Provisioning Profiles

RSS for tag

A provisioning profile is a type of system profile used to launch one or more apps on devices and use certain services.

Posts under Provisioning Profiles tag

108 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

Code Signing Resources
General: DevForums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained DevForums post --deep Considered Harmful DevForums post Don’t Run App Store Distribution-Signed Code DevForums post Resolving errSecInternalComponent errors during code signing DevForums post Finding a Capability’s Distribution Restrictions DevForums post Signing code with a hardware-based code-signing identity DevForums post Mac code signing: DevForums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding Nonstandard Code Structures in a Bundle documentation Embedding a Command-Line Tool in a Sandboxed App documentation Signing a Daemon with a Restricted Entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example DevForums post The Care and Feeding of Developer ID DevForums post TestFlight, Provisioning Profiles, and the Mac App Store DevForums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"
0
0
14k
Feb ’24
Backup and restore Personal IOS data to Supervised device?
Backup and restore Personal IOS data to a Supervised device? We currently have around 200+ iPhone users that are using their devices as personal devices. We are planning on moving them to Intune using Automated Device Enrollment (Supervised). Is it any way possible to backup their devices, do a factory reset, enroll them in Intune, then restore the old data? Is it possible to do backup and restore in this situation? Is there an alternative way to restore the data back to a supervised device?
0
0
37
6h
TMS-91109: Invalid package contents - provisionprofile com.apple.quarantine set
I currently manually resign my application for distribution. Until recently I haven't had any issues with the provisioning profile which I place inside the bundle. However, I just got the following message from the store: ITMS-91109: Invalid package contents - The package contains one or more files with the com.apple.quarantine extended file attribute. The file it is referring to is: Contents/embedded.provisionprofile When I check the xattr on the provisionprofile I see the following line: com.apple.quarantine: 0081;675c6072;Chrome; So it seems like the provisionprofile I have downloaded from developer.apple.com has this attribute set. Any insights on how to properly deal with this submission issue?
0
1
191
1w
Cannot add provisioning profile for building to appstore
I’ve been having this issue recently while attempting to build my iOS app in VS for Mac. When both signing identity and provisioning profile are set to automatic and manual I get the following error: Apple distribution Not in keychain Even the Build machine is connected to Mac machine over network and both developer and distribution certificates are active in keychain
2
0
121
2w
Provisioning profile "iOS Team Provisioning Profile: com.X" doesn't include the com.apple.developer.cksharing entitlement.
Hey all - Been building my app and all has been going well with successful builds through to test flight. However, I have just added CKSharing support into the app and therefore into the entitlements to allow collaboration within the app. As soon as I have added this, I can no longer build due to a signing certificate error stating my provisioning profile just not allow for CKSharing... "Provisioning profile "iOS Team Provisioning Profile: com.MyApp" doesn't include the com.apple.developer.cksharing entitlement." However, iCloud is enabled within my app profile, and all other cloudkit features have worked up until adding that specific entitlement. Any help or guidance to get passed this would be greatly appreciated.
0
0
154
3w
Provisioning Profile attribute contains old ubiquity-kvstore-identifier value after App Transfer
Hi, we have received an Application via App Transfer recently. I am now trying to generate a provisioning profile for App Store distribution. When we set the checkmark in Capabilities to use "iCloud Key-value storage" we cannot get "automatically manage signing" to work with an error: Provisioning profile "iOS Team Provisioning Profile: com.some.bundle.identifier" doesn't match the entitlements file's value for the com.apple.developer.ubiquity-kvstore-identifier entitlement. When a Provisioning Profile is manually generated via Developer Portal the com.apple.developer.ubiquity-kvstore-identifier entry shows the value of the previous app owner: "OLDTEAM.com.some.bundle.identifier". How can we change the com.apple.developer.ubiquity-kvstore-identifier value in our provisioning profile to get rid of the old team identifier? Help is much appreciated, thank you. FB15898983
0
0
246
Nov ’24
What should I do when my Development or App Store certificates expire?
What should I do when my Development or App Store certificates in my developer account under Certificates, Identifiers & Profiles are almost expired or when the certificates are already expired? What should I do so that I can still use the certificates? What happens when the certificates expire and when I already have an application in the App Store?
2
0
209
Nov ’24
Not able to upload app to App Store Connect for TestFlight internal testing because of fall detection entitlements
I am developing a watchOS app that uses the uses the Fall Detection API. After requesting the entitlement, and receiving the entitlement and adding it to my app, I managed to implement the feature, and run the app on the simulator in Xcode and it works fine. But when I try to distribute the app to TestFlight internal testing, Xcode refuses and shows the following message: "Provisioning profile failed qualification: Profile doesn't support Fall Detection Notifications" and "Provisioning profile failed qualification: Profile doesn't include the com.apple.developer.health.fall-detection entitlement" I am using an Xcode managed provisioning profile, and when I checked the profile from "signing and capabilities", it says that the fall detection capability and the entitlement are included in the profile. When I check my app's capabilities from "Certificates, Identifiers & Profiles" in the apple developer website, it says that the fall detection capability for my app has provisioning support for Ad hoc and Development only, is this the reason why I can't upload my app to TestFlight, or am I missing something? If it is the reason, then is there a way to change the provisioning support so that I can distribute the app? Thanks in advance
1
0
316
Nov ’24
Pkg installation package uploaded to macstore email prompt ITMS-90296
Project Background: I developed a Mac project using Electron and VSCode Successfully uploaded the packaged pkg using Transporter, However, I will receive an email informing me that there are some issues with the project: ITMS-90296: App sandbox not enabled - The following executors must include the 'com. apple. security. app sandbox' entitlement with a Boolean value of true in the entitlement property list: [[com. electron. iflyrecclient. pkg/Payload/iFlytek Listen. app/Contents/MacOS/iFlytek Listen]] ITMS-90886: 'Cannot be used with TestFlight because the signature for the bundle at' iFlytek hears. app 'is missing an application identifier but has an application identifier in the provisioning profile for the bundle.' Bundles with application identifiers in the provisioning profile are expected to have the same identifier signed into the bundle in order to be eligible for TestFlight.' Here is my packaging process: Generate an app using the electron packager tool Sign the app using @ electron osx sign (version 1.3.1) After signing, use productbuild - component Yourappname App/Applications - sign "3rd Party Mac Developer Installer: * * * * * (XXXXXXXXXX)" Yourappname. pkg command generates pkg PS: For the second step, I have set sand box=true in both entitlents.plist and entitlents.macinheriting. plist. And after signing, using codesign -dvvv -- entitiements - /path to view the app file shows' checkbox=true ', and the [iFlytek Listen. app/Contents/MacOS/iFlytek Listen] file in the issue also exists. Using the Suspicious Package software to view pkg also has sandbox=true. A few months ago, I uploaded it once and the issues mentioned in the email did not appear. The only changes were the macOS system version number and the replacement of the signature with provisionprofileprovisionprofile. I have reviewed similar issues on the Apple Developer Forums, but have not been resolved
1
0
296
Nov ’24
My new provisioning profiles are broken
I've updated Xcode to 16.1, then I've created a new provisioning profile in developer.apple.com, successfully built and signed my application. It was on monday, 2024-11-04. Two or three days later I was asked to add more devices and I had to create a new profile. I've noticed a new feature to control profile's name (yeah, cool!), had to accept new agreements. Then, have created a new profile, downloaded it, but could not add it with double-click to Xcode or import to Keychain Access - "Failed to install one or more provisioning profiles on the device". And whatever I tried, I couldn't register any new profiles since. Therefore, my app cannot be signed and tested anymore. This is quite weird as nothing has changed on the system throughout the week. Is this a known issue or is there any fix for that?
