Developer Technical Supportに問い合わせたところ、調査して頂いた結果、
Mac上で動くiOSアプリにおいて、MacOSにentitlementsを検証する方法のバグがあることがわかりました。
iOS13.1以降で修正したいとのことでした。
今後、解決されることを期待します。
追記:
macOS 13.2 (22D49) で解消されました。
Developer Technical Support からの解析内容
macOS 12ではentitlements validatedとなってるが、なぜかmacOS 13ではそれがない。
iOSアプリ自体は正常にprovisioning profileも含まれており、問題なくアプリが作成されていた。
I looked at your issue in depth yesterday and I now understand its immediate cause. I ran your app on macOS 12 and macOS 13 and observed a key difference. Consider this on macOS 12:
…
code signing info = valid
refuse invalid pages
kill on invalid pages
require enforcement
require library validation
allowed mach-o
platform dyld
entitlements validated
…Now compare it with macOS 13:
…
code signing info = valid
refuse invalid pages
kill on invalid pages
require enforcement
require library validation
allowed mach-o
platform dyld
…Note that the
entitlements validatedproperty is missing. This indicates that your app claims a restricted entitlement but macOS was unable to find a provisioning profile to authorise that use.Based on this information I had a look at how TestFlight installs the provisioning profile necessary to run your app. AFAICT it has correctly created, downloaded, and installed that profile. For example, I see system log entries like this:
type: default
time: 2022-11-21 17:38:23.707839 +0000
process: com.apple.MobileInstallationHelperService
subsystem: com.apple.mis
category: mis
message: EF044D94-1FAF-46BA-9443-779EC2896B3B was picked for validationwhere the UUID is the UUID of your profile and like this:
type: default
time: 2022-11-21 17:38:23.474286 +0000
process: kernel
category:
message: AMFI: profile validated the code signatureI even found out where the profile is stored on the system [1], extracted it, and checked it manually. As far as I can tell it’s fine.
In summary, it’s a mystery to me why your app isn’t able to use the entitlements it claims.
Share and Enjoy
--
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
Developer Technical Support からの回答
信頼できるエンジニアと詳細に議論した結果、バグであることがわかりました。
遅かれ早かれこれを修正したいと考えています。
I discussed your issue in depth with one of our trusted execution system engineers and he confirmed my analysis. This is a bug with how the system validates entitlements for iOS apps running on Mac.
We hope to fix this sooner rather than later, but I don’t have any concrete information to share as to when that’ll happen. Right now we’re not seeding any beta releases of macOS (we just finished the seed program for macOS 13.1). When we next start seeding macOS beta releases again, drop me a line and I’ll check on the status of your bug.
Share and Enjoy
--
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
Developer Technical Support からの回答
macOS 13.2 betaでバグ修正に取り掛かります。
Right now we’re not seeding any beta releases of macOS
And a few hours later we started seeding macOS 13.2 beta (-:
The fix for this problem is /not/ in the current seed, macOS 13.2b1 (22D5027d). I recommend that you continue testing with beta releases as we seed them.
Share and Enjoy
--
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware