This is .entitlements file: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> </dict> </plist> Code signing: codesign --sign -vvv --timestamp --options=runtime --force --entitlements ./UES.entitlements -s "Developer ID Application: XXXX Ltd. (XXXXXX)" ./UES.app When I run it on macOS 13.x, it works fine. If I run the system on macOS 11.x, it reports a "killed" error (if codesign remove --entitlements ./UES.entitlements, Then the startup will not report an error, but the endpoint security rights cannot be used) System log: 2025-04-21 13:58:27.039638+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:27.039762+0800 0xd5bbf Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:27.039815+0800 0xd5bbf Default 0x0 0 0 kernel: proc 29354: load code signature error 4 for file "UES" 2025-04-21 13:58:27.040720+0800 0xd5bc0 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29354, /Applications/UES.app/Contents/MacOS/UES 2025-04-21 13:58:27.045974+0800 0xd58be Error 0x0 66405 0 CoreServicesUIAgent: [com.apple.launchservices:uiagent] handle LS launch error: {\n Action = oapp;\n AppMimimumSystemVersion = "10.13";\n AppPath = "/Applications/UES.app";\n ErrorCode = "-10826";\n} 2025-04-21 13:58:39.121619+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:39.121832+0800 0xd5e0f Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:39.121861+0800 0xd5e0f Default 0x0 0 0 kernel: proc 29415: load code signature error 4 for file "UES" 2025-04-21 13:58:39.122571+0800 0xd5e10 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29415, /Applications/UES.app/Contents/MacOS/UES 2025-04-21 13:58:46.297915+0800 0xd5941 Default 0x0 149 0 amfid: /Applications/UES.app/Contents/MacOS/UES signature not valid: -67050 2025-04-21 13:58:46.298031+0800 0xd5f85 Default 0x0 0 0 kernel: mac_vnode_check_signature: /Applications/UES.app/Contents/MacOS/UES: code signature validation failed fatally: When validating /Applications/UES.app/Contents/MacOS/UES: 2025-04-21 13:58:46.298072+0800 0xd5f85 Default 0x0 0 0 kernel: proc 29485: load code signature error 4 for file "UES" 2025-04-21 13:58:46.300248+0800 0xd5f86 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 29485, /Applications/UES.app/Contents/MacOS/UES May I ask what the reason is?