3
0
488
Nov ’24
Couldn't download provisioning profiles
Hi! I'm having troubles to sign my Xamarin Forms application, im getting the following error "Error : Could not find any available provisioning profiles for MyProject.iOS on iOS.". I've recently cleaned my Provisioning profiles folder ~/Library/MobileDevice/Provisioning Profiles since it wasn't being updated with my latest provisioning profile for my app. But now my provisioning profiles are not being downloaded, I'm not getting any other error on downloading profiles. I've tried from Xcode -> Settings -> Account -> Download manual profiles. Tried too open the profile downloaded from the Apple Developer Portal, also tried copy manually the provisioning profile downloaded to the previous mentioned path, none of those works. The user that im logged in on Xcode is the admin/owner so is not a permissions issue. IDK what can be wrong or what can I try. So I'm going to be grateful for your help :(
3
0
404
Nov ’24
Device UDID duplicated 6 times in Enterprise Account Devices list
Sometime since July 2024 the list of devices in our Enterprise Account is showing the same device and UDID 6 times. Looking at the DATE REGISTERED field it is apparent that each instance of the device represents the 'old' device that should have been 'deleted' when the annual device reset was actioned. The date registered field shows dates with 2019, 2020, 2021, and so till 2024 (most recent). I have 'disabled' two of the entries to see what happens, and those instances were disabled as expected without impacting the other instances. However, when attempting a re-enable of them, an error throws saying that they cant be enabled because that UDID already exists - obviously the other instances. For now, I have left 4 active duplicates in place, and the 2 disabled ones as they are, and plan to deal with this again - if it re-occurs in 2025. It does not seem to have impacted provisioing profiles - so will leave well enough alone. I am sure if I disable all of them, I will not be able to re-enabled any of them. Is this a know issue? Is this the best strategy? - ie, wait till device reset next year and hope issue is resolved. This post had similar issue, in 2023, but no response Forum Post 733264
0
0
250
Nov ’24
Cannot install release test (ad-hoc profile) on Vision Pro
I was able to setup a release test for an iOS app for distribution using a web server. It works perfectly fine for all the devices I registered for the deployment profile. However every time I try to distribute a Unity based Vision Pro application using the same process for building the package and set up for distribution it does not work. Safari only shows a message telling me: "Cannot connect to ." When trying to install the iOS app from the same server it shows the message "Do you want to install ?" and installation completes correctly. My iOS is a simple hello world app generated by Xcode. My Unity app is an AR app targeting com.apple.platform.xros. According to documentation there should not be any difference in deployment profiles/signing for iOS apps vs. visionOS apps. What am I doing wrong? Any hint is appreciated how to continue.
0
0
321
Nov ’24
Persistent File Access Prompt in macOS 15 for Ad-Hoc Signed Apps Using App Groups
Hello everyone, We develop an app called Unite (bundle ID: com.BZG.Unite), which allows users to create standalone macOS applications from websites. These user-generated apps are based on a backend browser template called DefaultApp (bundle ID: com.bzg.default.app). Here's how our setup works: Unite and DefaultApp: Both are signed with our Developer ID and include necessary provisioning profiles and entitlements. User-Created Apps: When a user creates an app with Unite, it generates a customized version of DefaultApp with the user's chosen name and settings. These apps are ad-hoc signed upon creation to reflect their unique identity. Issue Since updating to macOS 15, every time a user launches a created app, they encounter a persistent prompt asking for permission to access files outside the app's container. Granting full disk access in System Preferences suppresses the prompt, but this is not a practical solution for end-users. Upon launching a user-created app (e.g., "ExampleTest"), the following prompt appears: This prompt appears on every launch of the app. Steps to Reproduce On a Mac running macOS 15, create a new app using Unite (e.g., "ExampleTest"). Launch the newly created app. Observe the prompt requesting access to files outside the app's container. Close and relaunch the app; the prompt appears again. What We Have Tried Given that our apps use an app group (group.BZG.unite.sharedData) to share data between Unite, DefaultApp, and user-created apps, we believe this is triggering the prompt due to changes in System Integrity Protection (SIP) in macOS 15. We are further confident given that if the user does not allow access, the app does launch, but shows an error indicating that the created app was unable to access the data that is typically in the shared group. Here’s a summary of our troubleshooting efforts: 1. Adjusting App Group Configuration Ensured the app group name aligns with Apple's guidelines, including prefixing with the Team ID (teamid.group.BZG.unite.sharedData). Verified that the app group is correctly declared in the com.apple.security.application-groups entitlement. 