ITMS-90034: Missing or invalid signature

After uploading a new App to the App Store Connect i receive an e-mail stating:

ITMS-90034: Missing or invalid signature - The bundle '...' at bundle path 'Payload/...' is not signed using an Apple submission certificate.


The App don't use any capability.

I've used Xcode to upload, as in a previous App which now is on the App Store.

All the apps use the default configuration: "Automatically manage signing", Provisioning profile "Xcode Managed Profile", Signing Certificate Apple Development: ############

The requested Signing Certificate is present in the keychain in 3 versions, the last one is valid (the older 2 are revoked).


What I should correct?

We are facing the exact same issue, but for an exiting app which we never had any issues with earlier. We didn't really change anything, so we are not sure why this just start happening.
We are using fastlane match for signing and bitrise for uploading to the app store.

+1

Same happen to our application too. Signing was done Fastline in CI and nothing has changed on that part

+1

+1

Same here +1

+1

+1

I am also facing this exact issue just today. This is a recent issue as I have updated another app over the weekend.

Not exactlyl sure what's changed.

I found a solution that worked for me.


Hope it works for you as well:

- Add "--deep" to the "Other Code Signing Flags" Build Setting.

- Clean, Build, Archive.

- Resubmit


Good luck.

Add "--deep" to the "Other Code Signing Flags" Build Setting.

Please don’t use

--deep
. My
--deep
Considered Harmful post explains why.

If

--deep
is helping that suggests you have a problem with the way that you’re signing your product. See my Signing a Mac Product For Distribution post for recommendations on how to do that properly.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Did apple do any changes lately?
Right now our iOS deployment pipeline is blocked because of this so it's acutally quite cirtical. As mentioned in my earlier post - we have not changed anything so it seems like something may have happened on your side?

+1

+1

Dito, without any change our nightly build done 12 hours ago was marked 'invalid' with this error while the one done 36 hours ago with the exact same configuration / certificates was processed just fine.

ITMS-90034: Missing or invalid signature
 
 
Q