I think there’s some confusion around entitlements, the *.mobileprovision file and the Info.plist file.
Entitlements
An entitlement is a right or privilege that grants an executable particular capabilities. For example, an app needs the HomeKit Entitlement — along with explicit user consent — to access a user’s home automation network. An app stores its entitlements as key-value pairs embedded in the code signature of its binary executable.
Info.plist
An information property list file is a structured text file that contains essential configuration information for a bundled executable. The system uses these keys and values to obtain information about your app and how it is configured. As a result, all bundled executables (plug-ins, frameworks, and apps) are expected to have an information property list file.
The .mobileprovision file
This file together with a signing identity is used when bundling an iOS game. The file is generated in the Apple Developer portal. It defines which application it can be applied to and if the application is packaged for development or distribution. It also defines which capabilities (read entitlements) the application has.
How we bundle
When we bundle an iOS application we ask for the mobileprovision and a signing identity (from your keychain). We extract the entitlements from the mobileprovision file and use it when we create the application bundle. The entitlements are extracted like this:
security cms -D -i foobar.mobileprovision -o foobar.xml
You can try this yourself from the command line!
If you specify that you want to Override Entitlements we ignore the entitlements in your mobileprovision file and use the one you specify. Otherwise we merge them.
The problem
After this very long intro we need to look at the actual problem. You want to add the key ITSAppUsesNonExemptEncryption. Apple definition of the property:
“Set the value for this key to NO in your app’s Information Property List file to indicate that your app—including any third-party libraries you link against—either uses no encryption, or only uses encryption that’s exempt from export compliance requirements, as described in Determine your export compliance requirements. Set the value to YES to indicate that your app uses non-exempt encryption.”
Note that it says Information Property List. It is not an entitlement and should not be merged into the entitlements. It must be stored in the Info.plist. That is why it works when you specify it in a full Info.plist file.
Yes, I agree. What you can do is to fake an empty extension in your project and add your stub .plist file with the property and let the build server merge it for you.