Skip to main content
W
William Spence
Inspiring
July 10, 2019
Question

ERROR ITMS-90164: "Invalid Code Signing Entitlements.

  • July 10, 2019
  • 1 reply
  • 6433 views

My Distribution Certificate finally expired for the first time on the App Store as well as my Apple Push Notification Certificates.  I removed all of my certificates, created a new one for Distribution and Push Notifications, recreated my distribution profiles, compiled my .ipa as I have always done and when I upload my app, I get the following error:

ERROR ITMS-90164: "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. According to the provisioning profile, the bundle contains a key value that is not allowed: 'true' for the key 'get-task-allow' in 'Payload/MyApp.app/MyApp'.

Nowhere in my descriptor file do I even mention 'get-task-allow' in my entitlements so I don't know what is happening.  I thought that perhaps I had done something wrong creating all of my new certificates and distribution profiles, so I recreated all of them and tried again.  Same thing.  Has anyone ever seen this?  Can you give me some direction?

(My app does not currently do any push notifications, but I wanted to keep that door open while I was developing. I can't remember, do I need to do anything with the push notification certificate when I package the app, or does it just need to exist on Apple's servers?)

This topic has been closed for replies.

1 reply

Flipline
Flipline
Inspiring
July 10, 2019

I believe get-task-allow is automatically added to development provisioning profiles, and are not added to distribution provisioning profiles.  Are you sure you didn't accidentally try building an App Store distribution build with your development profile instead of your distribution profile?

If you have a Mac, you can also check to see what Entitlements are included in your provisioning profile with this Terminal command:

security cms -D -i /path/to/your/profile.mobileprovision

I just checked on my development profiles and they do have get-task-allow set to true, while my adhoc and appstore distribution profiles have get-task-allow set to false, so it might be worth checking the profile you're using for the App Store build to make sure it didn't get swapped for a development one.

W
William SpenceAuthor
Inspiring
July 10, 2019

Flipline, I really appreciate your detailed explanation, it quickly gave me hope But alas, this does not appear to be the issue at first glance.  Under entitlements, the app-environment is set to "production", and get-task-allow is set to "false" even though the error is reporting that it is set to true???

I don't know if it is simply the standard name of the key or if I actually am using a Developer Certificate by accident somehow, but there is a key named <key>DeveloperCertificates</key> with a huge string after it.  I figured it would be called DistributionCertificate or ProductionCertificate since it is a Distribution Profile.  Could you tell me if when you run the script you sent me in the Terminal, if your Production Profiles have a key named DeveloperCertificates?

W
William SpenceAuthor
Inspiring
July 10, 2019

I just checked an older profile that I still had, DeveloperCertificates is just the name of the key.  Any other thoughts?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices