iosxcodeios-provisioningmac-catalyst

Catalyst app: How do I enable com.apple.developer.default-data-protection entitlement?


I am attempting to distribute a Catalyst app for beta testing. Since there's no Test Flight for Mac, my intent is to distribute a signed archive in order to minimize the amount warnings my users receive about running the app. I did the following:

  1. Archived for MyMac,
  2. Selected the archive from the "macOS Apps" list in the organizer,
  3. Clicked "Distribute App,"
  4. Chose "Developer ID."
  5. Selected "Upload"
  6. Selected "Automatically manage signing"

I expected it to be submitted for notarization, but instead received an error:

Provisioning profiled failed qualification. Profile doesn't include the com.apple.developer.default-data-protection entitlement.

I subsequently checked the Mac OS Provisioning profile via developer.apple.com. I have a profile that's labeled "XC OSX:" (assuming that means Xcode auto-generated) with a type field of "Developer ID Application." Sure enough, although it shows iCloud, in app purchases, etc., in the "Enabled Capabilities" section it does not have Data Protection.

But, in Xcode, when I select the target and go to "Signing and Capabilities," Data Protection is already listed. When I click the information "i" button next to the MacOS provision profile, it says com.apple.developer.default-data-protection is enabled. (it actually shows that for both the IOS and the MacOS provisioning profile).

enter image description here

Next, I looked at the Bundle Identifier on developer.apple.com and see Data Protection listed under capabilities:

enter image description here

I tried removing and re-adding Data Protection in Xcode, but the error still occurs.

I tried manually creating a Developer ID profile on developer.apple.com, but the resulting profile still lacks Data Protection.

I tried removing and re-adding Data Protection under the identifier on developer.apple.com. This successfully invalidated the existing profiles (both Xcode's and the one I created). When I again attempted signing, a new profile was created but it still lacks Data Protection and the error still occurs.

What am I missing here? What else do I have to do to enable Data Protection in the provisioning profile?


Solution

  • Burned a support ticket and found the answer. I read the message as:

    You failed. You don't have Data Protection (but you need it)

    But per Apple, it actually means:

    You failed. You want Data Protection (because you turned it on) but don't have it (because it's not supported in this config).

    So, the solution for "Data protection is missing" was... turn Data Protection off.