I'm distributing a macOS .pkg installer signed with Developer ID Installer and notarized via notarytool. On macOS 26.3 (Tahoe, Build 25D125), the package is rejected by Gatekeeper when downloaded from the internet. What works: pkgutil --check-signature → signed, Developer ID Installer, full chain (G2 intermediate + Apple Root CA) xcrun stapler validate → "The validate action worked!" xcrun notarytool info <id> → status: Accepted The .app inside the .pkg passes spctl -a -vvv → "accepted, source=Notarized Developer ID" What fails: spctl -a -vvv --type install mypackage.pkg → rejected, origin=Developer ID Installer Raw assessment: assessment:remote = true, assessment:verdict = false Double-clicking the downloaded .pkg shows only "Move to Trash" / "Done" (no "Open" option) syspolicyd log: meetsDeveloperIDLegacyAllowedPolicy = 0 (expected, since the cert is new), but no "notarized" match is logged Certificate details: Developer ID Installer, issued Feb 28, 2026, valid until 2031 OID 1.2.840.113635.100.6.1.14 (Developer ID Installer) — critical OID 1.2.840.113635.100.6.1.33 — timestamp 20260215000000Z Intermediate: Developer ID Certification Authority G2 (OID 1.2.840.113635.100.6.2.6) security verify-cert → certificate verification successful Build process: productbuild --distribution ... --sign <SHA1> (also tried productsign) Both produce: Warning: unable to build chain to self-signed root xcrun notarytool submit → Accepted xcrun stapler staple → worked Workaround: xattr -d com.apple.quarantine ~/Downloads/mypackage.pkg allows opening the installer. Question: Is spctl --type install assessment expected to work differently on macOS 26 Tahoe? The same signing and notarization workflow produces .app bundles that pass Gatekeeper, but .pkg installers are rejected. Is there a new requirement for .pkg distribution on macOS 26? Environment: macOS 26.3 (25D125), Xcode CLT 26.3

Hi, I'm a new Developer ID account holder submitting my first app for notarization. All submissions have been stuck "In Progress" for 72+ hours. Apple System Status has shown all services operational throughout. Team ID: 4L9YA7S99L $ xcrun notarytool history --keychain-profile "blackbox" Successfully received submission history. history -------------------------------------------------- createdDate: 2026-03-09T11:19:41.697Z id: 2c0cdf3d-a3ac-4d86-8eb0-2f601b2d09c5 name: Blackbox-0.2.0.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-07T18:11:37.660Z id: 5ab09d84-b2e2-4738-9b63-100a7dd46882 name: Blackbox-0.1.0.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-06T22:47:21.410Z id: 1c90fa3e-c52a-4468-8056-06ff5d7d3752 name: Blackbox-0.1.0.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-06T22:34:55.803Z id: 4bbd6f77-7ff6-445f-817c-21f9909dfe7a name: Blackbox-0.1.0.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-06T21:28:26.904Z id: 3c63ed16-be5d-4900-b82d-5df9557a47b4 name: Blackbox-0.1.0.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-06T21:24:14.558Z id: 76df3f18-57a1-49b7-87e2-3f2bf0e4e6d5 name: Blackbox-0.1.0.dmg status: Invalid The Invalid submission (76df3f18) was error 4000 due to unsigned binaries in a bundled framework. That's been fixed in all subsequent submissions. The app is a small macOS menu bar utility (~2 MB DMG), signed with Developer ID Application certificate, hardened runtime enabled, no restricted entitlements. codesign --verify --deep --strict and spctl --assess --type execute both pass locally. Is there a known processing delay for first-time Developer ID accounts, or could something be stuck on the backend? Thanks for any guidance.

As it has already been reported elsewehere, I also face the problem of endless waiting time for my submissions to be notarized. This prevents me from shipping a new release. A waiting/processing time of multiple days is simply unacceptable. I kindly request to fix this.

I've seen a couple posts on reddit today but wanted to call out here because I think it may be a more widespread issue - I keep getting an error trying to open my iOS app saying "Unable to verify app - An internet connection is required to verify trust of the developer...". I have never gotten this issue before and did not change anything in my build settings from my last successful build of the app to now. The directions it gives me are to go to Settings > General > VPN and Device Management and trust my developer certificate from there, but that doesn't work either. The first time I tried this, the developer certificate wasn't there at all, then I looked at Reddit and saw people recommending to download the developer certificate to solve the issue, but doing this did not fix the error either. Just looking to see if anyone else has encountered this or what the fix might be.

