Hello, we have a bunch of codesigned and notarized applications that are distributed as pkg and dmg but for the first time I faced situation when application downloads a zip archive from the server and unzipps a single binary file that is used like a module with command line interface. This binary of course has to be signed I'm trying to figure out if we have to notarize it too. Obviously I can't just upload binary without any container, I tried to zip it before sending but no luck. /Applications/Xcode.app/Contents/Developer/usr/bin/altool --notarize-app --primary-bundle-id "id" --username "email" --password "@keychain:AC_PASSWORD" --file ./archive.ZIP --output-format "xml" --asc-provider "company" resulted into [Step 1/1] <key>notarization-info</key> [Step 1/1] <dict> [Step 1/1] <key>Date</key> [Step 1/1] <date>2022-12-02T15:50:48Z</date> ... [Step 1/1] <key>Status</key> [Step 1/1] <string>invalid</string> So I wonder maybe with this weird way of distribution just signing is enough? I mean I can put it inside the pkg and notarize but I can't staple a ticket to the binary anyway...

Hi everyone. Today I updated xcode to version 14, when trying to compile my application in a different environment it shows me the following message. It's very ambiguous and it's the first time I see it. Does anyone know why this happens? I appreciate your help.

Hi, I am trying to upload a mobile game I created for iOS app store for beta testing with friends and family through testflight. I have especially purchased a MacBook Pro running XCode 13.3.1 and Monterey 12.3.1 and an iPhone running Software version 15.4.1 to this end. My XCode deployment target is set to iOS 15.4 and my Unreal Engine 5.01 minimum iOS version in packaging is set to 15. As far as I can tell everything is set to be as up to date version wise as possible, yet every time I try uploading the packaged game through transporter app the build won't show up in App Store Connect and I get an error email from the development team saying : ITMS-90725: SDK Version Issue - This app was built with the iOS 14.4 SDK. All iOS apps submitted to the App Store must be built with the iOS 15 SDK or later, included in Xcode 13 or later. Now I've emailed the team and their response was to version up and try again and look for the error in the email. So I did that and got the exact same error and no build available on App Store Connect. I don't get it as I'm running the latest versions of everything already? Help please...!

I have made sure to move the modified mac app binary instead of copying it, checked both version's inode numbers (Not the same), and restart my computer as mentioned in https://developer.apple.com/documentation/security/updating_mac_softwar, but the binary still exited with signal 9 and in the crash logs it was a code sign issue: EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid)) So I signed the binary again with my certificate but now this is the error that I get when running the binary: codesign --force --sign "signature..." binary   *** Terminating app due to uncaught exception 'CKException', reason: 'containerIdentifier can not be nil' I looked around but I couldn't find any information related to my specific case, any pointers would be appreciated.

Hey everbody, I'm getting an error trying to distribute a React Native App to App Store Connect. Archiving the App works fine, when I try to distribute the App I'm getting the following Error: Cheers for any help

I read this answer here which says that apple will encrypt your apps binary when you upload it to the app store. First of all, How exactly does encrypting binary data work when you can download the entire application directly on your device? Once you download the app on your device can you not just disassemble the exact binary from the app? Or is this disassembled binary code encrypted? Second, If this disassembled binary code is encrypted, then doesn't this mean apple is slowing down all apps on the app store because it has to decrypt every single instruction from the binary before running it on the device? Also what's the problem with hard coding sensitive information into source code if it will be encrypted?

When building the external library project, I selected "Mach-O Type" as "Dynamic Library" and built it to create a framework file (folder). And this framework file was imported and used in our app and distributed to the App Store. Is this situation required to release the entire source code of our app under the LGPL 2.1 (or LGPL 3.0) license? Enter file in the Mac command line and press Enter, “dynamically linked shared library” is displayed.

Dear Support, I'm unable to push a build to TestFlight. This is using Xamarin.Forms as the build creator. I'm getting the error I have pasted below. Please advise how to resolve. Thank you, Joshua Lowenthal Dear Developer, We identified one or more issues with a recent delivery for your app, "WoundMatrix Patient" 1.57 (13). Please correct the following issues, then upload again.  ITMS-90338: Non-public API usage - The app references non-public selectors in WoundMatrixHC.iOS: accumulatorPrecisionOption, alignCorners, assetForIdentifier:, attackTime, batchStart, bytesPerImage, calibrationMode, checkFocusGroupTreeForEnvironment:, classesLossDescriptor, clipRect, colorTransform, columns, commissioningComplete:, computeStatistics, confidenceLossDescriptor, curveType, deactivate, determineAppInstallationAttributionWithCompletionHandler:, encodeToCommandBuffer:sourceTexture:destinationTexture:, envelope, first, forward, frontFacingWinding, gradientForWeights, initWithBuffer:offset:, initWithCoder:device:, initWithCommandBuffer:, initWithDevice:descriptor:, initWithEngine:, initWithFlags:, initWithGroup:, initWithHandle:, initWithLearningRate:gradientRescale:applyGradientClipping:gradientClipMax:gradientClipMin:regularizationType:regularizationScale:, initWithResources:, initWithUpdateMode:, inputFeatureChannels, instanceBuffer, isBackwards, isTemporary, kernelSize, lookupAdConversionDetails:, maskBuffer, maskBufferOffset, mixer, neuronType, normalize, numberOfAnchorBoxes, numberOfClasses, numberOfDimensions, numberOfImages, numberOfLayers, numberOfRegions, outputFeatureChannels, p0, padding, playbackMode, pm, prepareState, readCount, rebuild, regions, releaseTime, resizeHeight, resizeWidth, resourceCount, resourceList, resourceSize, resultState, rowBytes, scaleFactorX, scaleFactorY, scaleTransform, setBatchStart:, setBeta:, setBytesPerImage:, setBytesPerRow:, setClipRect:, setColumns:, setCurveType:, setDelta:, setFirst:, setGradientClipMax:, setGradientClipMin:, setInputFeatureChannels:, setInputWeights:, setLossType:, setMaskBuffer:, setMaskBufferOffset:, setNormalize:, setNumberOfClasses:, setNumberOfDimensions:, setNumberOfImages:, setOutputFeatureChannels:, setP0:, setPadding:, setPattern:, setPlaybackMode:, setPm:, setReadCount:, setRescore:, setRowBytes:, setScaleTransform:, setSourceSize:, setStopGradient:, shapes, sigma, sleep:, soundEvents, sourceSize, startWithCompletion:, stopGradient, test:, thresholdValue, toggle:, transform:, transpose, unmute, vectors. If method names in your source code match the private Apple APIs listed above, altering your method names will help prevent this app from being flagged in future submissions. In addition, note that one or more of the above APIs may be located in a static library that was included with your app. If so, they must be removed. For further information, visit the Technical Support Information at http://developer.apple.com/support/technical/ Best regards, The App Store Team

I'm writing a macOS app that bundles an executable. This executable (and some of its resources) happen to be quite large. Ideally, I could compress this executable and its resources (in a .zip or similar) and extract them at runtime to keep my app's file size down. This doesn't seem possible because: Copying files (using every method that I know of) while in a sandboxed app to any location will result in those files being given the "quarantined" attribute, which causes macOS to refuse to launch copied executables The only way to avoid #1 is to keep executables packaged in the app's bundle, where they won't be quarantined. Downside here is that I can't compress or decompress because the app bundle is read-only. Is there an approach I'm not aware of here that would let me have a compressed executable + resources bundled with my sandboxed app that I could successfully decompress and execute at runtime?

I got this from App Store review: We noticed that your app did not meet all the terms and conditions for auto-renewing subscriptions, as specified in Schedule 2, section 3.8(b) of the Paid Applications agreement. We were unable to find the following required information in your app's binary: – Length of subscription (time period and content or services provided during each subscription period) I use Flutter to build my iOS app. Could that be why Apple can't find the information in my binary?

I have an app version 1.1.4 which is ready for sale. Now I want to change the description. So I created a new version 1.1.5. Since the app itself has not changed I want to reuse the 1.1.4 binary. But I can not select the binary for the new version. Its okay for me that I have to do another app check even I just changed one word in the discription, but i do not want to upload a new binary since that takes very long. So how can I reuse the binary? I really hope it is possible.

Hi all, I am encountering a problem where I am attempting to upload an IPA to TestFlight using fastlane. In my first attempt, I received no errors. However, even after hours of waiting, there is still no binary on TestFlight for that version and build number. In my second and following attempts, I get this error: ERROR ITMS-90189: "Redundant Binary Upload. You've already uploaded a build with build number '18445' for version number '3.66.0'. Make sure you increment the build string before you upload your app to App Store Connect. Learn more in Xcode Help (http://help.apple.com/xcode/mac/current/#/devba7f53ad4)." To clarify again, if I go into TestFlight, there is no version 3.66.0. The build number is supposed to automatically increment, as it does previously. So there are multiple problems here for me. Binary not showing up in TestFlight TestFlight thinks the binary is there, so I'm not able to automatically increment build number.

I'm working on a MacOS application built in Unity3D. I'm using a native file browser plugin to open native MacOS file dialogs for selecting files. In order to generate PDFs, my app relies on using Chromium's Headless/command line functionality. On Windows, I can easily get the path to the included Microsoft Edge as that's standard, but on Mac, unless I guess and check (which I already do), there isn't a way to guarantee a Mac user has a Chromium-based browser installed. So I intend on allowing the user to set the path manually by selecting the .app file with a file dialog. But even when I specify .app to be a valid extension, they still don't appear selectable. I assume this is some sort of MacOS-specific limitation or default permissions, though I can't find much info on this online. Using C#/DotNet s there any way of allowing this behavior as needed? For some more info: I'm just running the application using System.Diagnostics.Process.Start() with command line arguments. Based on my experiments searching for Google Chrome (though Edge or Opera are just as usable), the path I'm looking for is: /Applications/ {{APP NAME}}.app/Contents/MacOS/{{APP NAME}} Because Contents isn't accessible by most users, I figured I would just automatically go in and grab the binary with the correct name once I have the path to the .app file. I know I could include some lightweight version of ChromeDriver with my app, but I'd rather keep everything as self-contained as possible, especially as so many people already have Chrome (or Opera, Edge, etc) installed. The challenge is that not everyone has it installed in the same place, hence my need to make it customizable. Any ideas or help would be appreciated! Thanks!

My iOS Application is an enterprise application. which is hosted on my internal server(Not on App store). my app security team suggest binary file encryption for avoid reverse engineering. is it possible binary file encryption in iOS ?

Hello, I am trying to submit my new application to code review in Appstore. I validate binary in XCode. OK. I uploaded it from XCode to Appstore. OK. Completed processing. I run it through TestFlight and tested on several devices. OK. I submitted it to review. I got message. Waiting to Review. One minute later, I got Invalid bimary. I tried one more time, and I created new build and and uploaded it. The same result. I got mail from Apple - that application is in Invalid binary state. No explanation, no clarification... OK, may be y Xcode installation is broken? I asked my team mate to build new release and upload it to Appstore. The same result, one minute after submitting to Appstore, I got message - Invalid binary. No clarification, no explanation. I asked tech support. I got response - you should get message with explanation, make fixes and resubmit. I resend them message from Apple server. And didn't get any response from tech support at all. I created another request. And put there reference to my previous request. And I got another common words as answer - something is wrong with your application... I suspect, tech support doesn't read my mail at all... So my question is: how can I get info, what actually is wrong with my application? Why Apple server considers it as Invalid, while all tests, I can make, returns me "Passed" state Thanks in advance. Regards, Vladimir

Hi, I'm the developer of a macOS application named Hopper Disassembler. I have updated my application so that it works properly under macOS Monterey. But I'm getting a warning when I first launch the application: "Hopper Disassembler needs to be updated. This app will not work with future versions of macOS..." Unfortunately, the "Learn More…" button does nothing, and I don't see any relevant message in the Console application. The application is a universal binary, containing both Apple Silicon and Intel 64 bit architectures. How can one find why this warning is triggered? Thank you!

I am getting an invalid binary when submitting my app for review. I am able to upload the build and run it as a pre-production beta on my device using TestFlight. I was under the assumption invalid binary checks were done when the app was uploaded and you would get an invalid binary for an entitlement or plist issue. However, I did not get any of these errors when uploading. I only get them when submitting to the App Store Review Team for review. My core problem is that invalid binary is nondescript and there is no way to trouble shoot this problem without knowing what exactly makes my entitlements and/or plist get flagged by production checks as invalid (binary seems entirely inaccurate here but I’ll go with it). Really, I’m not going to post my code here and it’s not an Xcode specific/versioning issue, like previous posts have mentioned. I’d really like an Apple professional to send me what I’m missing in my entitlements or plist (they do this) or a poster to tell me where I can go to determine, after an upload, where an invalid binary was flagged so I can get the error code and fix it. I’m also curious (as an aside) if Apple has the ability to reject apps for an invalid binary, bypassing the automated production checks in the backend. I’m sure Apple has the capability to give permissions to do it but I’m curious whether there is technical implementation to allow this to occur. I feel like it’s weird for me to pass checks when uploading (required to upload and TestFlight any app) and fail when going to the review team (no reason to redundantly recheck checks already completed on a local machine in Xcode and during the upload process with another re-re-check). I guess it doesn’t hurt to check your re-check and re-check your re-check but then the question becomes if this is an indication of a deeper problem with code in the backend that an engineer isn’t fixing/maintaining properly. Any information would be appreciated.

This item was rejected for the following reasons: 2.1.0 Performance: App Completeness Binary Error

I have a nodejs app, made into a single executable using pkg which signs the app with an ad-hoc signature. This single executable (xkeys-server-arm64)works fine on the machine which made it but fails on another machine of the same type - presumably because the ad-hoc signature is insufficient in this case. I've tried to replace the ad-hoc signature with my own, using: codesign --force --verify --verbose --sign "Developer ID Application: Christoph Willing (..........)" xkeys-server-arm64 but that fails with xkeys-server-arm64: replacing existing signature xkeys-server-arm64: errSecInternalComponent Checking my own signature with: find-identity -v -p appleID shows a bunch of stuff which doesn't look good. My Christoph_Willing_dev_CA entry says (CSSMERR_TP_NOT_TRUSTED) All other entries, including the Developer ID Application entry I'm trying to codesign with have the comment: (Missing required extension) My questions are: what causes the errSecInternalComponent error (and how can I fix it)? why isn't my dev_CA trusted (and how to fix)? what are the missing extensions for the other certificates (and how to provide them)? Thanks for any tips, chris

Hello, My team is currently having an issue uploading our app to the AppStore because of the following issues: ITMS-90562: Invalid Bundle - Bitcode failed to compile for your watchOS binary because it includes assembly source code or inline assembly. To resolve this issue, rewrite the corresponding code in a higher-level language such as Objective-C or Swift and redeliver your app.  ITMS-90562: Invalid Bundle - There's an issue with the app's bitcode compilation. Rebuild the app using the current public (GM) version of Xcode and upload it again. Firstly, we do not have a watchOS app at all. Our last release was successful when built on Xcode 11.6 and we're currently using Xcode 11.7. According to Apple, Xcode 12 isn't required until April of 2021, so I'm not sure what it's complaining about. Here's what we've tried. We created an AppStore build and ran it through the validator and that succeeded. It even uploads fine, but doesn't successfully process once uploaded. We created an Enterprise version of our app and exported it, making sure to enable the "Rebuild from Bitcode" option to hopefully mimic what the AppStore is doing and failing at and it still succeeds. We downloaded and used the Transporter app from Apple to try uploading our AppStore ipa, but the logs didn't indicate anything suspicious (perhaps because the bitcode compilation for AppStore variants happen on Apple's servers?) We searched for anything that could have indicated "watch" or "watchOS" in our codebase and build settings and dependencies (built from Carthage), but we didn't find anything there either. We went through the Export phase again for the AppStore build and disabled Bitcode. The only one to succeed was #5, but we don't want to do this as a long term solution, but don't understand how to get more information as to what the problem is exactly. Does anyone have any information on this?