We've been creating iOS apps for a few years now, but when I tried last month, I got an error in my XCode that says: No profiles for 'com.os.hub.mth2' were found Xcode couldn't find any iOS App Development provisioning profiles matching 'xxx.xxx.xxx.xxx'. I'm not sure if it's the cause or not, but when I look at the signing certificates, the Developer ID Application Certificate says: Missing Private Key The weird part of that is that I see a private key with this name in my Keychain access, so I'm not sure what's wrong. There has been a significant time gap between now and the last time we created a mobile app, so I'm not sure if something changed in XCode/MacOS to cause this issue, or if something expired. I'd appreciate any advice.

Hello everyone, I'm facing a critical, blocking issue where my developer account (Team ID: K655PX7A46) is unable to generate a valid provisioning profile with the App Attest entitlement. I have confirmed this is a server-side issue and am hoping to get visibility from an Apple engineer who can investigate. The Problem: When I generate a provisioning profile for an App ID with the "App Attest" capability enabled, the resulting profile is defective. It is missing the required com.apple.developer.app-attest.environment key in its entitlements dictionary, causing Xcode to fail the build. What I Have Proven: The issue is not a misconfiguration. The App Attest capability is correctly enabled and saved on the App ID configuration page. The issue is not isolated to one App ID. I created a brand new App ID from scratch, enabled the capability during creation, and the server still generates a defective profile with the same missing entitlement. I have definitive proof by inspecting the downloaded .mobileprovision file. The contents confirm the required key is missing. Steps to Reproduce on My Account: Create a new App ID on the Developer Portal. Enable the "App Attest" capability and save. Generate a new "iOS App Development" provisioning profile for this App ID. Download the profile and inspect its contents via security cms -D -i [profile]. Observe that the com.apple.developer.app-attest.environment key is missing. The Evidence (Contents of the Defective Profile): Here is the output from inspecting the profile for a brand new App ID (com.technology519.linksi.app2). As you can see, the correct entitlement is missing, and an incorrect devicecheck entitlement is present instead. This is a critical bug in the provisioning profile generation service for my account that is blocking all development. I have already filed a support ticket (Case #102721408444) but have so far only received generic, unhelpful responses. Can an Apple engineer please investigate this server-side issue with my account? Thank you.

The device UDID was registered to the developer account 40 hours ago, the STATUS column was "processing" in the first 24 hours, then turned to empty. But I still can't run my app (with distribution method "development"), when I try to run it after download it through my OTA URL, it prompts “the app cannot be installed because its integrity could not be verified” but everything runs good on a iPhone which was registered a month ago. What should I do now? keep waiting?

Hello, my iOS apps are exiting right after launch on a few of our iOS devices. I tried a couple of my apps that are deployed to our fleet and they do the same thing. If I run the app(s) in the Simulator it works fine and if I run the app(s) on the offending devices it works fine as well. Once I stop the run in Xcode the app on the device will not launch. I'm thinking something is missing like a certificate etc. Just not sure. Any ideas on how to troubleshoot this? I would really like to get this fixed.

Hi all, I'm a solo iOS developer trying to update an app I released in 2010. My current Team ID is Q37598Q8GE, but the app's original App ID uses an old prefix, YHX995W43P. When I try to create a new App ID with the original Bundle ID (eu.andela.woordenes) to generate a new distribution provisioning profile, I get the error:An attribute in the provided entity has invalid value An App ID with Identifier 'eu.andela.woordenes' is not available. Please enter a different string. I understand this might be due to the old prefix from pre-2011, when Apple allowed multiple prefixes per account. I still have access to the app in App Store Connect and want to push an update, not create a new app. How can I resolve this?Can I reuse the existing App ID (eu.andela.woordenes with prefix YHX995W43P) for a new provisioning profile, or do I need to match my current Team ID (Q37598Q8GE)? If the Bundle ID is already taken by my current app, how do I update the app without changing the Bundle ID? Any steps to fix the prefix mismatch in Xcode or App Store Connect?

I got an email with the subject "Action Needed: Developer ID Application Certificate Expires in 30 Days" But on the cert page it's not exactly clear to my how to renew the cert or generate a new one. Confused by the fact that I already have half a dozen ...somehow? Any help or guidance appreciated.

I have a bizzare issue with my Apple TV that is shown as "iPod" in Apple developer portal. It's correctly visible in Xcode as Apple TV, but when I add it to developer portal it says "iPod". The problem is since it's there as an iPod I can't use it to my provisioning profile to build on the device Anyone has any idea how this can be solved? [Edited by Moderator]

We have a MacOS application that we plan on distributing standalone (it'll be installed through MDM or directly, not through the app store). We utilize endpoint security and full disk access for this (enterprise) app. I have a makefile that uses codesign to sign the app inside-out. All that appears to work (i.e., when I try to run the app directly it functions as I expect it to). What's the recommended way to allow the developers in my team to also sign the app for local development so it functions as close as possible to production? My first thought is to distribute the developer identity to their machines using MDM. However, ideally i'd like to rule out the ability for a developer who has the MDM profile assigned to export the keys. That really only leaves a centralized solution in place or disabling SIP on their system (which I don't want to do). Alternatively, would creating a separate identity for production make more sense, so that in the case the developer certificate is revoked, the production releases continue to function as normal (however, I assume this would also require creating two different profiles for the endpoint security entitlement--one for each certificate). Thanks! Derek

Hi, I'm having a really hard time figuring out why I cannot perform cloud signing via Developer ID with xcodebuild. I have a macOS application, which I can perfectly cloud sign the following way: Sign into Xcode with my Admin + Account Holder Apple ID. Delete my Developer ID Application certificate from Keychain Access. In Xcode, click Archive. When archived, click "Distribute App" in Xcode Organizer. The app is cloud signed. I prove this by extracting the certificate codesign --extract-certificates -- /path/to/app.app then locate the 1.2.840.113635.100.6.1.32 bit mentioned by Quinn in this post. I however do it by simply opening the certifiacte with Keychain Access, where I can investigate the content of the certificate, rather than use that tool he does. Then, I do the following to attempt to cloud sign via xcodebuild: Create an API Key for the whole team in Users and Access > Integrations > App Store Connect with the "Admin" role selected. Download the private key .p8 file to ~/Downloads. Sign out of my Apple ID in Xcode by removing the account in Settings > Accounts. Create an archive: xcodebuild archive -scheme "<redacted scheme name>" -archivePath ~/Downloads/archive.xcarchive -authenticationKeyIssuerID <redacted issuer id> -authenticationKeyID <redacted key id> -authenticationKeyPath ~/Downloads/AuthKey_<redacted key id>.p8 -allowProvisioningUpdates The archive is successfully created, with a new "Apple Development: Created via API (TEAM ID)" naming. Export the archive: xcodebuild -exportArchive -archivePath ~/Downloads/archive.xcarchive -authenticationKeyIssuerID <redacted issuer id> -authenticationKeyID <redacted key id> -authenticationKeyPath ~/Downloads/AuthKey_<redacted key id>.p8 -allowProvisioningUpdates -exportOptionsPlist ~/Downloads/exportOptions.plist -exportPath ~/Downloads which then fails: 2025-03-07 10:27:58.706 xcodebuild[2152:40704] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/tn/yy7ynz3d0yb4p3sd_5q_wl0h0000gn/T/<redacted app name> macOS_2025-03-07_10-27-58.706.xcdistributionlogs". error: exportArchive Cloud signing permission error error: exportArchive No signing certificate "Developer ID Application" found ** EXPORT FAILED ** Opening the distribution logs, I find this in the Provisioning Log: 2025-03-07 09:09:58 +0000 2025-03-07 09:09:58 +0000 IDEProvisioningRepair(<redacted app name>.app): 2025-03-07 09:09:58 +0000 IDEProvisioningRepair(<redacted app name>.app): Sending request 84E57539-BC1D-407A-8402-7BCE9F2FD100 to <https://appstoreconnect.apple.com/xcbuild/v1/certificates> for session DVTServicesTeamBasedSession <issuer: <redacted issuer id>; key identifier: <redacted key id>>. Method: POST Headers: { Accept = "application/vnd.api+json"; "Accept-Encoding" = "gzip, deflate"; Authorization = "Bearer <redacted bearer token>"; "Content-Length" = 116; "Content-Type" = "application/vnd.api+json"; "User-Agent" = Xcode; "X-HTTP-Method-Override" = GET; "X-Xcode-Version" = "16.2 (16C5032a)"; } Payload: {"urlEncodedQueryParams":"teamId=<redacted team id>&filter%5BcertificateType%5D=DEVELOPER_ID_APPLICATION_MANAGED&limit=200"} 2025-03-07 09:09:59 +0000 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): Received response for 84E57539-BC1D-407A-8402-7BCE9F2FD100 @ <https://appstoreconnect.apple.com/xcbuild/v1/certificates>. Code = 0 2025-03-07 09:09:59 +0000 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): Response payload: { "errors" : [ { "id" : "3d09690a-e26f-497f-b576-25104064387e", "status" : "403", "code" : "FORBIDDEN_ERROR", "title" : "This request is forbidden for security reasons", "resultCode" : 7495, "detail" : "You haven't been given access to cloud-managed distribution certificates. Please contact your team's Account Holder or an Admin to give you access. If you need further assistance, contact Apple Developer Program Support at https://developer.apple.com/contact/." } ] } Which is really weird, since I am using an API key with Admin rights. If I create a new key, and use it only for this command, App Store Connect does show the "Last Used" date as today after running the command. I thought some time might need to pass, but the issue has been persisting since yesterday. What could be wrong here? I do have a managed Developer ID Application certificate showing in my account but I still can't retrieve it with an Admin right imbued API key.

