Profile doesn't match the entitlements file's value for the application-identifier entitlement

Question

I am trying to upload an app to the app store and I am getting this error on the page that has the certs. As far as I can tell I have changed the field so they have matched, but I am missing something.

this is what pops up

Any help would be greatly appreciated.

info.plist

Maybe it's because I never looked for it before, but the only plists I see say info, but here is that it's the 2nd image. — Paul Raymond, Sep 12 '17 at 03:06
it says I can't post anymore links, I am about to get on a plane for chicago if anyone comes up with anything — Paul Raymond, Sep 12 '17 at 03:45

score 221 · Accepted Answer · answered Sep 20 '17 at 22:30

221

I'm not sure why this fixed it, but I went into my Target's Capabilities tab, turned iCloud ON, tried to do an archive build, it failed, I turned iCloud OFF again, tried to do an Archive build and it succeeded, and after that it was able to automatically resolve certificates again.

answered Sep 20 '17 at 22:30

samkass

5,774
2
21
25

1

Just ran into this myself with Xcode 9, and toggling stuff solved it. The only "different" thing about the project is that it is ancient. Like, 2010 ancient. So maybe some legacy project file stuff going on...? – Echelon Sep 26 '17 at 22:04
14

Thanks for this - after toggling on/off it has created an empty .entitlements plist next to the xcodeproj. Looks like this is what the submission process is looking for. Probably only an issue in Xcode 9 for existing apps that don't require any entitlements/capabilities. – Andrew Wood Sep 27 '17 at 22:40
@Echelon My project was also ancient-- originally created in 2008 and only incrementally changed since then. – samkass Oct 05 '17 at 23:00
3

Same here. Ancient project. Many thanks for the suggestion of toggling a capability, now there's an empty .entitlements that is accepted. Filing a bug with Apple. – RickJansen Oct 08 '17 at 08:33
This worked for me - only I had to delete an existing (blank) entitlement file first. – Jeshua Lacock Oct 22 '17 at 00:18
6

Spanked a whole evening on this bs. I had to toggle on and off, which created the blank entitlements file, and then I had to point my 'Code Signing Entitlements' build setting to that blank file. – Adam Waite Nov 05 '17 at 22:38
In my case, it seemed to be the match or lack thereof between the capabilities as given in Xcode versus those specified online for the app id. – Chris Prince Dec 12 '17 at 00:09
Worked for me too. I didn't need to submit an failed Archive with iCloud turned on even. I just turned it on and then immediately turned it off again. I was then able to upload my next Archive to the App Store without problem. Strange one. – ChillyPenguin Jan 27 '18 at 02:44
Worked for me, for a new Xcode 9/Swift app. Archive worked fine, but validate had failed with the characteristic complaint. iCloud on & off again, and both validate and App Store upload worked fine. FWIW, Xcode had to create a new profile for this; maybe that's a factor, here and with ancient expired apps? – JLundell Mar 14 '18 at 00:28
Thanks! It also worked for me with a brand new project in Xcode 9.4.1. Apple is really king with misleading error messages in Xcode... – The Lone Coder Jun 22 '18 at 15:29
Thanks for this! I tried turning "Keychain Sharing" on and then off again. This created the entitlements file, but no - you have to do iCloud specifically for some reason. – Stefan S Sep 04 '18 at 04:54
2

In Xcode 10.0beta5 this is still happening. For me, it was due to changing the project name after entitlements were created. Toggling iCloud on then off renamed the entitlements file and updated it's name in the build settings. The contents of the file were identical. It seems that the uploader cares about the name of the entitlements file regardless of the build settings file name. – Troy Sep 04 '18 at 05:05
I still don't know still how it worked .. But the xcode error should have a proper meaningful description with that description getting a clue is difficult – Abhijit Chakra Jan 28 '19 at 05:49
I tried turning iCloud on then off and then archiving, but I still got the same error. I turned iCloud on and left it on and then archived, and it solved the problem. – Stewart Macdonald Feb 28 '19 at 07:46
Apparently turning a capability off and on again adds a `SystemCapabilities` section to the target in the `project.pbxproj`. In my case, the error occurred when migrating an old project from manual to automatic signing. Perhaps this `SystemCapabilities` section is necessary only for automatic signing, but Xcode only adds it if you add a capability _after_ automatic signing is enabled? – Paul Cantrell Mar 18 '19 at 14:52
How in the hell is this the answer and it actually works. /facepalm Well, thanks! Saved my sanity. – Kenny Wyland Jun 21 '19 at 00:26
Works perfectly in Xcode 10.3 (iCloud on, iCloud off, archive again. No restart or anything else necessary). – Too bad I cannot upvote twice, because I already upvoted this answer in 2017! – Goodsquirrel Aug 14 '19 at 12:35
1