I have an app for iOS already on the AppStore and I'm trying to add a macOS version of it. The AppID prefix for this app is different than my Team ID. This mismatch was always fine for submitting my iOS app. However for some reason, the macOS version gets rejected when I upload it. It tells me the AppID prefix must match my Team ID. I do not control my TeamID and I do not control my AppID prefix, they are both given to me by Apple. Yet the error message tells me they must match. How do I get past this? Here is the error message: Validation failed Invalid code signing entitlements. Your application bundle's signature contains code signing entitlements that aren't supported on macOS. Specifically, the "APPID_PREFIX.MY_BUNDLE_ID" value for the com.apple.application-identifier key in "MY_PACKAGE" isn't supported. This value should be a string that starts with your Team ID, followed by a dot ('"), followed by the bundle ID. (ID: 930b77ae-099f-4798-a14a-2803f2a9be9e) Thanks in advance for any pointer.

All of my notarization submissions have been stuck at "In Progress" for up to 10 days. I have 6 submissions spanning from March 4 to March 11, 2026, and none of them have completed or returned any errors. Affected submissions: dbf20b57-0073-444a-b09a-ac6747b7398e (submitted Mar 4) — In Progress d5886683-be64-455c-805d-cd8b12bbcd35 (submitted Mar 4) — In Progress 10bfa709-da17-49cf-9c89-63f93b5fb756 (submitted Mar 4) — In Progress e8d0866e-43f8-4a18-8129-64e6c5d3895a (submitted Mar 9) — In Progress f9526f25-5650-4c45-98ae-d778c58a2ffa (submitted Mar 9) — In Progress 82ec211f-9179-41fd-afe0-937c9b2c2750 (submitted Mar 11) — In Progress Running `notarytool log` returns "Submission log is not yet available." Team ID: CB4U5M6U9H It is an Electron-based app built with electron-builder. Steps taken to ensure compliance: Signed with a valid Developer ID Application certificate Hardened runtime enabled (hardenedRuntime: true) Proper entitlements configured (com.apple.security.cs.allow-jit, com.apple.security.cs.allow-unsigned-executable-memory, com.apple.security.cs.disable-library-validation) Entitlements inherited for child processes via entitlements.mac.inherit.plist Electron Fuses configured to disable Node.js CLI flags in production (resetAdHocDarwinSignature enabled) App submitted as a zip archive via notarytool submit I've tried resubmitting multiple times across different builds, but all submissions remain stuck. I also have an open support case (102836201208) that was escalated to Senior Advisors on March 11, but have not received any update. Could someone from the notarization team please investigate?

In my application I validate the authenticity of my own binaries by checking that the Team Identifier in the code signature matches a predefined value. Currently I do not perform a full signature validation that verifies the certificate chain up to Apple’s root CA. When attempting to do this using SecStaticCodeCheckValidityWithErrors (or validateWithRequirement), the operation sometimes takes several minutes. During that time the calling thread appears blocked, and the system logs show: trustd: [com.apple.securityd:SecError] Malformed anchor records, not an array Because of this delay, I decided to rely only on the Team Identifier. My question is: Can it be assumed that if a Mach-O binary contains a Team Identifier in its code signature, then it must have been signed with a valid Apple Developer certificate? Or are there cases where a binary could contain a Team ID but still not be signed by Apple’s trust chain? Thanks for the help !

Hello, At work, we want to release a new version of our cross-platform desktop application this week. Unfortunately, I've had issues getting the dmg signed by the Apple notary service, which will delay the release until it's successful. However, I remade and successfully signed the previously released version (also dmg) with the same credentials, so I know it's not a problem with the file format or my account. I have tried the following to no avail: Lots of Googling Running xcrun notarytool submit with the -v option (verbose) to see more error messages Going to the URL given (appstoreconnect.apple.com/notary/v2/submissions/{submission_id}) and examining the file it downloaded (not much info, let alone helpful info) Contacting Apple developer support over the phone (they couldn't help with this particular issue, since it's "code-level support") The only big change we made this time was switching to Maven for our build tool and dependency management (we previously used Ant with manual dependency management). Does anyone here have any insight? Is there a list of known issues or dependencies that will cause a submission to be invalidated? Or, even better, any way to see why the submission is invalid? Thanks.

I have a macOS VPN app with a Network Extension (packet tunnel provider) distributed outside the App Store via Developer ID. Everything works perfectly when running from Xcode. After archiving and exporting for Developer ID distribution, the extension launches but immediately gets killed by nesessionmanager. The error: Signature check failed: code failed to satisfy specified code requirement(s) followed by: started with PID 0 status changed to disconnected, last stop reason Plugin failed What makes this interesting: the extension process does launch. AMFI approves it, taskgated-helper validates the provisioning profile and says allowing entitlement(s) due to provisioning profile, the sandbox is applied, PacketTunnelProvider is created — but then Apple's Security framework internally fails the designated requirement check and nesessionmanager kills the session. Key log sequence: taskgated-helper: Checking profile: Developer ID - MacOS WireGuardExtension taskgated-helper: allowing entitlement(s) for com.xx.xx.WireGuardNetworkExtension due to provisioning profile (isUPP: 1) WireGuardNetworkExtensionMac: AppSandbox request successful WireGuardNetworkExtensionMac: creating principle object: PacketTunnelProvider WireGuardNetworkExtensionMac: Signature check failed: code failed to satisfy specified code requirement(s) nesessionmanager: started with PID 0 error (null) nesessionmanager: status changed to disconnected, last stop reason Plugin failed Setup: macOS 15, Xcode 16 Developer ID Application certificate Manual code signing, Developer ID provisioning profiles with Network Extensions capability Extension in Contents/PlugIns/ (standard appex, not System Extension) Extension entitlement: packet-tunnel-provider-systemextension NSExtensionPointIdentifier: com.apple.networkextension.packet-tunnel codesign --verify --deep --strict PASSES on the exported app Hardened runtime enabled on all targets What I've verified: Both app and extension have matching TeamIdentifier Both are signed with the same Developer ID Application certificate The designated requirement correctly references the cert's OIDs The provisioning profiles are valid and taskgated-helper explicitly approves them No custom signature validation code exists in the extension — the "Signature check failed" comes from Apple's Security framework What I've tried (all produce the same error): Normal Xcode archive + export (Direct Distribution) Manual build + sign script (bypassing Xcode export entirely) Stripping all signatures and re-signing from scratch Different provisioning profiles (freshly generated) Comparison with official WireGuard app: I noticed the official WireGuard macOS app (which works with Developer ID) uses packet-tunnel-provider (without -systemextension suffix) in its entitlements. My app uses packet-tunnel-provider-systemextension. However, I cannot switch to the non-systemextension variant because the provisioning profiles from Apple Developer portal always include the -systemextension variants when "Network Extensions" capability is enabled, and AMFI rejects the mismatch. Questions: Is there a known issue with packet-tunnel-provider-systemextension entitlement + PlugIn-based Network Extension + Developer ID signing? Should the extension be using packet-tunnel-provider (without -systemextension) for Developer ID distribution? If so, how do I get a provisioning profile that allows it? The "Signature check failed" happens after taskgated-helper approves the profile — what additional code requirement check is the NE framework performing, and how can I satisfy it? Any guidance would be appreciated. I've exhausted all signing approaches I can think of.

Hi, My first notarization submission has been stuck in "In Progress" for several hours with no status change. I'm wondering if it's being held for in-depth analysis given the nature of the app. The app is a macOS dictation utility triggered by a global hotkey. It captures audio input, transcribes it, and pastes the result at the cursor position in whatever app the user is focused on. Because of how it works, it relies on a combination of APIs that may be less common in typical submissions: continuous microphone access, programmatic clipboard manipulation, global keyboard event monitoring, and Accessibility APIs to inject text into the frontmost application. This is the first submission for this app, so there's no prior notarization history for the system to learn from. Is this the kind of profile that typically triggers in-depth analysis? Is there anything I should check or provide, or is waiting the right move here? Thanks

We have an app with the default email entitlement that was granted several years ago. During our latest deployment, we received an error from our pipeline. When testing a manual submission in Xcode, we saw this error: Entitlement com.apple.developer.mail-client not found and could not be included in profile. This likely is not a valid entitlement and should be removed from your entitlements file. We checked the provisioning profile, and the default email entitlement is still present. It is visible on the certificate portal and also in the embedded.mobileprovision file. Can you suggest what we can do to release a new version of our app?

Hi everyone, I'm building an app in Xcode 16.4 with a minimum deployment target of iOS 12. The last time I built with this configuration was November 2025 — that build worked perfectly fine. I'm aware that builds from Xcode 16.4 will no longer be accepted by Apple after April 28, 2026, so I decided to push one final update before that deadline. Here's what I did: Built the app with no changes to build settings Uploaded to TestFlight Tested on iOS 12, iOS 26, and a few other versions — everything looked good Passed App Review Published to the App Store Now users on iOS 12 are reporting that the app crashes immediately on launch. Users on iOS 13-26 are unaffected. We've effectively lost a significant portion of our users overnight. We'd really like to restore functionality for them before April 28 — after that we plan to raise the minimum deployment target anyway. There are no crash logs available, as the app appears to never reach application code at all. Below are the relevant logs from Console.app: default 16:33:49.012231+0400 SpringBoard Bootstrapping MY_BUNDLE_ID with intent foreground-interactive error 16:33:49.021533+0400 SpringBoard [MY_BUNDLE_ID] Bootstrap failed with error: <NSError: 0x280f59aa0; domain: BKSProcessErrorDomain; code: 1 (bootstrap-failed); reason: "Failed to start job"> error 16:33:49.021748+0400 SpringBoard Bootstrapping failed for <FBApplicationProcess: 0x101cb4070; MY_BUNDLE_ID; pid: -1> with error: Error Domain=BKSProcessErrorDomain Code=1 "Unable to bootstrap process with bundleID MY_BUNDLE_ID" UserInfo={NSLocalizedDescription=Unable to bootstrap process with bundleID MY_BUNDLE_ID, BKSProcessExitReason=0, NSLocalizedFailureReason=Failed to start job, NSUnderlyingError=0x280f58780 {Error Domain=NSPOSIXErrorDomain Code=3 "No such process" UserInfo={NSLocalizedFailureReason=The process failed to exec, NSLocalizedRecoverySuggestion=Consult /var/log/com.apple.xpc.launchd/launchd.log for more information, NSLocalizedDescription=Unable to get valid task name port right for pid 241}}, BSErrorCodeDescription=bootstrap-failed} default 16:33:49.021934+0400 SpringBoard Adding: <FBApplicationProcess: 0x101cb4070; MY_BUNDLE_ID; pid: -1> default 16:33:49.022111+0400 SpringBoard <FBApplicationProcess: 0x101cb4070; MY_BUNDLE_ID; pid: -1> exited. default 16:33:49.023325+0400 SpringBoard Removing: <FBApplicationProcess: 0x101cb4070; MY_BUNDLE_ID; pid: -1> default 16:33:49.039576+0400 assertiond Submitting new job for "MY_BUNDLE_ID" on behalf of <BKProcess: 0x100d119f0; SpringBoard; com.apple.springboard; pid: 48; agency: SystemShell; visibility: foreground; task: running> default 16:33:49.039982+0400 assertiond Submitted job with label: UIKitApplication:MY_BUNDLE_ID[0xed03][58] error 16:33:49.040128+0400 assertiond Unable to obtain a task name port right for pid 241: (os/kern) failure (0x5) error 16:33:49.040286+0400 assertiond Failed to start job with error <NSError: 0x100c3f180; domain: NSPOSIXErrorDomain; code: 3; reason: "The process failed to exec"> { description = "Unable to get valid task name port right for pid 241"; failureReason = "The process failed to exec"; recoverySuggestion = "Consult /var/log/com.apple.xpc.launchd/launchd.log for more information"; Has anyone encountered this recently? Any help would be greatly appreciated. P.S. I tried rebuilding from scratch without any code changes and uploading a fresh build to TestFlight — but now it won't even launch from TestFlight on iOS 12.