2. Provisioning Profile Creation Generated provisioning profiles via Xcode and the Developer Console, ensuring the app group entitlement is included. Applied the provisioning profile to the user-created app during code signing. Despite these efforts, the issue continues. 3. Entitlements and Code Signing Created an entitlements file for the user-created app, mirroring the entitlements from DefaultApp, including: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>id.com.BZG.ExampleTest</string> <key>com.apple.developer.team-identifier</key> <string>id</string> <key>com.apple.security.application-groups</key> <array> <string>id.group.BZG.unite.sharedData</string> </array> <key>com.apple.security.app-sandbox</key> <true/> </dict> </plist> Signed the user-created app with our Developer ID and the provisioning profile Verified the entitlements 4. Reviewing System Logs Observed error messages indicating unsatisfied entitlements: message: com.BZG.ExampleTest: Unsatisfied entitlements: com.apple.security.application-groups **5. Consulting Documentation and WWDC Sessions ** Referenced post on App Groups in macOS vs iOS. Reviewed the macOS 15 Release Notes regarding SIP and app group container protection. Watched WWDC 2024 Session 10123: What's new in privacy, starting at 12:23. Questions Is there a way to authorize the com.apple.security.application-groups entitlement in the provisioning profile for ad-hoc signed apps? Given the SIP changes in macOS 15, how can we enable our ad-hoc signed, user-generated apps to access the app group container without triggering the persistent prompt? Are there alternative approaches to sharing data between the main app and user-generated apps that comply with macOS 15's SIP requirements? Is there anything to try that we're missing here to solve this? Any guidance on how to resolve this issue or workarounds to allow app group access without triggering the prompt would be greatly appreciated. Thank you for your assistance!
1
0
301
Nov ’24
Build Script Export Failed Requires a Provisioning Profile
When attempting to run a build script that is currently working for several other projects, the export fails and the IDEDistribution.verbose.log (see below) suggestion is to add a profile to the Export Options property list but as can be seen in the ExportOptions.plist text (see below), there is a profile for each of the three builds. XCode 16.0 MacOS 14.7 IDEDistribution.verbose.log below 2024-10-28 12:20:30 +0000 [MT] Step failed: <IDEDistributionSigningAssetsStep: 0x60000146e840>: Error Domain=IDEDistributionSigningAssetStepErrorDomain Code=0 "Locating signing assets failed." UserInfo={NSLocalizedDescription=Locating signing assets failed., IDEDistributionUnderlyingErrors=( "Error Domain=IDEProvisioningErrorDomain Code=9 ""QuickDelegateTestApp.app" requires a provisioning profile." UserInfo={IDEDistributionIssueSeverity=3, NSLocalizedDescription="QuickDelegateTestApp.app" requires a provisioning profile., NSLocalizedRecoverySuggestion=Add a profile to the "provisioningProfiles" dictionary in your Export Options property list.}" )} ExportOptions.plist below
1
0
245
Oct ’24
DriverKit USB Transport to support multiple devices with different Vendor IDs
I have two different USB devices with different vendor IDs I would like to connect to. I submitted two separate requests for the com.apple.developer.driverkit.transport.usb entitlement for each vendor ID. However I am noticing the provisioning profile only has one of the vendor IDs. How do I submit a request for the USB Transport entitlement to support more than one vendor ID? I'm new to writing a DriverKit driver, so is this even possible?
5
0
358
6d
Missing Private key in CER file after installation in keychain
Creating CSR file from my Mac steps are :- Going to the Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority... Filling the required details in the field, save to desk then continue and save it desktop. Then going to the Developer account in Certification screen and creating a new certificate on click on plus icon then selecting Apple distribution > continue , Then uploading CSR file in the required box and continue. After this I have downloaded the “distribution.cer” file then double clicked on the file then going to the KeyChain Access to see the My Certificate section there is no certificate which I have installed but it showing in the Certificate section without Private key. This steps I have followed but not getting Private key in my certificate how to correct this issue System Configuration :- Mac OS- 14.5 Chip - Apple M1 Keychain Access version - Version 11.0 (55314)
0
0
255
Oct ’24