Blows my mind that this is an issue that hasn't been resolved for over 2 years. Seems like if a file needs to be generated for the process you shouldn't have to hack it to make it happen (or run circles looking for this answer). Well done again Apple, you've clearly shown you're one of the leaders in developer software /s – Z. Bagley Sep 27 '19 at 19:58
XCode 11.2 checking in, same problem and solution – Paul Slocum Nov 22 '19 at 00:35
This works, because it adds an extra row to the Entitlements file with key "APS Environment" (aps-environment) and value "development". This informs validation that this entitlement is for development. – Chuck Smith Dec 07 '19 at 09:51
Looks like this still happens in Xcode 11.3. I had to add icloud capability and then remove it. – oxxi Dec 27 '19 at 21:27
It is now May 2020 with Xcode 11.4.1 and this bug? still exists. I have a brand new app, bundle ID, and certificate, and it is the first attempt at validating an archive. The "fix" is still turn on iCloud capabilities and try it again. One of the many mysteries of being an iOS app developer. – WholeCheese Jun 03 '20 at 00:37
I would happily give up the StackOverflow Reputation fountain here for Apple to fix this. – samkass Jun 14 '20 at 18:38
I think I found why this happened and why this could be fixed by these steps. But here is some additional information: You need to add the iCloud capabilities and tick all Services as well. Then, you can see that XCode tries to update the container IDs. I also selected one of the Container IDs, then unselected everything (Containers and Services). As a result, I had an .entitlements file which had been generated. This file contains one entry "APS Environment" and two additional iCloud keys without values. Most likely the file itself and the APS entry was what's been missing before. – Marcus Jul 02 '20 at 07:16
Just had this happen to me with Xcode 11.3.1 - after 18 successful uploads for TestFlight it suddenly happened. Fix was as above - Add iCloud capability (but did not need to tick any boxes). Archived, validated OK. Removed capability and all OK – ghr Aug 16 '20 at 07:01
One critical thing I recently discovered. NEVER leave iCloud turned on after this. If you accidentally (or for some reason intentionally) use iCloud, you will never be able to transfer your app to another corporate entity. – samkass Nov 09 '20 at 12:32
In my case, I uncheck key-value storage in iCloud, then Automatic signing works – Deepak Ghadi Jul 26 '22 at 05:06

Nidhi · Answer 2 · 2019-10-04T11:56:31.907

50

Rightclick on Finder -> Go to Folder...

~/Library/MobileDevice/Provisioning

For Xcode 11

~/Library/MobileDevice/Provisioning Profiles/

Delete all provisioning profiles, done.

edited Oct 04 '19 at 11:56

answered Aug 07 '18 at 14:22

Nidhi

754
5
9

1

in my case the folder is "~/Library/MobileDevice/Provisioning Profiles" – LightMan Sep 03 '19 at 16:35
Agree, this is correct answer, just with Xcode 11 the path is `~/Library/MobileDevice/Provisioning Profiles/` – Marius Kažemėkaitis Sep 30 '19 at 04:28
2

Why does this fix the problem? What have we just deleted? Does this have any side effects? – markdon Dec 17 '19 at 05:53
You're deleting the provisioning profiles either added automatically by Xcode or manually by opening a profile from developer.apple.com. If you don't want to lose other profiles, you can use something like... grep -ir YOUR_APP_ID ~/Library/MobileDevice/Provisioning\ Profiles; To show which profiles match. Just delete those and it'll accomplish the same task. – Chris Douglass Apr 01 '20 at 05:18
This fixes it but you need to go to Xcode first and unclick Automatically Manage Signing, then do the above then re-check the Auto Signing and all is good. Fixed it for me. See full description here :: http://www.ottorinobruni.com/how-to-fix-error-profile-doesnt-match-the-entitlements-files-values-for-the-application-identifier-and-keychain-access-groups-entitlements/ – c0d3p03t Nov 12 '20 at 17:32

score 41 · Answer 3 · edited Dec 15 '20 at 00:18

41

The app you created has an incorrect application-identifier value, for what the provisioning profile is expecting. The cert for appID com.example.foo for the team 2ABCDEFG will be expecting application-identifier: 2ABCDEFG.com.example.foo, your app declared that its appID was com.example.foo, but the application-identifier didn't match, either you are using the wrong team-prefix, or you have the bundleID misconfigured.

In my case, I am using build schemes to allow me to build a prod app and a qa app. com.example.foo for prod, and com.example.foo.qa for QA.

I had set my bundleIdentifier in the Info.plist to $(PRODUCT_BUNDLE_IDENTIFIER)$(BUNDLE_SUFFIX), which works great in the simulator and on device for having different apps, however, when the app generates its application-identifer during the archive phase, it must not be reading the bundleIdentifier generated by the Info.plist.

To remedy the situation, I edited FooProject.xcodeproj/project.pbxproj (with a text editor) to change my QA buildSettings PRODUCT_BUNDLE_IDENTIFIER to com.example.foo.qa

You can see Apple's Technical Q&A and this page to see their in depth dive into solving this. Once you run the following on your exported app:

codesign -d --entitlements :- ./Payload/myApp.app

and see what application-identifier your app was just built with, it should be pretty quick to realize what your are doing wrong.

I didn't find that page in my Google searching, because they don't actually use the phrase from the error message or call the application-identifier by its full name, but instead say App ID.

Also, the solution to this problem isn't to generate a new provisioning profile that has the application-identifier entitlement, it does have that entitlement, however, the value in the provisioning profile, and your app have to match.

edited Dec 15 '20 at 00:18

mfaani

33,269
19
164
293

answered Nov 30 '17 at 20:38

Peter Dietz

2,599
1
24
23

3

Thank you! I was able to fix by changing my build settings, under packaging, to use my custom var for the suffix in the Product Bundle Identifier. e.g. *com.mycompany.myapp$(BUNDLE_ID_SUFFIX)* and this resolved it. So I did not have to edit the project file manually and was able to easily maintain different bundle ids per environment. – n8tr Jan 10 '18 at 13:31
1

One reason why you can have application-identifier mismatch is that you do not have all the provisioning profiles downloaded. Your archive is created with wildcard profile if profile with exact app id is missing, which leads to mismatch in export phase. – diidu Jun 12 '18 at 06:52
This worked for me. I was building an Ionic app and realized I tested on a different account. I used com.foo.testName and changed it back when building with the correct account. It seems the com.foo.testName was still in the pbxproj file – Dewald Els Sep 05 '18 at 10:58
Thanks so much, this was exactly what was blocking my validation, and the explanation is very clear! – MDH Sep 13 '18 at 23:25
@n8tr After almost a week of headache and frustration, your comment saved me. Thanks. – Behdad Oct 01 '18 at 17:07
Thanks, it fixed the problem also in my App. Probably enabling and disabling the cloud, Xcode is able to fix something wrong in the certificates – Lorenzo Sep 30 '20 at 15:44
I don't have any errors, I just found this question when I was learning about entitlements. But I have a question: Is the `application-identifier` generated/added at compilation time or it should be plainly visible in Xcode? Because I don't see that key in my entitlements? – mfaani Dec 15 '20 at 00:14
Actually I think I found my answer in what you're wrote. You said the `application-identifier` only gets added during **archive** process ie even testing this on a device won't help find this issue.. – mfaani Dec 15 '20 at 00:21

score 11 · Answer 4 · answered Oct 20 '17 at 02:49

11

Maybe the {project}.entitlements file was missing. Doing what @samkass mentioned will auto generates the file and it will work. So basically just go to capabilities tab, enable anything, and disable it.

answered Oct 20 '17 at 02:49

mrhangz

211
4
13

1

This is silly but it worked for me for several older projects I was updating. – aspro Jul 27 '20 at 21:52

score 8 · Answer 5 · edited Jun 05 '18 at 07:55

8

Changing the iCloud toggle to on, building, and disabling iCloud, got rid of the error saying that:

Profile doesn't match the entitlements file's values for the application-identifier and keychain-access-groups entitlements.

edited Jun 05 '18 at 07:55

Max von Hippel

2,856
3
29
46

answered Jun 05 '18 at 04:13

gegagome

87
1
3

1

Of course that would be the solution! Why didn't I think of this completely non-obvious thing to try. Thanks Apple. – Jonathan Plackett Nov 13 '20 at 14:33

score 5 · Answer 6 · answered Dec 14 '20 at 16:20

I'm developping a Flutter app with Flavors that use the --dart-define command. I've been very inspired by this great article.

However I've encountered this 'application-identifier' issue when deploying. I've tried a lot of options. This solution is the one that worked for me. It's very close to @n8tr's comment, but the difference was the 'instead'.

To resume, just set the Product Bundle Identifier to your.id.here$(DEFINEEXAMPLE_APP_SUFFIX) under Packaging in Build Settings instead of in Info.plist.

score 4 · Answer 7 · answered Nov 26 '19 at 16:56

In Xcode 11, this could happen when a .entitlement file is not present for your project. The solution would be to add any random capability by clicking on '+ Capability' under 'Signing & Capabilities' (which leads to the creation of an .entitlement file) and then removing the capability. This will let you automatically provision a certificate too.

Sunil M. · Answer 8 · 2017-09-11T05:49:36.860

2

Please check your application features which required for your application like In app purchase , push notification , Inter App audio , Siri kit etc.

This is the only cause for this type of error.

Make sure that in your App id the above flags should be on.

Most of time it happens when you not configured push notification , In App purchase in you development App ID.

edited Sep 11 '17 at 05:49

answered Sep 11 '17 at 05:38

Sunil M.

554
5
17

I haven't enabled anything. It's just really frustrating. – Paul Raymond Sep 11 '17 at 05:47
does your app have any feature which I mention above – Sunil M. Sep 11 '17 at 05:49
I will attach a screenshot later, but no there is no push notifications or in app purchases for the app. – Paul Raymond Sep 11 '17 at 13:14
what exactly do you want a screen shot of? under plist it doesn't mention entitlements. – Paul Raymond Sep 12 '17 at 02:26

score 2 · Answer 9 · answered Oct 14 '17 at 20:30

2

I went into my Target's Capabilities tab, turned Keychain Sharing ON and it starts working

answered Oct 14 '17 at 20:30

Roman

366
5
19

score 2 · Answer 10 · answered Jan 22 '20 at 09:13

2

For me, the trick was to

add/remove a capability for the target (in my case a Widget);
make sure the created entitlements file is listed in the build settings;
and to add the "APS Environemnt" key with value "development" to the entitlemenets file.

answered Jan 22 '20 at 09:13

Joris Weimar

4,783
4
33
53

score 1 · Answer 11 · answered Oct 16 '18 at 15:17

1

In Xcode 10, I got it working by moving the entitlements file to correct folder in Project Navigator. I didn't have the entitlements file, but I managed to get one by toggling features on capabilities tab.

answered Oct 16 '18 at 15:17

mikkokut

382
1
12

score 1 · Answer 12 · edited Feb 12 '19 at 14:01

1

I got this same error and none of the solutions above solved the problem in my case.

What did work for me was to change the "Can be debugged" setting in the "Entitlements.plist" file from "NO" to "YES."

edited Feb 12 '19 at 14:01

Rob

2,618
2
22
29

answered Feb 12 '19 at 13:55

joemamma

11
2

Alexey Komov · Answer 13 · 2019-05-02T17:40:06.750

1

In my case the issue was following: provisioning profile used for build step was created for different app id than provisioning profile used for export step.

So make sure you're using the same provisioning profile for build and export step.

edited May 02 '19 at 17:40

answered Apr 30 '19 at 12:20

Alexey Komov

21
2

Because I wanted to highlight that this error may occur because of different provisioning profiles on build and export step. Error message is not helpful to find root cause in this case. As for why answer is late - this error isn't bound to some specific period of time. So it happened 1 year ago and happens now all the same. Accepted answer didn't work in my case. – Alexey Komov May 02 '19 at 11:01

score 1 · Answer 14 · answered Jul 14 '20 at 15:11

1

What worked for me was that I made the archive in XCode 11, and did the upload in it Xcode 12 beta.

answered Jul 14 '20 at 15:11

fullmoon

8,030
5
43
58

score 1 · Answer 15 · answered May 25 '22 at 12:23

Just have a look, whether the "Sign in with Apple" capability is added along with other capabilities such as "Background Modes" & "Push Notifications"!

