Xcode error when running on connected device: "he executable was signed with invalid entitlements"

Question

Issue Description

I'm working on an app based on ReactNative 0.40, I am using Fastlane for beta deployments and I'm using Match to manage my signing profiles. Most things work as expected, however:

Issue: When I try to run my app on a physical device directly from Xcode 8, it gives me this error:

This is what I've tried:

• [x] Follow Apple's Entitlements Troubleshooting Guide
• [x] made sure that the entitlements selected in XCode's "Capabilities" screen match the ones selected in the app id on the developer panel.
• [x] Re-ran match. i.e. fastlane match development fastlane match adhoc fastlane match appstore
• [x] Ran fastlane match decrypt and then security cms -D -i /path/to/***.mobileprovision. Although I'm not entirely sure what I'm looking for that is missing/extra/invalid.

Questions:

1. What should these settings be for both the project and the target?

2. Which signing identity should be used for running the app on a device from xcode during development?

3. What else can I try to troubleshoot this?

Answer 1

... and, finally fixed this. Just in case some other poor soul out there is spinning their wheels, here's what was broken in my case.

The App ID on the dev portal has 3 options for data protection:

However, Xcode doesn't:

The setting has to match anyway, so I hadn't noticed that the entitlements file was set to NSFileProtectionComplete as opposed to NSFileProtectionCompleteUntilFirstUserAuthentication

Making that change, along with switching to Automatic Signing (which in hindsight might have had no effect), fixed the issue. I may switch back to match-managed development profiles and see what happens.