hông thể cài đặt “TrungDemo” Domain: IXUserPresentableErrorDomain Code: 14 Recovery Suggestion: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.kpOILI/extracted/TrungDemo.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Please ensure that the certificates used to sign your app have not expired. If this issue persists, please attach an IPA of your app when sending a report to Apple. User Info: { DVTErrorCreationDateKey = "2025-04-29 10:51:27 +0000"; IDERunOperationFailingWorker = IDEInstallCoreDeviceWorker; } Failed to install the app on the device. Domain: com.apple.dt.CoreDeviceError Code: 3002 User Info: { NSURL = "file:///Users/studiozego/Library/Developer/Xcode/DerivedData/TrungDemo-blspaulbkwypvhgaxxfjqbppuugg/Build/Products/Debug-iphoneos/TrungDemo.app"; } Không thể cài đặt “TrungDemo” Domain: IXUserPresentableErrorDomain Code: 14 Failure Reason: Không thể cài đặt ứng dụng này vì không thể xác minh tính toàn vẹn của ứng dụng. Recovery Suggestion: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.kpOILI/extracted/TrungDemo.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.kpOILI/extracted/TrungDemo.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Domain: MIInstallerErrorDomain Code: 13 User Info: { FunctionName = "+[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:]"; LegacyErrorString = ApplicationVerificationFailed; LibMISErrorNumber = "-402620392"; SourceFileLine = 80; } Event Metadata: com.apple.dt.IDERunOperationWorkerFinished : { "device_identifier" = "00008132-0001786E22B9001C"; "device_isCoreDevice" = 1; "device_model" = "iPad16,4"; "device_osBuild" = "18.4 (22E240)"; "device_platform" = "com.apple.platform.iphoneos"; "device_thinningType" = "iPad16,4-A"; "dvt_coredevice_version" = "443.19"; "dvt_coresimulator_version" = "1010.10"; "dvt_mobiledevice_version" = "1784.102.1"; "launchSession_schemeCommand" = Run; "launchSession_state" = 1; "launchSession_targetArch" = arm64; "operation_duration_ms" = 1320; "operation_errorCode" = 14; "operation_errorDomain" = IXUserPresentableErrorDomain; "operation_errorWorker" = IDEInstallCoreDeviceWorker; "operation_name" = IDERunOperationWorkerGroup; "param_debugger_attachToExtensions" = 0; "param_debugger_attachToXPC" = 1; "param_debugger_type" = 3; "param_destination_isProxy" = 0; "param_destination_platform" = "com.apple.platform.iphoneos"; "param_diag_113575882_enable" = 0; "param_diag_MainThreadChecker_stopOnIssue" = 0; "param_diag_MallocStackLogging_enableDuringAttach" = 0; "param_diag_MallocStackLogging_enableForXPC" = 1; "param_diag_allowLocationSimulation" = 1; "param_diag_checker_tpc_enable" = 1; "param_diag_gpu_frameCapture_enable" = 0; "param_diag_gpu_shaderValidation_enable" = 0; "param_diag_gpu_validation_enable" = 0; "param_diag_guardMalloc_enable" = 0; "param_diag_memoryGraphOnResourceException" = 0; "param_diag_mtc_enable" = 1; "param_diag_queueDebugging_enable" = 1; "param_diag_runtimeProfile_generate" = 0; "param_diag_sanitizer_asan_enable" = 0; "param_diag_sanitizer_tsan_enable" = 0; "param_diag_sanitizer_tsan_stopOnIssue" = 0; "param_diag_sanitizer_ubsan_enable" = 0; "param_diag_sanitizer_ubsan_stopOnIssue" = 0; "param_diag_showNonLocalizedStrings" = 0; "param_diag_viewDebugging_enabled" = 1; "param_diag_viewDebugging_insertDylibOnLaunch" = 1; "param_install_style" = 2; "param_launcher_UID" = 2; "param_launcher_allowDeviceSensorReplayData" = 0; "param_launcher_kind" = 0; "param_launcher_style" = 99; "param_launcher_substyle" = 0; "param_runnable_appExtensionHostRunMode" = 0; "param_runnable_productType" = "com.apple.product-type.application"; "param_structuredConsoleMode" = 1; "param_testing_launchedForTesting" = 0; "param_testing_suppressSimulatorApp" = 0; "param_testing_usingCLI" = 0; "sdk_canonicalName" = "iphoneos18.4"; "sdk_osVersion" = "18.4"; "sdk_variant" = iphoneos; } System Information macOS Version 15.4.1 (Build 24E263) Xcode 16.3 (23785) (Build 16E140) Timestamp: 2025-04-29T17:51:27+07:00

Hi Team, Please help me to resolve these issues as i am unable to run xcode ci cd due to code signing issue.

Hello, we use an MDM profile that enables FDA for our program. The Identifier is set to be the path to our program. We'd like to have a profile that allows multiple CodeSignatures. Our older programs are signed with a different certificate than the current ones. We tried deploying 2 profiles (one for the 'old certificate' signed binary and the other for the 'new certificate' signed binary). But it looks like that MacOS accepts only one. I have also tried to use ProfileCreator to generate a profile with 2 entries, but it fails to do it. Manually editing the XML file and adding new entries does not work either. I'd like to know if there's a workaround for this issue.

Hello, we are currently encountering a similar issue. We need to inject our capabilities into a third-party app by re-signing it (not a full re-signing process—just requiring the provisioning profile and certificate to match). However, this seems to affect the functionality of universal links. We've found that this issue only occurs on iOS 18. We noticed that when re-signing the app, the entitlements related to associated domains are changed to a wildcard: [Key] com.apple.developer.associated-domains [Value] [Array] [String] * However, this doesn’t cause any issues on iOS 17. Through further testing, we discovered that in order for universal links to work properly, we need to restore the original value of com.apple.developer.associated-domains and use a provisioning profile that matches the app's bundle ID. This means our previous re-signing approach using a certificate and provisioning profile from another bundle will no longer work. We’d like to ask: is this a new restriction introduced in iOS 18? If we manually restore the original com.apple.developer.associated-domains entitlement and use a provisioning profile that matches the app’s bundle ID, will universal links function correctly going forward?