In my case, it was there.

So after deleting the "Sign in with Apple" capability, it got removed from the 'project.entitlements' file and the provision profiles got synced immediately.

score 0 · Answer 16 · answered Sep 11 '17 at 05:16

0

Cross check capabilities in the app with options you enabled for your App Id in your developer account.

answered Sep 11 '17 at 05:16

KavyaKavita

1,581
9
16

It's a free app and I haven't enabled anything, and it is just so frustrating. It installs just fine on my device, I just don't know where to look. – Paul Raymond Sep 11 '17 at 05:46
can you share screenshots of both ? – KavyaKavita Sep 11 '17 at 05:50
what do you want a screenshot of? – Paul Raymond Sep 12 '17 at 02:59
screenshot of capabilities section and App Id configuration on a developer account – KavyaKavita Sep 12 '17 at 03:27

score 0 · Answer 17 · answered Mar 01 '18 at 08:51

0

I tried a few options listed in the answers here but none helped, however, toggling the checkbox "Automatically manage signing" off and on fixed the problem.

answered Mar 01 '18 at 08:51

john316

306
1
8

score 0 · Answer 18 · answered Feb 17 '19 at 04:42

TL;DR: check your App ID and make sure the services are matching what's in your target.

What happened to me was that I let Xcode 10.1 help me create an App ID, and after that, I run into the problem as described here. (I selected whildcard app ID when I created the app in iTunesConnect, so I didn't even realized this was done.) When I opened iOS developer portal, the new app ID has Game Center and In App Purchase enabled automatically.

Since I couldn't enable Game Center in your Target -> Capabilities, I enabled In App Purchase, and then my app could be signed and uploaded.

score 0 · Answer 19 · answered Nov 29 '19 at 16:48

When we faced the same issue, we tried all the above things but none of it worked.

What worked for us is changing the bundle identifier so that it was not identical to the previous one, for example "com.name.App" to "com.name.App2"; let xcode attempt to fetch/create provisioning profile and then chance it back to the original one.

Got this idea from this thread on Apple's developer forums- https://forums.developer.apple.com/thread/114539

score 0 · Answer 20 · answered Mar 10 '20 at 15:40

I came across this page recently after trying to create a duplicate target - none of the suggestions were working for me. Further investigation, and some amount of hair pulling, eventually led me to scouring through the build settings for my app to try and figure out what was wrong.

It turned out that my project was still pointing to the entitlements file of the ORIGINAL target, rather than having one of its own. To resolve this, I navigated to the original entitlements file in Finder (e.g. ${SRCROOT}/MyProject/Entitlements/TargetName.entitlements), created a copy within the same folder and then renamed it (e.g NewTargetName.entitlements).

Then, I opened my new entitlements file and changed the application-identifier field to match the ending of my new target's bundle identifier (e.g. ABCDEFGH.US.co.fake-company.superduperapp-newtargetname).

Finally, I updated the 'Code Signing Entitlements' field in the build settings to the path of my entitlements file (for me, this was something along the lines of ${SRCROOT}/MyProject/Entitlements/TargetName.entitlements).

I returned to the Signing & Capabilities tab, and lo, the issue was fixed. Hope someone out there finds this useful.

score 0 · Answer 21 · answered Jun 10 '20 at 11:29

0

Go to Xcode's Info tab and change Bundle identifier field - after changing app name it didn't change even though I changed Bundle Identifier on the General tab. The above fixes did not work for me but this one did instantly.

answered Jun 10 '20 at 11:29

hardfi

59
3

Eneko Alonso · Answer 22 · 2020-07-24T04:47:16.210

I had this issue with a brand new app, in Xcode 12 beta 3 (app submissions started today).

Xcode had "Automatically manage signing" on. However, the Team ID displayed in the "Signing Certificate" didn't match the Team ID displayed in iTunes Connect website. This was the root cause preventing the app from being uploaded.

How I fixed it:

I manually created a provisioning profile for App Store distribution
In Xcode, I tapped on "Download manual profiles" in Preferences -> Account
Then, I turned off "Automatically manage signing".
Once I selected the provisioning profile in the dropdown, the correct Team ID appeared under "Signing Certificate"

Jamal · Answer 23 · 2020-08-07T08:27:17.653

I ran into the same issue while setting up a Gitlab pipeline that runs exportArchive cmd and uploads to AppStore. I was able to get it to work by changing the DEVELOPMENT_TEAM in Build Settings to the same Team selected in Signing & Certs.

Because previously it was set to blank which was using another DEV TEAM id by default which was incorrect and didn't match and it was complaining about the "application-identifier" = 12331232.com.bannana.apples.peach not matching. Which lead me to setting the correct DEV TEAM and it worked.

Xcode ver: Version 11.3.1

I hope this helps somebody.

score 0 · Answer 24 · answered Oct 01 '20 at 00:11

Our Setup

Multiple targets:

sub-apps
watch
app clip
today widget

...and use iCloud.

Turning iCloud on and off was not an option for us. We already use it in production and rather not mess with it... I got the original question's message and this variation at some point as well:

Profile doesn't match the entitlements file's values for the application-identifier and keychain-access-groups entitlements.

Solution

Hinted from other responses here, We made sure that all targets would have a .entitlements file. If the target had none we created an empty one like so:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

...and pointed it's target Code Signing Entitlement in Build Settings to the empty .entitlements file.

Solved!

score 0 · Answer 25 · answered Oct 08 '20 at 22:24

0

Delete all profiles located in ~/Library/MobileDevice/Provisioning Profiles/

answered Oct 08 '20 at 22:24

PerfectGamesOnline.com

1,774
1
18
31

Carlos Chaguendo · Answer 26 · 2021-06-17T03:33:32.353

0

in my case , I had to put :

 <key>aps-environment</key>
 <string>development</string>

in all files with extension .entitlements

edited Jun 17 '21 at 03:33

answered Jun 17 '21 at 03:09

Carlos Chaguendo

2,895
19
24

score 0 · Answer 27 · answered Aug 02 '21 at 12:12

In my case I am creating multiple apps from one code base using --dart-define, and building flavors in flutter app. I have done everything right but only one as mentioned in the comment above https://stackoverflow.com/a/65292545/8787695

I have already written app_suffix in the build settings (PRODUCT_BUNDLE_IDENTIFIER = com.flutter.myapp$(APP_SUFFIX)). but I have also written app_suffix in the info tab to the Bundle identifier.

score 0 · Answer 28 · answered Feb 20 '22 at 19:21

0

I have the same problem because I had a wrong value in iCloud Key-Value Store inside the entitlements file. I set the following value and the error was solved:

iCloud Key-Value Store = $(TeamIdentifierPrefix)$(CFBundleIdentifier)

answered Feb 20 '22 at 19:21

pableiros

14,932
12
99
105

score 0 · Answer 29 · answered Oct 06 '22 at 10:47

0

Removing this fixed the issue on my side.

OTHER_CODE_SIGN_FLAGS = "--deep";

My main target had this build setting and that way it overwrote the code signing entitlement of the embedded application with the parent code signing entitlement.

answered Oct 06 '22 at 10:47

Lukas Würzburger

6,543
7
41
75

score 0 · Answer 30 · answered Jul 28 '23 at 13:23

0

Removing and creating a new Provision profile from https://developer.apple.com/account/resources/profiles/list and then reinstalling it worked for me

answered Jul 28 '23 at 13:23

Pawel Molodkin

135
5

score 0 · Answer 31 · answered Aug 15 '23 at 10:50

My case was solved because the "Bundle Identifier" was different between the apple developer account (https://developer.apple.com/account/resources/identifiers/list)

com.companyname.appname

and xcode (Signing & Capabilities tab) had:

com.companyname.AppName

(the capital letters caused the problem) Once i made them the same name it worked. It took me 4 hours to figure that out

Profile doesn't match the entitlements file's value for the application-identifier entitlement

31 Answers31

Our Setup

Solution

Linked