I started a notarization run a few hours ago. (and used --wait) Conducting pre-submission checks for Metrix Installer.dmg and initiating connection to the Apple notary service... Submission ID received   id: dd77be4c-0cb6-4913-a846-d4025ede37fd Successfully uploaded file   id: dd77be4c-0cb6-4913-a846-d4025ede37fd   path: /Users/johnluss/Work/Metrix Installer.dmg Waiting for processing to complete. Current status: In Progress................................................................................................................................. I finally ctrl-c out of it (PAGES of ....) and tried getting the log Submission log is not yet available or submissionId does not exist   id: dd77be4c-0cb6-4913-a846-d4025ede37fd The Apple System Status page shows all servers up and running. Any suggestions on what might be going wrong?

I'm currently befuddled by the entire signing and certificate process. I don't understand what I need, what the team admin needs to do, or how to go about doing it so that I can build the project. We've managed to have this working in the past but I guess the system has changed somewhat. Here's what we have going: A Unity project which hasn't changed from a few years ago. I build the project in unity, open the Xcode project and this: There's an issue with the Signing and Capabilities. If I choose automatic setup it shows an error saying that it requires a development team. I had the account admin add my Apple ID to the team so I'm not sure why that's an issue still. Do I need to pay the 99$ to be able to building Xcode? If I try to do it manually I select the provisioning profile that the account admin sent me and it auto selects the team associated with the provisioning profile I guess but then there's no singing certificate. The error says: There is no signing certificate "iOS Development" found. No "iOS Development" signing certificate matching team ID "V7D5YBZRMV" with a private key was found. So, if someone could explain to me like I'm 5 the entire signing and certificate process is and let me know what we're doing wrong with the team/provisioning profile/certificate setup I would be very much appreciative.

Hello, I've been developing a mac app built with Electron Builder. In August, I was successfully notarizing my app and able to send it to testers without them receiving a malware warning. I took a two month break. When I came back in October, I am not able to distribute my app without the malware warning. I can't for the life of me figure out what I could be missing, unless my developer account was flagged by Apple for some reason. All the diagnostics I run on my app package show that it is properly signed, notarized, and stapled. Here are some diagnostics I have run on the app: Command: codesign -dv --verbose=4 "/Volumes/Form Desktop 1/Form.app" Output: Executable=/Volumes/Form Desktop 1/Form.app/Contents/MacOS/Form Identifier=co.Form.desktop Format=app bundle with Mach-O thin (arm64) CodeDirectory v=20500 size=763 flags=0x10000(runtime) hashes=13+7 location=embedded VersionPlatform=1 VersionMin=720896 VersionSDK=917504 Hash type=sha256 size=32 CandidateCDHash sha256=cedcaef933c003c01b4d9ef6925a413fe6b4a585 CandidateCDHashFull sha256=cedcaef933c003c01b4d9ef6925a413fe6b4a585bf61e19751e8158775600b00 Hash choices=sha256 CMSDigest=cedcaef933c003c01b4d9ef6925a413fe6b4a585bf61e19751e8158775600b00 CMSDigestType=2 Executable Segment base=0 Executable Segment limit=16384 Executable Segment flags=0x1 Page size=4096 CDHash=cedcaef933c003c01b4d9ef6925a413fe6b4a585 Signature size=8973 Authority=Developer ID Application: Jacob LEELAND (92D98F49FU) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Nov 14, 2025 at 8:25:09 PM Notarization Ticket=stapled Info.plist entries=30 TeamIdentifier=92D98F49FU Runtime Version=14.0.0 Sealed Resources version=2 rules=13 files=35090 Internal requirements count=1 size=176 RESULT: ✅ SIGNED WITH DEVELOPER ID ✅ NOTARIZATION TICKET STAPLED ✅ HARDENED RUNTIME ENABLED ---------------------------------------------------------------- Command: spctl --assess --verbose=4 --type execute "/Volumes/Form Desktop 1/Form.app" Output: /Volumes/Form Desktop 1/Form.app: accepted source=Notarized Developer ID RESULT: ✅ GATEKEEPER ACCEPTS APPLICATION ---------------------------------------------------------------- Command: xattr -l "/Volumes/Form Desktop 1/Form.app" Output: (No extended attributes) ---------------------------------------------------------------- Command: stapler validate "/Volumes/Form Desktop 1/Form.app" Output: Processing: /Volumes/Form Desktop 1/Form.app The validate action worked! RESULT: ✅ NOTARIZATION TICKET VALID [signing-verification-report.txt](https://developer.apple.com/forums/content/attachment/45b41936-6e7a-4f4f-8e80-bc1e3136c84e) code-block I have attached a more complete diagnostic text file as well. I have tried notarizing the .dmg in addition to the app bundle, but no combination seems to work as far as I can tell. I appreciate any help or point in the right direction. I've wasted many days of development time on this, lol.

