134

I have an app for submission when it got rejected and I got the message

Missing Push Notification Entitlement - Your app appears to register with the Apple Push Notification service, but the app signature's entitlements do not include the "aps-environment" entitlement. If your app uses the Apple Push Notification service, make sure your App ID is enabled for Push Notification in the Provisioning Portal, and resubmit after signing your app with a Distribution provisioning profile that includes the "aps-environment" entitlement.

I checked my ad-hoc provisiong and there I found aps-environment and production however, when I open up my distribution provisioning, I don't find such.

Is this the cause of this error message and apple rejection, how can I fix it?

Buntylm
  • 7,281
  • 1
  • 27
  • 51
mirageservo
  • 2,203
  • 4
  • 20
  • 29

18 Answers18

81

Yes, that's the cause of the App Store rejection. If your ad-hoc provisioning profile has the aps-environment key, it means your app is configured correctly in the Apple Provisioning Portal. All you need to do is delete the App Store distribution profile on your local machine, then re-download and install the distribution profile from the Provisioning Portal. This new one should contain the aps-environment key.

Joshua Pinter
  • 37,288
  • 19
  • 208
  • 218
tom
  • 17,502
  • 4
  • 31
  • 33
  • Just to clear some more fog, this fairly states that the "distribution profile MUST have the aps-environment, etc" in it, and that when I open the provisioning in a text editor, I should find it lying there... – mirageservo Feb 11 '13 at 07:11
  • do i need to generate a new ssl certificate, specially when i have changed something from my distribution profile? – mirageservo Feb 12 '13 at 09:37
  • 2
    Nope, no need for a new developer certificate. When you enabled distribution for push notifications (which you must have done at some point because your ad hoc profile has the aps-environment key), the iTunes Provisioning Portal generates a new app store distribution profile containing the aps-environment key. You probably just haven'd downloaded and installed the latest. – tom Feb 12 '13 at 17:49
  • one more thing before this question gets to galaxy, do i need to recompile (re-archive) the ipa, since there would be a change in the project build settings or, i can directly distribute the app without bothering a recompilation? – mirageservo Feb 13 '13 at 05:45
  • You need to re-archive. The provisioning profile associated with the app gets embedded into the .ipa. – tom Feb 13 '13 at 05:50
  • Tom, this is getting nowhere, but could you extend your hand, now its signed with a distribution profile, it can no longer be played upon (test) if its working, etc... (i suppose because this release would be the one to be sent and be made ready in the appstore) - just to clear the cloud over my head. – mirageservo Feb 13 '13 at 06:57
  • Just to close the open comment question I've made, Apple iOS relies heavily on the profile certificates, you should really take note that once you have submitted the app with a distrib profile, (it is assumed that you have tested everything with test profile), you can't do (testing) anywmore with distrib profile, that's already a production thing. so test everything while test/dev profile is installed then submit to appstore with the distrib profile – mirageservo Feb 12 '15 at 00:14
  • Strange thing, when I check the details of my account in XCode (XCode -> Preferences -> Accounts -> View Details), I see the provisioning profile I just downloaded, but I do not see an icon for the Push Notification entitlement... Still, when I use it to Validate or Submit to App Store, I can see that the `aps-environment` is in the Entitlements list. – Raphael Royer-Rivard Jul 08 '15 at 21:39
  • @tom i have not provide any push notification service and my AppID is also don't have tick with push service. still I got this warning. any solution ? – Rushi trivedi Sep 28 '17 at 14:46
  • saddled with this same error, 8 builds later haven't resolved the issue... headache! – Ryan Barrett Jan 23 '20 at 20:24
44

First App ID

make sure your ID push notification enable in production side

as appear in picture

enter image description here

Second Certificate

from production section create two certificate with your id (push notification enabled)

App Store and Ad Hoc certificate

Apple Push Notification service SSL (Sandbox) certificate

enter image description here

Third Provisioning Profiles

From Distribution section create App Store profile with your id

Finally

while you upload your bin , you must check what provisioning profile used and have many entitlements

enter image description here

this all cases cause this problem hope this be helpful with you

Mina Fawzy
  • 18,268
  • 13
  • 118
  • 129
  • 1
    This is what I was missing. I had to create a new provisioning profile in the apple developer site using the App ID with push notifications. With the new provisioning profile, finally the aps-environment entitlement was added to my app. Thank you! – M. Luisa Carrión May 09 '16 at 17:44
38

In XCode 8 you need to enable push in the Capabilities tab on your target, on top of enabling everything on the provisions and certificates: Xcode 8 "the aps-environment entitlement is missing from the app's signature" on submit

My blog post about this here.

Community
  • 1
  • 1
Vaiden
  • 14,116
  • 6
  • 55
  • 86
  • 8
    This is such classic Apple. Two hours after I submit a build they send an error message about an issue that I've long since resolved (enabling Push Notification Application Service in the Dev Portal) and is explained with a link to a 404. Then it turns out that the real issue is they didn't migrate my settings when upgrading to a new version of their software (that I'm locked into). Ugh. – Rembrandt Q. Einstein Oct 21 '16 at 18:25
  • 3
    Same story here. We almost dismissed the error message as an Apple bug. – Vaiden Oct 31 '16 at 13:27
23

I got this message for a different reason -- I submitted an app via Xcode without first creating an App Store Distribution Profile specifically for the app. I believe Xcode automatically uses a wildcard App Store profile if you have one installed. But an app uses Push Notifications requires its own profile.

The fix is to create a new App Store Distribution profile for the app. Then you download it, drag it onto Xcode, and modify your project Build Settings > Code Signing > Release to use the new profile.

shim
  • 7,170
  • 10
  • 62
  • 95
Simon Woodside
  • 6,822
  • 4
  • 47
  • 64
12

Following on from the answer given by @Vaiden, in Xcode 8 you can resolve this issue by selecting the target and clicking the "Fix issue". Of course, you'll still need to set up push notifications in the Apple Developer portal (you can simplify the process a little by using the new "Automatically manage signing" option, which saves you the hassle of downloading the provisioning profiles).

Fix me option

Ian
  • 7,090
  • 2
  • 43
  • 51
8

For those running into this issue who actually are using Push Notifications in their apps:

Our push certs were recently about to expire, so we created new dev / prod push certs in the standard way outlined by Apple (I won't go into detail around this here, there is plenty of info on it all over the web when updating your push certs for another year of use).

After doing so however, the issue in this question popped up. No matter what we did, we received this email from Apple after submitting our app. When we checked the settings of our Distribution Provisioning Profile in the Apple Member Center, everything looked fine (Push was enabled for our App ID for both prod / dev, and our distribution provisioning profile was still connected to this App ID, we literally just created new push certs for another year as is the standard practice).

Finally, this is what ended up solving it for me:

  1. Create a new Distribution Provisioning Profile pointing to your App ID (leave your current one in tact)
  2. In Xcode, refresh your provisioning profiles via Settings > Accounts > Select your account > Details > Click the refresh icon
  3. Manually create an entitlements plist file for your app:
    • File menu > New File...
    • Select iOS > Resource > Property List
    • Name the new file "foo.entitlements" (typically, "foo" is the target name)
    • Click the (+) next to "Entitlements File" to add a top-level item (the property list editor will use the correct schema due to the file extension)
  4. Ensure this entitlements file is being used in your target's Build Settings (Target > Build Settings > Search for "Entitlements", in the CODE_SIGN_ENTITLEMENTS set the path to your Entitlements file you just made)
  5. Make sure the provisioning profile / code signing identity in your Target is set correctly to your appropriate distribution provisioning profile / signing identity (this should be obvious)
  6. I'm not 100% sure if this affected it (it shouldn't since Target settings override project settings, but I did this anyways), make sure your Project's provisioning profile / signing identity match your Target's
  7. In the entitlements file you made, right click in the empty file and select "Show Raw Keys/Values"
  8. Add a new entry to the entitlements file called "aps-environment" and set it's value to "production"
  9. One key note, if you were previously using the keychain-access-groups entitlement, you'll want to add that key here as well because for some reason it got cleared for me when doing this manually. Make sure the value is the same as the value used in previous builds (you can find the value by finding a previous build in Organizer, attempting to submit to the app store, select your team, then before submitting the app tap the arrow beside the "(X) Entitlements" string to expand the entitlements and see the value of the keychain-access-group entitlement.
  10. Archive your app and attempt to submit it to the point of getting to the final "Submit" button. You should see this app was now built with the new provisioning profile you created in member center. Cancel out of this now.
  11. Go back to the Apple member center and delete the new provisioning profile you created in step 1.
  12. Back in Xcode, refresh your provisioning profiles list once again by repeating step 2.
  13. Now archive your app again, and you should see that the app was built with the old Distribution provisioning profile you wanted to use, and correctly has the aps-environment entitlement. Submit and you're done.

I know this isn't as detailed as it should be as it should have screenshots, I will try to update it with screenshots when I can but for the time being I'm in a time crunch right now and wanted to get the jist of what I did out there. There is also a very likely chance that some or most of the steps I've outlined aren't necessary, I'm putting them here because I did them and they may have led to the final solution.

Adam Eisfeld
  • 1,246
  • 2
  • 12
  • 23
  • Thank you. #8 for me was set to development, which could be our issue. – ingage Nov 16 '16 at 05:47
  • Thank you so much, wasted an entire day on this shittery, step #4 was the problem, for some reason without specifying CODE_SIGN_ENTITLEMENTS the entitlements were ignored on app store upload only. – Mark Kazakov Jan 03 '18 at 20:17
5

check Your App Id is Push Enabled or not on developer.apple.com in iOS Provisioning Portal If Not then Enabled it,configure Your Push SSL Certificate for your App Id Download it, and Reinstall in Your Keychain Once again then Download Your Distrubution Profile install in your Xcode Liabrary

Vishal's p
  • 308
  • 4
  • 18
4

I was also facing this issue even I was not using push notifications at all in my app.Making new provisioning profile also did not work for me.What I did was:-

1.Create fresh new certificate for Ad hoc & App Store only.

2.Then make distribution profile with this certificate and integrate profile with Xcode.

Then newly submitted build with this profile approved without any warning.

Desert Rose
  • 3,238
  • 1
  • 27
  • 35
  • 2
    i tried this - didn't help. still getting the missing push notifications thing.. i don't use push notifications ! – Adam Jul 11 '16 at 15:40
3

This was what fixed it for me. (I had already tried toggling the capabilities on/off, recreating the provisioning profile, etc).

In the Build Settings tab, in Code Signing Entitlements, my .entitlements file wasn't link for all sections. Once I added it to the Any SDK section, the error was resolved.

enter image description here

mogile_oli
  • 2,028
  • 2
  • 18
  • 20
3

To solve this for an expo 'ejected' app, I went to the capabilities tab, enabled push, then disabled it again. This removed the APNS 'entitlements' setting from the .entitlements file.

Chris
  • 37,118
  • 43
  • 178
  • 226
2

In my case, even I created a myapp.profile and set it in xcode manually, and when I chose "show in finder" and located the embedded.mobileprovision and checked to make sure aps-environment is there in the file, the error was still there.

I then went to developer center and found that the status of XC: myapp.profile is invalid. I updated it and installed the XC: myapp.profile and it worked fine.

I think xcode is trying to manage the profile and you need to check the provisioning profile when you submit your binary to store, and ensure it is the correct one. And according to other answers it can be caused for various reasons so it can be really annoying.

