Invalid entitlements

Hi,

i have one application with adhoc and appstore provision profiles. With adgoc everything is fine, but with appstore signed profile i cant isntall application on device. But if i upload it to testflight everything is fine too.
The error ouput:

Unable to install "MY APP NAME"
Domain: com.apple.dtdevicekit
Code: -402620394
--
The executable was signed with invalid entitlements.
Domain: com.apple.dtdevicekit
Code: -402620394
Failure Reason: The entitlements specified in your application’s Code Signing Entitlements file are invalid, not permitted, or do not match those specified in your provisioning profile. (0xE8008016).


There is only two capabilities enabled for both provision profiles: Associated Domains, Push Notifications.
The .entitlements

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>aps-environment</key>
  <string>development</string>
  <key>com.apple.developer.associated-domains</key>
  <array>
  <string>applinks:example.com</string>
  <string>applinks:another.example.com</string>
  </array>
</dict>
</plist>

The command codesign -d --entitlements :- "example.app/" gives the folloving:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>MY_TEAM_ID.MY_BUNDLE_IDENTIFIER</string>
<key>aps-environment</key>
<string>production</string>
<key>beta-reports-active</key>
<true/>
<key>com.apple.developer.associated-domains</key>
<array>
<string>applinks:example.com</string>
  <string>applinks:another.example.com</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>MY_TEAM_ID</string>
<key>get-task-allow</key>
<false/>
</dict>
</plist>

The system capabilities in project.pbxproj looks like this:

SystemCapabilities = {
  com.apple.BackgroundModes = {
  enabled = 1;
  };
  com.apple.GameCenter = {
  enabled = 1;
  };
  com.apple.InAppPurchase = {
  enabled = 1;
  };
  com.apple.Push = {
  enabled = 1;
  };
};

The build system is legacy, xcode version 11.2.1
So the question is why it fails only when from xcode trying to install on device with appstore provision profile?
Also, on simulator the same works.

Replies

>...why it fails only when from xcode trying to install on device with appstore provision profile?


Apps signed for the store -cannot- be installed via Xcode. If you're wanting to replicate a store install, use ad-hoc.


Ref. on allowed processes: https://developer.apple.com/support/code-signing/

.....Apps signed for the store -cannot- be installed via Xcode. If you're wanting to replicate a store install, use ad-hoc.

Why? Apple knows how difficult de developer life. This turn difficult do test with push messages via one signal. by sample.

What is the gain in this?