I've successfully distributed a Java-based app .dmg from my intel iMac, but am trying to port over the signing authority ( Certificate and Identity) to an M2. I'm following the "backup your Identities" recipe to make a .p12 file, but I can't complete the Export. The .p12 file format option is greyed out (while .pem and .cer are offered). What could be causing this? I can sign my .dmg installers from this computer, so codesign is happy with what it is seeing in the Keychain.

Hello, We are experiencing an issue with the notarization queue and would appreciate your assistance. A few days ago, we helped another team submit their app for notarization. However, that submission has been stuck in the “In Progress” state for about three days now. Unfortunately, this also seems to have caused our own team’s notarization requests to get stuck as well. We ran the following command to review the submission history: xcrun notarytool history --apple-id "xxx" --team-id "xxx" --password "xxx" Successfully received submission history. Partial results: id: 0bafa66f-4f47-4327-811f-a05481be5d0b status: In Progress id: 2d00b75a-a17a-44fc-afa1-71e0e39ec2cd status: In Progress It appears that one of these belongs to another team’s app we helped submit, and the other is our own submission. Both have remained In Progress for several days, and we are now unable to proceed with any new notarization requests. Could you please help us clear or reset the stuck notarization queue so we can continue our submissions? Thank you very much for your help!

My app has been attempting to notarize for almost 3 hours now. The status page shows everything is ok: https://developer.apple.com/system-status/ Anyone else experiencing this? Anything I can do to expedite the process? xcrun notarytool history Successfully received submission history. history -------------------------------------------------- createdDate: 2024-12-29T01:20:45.358Z id: 449ebcdd-60eb-41e3-87a7-8107fe6276c3 name: Scourhead.zip status: In Progress -------------------------------------------------- createdDate: 2024-12-29T00:51:10.641Z id: 0054eebd-ddcc-4eb3-928f-86ce2182dbfe name: Scourhead.zip status: In Progress

Hi, I developed a Flutter app that works well in the iOS simulator, but that fails to deploy on my physical iPhone 13 Pro Max. Here is the error I get: Target debug_unpack_ios failed: Exception: Failed to codesign /Users//Library/Developer/Xcode/DerivedData/Runner-/Build/Products/Debug-iphoneos/Flutter.framework/Flutter with identity I've followed all the instructions that I found online, like moving my project from cloud storage to my local hard drive, but nothing has worked. Thank you so much for your help!

I had submitted my app for notarization and it shows the below error - "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, I have raised a ticket in the support but no reply yet. Kindly help ASAP

During the release of our macOS App, we encountered the following issue: We need to support dynamic code loading of WebAssembly (wasm) inside our App, mainly by loading WebAssembly (wasm) binary modules. We discovered a problem: a wasm file is neither an executable nor a bundle, so it cannot be code-signed. Since our App needs to pass notarization, we have not set the com.apple.security.cs.allow-unsigned-executable-memory entitlement. Without setting com.apple.security.cs.allow-unsigned-executable-memory, loading a wasm module results in an “unsigned code” error that causes the process to crash. Could you please advise on what we should do to avoid this problem? Is it possible to apply for a special entitlement to allow com.apple.security.cs.allow-unsigned-executable-memory?

The problem is described in full with log output in #16844 We are having an issue with TCC prompting users for access to the app group container despite signing with entitlements following all guidelines. This is a regression from the Feb 2025 Changes discussed in App Groups: macOS vs iOS: Working Towards Harmony The problem can only be reproduced with Xcode 16.0 and later. The entitlements for the app include access for the group container with [Key] com.apple.security.application-groups [Value] [Array] [String] G69SCX94XU.duck The documentation notes the group name can be arbitrary, e.g. <team identifier>.<group name>. Cyberduck uses G69SCX94XU.duck by default. Interestingly enough the alert is not shown when a group name matching the bundle identifier is used, e.g. G69SCX94XU.ch.sudo.cyberduck.

I have a macOS app that captures screen images. The first time I run this application, a dialog is shown directing the user to give my app Screen Recording permission. Is there a way I can trigger this dialog earlier and detect whether the permission was granted?