UPDATE:

Once you've signed with the downloaded profile and confirmed that aps-environment was there when you try to submit to App Store, you should be able to change the profile and code signing entity to automatic and iOS Developer. Hope it can be improved in Xcode 7.

superarts.org
  • 6,508
  • 1
  • 53
  • 43
  • I have checked all the profiles and also XC: profile is updated and it don't include any asp-environment key there still i got the same issue again and again. Any help will be appreciated. And yes i don't need any push notification implemented in application – The iOSDev Aug 04 '15 at 09:13
  • Could you make sure by check the binary contents of the provisioning profile and see if the string "aps-environment" is inside or not please? If it's inside you need to find some way to get rid of it, otherwise you need to make sure that profile is the one you're signing your app with. Either way there's got to be a problem. – superarts.org Aug 05 '15 at 01:05
  • 1
    I have checked it twice and try to find out more but no luck. There is no string like that but after 2days of search and tries, I got one thing conformed that this issue is with Xcode 7 beta not with my code :) Same build through Xcode 6.4 is perfectly working and there is no email from Apple reporting that issue so the issue is with Xcode 7 beta 4 not with code or profile. – The iOSDev Aug 07 '15 at 10:38
2

FIX IDEA Hey guys so i have made an app and did not used any push notification functions but i still got an email. After checking the certificates, ids and profiles of the bundle identifier i used to create my app in apple store connect in the apple developer portal i realized that push notificiations were turned on.

What you have to do is:

go to apple developer login site where you can manage your certificates a.s.o 2. select "Certificates, IDs and Profiles" Tab on the right side 3. now select "Identifiers" 4. and the bundle id from the list to the right 5. now scroll down till you see push notification 6. turn it off 7. archive your build and reupload it to Apple Store Connect

Hope it helps!

Qooplite
  • 21
  • 2
1

I had the same problem and my solution was to add the push notification entitlement from Target -> Capabilities.

Shalom Dahan
  • 215
  • 5
  • 18
0

This happened to me suddenly because my app's distribution profile had expired. Xcode began using the wildcard profile instead, which did not have the push notification entitlement enabled. I didn't receive any warning. The fix was easy; I just had to generate another distribution profile for my app in the Apple Developer Member Center, download it, and double-click to install in Xcode.

ahmacleod
  • 4,180
  • 17
  • 42
0

There are some really good suggestions on here.

Referring to the last screenshot that Mina provided, after initially archiving my app, the provisioning profile mentioned during uploading contained a wildcard (XC.*). This is wrong.

It took some considerable effort in order to resolve this. I had to perform a combination of the suggestions that Simon Woodside & Mina Fawzy provided.

If you have any existing certificates and provisioning profiles related to your project, now would be a good time to remove them all locally, and revoke them all remotely. Give yourself a fresh start.

Mina Fawzy's detailed suggestion is excellent. Performing Mina's suggestion, if performed correctly, should take care of you online.

Enter Simon's suggestion. Two things I needed to check inside my project. Using XCode, go here:

PROJECT -> BUILD SETTINGS -> CODE SIGNING

Review the Code Signing Identity and Provisioning Profile properties. Make sure you set those two properties to that of your project name. Don't allow XCode to automatically select for you, and don't use some generic code signing identity (e.g. Iphone Developer).

Make sure you can actually install the app onto your devices before deciding to archive.

Coach Roebuck
  • 795
  • 2
  • 11
  • 18
0

The biggest problem that i have after enabling the Push Notification from Capabilities and remaking all the certificates is that the Target name and the folder name where was stored the project was composed from 2 strings separated by space. After removing the space all worked just fine!

Constantin Saulenco
  • 2,185
  • 18
  • 41
  • 1
    My app is not using push notification but still I am getting this warning from apple. Please suggest – Chandni May 23 '18 at 13:06
0

I had this problem because my entitlements file was malformed due to previous manual editing. I removed the wrongly formatted entitlement entry syntax and then i could click "fix" in the capabilities tab and Xcode added the entitlement to my file.

Here is an example of a properly formatted entitlements file ("Runner.entitlements"):

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>aps-environment</key>
    <string>development</string>
    <key>com.apple.developer.applesignin</key>
    <array>
        <string>Default</string>
    </array>
</dict>
</plist>
Jonas357
  • 103
  • 1
  • 10
0

In Flutter

You can add a file Runner.entitlements under ios/Runner with below content and after created your file parh will be like ios/Runner/Runner.entitlements :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>aps-environment</key>
    <string>development</string>
</dict>
</plist>
Paresh Mangukiya
  • 14,668
  • 7
  • 90
  • 90