135
votes

I have an app for submission when it got rejected and I got the message

Missing Push Notification Entitlement - Your app appears to register with the Apple Push Notification service, but the app signature's entitlements do not include the "aps-environment" entitlement. If your app uses the Apple Push Notification service, make sure your App ID is enabled for Push Notification in the Provisioning Portal, and resubmit after signing your app with a Distribution provisioning profile that includes the "aps-environment" entitlement.

I checked my ad-hoc provisiong and there I found aps-environment and production however, when I open up my distribution provisioning, I don't find such.

Is this the cause of this error message and apple rejection, how can I fix it?

18

18 Answers

81
votes

Yes, that's the cause of the App Store rejection. If your ad-hoc provisioning profile has the aps-environment key, it means your app is configured correctly in the Apple Provisioning Portal. All you need to do is delete the App Store distribution profile on your local machine, then re-download and install the distribution profile from the Provisioning Portal. This new one should contain the aps-environment key.

44
votes

First App ID

make sure your ID push notification enable in production side

as appear in picture

enter image description here

Second Certificate

from production section create two certificate with your id (push notification enabled)

App Store and Ad Hoc certificate

Apple Push Notification service SSL (Sandbox) certificate

enter image description here

Third Provisioning Profiles

From Distribution section create App Store profile with your id

Finally

while you upload your bin , you must check what provisioning profile used and have many entitlements

enter image description here

this all cases cause this problem hope this be helpful with you

38
votes

In XCode 8 you need to enable push in the Capabilities tab on your target, on top of enabling everything on the provisions and certificates: Xcode 8 "the aps-environment entitlement is missing from the app's signature" on submit

My blog post about this here.

23
votes

I got this message for a different reason -- I submitted an app via Xcode without first creating an App Store Distribution Profile specifically for the app. I believe Xcode automatically uses a wildcard App Store profile if you have one installed. But an app uses Push Notifications requires its own profile.

The fix is to create a new App Store Distribution profile for the app. Then you download it, drag it onto Xcode, and modify your project Build Settings > Code Signing > Release to use the new profile.

12
votes

Following on from the answer given by @Vaiden, in Xcode 8 you can resolve this issue by selecting the target and clicking the "Fix issue". Of course, you'll still need to set up push notifications in the Apple Developer portal (you can simplify the process a little by using the new "Automatically manage signing" option, which saves you the hassle of downloading the provisioning profiles).

Fix me option

8
votes

For those running into this issue who actually are using Push Notifications in their apps:

Our push certs were recently about to expire, so we created new dev / prod push certs in the standard way outlined by Apple (I won't go into detail around this here, there is plenty of info on it all over the web when updating your push certs for another year of use).

After doing so however, the issue in this question popped up. No matter what we did, we received this email from Apple after submitting our app. When we checked the settings of our Distribution Provisioning Profile in the Apple Member Center, everything looked fine (Push was enabled for our App ID for both prod / dev, and our distribution provisioning profile was still connected to this App ID, we literally just created new push certs for another year as is the standard practice).

Finally, this is what ended up solving it for me:

  1. Create a new Distribution Provisioning Profile pointing to your App ID (leave your current one in tact)
  2. In Xcode, refresh your provisioning profiles via Settings > Accounts > Select your account > Details > Click the refresh icon
  3. Manually create an entitlements plist file for your app:
    • File menu > New File...
    • Select iOS > Resource > Property List
    • Name the new file "foo.entitlements" (typically, "foo" is the target name)
    • Click the (+) next to "Entitlements File" to add a top-level item (the property list editor will use the correct schema due to the file extension)
  4. Ensure this entitlements file is being used in your target's Build Settings (Target > Build Settings > Search for "Entitlements", in the CODE_SIGN_ENTITLEMENTS set the path to your Entitlements file you just made)
  5. Make sure the provisioning profile / code signing identity in your Target is set correctly to your appropriate distribution provisioning profile / signing identity (this should be obvious)
  6. I'm not 100% sure if this affected it (it shouldn't since Target settings override project settings, but I did this anyways), make sure your Project's provisioning profile / signing identity match your Target's
  7. In the entitlements file you made, right click in the empty file and select "Show Raw Keys/Values"
  8. Add a new entry to the entitlements file called "aps-environment" and set it's value to "production"
  9. One key note, if you were previously using the keychain-access-groups entitlement, you'll want to add that key here as well because for some reason it got cleared for me when doing this manually. Make sure the value is the same as the value used in previous builds (you can find the value by finding a previous build in Organizer, attempting to submit to the app store, select your team, then before submitting the app tap the arrow beside the "(X) Entitlements" string to expand the entitlements and see the value of the keychain-access-group entitlement.
  10. Archive your app and attempt to submit it to the point of getting to the final "Submit" button. You should see this app was now built with the new provisioning profile you created in member center. Cancel out of this now.
  11. Go back to the Apple member center and delete the new provisioning profile you created in step 1.
  12. Back in Xcode, refresh your provisioning profiles list once again by repeating step 2.
  13. Now archive your app again, and you should see that the app was built with the old Distribution provisioning profile you wanted to use, and correctly has the aps-environment entitlement. Submit and you're done.

I know this isn't as detailed as it should be as it should have screenshots, I will try to update it with screenshots when I can but for the time being I'm in a time crunch right now and wanted to get the jist of what I did out there. There is also a very likely chance that some or most of the steps I've outlined aren't necessary, I'm putting them here because I did them and they may have led to the final solution.

5
votes

check Your App Id is Push Enabled or not on developer.apple.com in iOS Provisioning Portal If Not then Enabled it,configure Your Push SSL Certificate for your App Id Download it, and Reinstall in Your Keychain Once again then Download Your Distrubution Profile install in your Xcode Liabrary

4
votes

I was also facing this issue even I was not using push notifications at all in my app.Making new provisioning profile also did not work for me.What I did was:-

1.Create fresh new certificate for Ad hoc & App Store only.

2.Then make distribution profile with this certificate and integrate profile with Xcode.

Then newly submitted build with this profile approved without any warning.

3
votes

This was what fixed it for me. (I had already tried toggling the capabilities on/off, recreating the provisioning profile, etc).

In the Build Settings tab, in Code Signing Entitlements, my .entitlements file wasn't link for all sections. Once I added it to the Any SDK section, the error was resolved.

enter image description here

3
votes

To solve this for an expo 'ejected' app, I went to the capabilities tab, enabled push, then disabled it again. This removed the APNS 'entitlements' setting from the .entitlements file.

2
votes

In my case, even I created a myapp.profile and set it in xcode manually, and when I chose "show in finder" and located the embedded.mobileprovision and checked to make sure aps-environment is there in the file, the error was still there.

I then went to developer center and found that the status of XC: myapp.profile is invalid. I updated it and installed the XC: myapp.profile and it worked fine.

I think xcode is trying to manage the profile and you need to check the provisioning profile when you submit your binary to store, and ensure it is the correct one. And according to other answers it can be caused for various reasons so it can be really annoying.

UPDATE:

Once you've signed with the downloaded profile and confirmed that aps-environment was there when you try to submit to App Store, you should be able to change the profile and code signing entity to automatic and iOS Developer. Hope it can be improved in Xcode 7.

2
votes

FIX IDEA Hey guys so i have made an app and did not used any push notification functions but i still got an email. After checking the certificates, ids and profiles of the bundle identifier i used to create my app in apple store connect in the apple developer portal i realized that push notificiations were turned on.

What you have to do is:

go to apple developer login site where you can manage your certificates a.s.o 2. select "Certificates, IDs and Profiles" Tab on the right side 3. now select "Identifiers" 4. and the bundle id from the list to the right 5. now scroll down till you see push notification 6. turn it off 7. archive your build and reupload it to Apple Store Connect

Hope it helps!

1
votes

There are some really good suggestions on here.

Referring to the last screenshot that Mina provided, after initially archiving my app, the provisioning profile mentioned during uploading contained a wildcard (XC.*). This is wrong.

It took some considerable effort in order to resolve this. I had to perform a combination of the suggestions that Simon Woodside & Mina Fawzy provided.

If you have any existing certificates and provisioning profiles related to your project, now would be a good time to remove them all locally, and revoke them all remotely. Give yourself a fresh start.

Mina Fawzy's detailed suggestion is excellent. Performing Mina's suggestion, if performed correctly, should take care of you online.

Enter Simon's suggestion. Two things I needed to check inside my project. Using XCode, go here:

PROJECT -> BUILD SETTINGS -> CODE SIGNING

Review the Code Signing Identity and Provisioning Profile properties. Make sure you set those two properties to that of your project name. Don't allow XCode to automatically select for you, and don't use some generic code signing identity (e.g. Iphone Developer).

Make sure you can actually install the app onto your devices before deciding to archive.

1
votes

I had the same problem and my solution was to add the push notification entitlement from Target -> Capabilities.

0
votes

This happened to me suddenly because my app's distribution profile had expired. Xcode began using the wildcard profile instead, which did not have the push notification entitlement enabled. I didn't receive any warning. The fix was easy; I just had to generate another distribution profile for my app in the Apple Developer Member Center, download it, and double-click to install in Xcode.

0
votes

The biggest problem that i have after enabling the Push Notification from Capabilities and remaking all the certificates is that the Target name and the folder name where was stored the project was composed from 2 strings separated by space. After removing the space all worked just fine!

0
votes

I had this problem because my entitlements file was malformed due to previous manual editing. I removed the wrongly formatted entitlement entry syntax and then i could click "fix" in the capabilities tab and Xcode added the entitlement to my file.

Here is an example of a properly formatted entitlements file ("Runner.entitlements"):

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>aps-environment</key>
    <string>development</string>
    <key>com.apple.developer.applesignin</key>
    <array>
        <string>Default</string>
    </array>
</dict>
</plist>
0
votes

In Flutter

You can add a file Runner.entitlements under ios/Runner with below content and after created your file parh will be like ios/Runner/Runner.entitlements :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>aps-environment</key>
    <string>development</string>
</dict>
</plist>