Unable to download app for new users, existing users can reinstall

Question

We have an enterprise app. New users get this in their console:

May 3 10:16:48 Super-iPhone installd(MobileSystemServices)[3184] <Notice>: 0x16e037000 +[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:]: 147: Failed to verify code signature of /private/var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.T5yQJd/extracted/Payload/myapp.app : 0xe8008015 (A valid provisioning profile for this executable was not found.) May 3 10:16:48 Super-iPhone installd(MobileSystemServices)[3184] <Notice>: 0x16e037000 -[MIInstaller performInstallationWithError:]: Verification stage failed

but users who already have the apps can still install the app (reinstalling it). Confirmed re-install by running the app, navigating to a different screen, then switching to the browser to reinstall. After re-installing (watching the progress indicator on the home screen), reopening the app starts up at the entrypoint.

If this is Certificate & provisioning related as I suspect, why can existing users re-download it?

Answer 1

It's likely that the provisioning profile embedded in the .ipa is either missing, invalid, corrupt or expired. Unzip the enterprise .ipa and open up the Payload/myapp.app/embedded.mobileprovision file (it will be binary but contain a chunk of plain text XML that most text editors will let you see). Check the application-identifier matches the app bundle ID and other fields including the the ExpirationDate are valid.

The reason the app installs over existing working ones is that the former, valid provisioning profile is likely still in place from the previous .ipa. This will be enough for a new version of the app (specifically based on the app bundle ID) to install and run. To check this you can always use Apple Configurator 2 and select the devices to look at the installed profiles. On a working device you could delete the provisioning profile and try the installation again and I suspect that would fail.