iOS Ad-Hoc/.NET MAUI: What alternative causes might there be for iOS "This app cannot be installed because its integrity could not be verified"

We have recently migrated an application from Xamarin to MAUI. The application works fine in development environments, but in CI builds are producing Ad-Hoc .ipa files that can not be installed on correctly registered devices. Attempting to install the ipa on devices registered in the portal results in the error message "This app cannot be installed because its integrity could not be verified."

We have confirmed that:

• The same certificates and provisioning profiles on the same build machine are still being used by the release branch (Xamarin vFinal) to build Ad-Hoc ipa files which successfully install. Certificates are not expired. Provisioning profile is not expired. Devices are registered in the profile on the apple developer portal and downloaded to the machine via XCode.
• The app identifier, assembly name, and all relevant Info.plist values appear to be the same (although the old app previously only supported iPhone where the new app also supports iPad, if that is relevant).
• The OS version is compatible.
• Previous versions of the app have been completely removed from the device.
• Extracting (unzipping) the Xamarin and MAUI ipa files shows they have identical embedded.mobileprovision files.
• When uploaded to diawi, the output of the MAUI build identifies itself as an Ad-Hoc build of the same app, using the same provisioning profile and the same device list.

Looking around the internet, a lot of people imply that there's a large number of possible causes for this error message but I don't see a particularly definitive list. The only ones that seem to come up frequently are provisioning profile/certificate mismatch or devices not being registered in the developer portal, all of which we've verified in multiple ways.

Can anyone provide a comprehensive list of any additional potential causes that we can look into in order to find the cause/solution for our problem?

IMPORTANT: "Just use TestFlight" is not an answer to this question and will be down-voted as such. Just trying to get ahead of this since that seems to be a common railroad to other questions related to this error. We already use TestFlight but have a CI/CD process that allows Ad-Hoc testing which we wish to continue to support.

We don't see any documentation that suggests we shouldn't be able to do this anymore and it's unclear what the cause/difference is, besides migrating to MAUI (one difference to this is that the CI build now uses dotnet publish instead of msbuild from the now-discontinued VS for Mac).

Edit (per questions in the comments):

These are the only configuration-specific MSBuild properties in the csproj, but I should note that these were from earlier trial-and-error trying to copy some values from the old Xamarin csproj and didn't fix anything. The command line arguments mentioned below now override these values with ones that seems to produce the right results in the build log text (identifying the correct cert and provisioning profile), though we still se the install error.

MSBuild properties:

  <PropertyGroup Condition="$(TargetFramework.Contains('-ios')) and '$(Configuration)' == 'Ad-Hoc'">
    <CodesignKey>Iphone Distribution</CodesignKey>
    <CodesignProvision>Automatic:AdHoc</CodesignProvision>
    <ArchiveOnBuild>true</ArchiveOnBuild>
  </PropertyGroup>

Current command line overrides (based on values generated by connecting to the build agent mac from VS and selecting values in the project properties drop-downs based on this documentation):

dotnet publish -c Ad-Hoc -f net8.0-ios -p:ProvisioningType="manual" -p:CodesignProvision="" -p:CodesignKey="Apple Distribution" -p:ArchiveOnBuild=true -p:Version=%build.number% -p:FileVersion=%build.number% -p:RunInTeamCity=true -p:OutputPath=AdHoc %teamcity.build.checkoutDir%/src/<SolutionDir>/<SolutionFile>.sln