Why wont xcode build app on device but will build on simulator?

Question

I have a react native app. as of the last update theres now an app extension assocaited with it. freshly created parent app provisioning profiles/certificates have been generated. the correct entitlements have been confirmed both in the apple dev portal as well as in the .entitlements file. the app group has been added correctly. the extension also has the appropriate adhoc profile and certificate associated with it.

the app has no build/install issues in the debug variant, which is automatically signed.

the app has no build/install issues for the staging/release variant when automatically signed.

Im trying to build and install the release variant

however, when the app is signed manually (which i need to do in xcode to confirm there are no issues to debug my distribution issue through microsoft appcenter), the app builds fine but will not install on the device. i get the "App not installed" error.

opening the issue it says:

"The executable was signed with invalid entitlements". the code is -402620394.also: Domain: com.apple.dt.MobileDeviceErrorDomain, if thats helpful. theres no other information other tha stacktrace that doesnt appear too specific

Other info:

• i have an APS certificate that says its expired in my keychain access, but when i checked the apple dev portal, its still not expired.
• the release/staging variant will run on a simulator, but not on a physical device

Things ive tried:

• restarting xcode
• clearing derived data
• deleting app from device
• changing to legacy build system
• confirmed the correct adhoc profiles and certficates for parent app and extension
• recreated profiles/certificate again to be sure
• confirmed the certificate from the provisioning profile matches the correct certificate
• confirmed the development team for the app target, tests target and app extension are matching
• confirmed my device UDID is added to both provisioning profiles
• cleaning and building
• changing the APS environment value to 'production' in the .entitlements file

some screenshots:

Please dont suggest to use automatic signing. i cant for reasons stated above. i have to manually set the provisioning profile and .p12 certificate for the parent app and the provisioning profile for the app extension in my distribution tool (appcenter)

Any advice?

Answer 1

See here and here

In summary you can't ever install apps with App Store Distribution Certification directly into your phone. Only Apple can install apps signed with App Store Certificate.

If you want test out things, then either you test things in test flight and or you inspect the entitlements of the binary. You can do that following the instructions from dev forums here:

Check the Built Binary

The first step in debugging code signing entitlement problems is to check the actual entitlements of the binary. Xcode’s process for setting entitlements is quite complex, and it depends on various inputs, so it’s important to start by checking the output rather than looking at just the inputs.

To check the entitlements in your binary run the following command:

$ codesign -d --entitlements :- NetworkExtensionSample.app
Executable=…/NetworkExtensionSample.app/NetworkExtensionSample
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" …>
<plist version="1.0">
<dict>
    <key>application-identifier</key>
    <string>SKMME9E2Y8.com.example.apple-samplecode.NetworkExtensionSample</string>
    <key>com.apple.developer.networking.vpn.api</key>
    <array>
        <string>allow-vpn</string>
    </array>
    <key>com.apple.developer.team-identifier</key>
    <string>SKMME9E2Y8</string>
    <key>get-task-allow</key>
    <true/>
</dict>
</plist>