To learn how to develop/distribute a DriverKit driver (DEXT) and a UserClient app correctly, I am trying to run the following sample dext and app. https://developer.apple.com/documentation/driverkit/communicating-between-a-driverkit-extension-and-a-client-app?language=objc I walked throught steps in README.md included in the project and faced issues. First, I referred the "Configure the Sample Code Project" section in the README.md and configured the sample code project to build with automatic signing. I could run the app and activate the dext successfully and made sure the app could communicate with the dext. Next, I tried the manual signing. I followed steps described in the "Configure the Sample Code Project" section carefully. The following entitlements has already been assigned to my team account. DriverKit Allow Any UserClient Access DriverKit USB Transport - VendorID DriverKit I could build both app and dext and could run the app. However, when I clicked the "Install Dext" button to activate the dext, I got the following error: sysex didFailWithError: extension category returned error Am I missing something? I would also like to know detailed steps to publicly distribute my dext and app using our Developer ID Application Certificate, as README.md only shows how to configure the project for development. Xcode version: 16.3 (16E140) Development OS: macOS 15.5 (24F74) Target OS: macOS 15.5 (24F74)

I created an MadOS app with xcode 16.5 with a developer id certificate. I've been trying to install a distribution certificate for over a week with several co-workers. I can add a distribution certificate to my key chain, and created a provisioning profile. I've tried every combination but none work. I put xcode in automatic signing but can only see my developer id, if I put it in manual with and without a provisioning profile but if I give the app binary, other users can't run the app because the certificate isn't working. I need support to work with me to look the developer portal and my system to figure this out.

I encountered code signing issue with Apple Distribution certificate for both iOS and MacCatalyst. The app crashes with "Beta Profile". I followed this instruction to manually re-sign my ipa to confirm that I use the Apple Distribution and the correct Provisioning Profile. https://gist.github.com/WDUK/4239548f76bd77b2c4b0 When I double click on the Apple Distribution certificate in KeyChain Access, it shows "Extension: Apple Mac App Signing (Development)" and "Extension: Apple Developer Certificate (Submission)" I have been stuck in this issue for more than a month. I really need help because I do not know how to proceed further. Thank you.

I've been distributing my Math Education app (Java-based) as a downloadable .dmg. My sw manufacturing process was working well on my Intel-iMac a year ago (signing, notarization, stapling). I need to support Apple Silicon, so I replicated the SW manuf. stack on my M2 MacBook, including putting my Developer and Installer Certificates in the Keychain Access. I get through building the M2,M2,M4 .dmg installer file just fine. But the Codesign is failing. It should be prompting me for my MacOS password (it does this in the Intel-Mac process), but fails this command: codesign --sign "Pierre Bierre (SL7L4YU8GT)" --force --options runtime --verbose --timestamp ~/DFG2D_MacOS_Manufacturing/MacOSInstallers/DFG2D_Mac_J17010_295 The response was: error: The specified item could not be found in the keychain. The signer reference is correct, and works fine on the Intel-Mac codesign process. What could explain why the same script fails in the M2 environment? Does codesign normally prompt for the MacOS user password ? Why would that fail?

New to working with xcode and building apps. I started last weekend, and deploying to my usb connected iPhone 16 was working great all week. Yesterday, I upgraded to a paid developer account to start using TestFlight, and I could no longer deploy to my phone. Failed to install embedded profile for com.spred.spred-alpha : 0xe800801a (This provisioning profile does not have a valid signature (or it has a valid, but untrusted signature).) i using automatic provisioning - not a custom provisioning profile. i have tried: deleting all the certificates in keychain for my developer account and recreating them, and also doing the same in the developer portal. logging out and logging back in with my developer id in xcode deleting the app bundle directory and all other associated files in the Xcode/DerivedData directory reinstalling Xcode cleaning my build directory and trying again. changing the bundle identifier to a new name. (It always matches the portal app name) Among other things. It just won’t work. I can run the app inn a simulator, but not get it deployed to my phone. what else can I do? The only things I can think of are that somehow Xcode is still stuck using the free account somehow, or that the free account cert originally used expired after 7 days, and now I’m in some stuck state.

Hi folks, I'm trying to generate a provisioning profile that includes both Healthkit and MusicKit entitlements. The healthKit pieces if fine, and included in the profile. However, despite selecting Musickit under services in the ID setup, the entitlement doesn't seem to be included in the profile. Other steps taken: Setup the app in App Store Connect, generated a media ID and Key. Tried both automatic and manual signing. Are there specifics tricks to getting this one to work?

Hi, I have a macOS Intel machine running Ventura 13.7.4. This machine is used as a build node for Jenkins to run a test for a USB device that has an HID interface. The test runner for this is Java's junit on Azul's Zulu JDK 8 for mac. I've added the com.apple.security.device entitlement to this JDK 8 bundle and signed using a self-signed certificate. This certificate is available in the system keychain at: keychain: "/Library/Keychains/System.keychain" version: 256 class: 0x80001000 On my personal account on this machine, I can run the test and it calls IOHIDDevicePlugin's open function and returns success: [junit] [debug] [hid.cpp:1457] HIDAccess::Open Success in open for cDeviceHandle: 0x6000006abb38 If I run the same test logged in as the Jenkins agent account, then open returns: [junit] [debug] [hid.cpp:1484] Could not open HID with handle: 0x600002a5c018, error (-1ffffd3f): (iokit/common) privilege violation I can see the certificate that signed the JDK bundle running the command: security find-certificate -c "java-rt-usb" -a -m The results are the same for both accounts. Is my setup expected to work? I.e. create a self-signed cert in one account with admin privileges, put the cert in the system keychain, sign an app bundle with a new usb entitlement using this cert, and then run that app in another account on the same machine. If it's expected to work, are there any more troubleshooting tools I can use? ioreg shows the same output for these devices under test in both accounts: $ ioreg -p IOUSB -w0 +-o CMSIS-DAP@14620000 <class AppleUSBDevice, id 0x1000026ae, registered, matched, active, busy 0 (1 ms), retain 17> +-o CMSIS-DAP@14630000 <class AppleUSBDevice, id 0x1000026d6, registered, matched, active, busy 0 (1 ms), retain 17>

I've added my Vendor ID to the appropriate entitlement files but my binary fails validation when trying to upload it to the store for distribution. The embeded.mobileprovision file in the generated archive shows an asterisk instead of my approved Vendor ID. How can I make sure the embedded provisioning file has my Vendor ID?

I am using Automatically Manage Signing And I have registered my Mac UUID in developer account, but it is still giving me these errors - Device My Mac is not registered to your team Ai Glider Inc. Devices must be registered in order to run your code, but you do not have permission to register them. Please check with your team's admin. No profiles for 'com.aiexample.sebexample' were found Xcode couldn't find any Mac App Development provisioning profiles matching 'com.aiexample.sebexample'.

I've successfully distributed a Java-based app .dmg from my intel iMac, but am trying to port over the signing authority ( Certificate and Identity) to an M2. I'm following the "backup your Identities" recipe to make a .p12 file, but I can't complete the Export. The .p12 file format option is greyed out (while .pem and .cer are offered). What could be causing this? I can sign my .dmg installers from this computer, so codesign is happy with what it is seeing in the Keychain.

I have a mac app which has a launch agent. I signed it with my account, but it always shows as my personal 'XX XXX" in the login items of mac settings. Actually this is the reason I switched my personal account to a company account. But now it is still shown as 'XX XXX' in the login items after I signed up again with this company account. Do you know how I can change this? The identity I also tried to create a new one with the team, but it does not allow me to create a new one. Chatgpt recommends revoking the current one, but this will affect our old release.