8

I am doing a research now for iOS inhouse app. And I may need to add an entitlement to my app to implement some functionality.

I know that it doesn't work with iOS Developer program, because there is no way to add entitlements to provisioning profile. So, signed app is rejected by device.

Does iOS Enterprise Program allow to add entitlements to provisioning profiles?

UPD. I am taking about custom entitlements (as example "com.apple.springboard.opensensitiveurl").

Also, there was a change between iOS 3.X and iOS 4 and later (https://developer.apple.com/legacy/library/technotes/tn2250/_index.html#//apple_ref/doc/uid/DTS40009933-CH1-TROUBLESHOOTING_GUIDE-CODE_SIGNING_ENTITLEMENTS).

If I try just adding entitlements file and sign it with provisioning profile which doesn't have entitlements, I am getting "The entitlements specified in your application’s Code Signing Entitlements file do not match those specified in your provisioning profile."

Cœur
  • 37,241
  • 25
  • 195
  • 267
Victor Ronin
  • 22,758
  • 18
  • 92
  • 184
  • There are a variety of reasons that error can appear. see: [here](http://stackoverflow.com/questions/5240801/the-entitlements-specified-profile-0xe8008016-error-ios-4-2) and [here](http://stackoverflow.com/questions/1410080/code-sign-error-with-xcode-3-2) – ader Aug 15 '12 at 16:33
  • Thank you. I read both these questions. However, for me, it's correctly says that Code signing entitlements doesn't match specified in provisioning profile. In my entitlement file I specified additional entitlements and my provisioning profile is the profile downloaded from iOS Standard Program (where I can't specify any entitlements). In the case, if I deleted my entitlement file or uncheck "Use entitlements file" the error will go away, but I won't be able to call API in runtime which I wanted to call. – Victor Ronin Aug 15 '12 at 18:42

3 Answers3

6

Enterprise program doesn't allow to add custom entitlements to your provisioning profiles. So, you can't create enterprise apps which have special entitlements.

One more additional note:

XCode allows to add entitlements file. However, it's rejected by iOS device, because entitlements in it won't match your provisioning profile.

Victor Ronin
  • 22,758
  • 18
  • 92
  • 184
  • 1
    Did you ever figure out how to do this? I've had the same question, and I can't figure out how to add entitlements since they changed everything (without using `ldid -S` for jailbreak apps). I did have one of my clients ask Apple this with an unused support incident, but not surprisingly, they said there was no supported way to do it. – Nate Jan 18 '13 at 05:47
  • 2Nate: I didn't find a way of doing it. I discussed this with at least several persons who were actively searching for a way of doing this and none of them found a way. Apple did pretty good job with securing lowlevel components (including entitlement checks). – Victor Ronin Jan 18 '13 at 15:18
  • Do you know where to find this information in the Apple documentation? – Chris Jun 28 '16 at 17:59
  • @Chris I haven't seen where it explicitly spelled out. It's just pieced together from observations. – Victor Ronin Jun 28 '16 at 21:28
1

The standard iOS Developer Program DOES allow us to do "ad-hoc" distribution using an entitlements.plist

See here for example

And yes you can do ad-hoc provisioning in an Enterprise account too.

ader
  • 5,403
  • 1
  • 21
  • 26
  • 2
    Are you sure that it's up to date? It's for iOS 3.X. Currently, I didn't dine a way to create "ad-hoc" distribution profile which allows to specify entitlements. If I don't specify them in provisioning profile, but specify them in entitlements file I am getting "The entitlements specified in your application’s Code Signing Entitlements file do not match those specified in your provisioning profile" – Victor Ronin Aug 15 '12 at 15:19
  • I have done ad-hoc beta entitlements provisioning under the Standard Developer Program. Apple have not removed that ability. I can also create an ad-hoc profile etc. under my enterprise account. I think you should explain more what you hope to do that you cannot at present do. – ader Aug 15 '12 at 15:28
  • I wrote an update to my question. I am trying to add and use "com.apple.springboard.opensensitiveurl" entitlement. What is "beta entitlements provisioning"? I just went to my Standard Developer Program, clicked on iOS Provisioning portal, chose "Provisioning" on the left, chose "Distribution" tab, clicked on "New Profile" button, entered fields (Ad Hock, profile name, app ID, Devices) and it created ad hock profile for me. I don't see anywhere where I can specify entitlements for this ad-hoc provisioning profile. – Victor Ronin Aug 15 '12 at 15:58
  • I think you might get more response if you try to explain what you are trying to achieve. e.g. why are you trying to use "com.apple.springboard.opensensitiveurl" ? – ader Aug 15 '12 at 16:13
  • 1
    I am writing an application which needs to use some features of iOS, which are private. The reason for this is absence of public API which provides required functionality. I know that private API's are not allowed for AppStore submission, but it's ok for inhouse apps. Some of these private API's which I plan to use requires entitlements. – Victor Ronin Aug 15 '12 at 16:27
-2

You add entitlements to the project and not to the provisioning profile.

Ravi
  • 7,929
  • 6
  • 38
  • 48
  • 3
    I know that entitlement are added to the project (entitlements file). However, if they are missing from provisioning profile, the device will reject it and you will get a message: "The entitlements specified in your application’s Code Signing Entitlements file do not match those specified in your provisioning profile" – Victor Ronin Aug 15 '12 at 15:19