Hello, I'm developing a feature for my app, that allows users to challenge their friends. The friend request functionality is built using Universal Links, but I've run into a significant issue. The Universal Links are correctly deep-linking into the app. However, once the app opens, nothing happens—the friend request acceptance or rejection flow does not occur. This prevents users from completing friend requests and building their friend list. Here are examples of the Universal Links I'm generating: https://www.strike-force.app/invite?type=invite&amp;amp;userID=... https://www.strike-force.app/invite?type=invite&amp;amp;friendRequestID=... https://www.strike-force.app/profile?userID=... I've recently updated my cloudflare-worker.js to serve a paths array of ["*"] in the AASA file, so I believe the links themselves should be valid. Technical Details &amp;amp; Error Logs In the console, I am consistently seeing the following error message: Cannot issue sandbox extension for URL:https://www.strike-force.app/invite?token=7EF1E439-090B-4DF2-BE64-9904F50A3F8B Received port for identifier response: &amp;lt;(null)&amp;gt; with error:Error Domain=RBSServiceErrorDomain Code=1 "Client not entitled" UserInfo={RBSEntitlement=com.apple.runningboard.process-state, NSLocalizedFailureReason=Client not entitled, RBSPermanent=false} elapsedCPUTimeForFrontBoard couldn't generate a task port This error appears to be related to entitlements and process state, but I am not sure if it's the root cause of the Universal Link issue or a separate problem. The 'Client not entitled' error on line 3 has had me chasing down entitlements issues. But, I've added the Associated Domains entitlement with the proper applink URLs and verified this in my Developer Portal. I've regenerated my provisioning profile, manually installed it, and selected/de-selected Automatically Manage Signing. As well I've verified my AASA file and it's correctly being served via HTTPS and returning a 200. curl -i https://strike-force.app/.well-known/apple-app-site-association curl -i https://www.strike-force.app/.well-known/apple-app-site-association I am looking for guidance on why the friend request flow is not being triggered after a successful deep-link and how I can fix the related error. Any insights or suggestions would be greatly appreciated.

Is it possible to have some additional content at Versions/A/ in a macOS Framework bundle that is not in any of the standard folders? Will there be any side-effects during signing and notarization? The reason is it'd be a lot easier in my use case to be able to put content here instead of the Resources folder.

I have a mac app which has a launch agent. I signed it with my account, but it always shows as my personal 'XX XXX" in the login items of mac settings. Actually this is the reason I switched my personal account to a company account. But now it is still shown as 'XX XXX' in the login items after I signed up again with this company account. Do you know how I can change this? The identity I also tried to create a new one with the team, but it does not allow me to create a new one. Chatgpt recommends revoking the current one, but this will affect our old release.

I am responsible for the mobile app and thus also of the apple developer and app store connect accounts of a company. An external freelancer developed a software package for us which we aim to offer for installation and use on macOS systems of our customers; distributed exclusively outside of the Apple App Store. The software package has nothing to do with the mobile app. MacOS' Gatekeeper currently warns or even prevents our customers regarding the installation of the package on their device; pretty much as described here: https://developer.apple.com/developer-id/. According to a previous talk with Apple's Support, the software package (.app) the Freelancer developed must be signed with one of our own certificates. As we cannot grant selective app store connect access to third persons (only for the concerned certificates), we prefer to not provide access to our entire apple developer account to the freelancer, for the sole reason of the certificate & signing process. According to previous attempts with Apples' support regarding the most feasible solution in this case, they recommended me to manage the signing of the package of the freelancer, and simply request the package from the freelancer. I've thus generated an according Developer ID Certificate, but regarding the signing process, I'm confused. I know how signing works with mobile apps in XCode, but regarding software that is not distributed throughout the App Store on macOS, I'm unsure about the process. Also, as far as I know, the entitlements of the application are involved in the signing process. So my concern is that simply having the software package (.app) from the freelancer is not really enough to complete the signing + notarization process? Won't I need further information about the app's entitlements etc.? I would like to have a clear solution about the procedure that is required in these cases, as online documentations and / or forums as well as previous talks with your non-technical support from Apple did not resolve the issue.

I'm developing an app that receives push notifications, and writes the contents of the push notification to a shared location between the main app and a Notifications Message Extension, through App Groups. This all seems to work on my phone, with developer mode turned on, but when I archive my app as an Enterprise IPA and distribute it, the users can install the app on their phones and they receive the push notifications, but it doesn't appear that the message extension is running as my app displays the content of the shared data in the App Groups on the main screen and nothing is showing. I have tried on 3 phones, and it only works on the phone with developer mode turned on. I can't tell at this point whether it's because of a signing issue, or build phase order issue, or something else?

Hello Engineers My app was rejected with the message below, BUT I don't have this entitlements in my project! I already removed all Xcode files under ${HOME}/Developer/Xcode, but the problem still alive! Guideline 2.4.5(i) - Performance In order to continue reviewing your app, we require additional information. Your app uses one or more entitlements which do not appear to have matching functionality within the app. Please reply to this message in App Store Connect and describe how and where the app uses the following entitlements. You will not need to upload a new binary to provide this information. Apps should have only the minimum set of entitlements necessary for the app to function properly. If there are entitlements that are not needed, please remove them and submit an updated binary. You will need to Developer Reject the app to upload an updated version. "com.apple.security.assets.pictures.read-write" "com.apple.security.assets.movies.read-write" "com.apple.security.assets.music.read-write" "com.apple.security.files.downloads.read-write" Here my entitlements: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>group.org.eof.apps</string> </array> <key>com.apple.security.files.user-selected.read-write</key> <true/> </dict> </plist> code-block Who or where are these entitlements inserted? Which button should be clicked to deactivate them? Link to my project: DRFXBuilder Regards

I’m facing an issue with my macOS app after code signing and notarization. The app is signed with my Developer ID and notarized using xcrun notarytool. Everything works fine on the machine where the signing was done — Gatekeeper accepts it, no warning appears, and codesign/spctl checks pass. However, when running the same .app on other Macs, users receive a Gatekeeper warning saying the app is "malicious software and cannot be opened". The signature is valid and the notarization log shows status: Accepted. What I've tried: Verified signature with codesign --verify --deep --strict --verbose=2 Checked notarization status via xcrun notarytool log Assessed Gatekeeper trust with spctl --assess --type execute Everything passes successfully on the development machine. Why would the app be treated as malicious on other systems even after notarization? I'm happy to share logs and technical details if needed.

I'm building a custom macOS installer for my software, primarily using the builtin tools of codesign, pkgbuild, productbuild and xcrun. My product consist of a list of plugins and a CEP extension for the Adobe After Effect app. All of my bundles and binaries are properly signed using a trusted Apple Developer certificate I've generated, of type Developer ID Application. My installer is a "distribution" pkg, and has this structure(expanding it using pkgutil --expand): SceneTools-3.4.4-osx-installer ├── Distribution ├── miscellaneous.pkg ├── plugins.aftereffects2022.pkg ├── plugins.aftereffects2023.pkg ├── plugins.aftereffects2024.pkg ├── plugins.aftereffects2025.pkg ├── preinstall.pkg ├── Resources ├── scenebuilder.pkg └── uninstaller.pkg Each "child" pkg would install parts of my product in different locations in the target macOS disk(this is why I'm using that kind of style of building the custom installer). Signing each and every bundle or binary of my product, signing the "child" pkg's, then notarizing them works well with no issues, in addition signing the "final" "distribution" using productbuild --sign option also works well, but when trying to notarize the "final" pkg, the notary service fails with this error: { "logFormatVersion": 1, "jobId": "5fb38df9-ef97-4bd3-955e-7783c37ac4a8", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "SceneTools-3.4.4-osx-installer.pkg", "uploadDate": "2025-06-26T14:14:41.507Z", "sha256": "621de5d887b06ad11214255c6e91ebd9eeffb18ad8f940365f4539bd1902fe9a", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "SceneTools-3.4.4-osx-installer.pkg", "message": "Package SceneTools-3.4.4-osx-installer.pkg has no signed executables or bundles. No tickets can be generated.", "docUrl": null, "architecture": null }, { "severity": "warning", "code": null, "path": "SceneTools-3.4.4-osx-installer.pkg", "message": "The contents of the package at SceneTools-3.4.4-osx-installer.pkg could not be extracted.", "docUrl": null, "architecture": null } ] } My final pkg indeed doesn't contain any bundles or binaries directly, but that's how it should be - a container of "child" pkg. I tried various ways of working-around this issue, like: Notarizing the dmg that contains this final pkg - worked, but when opening the pkg, GateKeeper blocks the users from opening it. Wrapping the pkg inside an .app and notarizing the .app - same as above. What am I doing wrong? Does those kind of pkg like my "final" pkg aren't meant to be notarized? if so - how can I solve this GateKeeper blocks? Should I build my final pkg in a different way?

Hello everyone, I'm encountering significant delays with the notarization process for our Electron application using a newly created developer account. The process is taking an unusually long time (1-2 days), which is disrupting our workflow. Details: We've attempted notarization multiple times over the past 2 weeks. The process consistently takes 8+ hours before I typically abort it. (due going offline etc) Interestingly, when I check the notary history later, it shows the notarization was actually successful. Our application package is relatively large, which might be contributing to the delay (archive: 226 mb, app:800mb) Recent Examples: Current submission (still in progress): 52db12c3-4a54-4e14-9d77-e141d7f28227 Previous successful submission: 49273be6-3e13-4f3f-83a4-945114d899b9 Has anyone else experienced similar issues with notarizing applications? Are there any optimizations or best practices I should implement to reduce these processing times? I'm using the default notarization feature that comes with electron forge. Any suggestions or insights would be greatly appreciated!