAuthProvider.credential")    // Initialize a Firebase credential.    let credential = OAuthProvider.credential(withProviderID: "apple.com",                         idToken: idTokenString,                       rawNonce: nonce)     //Auth.auth().createUser(withEmail: T##String, password: T##String, completion: T##AuthDataResultCallback?##AuthDataResultCallback?##(AuthDataResult?, Error?) -> Void)    // Sign in with Firebase.    Auth.auth().signIn(with: credential) { (authResult, error) in           print(Auth.auth().currentUser?.uid ," credential = OAuthProvider.credential ", error)

I'm trying to generate a Pass Type certificate. In my request, I specifically specify the hash type as Sha256. However, when upload the request file, and generate the certificate on the apple developer site, the cer file states it is SHA1 (which has been depreciated). Any help would be greatly appreciated.

I would like to know on a mdm managed supervised device, how to force use Safari if a user has non-safari browser set as default. can enforcing safari for a domain or web clip be done? even shortcuts now, when using safari it opens whatever is set as default browser. Ironically if same simple shortcut of open URL with Chrome is created it opens with Chrome, regardless if default browser is set to firefox for example this default browser setting is great for personal use but cause issues now for corporate use for me anybody else figure this out? Also affects certificates for our managed devices

How to delete certificates from "Certificates, Identifiers & Profiles?" I have a new Mac and need to create new certificate for it but there is no option of deleting or editing of the existing certificates. When trying to add a new one the option is greyed out with the following commend: Developer ID Application This certificate is used to code sign your app for distribution outside of the Mac App Store. Maximum number of certificates generated.

I am trying to compile Xcode project on an online platform Bitrise. I am facing issue with sign in and provisioning .. after trying 4-5 days I am approaching you. Please solve this. ❌ error: No profiles for 'my app bundle id' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'my app bundle id'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target 'myapp-Development' from project 'myapp') How to enable this "allowProvisioningUpdates" also why it is too difficult to do such processes with apple development.. I tried for android and it compiled successfully in a single attempt. please help.

In my certificate list, I see a certificate type called “iOS Distribution Managed”. What is the difference between this and “iOS Distribution”? It's kind of automatic. I don't remember creating it

Xcode version : 14.0 Beta 3 macOS version : 13 Beta 3(22A5295i) Hi, I'm signing the DriverKit in Developer ID Application type profile with Developer ID Application (With Kext) type certificate on Xcode. But status shows error with"Xcode 14 and later requires a DriverKit development profile enabled for IOS and macOS.Visit the developer website to create or download a DriverKit profile" I have downloaded all profiles and Certificates to my Mac and installed all of them, then checked the website. I'm wondering what's different between "Development type" & "Developer ID Application type" profile ? and the reason why "2022-07-22 14:41:54.162815+0800 0x22ee2    Error       0x0                  138    0    kernelmanagerd: Error occurred while handling request "DextLaunch(arguments: Optional(["Driver Extension Server Name": com.asix.dext.usbdevice, "Check In Token": 371, "Driver Extension Server Tag": 4294975444, "CFBundleIdentifier": com.asix.dext.usbdevice, "DriverKit Reslide Shared Cache": 0, "kOSBundleDextUniqueIdentifier": <222f1e51 f5e890f7 b467c2a0 da761dbd 9b14dc5f 1bf56ff6 4eeab6b2 fed9683c>]))": Error Domain=NSPOSIXErrorDomain Code=8 "Exec format error" error code show on when I starting the app. I'll appreciate that someone can give me some idea or suggestions. Thanks a lot.

Hello. I have an iOS app written in Xamarin, but this issue is not related to Xamarin or Visual Studio. I am trying to deploy my xamarin app onto an iOS device, but I am unable to get the iOS device to install the provisioning profile via Xcode. I work at a company with a decent variety of test devices and the result seems to be the same from iPads to iPods to iPhones of various ages. I have created a certificate and a provisioning profile. The certificate is associated with the provisioning profile on the developer portal. I have imported the certificate (including private keys) into my login keychain on MacOS. I have the .mobileprovision file downloaded to the machine. I am signed into Xcode with my apple developer account. In Xcode, i went to Window > Devices and Simulators and selected my device. I right clicked my device and selected "Show Provisioning Profiles". I clicked the plus and chose my .mobileprovision file. I get the same error on every device: Failed to install one or more provisioning profiles on the device. Please ensure the provisioning profile is configured for this device. If not, please try to generate a new profile.| this is an incredibly vague and unhelpful error. I'm not really sure what it means by "configured for this device". Not sure where to go from here

I am trying to sign a Java application, packaged in a disk image, via jpackage, invoked via Ant (so no XCode anywhere). The packaging itself works fine, but I am having trouble figuring out the signing parameters. In particular, it seems I will have to provide a parameter --mac-signing-key-user-name What value should I give to this parameter? I have an Apple Developer Account (well, obviously...), I have generated a certificate and quite a few other things, but I am confused as to what the "signing-key-user-name" should be. The error message I currently get from jpackage is: No certificate found matching [...] using keychain [] I am on MAC OS 12.6 and JDK 17. Any help would be greatly appreciated.

I got an email from Apple, "Your Developer ID Installer Certificate will no longer be valid in 30 days". So I went to my certificates page on developer.apple.com, and I see the attached photo. Basically, yes, I have a Developer ID Installer Certificate that expires 2023/07/01; but I also have one that expires 2025/12/08, and one that expires 2026/01/09, and one that expires 2026/12/15, and another that expires 2026/12/16! Why do I have all these certificates? I have no idea. There is a "+" button to add a new one; but given that I already seem to have ones that won't expire for several more years, do I need to? There does not seem to be a "-" button, or any way to clear out this cruft. I then recalled that perhaps I have managed my certificates in Xcode in the past, not on this page (or maybe I have done both, at different times?). So I went to Xcode, and things seem to be rather a mess there too, but in a different way (second image attached). Here, I seem to have lots of stale certificates that are in gray and say "Not in Keychain" – how do I clear those out? Again there does not seem to be a "-" button. And the newer ones that I saw on developer.apple.com do not seem to be listed here, maybe – it's hard to compare, though, because on developer.apple.com it shows the expiration date but not creation date, whereas in Xcode it shows creation date but not expiration date. What should I do? Note that I am not a member of multiple different teams, or anything like that; I'm a solo developer. This stuff is really confusing and does not seem to be well-documented anywhere that I have found. Am I just being dense?

After many days hard slog I have migrated my Flutter mobile app onto macos and installed everything I need, ran the iOS simulator and tested - all good! No when I try to build, Xcode complains it cannot locate my provisioning profile and therefore cannot create a provisioning profile. The BundleId (and Team) are set up in the app store and valid - but everytime I run the Signing & Capabilities within Xcode/Runner it errors with "no profiles for.." were found - Xcode couldn't find any iOS App Development profiles - when it is clearly there Help!!

I'm trying to export a Mac app from Organizer. It always used to work. I suddenly get a strange error relating to a Game Center entitlement missing from the provisioning profile. "Profile doesn't support Game Center. Profile doesn't include the com.apple.developer.game-center entitlement. Profile qualification is using entitlement definitions that may be out of date. Connect to network to update." I have tried re-downloading the profile. I also tried generating a brand new profile. The problem persists. The app does NOT have Game Center entitlement in its entitlements file. Furthermore there is no option when generating a profile to specify whether or not game center is included — and indeed the web site claims the profile does include Game Center. Why would the export need game center entitlement? Complely stuck. Possibly an Xcode bug?? Any help appreciated. Xcode 14.3.1 on macOS 13.4 Error screenshot: Entitlements requested: Profile info:

Hello! I am having trouble with a Developer ID Application certificate that I have clearly added to the Keychain with Keychain Access not being recognized by codesign or DMG Canvas. Here is the command that DMG Canvas uses to see if there are any certificates for signing: $ /usr/bin/security find-identity -p codesigning Policy: Code Signing Matching identities 0 identities found Valid identities only 0 valid identities found This shows that no certificates are found but there definitely are some. I installed this cert to both the System and login keychains, I tried to the Local Items keychain but this failed with an error I will display below. This image (names redacted) clearly shows the certs are there, valid, and not expired (behind the error) and also shows the error popup for when I try to add the cert to the Local Items keychain: Essentially I am asking why does Keychain Access say that I have the certificates but nothing can find it in order to sign applications. Thank you!

I regularly come across Mac developers who have an app in the Mac App Store but are unable to submit it to TestFlight. This post explains a common cause of that problem. If you have any questions or comments about this, start a new thread and tag it with Provisioning Profiles and TestFlight so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" TestFlight, Provisioning Profiles, and the Mac App Store A provisioning profile authorises a device to run your app. For historical reasons, not all Mac apps need a provisioning profile. A Mac app only needs a profile if it uses a restricted entitlement, that is, an entitlement that must be authorised by a profile. For more background on this, see TN3125 Inside Code Signing: Provisioning Profiles and, specifically, its Entitlements on macOS section. IMPORTANT Your Mac App Store apps must be signed with the App Sandbox Entitlement, but that entitlement is unrestricted. This means that many Mac App Store apps ship without a provisioning profile, and that’s absolutely fine. However, these apps run into problems with TestFlight. To submit an app to TestFlight, it must have a provisioning profile. If you attempt to submit an app without a profile to TestFlight, it’ll fail with an error like this: ITMS-90889: Cannot be used with TestFlight because the bundle at 'MyApp.app' is missing a provisioning profile. Main bundles are expected to have provisioning profiles in order to be eligible for TestFlight. The fix is to give your app a profile. How you do this depends on how you build your app. Fix an app built with Xcode If you build your app with Xcode, the fix is relatively straightforward: Sign your app with a restricted entitlement. This causes Xcode’s code signing machinery to kick in. If you have automatic code signing enable, Xcode will sort this all out for you. If you use manual signing, Xcode will highlight the problems you need to solve. A good restricted entitlement to use is the Keychain Access Groups Entitlement. Enable this by adding Keychain Sharing to the Signing & Capabilities editor for your app. You have two options here: Leave the Keychain Groups list empty. This will fix this problem while having no effect on any keychain code in your app. Use this as an opportunity to switch to the data protection keychain. In this case you might want to add one or more keychain access groups. For an explanation as to why you might want to switch to using the data protection keychain, see TN3137 On Mac keychain APIs and implementations. For more information about keychain access groups, see Sharing Access to Keychain Items Among a Collection of Apps Fix an app built outside of Xcode If you don’t use Xcode to build your app: Use Developer > Account > Identifiers to create an App ID for your app. Remember that your App ID is the combination of an App ID prefix and your app’s bundle ID. For new App IDs, use your Team ID as the App ID prefix. Use Developer > Account > Profiles to create a macOS App Development provisioning profile for that App ID. Use Developer > Account > Profiles to create a Mac App Store distribution provisioning profile for that App ID. Update your build system to embed a provisioning profile into your app. Use the profile from step 2 for development-signed builds and the one from step 3 for distribution-signed builds. For information about where to place the profile, see Placing Content in a Bundle. Add the following to your .entitlements: A com.apple.application-identifier property whose value is your App ID A com.apple.developer.team-identifier property whose value is your Team ID Build your app and check your work by dumping the entitlements claimed by your app and the entitlements authorised by your provisioning profile. For the specific commands to use, see TN3125 Inside Code Signing: Provisioning Profiles. WARNING In step 1, if your team has any unique App ID prefixes registered, the Developer website might default to using one of those legacy values rather than your Team ID (r. 70571514). If the App ID Prefix value is a popup, select your Team ID from the list. If the App ID value is a read-only copy of your Team ID, your team has no unique App ID prefixes, and so the Developer website always uses your Team ID as the App ID prefix. IMPORTANT In step 5, make sure that your .entitlements file is only applied to the app itself, not to any nested code. For more on this, see the Entitlements and Nested Code section below. Historically you might have been able to get away with using single .entitlements file for all your code. Once you start adding restricted entitlements, like com.apple.application-identifier, this bad practice will cause problems. For general information about how to sign and package apps outside of Xcode, see Creating Distribution-Signed Code for Mac and Packaging Mac Software for Distribution. Entitlements and Nested Code An App Store app might contain the following code; The app itself Nested libraries, like a framework or a dynamic library Nested executables, like a helper tool or an app extension Step 5 in the previous section specifically refers to the entitlements of the main app. When it comes to nested code, the first case is easy: Never add entitlements to nested libraries. It doesn’t do anything useful and can prevent your code from running. The story with nested executables is more nuanced. To start, every nested executable must be signed with at least one entitlement because: All App Store executables must be sandboxed. You enable the App Sandbox with the com.apple.security.app-sandbox entitlement. In many cases a nested executable only needs unrestricted entitlements, like com.apple.security.app-sandbox and com.apple.security.inherit. In that case the nested code doesn’t need a provisioning profile. If a nested executable uses restricted entitlements, it needs a provisioning profile to authorise the use of those entitlements, and its own unique App ID to tie the executable to the profile. Place this profile in the nested executable’s bundle, according to the rules in Placing Content in a Bundle. IMPORTANT The nested code can’t ‘piggyback’ off the app’s provisioning profile. It needs its own profile with its own unique App ID. Revision History 2023-08-17 Added the Entitlements and Nested Code section. Made other minor editorial changes. 2023-07-17 First posted.

Hello Apple team, We're having a problem submitting one of our apps to TestFlight via Xcode Cloud. We have over 10 apps with the same codebase and all of them build successfully. However, one application fails to build in Xcode Cloud, although there is no problem with manual build. We would appreciate your help in resolving this situation. Can you please help us resolve this issue? We are ready to provide additional information or logs to clarify the causes of the error. Sincerely, Anton Babich Xcode Cloud Archive - iOS encountered a failure that caused the build to fail. Prepare Build for App Store Connect Invalid Signature. Code failed to satisfy specified code requirement(s). The file at path “moBiel Live.app/Frameworks/grpcpp.framework/grpcpp” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing. Prepare Build for App Store Connect Invalid Signature. Code failed to satisfy specified code requirement(s). The file at path “moBiel Live.app/Frameworks/Braintree.framework/Braintree” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing.