ERROR ITMS-90334: Invalid Code Signature Identifier. 

I get this error when trying to submit a beta build.

App Store Connect Operation Error 
ERROR ITMS-90334: "Invalid Code Signature Identifier. The identifier "com.apple.WK" in your code signature for "app name watch" must match its Bundle Identifier "com.appname.watchkitapp""

I don't know of anything that has changed with the code signing since last successful submission, can't find "com.apple.WK" anywhere in my project and have tried submitting a previous version with no changes and get the same error.

Anyone have any idea what I could be doing wrong?
Up vote post of davenorfleet Down vote post of davenorfleet
4k views
Posted by
davenorfleet
Reply
Add a Comment

Replies

What platform is this for? iOS? A standalone watchOS app? Or an iOS app with an embedded watchOS extension?

Are you building your app with Xcode? And then submitting it using the Organizer?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Sorry to miss those details, it's an iOS app with embedded watchOS extension. Building with Xcode 12.0.1 then submitting using Organizer.
Posted by
davenorfleet
Up vote reply of davenorfleet Down vote reply of davenorfleet
Add a Comment
Thanks for the clarification.

Let’s start by confirming that the problem being reported by the upload process is accurate. To do this, using the Organizer to export a .ipa (use Distribute App > App Store Connect > Export rather than Upload). Then unpack the .ipa (it’s a zip archive in disguise, so change the extension to .zip and unpack from there). Then use the following commands to dump the code signing identifier and bundle ID.

Code Block  
% codesign -d -v Test664300.app 
Identifier=com.example.apple-samplecode.Test664300
% /usr/libexec/PlistBuddy -c "print :CFBundleIdentifier" Test664300.app/Info.plist
com.example.apple-samplecode.Test664300


These are, respectively, the code signing identifier and the bundle ID. For bundled code, like an app, these should be the same.

Repeat this process 3 times (for the outer iOS app, the nested watchOS app, and the watchOS extension). What do you see?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Thanks again, Eskimo, for your quick help. I did as you recommended and found the code signing identifier and bundle ID matched as expected for the app. In the /watchkitsupport2 folder there is one file named "WK" - I think that's the nested watchOS file you mention. When I run codesign for WK file:

Executable=/Users/davenorfleet/Downloads/MyFitnessDJ 2020-10-20 08-19-11/MyFitnessDJ/WatchKitSupport2/WK

Identifier=com.apple.WK

Format=Mach-O universal (armv7k arm6432)

CodeDirectory v=20400 size=453 flags=0x0(none) hashes=9+2 location=embedded

Signature size=4628

Info.plist=not bound

TeamIdentifier=not set

Sealed Resources=none

Internal requirements count=1 size=60


So it seems the Identifier, com.apple.WK, is being set here from something.
Also, although I use automatic signing for iOS app & watchOS app & watchOS extension, I get a prompt while distributing in Organizer saying that "appname_ needs to be re-signed for App Store Connect distribution." I select automatically manage to continue.

Does that give you any more clues as to what the problem may be?
Posted by
davenorfleet
Up vote reply of davenorfleet Down vote reply of davenorfleet
Add a Comment
What’s the deployment target for your iOS app? And you watchOS app?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Deployment for iOS app: iOS 12.0
Deployment for watchOS: 5.0
I updated to Xcode 12.1 & tried updating deployment to iOS 13.6 & watchOS 6.2 but still get the same error.

Thanks for your continued help. Any other ideas?
Posted by
davenorfleet
Up vote reply of davenorfleet Down vote reply of davenorfleet
Add a Comment
This problem seems to be very watchOS specific, and thus somewhat outside of my area of expertise )-:

I created a test app from the watchOS > iOS App with Watch App template, set up the deployment targets as you suggested, did a Product > Archive, and then exported a .ipa for uploading to the App Store [1]. Consider this:

Code Block  
% unzip -l Test664300.ipa
… Payload/
… Payload/Test664300.app/
… Payload/Test664300.app/_CodeSignature/
… Payload/Test664300.app/_CodeSignature/CodeResources
… Payload/Test664300.app/Base.lproj/
… Payload/Test664300.app/Base.lproj/Main.storyboardc/
… Payload/Test664300.app/Base.lproj/LaunchScreen.storyboardc/
… Payload/Test664300.app/Watch/
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/_CodeSignature/
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/_CodeSignature/CodeResources
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/Test664300 WatchKit App
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/PlugIns/
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/PlugIns/Test664300 WatchKit Extension.appex/
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/PlugIns/Test664300 WatchKit Extension.appex/_CodeSignature/
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/PlugIns/Test664300 WatchKit Extension.appex/_CodeSignature/CodeResources
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/PlugIns/Test664300 WatchKit Extension.appex/Test664300 WatchKit Extension
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/PlugIns/Test664300 WatchKit Extension.appex/embedded.mobileprovision
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/PlugIns/Test664300 WatchKit Extension.appex/Info.plist
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/Base.lproj/
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/Base.lproj/Interface.plist
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/_WatchKitStub/
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/_WatchKitStub/WK
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/embedded.mobileprovision
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/Info.plist
… Payload/Test664300.app/Watch/Test664300 WatchKit App.app/PkgInfo
… Payload/Test664300.app/Test664300
… Payload/Test664300.app/embedded.mobileprovision
… Payload/Test664300.app/Info.plist
… Payload/Test664300.app/PkgInfo
… WatchKitSupport2/
… WatchKitSupport2/WK


Note that there are two copies of WK, one in _WatchKitStub and another in WatchKitSupport2.

I then unpacked the .ipa and saw this:

Code Block  
% codesign -d -vv "Payload/Test664300.app/Watch/Test664300 WatchKit App.app/_WatchKitStub/WK"
Identifier=com.apple.WK
Authority=Software Signing
Authority=Apple Code Signing Certification Authority
Authority=Apple Root CA
% codesign -d -vv WatchKitSupport2/WK 
Identifier=com.apple.WK
Authority=Software Signing
Authority=Apple Code Signing Certification Authority
Authority=Apple Root CA


Both are signed in the same way, by Apple, with the com.apple.WK code signing identifier. This makes sense given that they are stubs inserted by Xcode. What’s weird is why the App Store thinks that one of them is in a bundle.

Of the two it seems most likely, given the error message you reported, that the issue with the first one. Unfortunately I’ve no idea what the problem is.

At this point I’m going to admit defeat and suggest that you open a DTS tech support incident and talk to one of DTS’s watchOS specialists.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

[1] I can’t actually upload it to the store myself, alas.
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Thanks for your help, Eskimo! I feel less defeated knowing that you had the same trouble ;-)
I'll try a DTS support ticket and update here if any solution is found in case it can help someone else.
Posted by
davenorfleet
Up vote reply of davenorfleet Down vote reply of davenorfleet
Add a Comment
I'm having the exact same issue. I have an iOS app, with its corresponding WatchOS app. I had to start using Xcode new build system today, and i'm getting this error when validating the app. With the old legacy system, it worked just fine. Would appreciate any help.
Posted by
diefer91
Up vote reply of diefer91 Down vote reply of diefer91
Add a Comment
we are also facing this issue with Xcode 12.0.1 and tried all the mentioned findings but still not working. anyone able to solve this problem?
Posted by
prabhmyst
Up vote reply of prabhmyst Down vote reply of prabhmyst
Add a Comment
Facing this issue too is there any solution thus far?
 ITMS-90334: "Invalid Code Signature Identifier. The identifier "com.apple.WK" in your code signature for "xxxxxx" must match its Bundle Identifier "com.xxxxxx.xxxxxx.watchkitapp""
Posted by
samsara
Up vote reply of samsara Down vote reply of samsara
Add a Comment

Me too, but a simple app using Swift Playgrounds on iPad. I sent a message to support about this describing what I was doing, and a copy of the error and got the response: “We're unable to determine the nature of your request. Please reply to this email with clarification”.

This was the error I get back in email:

ITMS-90334: Invalid Code Signature Identifier - The identifier 'Johnboxgame-numbers_and_letters_that_forums_thinks_are_offensive' in your code signature for 'Johnboxgame' must match its Bundle Identifier 'Johnboxgame'

WIth the iPad app there’s not really much I can control as far as what goes in the bundle, and it’s worked in the past.

Posted by
endres
Up vote reply of endres Down vote reply of endres
Add a Comment

I've now encountered the same issue when I try building from Xcode Cloud: ITMS-90334: Invalid Code Signature Identifier - The identifier 'bla-bla-someNumbersAndcharacters' in your code signature for 'Bla-Bla' must match its Bundle Identifier 'bla-bla'

I don't know where the part "someNumbersAndcharacters" (numbers and characters which seems to be some identifier) are coming from.

Posted by
pi80223
Up vote reply of pi80223 Down vote reply of pi80223
Add a Comment

We also have the same problem, building the app with Azure DevOps pipeline, using manual signing. We've set three .mobileprovision profiles (for main app, watch kit and watchkitextension).

Main app is correctly signed, but the watchOS app is signed as com.apple.WK.

Error in Azure DevOps logs is: *** Error: Asset validation failed Invalid Code Signature Identifier. The identifier "com.apple.WK" in your code signature for "My app" must match its Bundle Identifier "com.organization.organization-MyApp.watchkitapp"

It's furstrating to see the same error not being solved for more than 3 years.

Posted by
spehj
Up vote reply of spehj Down vote reply of spehj

  • We have the same problem. Was someone able to figure it out?

    rlarrosa
Add a Comment