I created a provisional profile from apple developer portal for my iOS app. The expiry date shown in the profile is 21-April 2026. However, when I build the app with this provisional profile the expiry date shown in the app is 11 Dec, 2025. My iOS distribution certificate expires only in November 2026. I see a embeded.mobileprovision profile inside the app, and it has an expiry of 11-Dec-2025. I did a clean build,, cleared unnecessary profiles from profile folder, created a new provisional profile and tried, but nothing seems help. We have a few apps, and no other app has this issue. We do annual release of all apps together for provisional profile renewal. As this app expiry is different, it will cause lot of difficulty for us next year. Will you please help me to resolve this issue? Thanks.

Hello everyone, I'm currently experiencing repeated "Invalid Binary" rejections when submitting my Flutter-based iOS app ("Master Tere") through App Store Connect. I've followed all the expected steps and guidelines, but the rejection contains no additional explanation beyond the "Invalid Binary" status. Here’s my current setup: Built using Flutter and Xcode 15.3 WebView-based app loading a professional portfolio site Runner target is signed automatically using Xcode Managed Profiles Certificates: Apple Development and Apple Distribution (auto-managed) Bundle ID: com.actuain.mastertere1 Version: 1.0.0, Build: 6 Deployment target: iOS 18.0 Device family: iPhone only All signing identities and provisioning profiles match for Debug and Release In my Info.plist, I’ve cleaned up legacy keys that might cause conflicts: ✅ Removed <key>UIMainStoryboardFile</key> (no storyboard is used) ✅ Removed <key>CFBundleSignature</key> as it was set to ???? ✅ Display name and Bundle ID align with Xcode project settings Despite all this, every time I upload through Xcode Organizer, I get an "Invalid Binary" error after processing. No issues are shown during archive validation. I suspect the issue may be related to: Flutter WebView integration with latest iOS SDKs Residual metadata in the archive from unused iOS storyboard references Possibly missing entitlements or capabilities not flagged by Xcode Questions: Are there any known issues affecting Flutter WebView apps recently (especially around Xcode 15.3 or iOS 18 SDK)? Is it mandatory to remove Main.storyboard from the project bundle even if it's not used? Could this issue be related to background modes, UIRequiredDeviceCapabilities, or entitlements even if not directly flagged? I’d appreciate any insights or experiences from others who’ve faced this issue recently. Thanks in advance! Luis Antonio Pinto Acosta

The Codesign command adds extended attributes to files that previously had no extended attributes. In my case codesign add following extended attributes to text file in Frrameworks folder: com.apple.cs.CodeDirectory com.apple.cs.CodeRequirements com.apple.cs.CodeRequirements-1 com.apple.cs.CodeSignature Can I somehow prevent this behavior? Thank you.

We have NFC capabilties enabled for our app ID - com.uob.mightyvn but our minimum deployment target is 15.0. We do not have an option deselect PACE from provisioning profile. Hence, the validation is failed for IPA. Invalid entitlement for core nfc framework. The sdk version '18.2' and min OS version '15.0' are not compatible for the entitlement 'com.apple.developer.nfc.readersession.formats' because 'NDEF is disallowed'

Hi everyone, I applied for CarPlay Entitlements on [Date 04. 26, 2024] using CarPlay is Case ID "13045151". I haven't received any updates or responses regarding my application yet. It's been 7 days since the application. My service requires CarPlay integration with a Black Box device. The primary purpose of this integration is to allow users to configure device settings through CarPlay. Furthermore, we plan to utilize the "Communication" category of Entitlements to notify users of parking incidents detected by the Black Box device while parked. This functionality is crucial for alerting drivers to potential issues affecting their vehicles. Could anyone share their experience with the typical turnaround time for CarPlay Entitlements, especially for applications involving device integration and the "Communication" category? Is this delay normal? Is there any way to check the application status or contact the appropriate team to inquire about its progress? Thank you for any insights or advice you can provide! Sincerely,

Hi all, I've submitted multiple notarization requests for an Electron app using notarytool since (april 12) at 6:30. All are stuck in the "In Progress" state Successfully received submission history. history -------------------------------------------------- createdDate: 2025-04-13T12:38:56.866Z id: 51897340-9547-4172-bad4-ae15f78e1ab0 name: theAIParalegal.zip status: In Progress -------------------------------------------------- createdDate: 2025-04-13T12:38:55.790Z id: ebcd8a15-613c-41e0-b8cc-6895a0a6785a name: theAIParalegal.zip status: In Progress -------------------------------------------------- createdDate: 2025-04-13T12:14:33.553Z id: 59a078dc-e613-4933-b440-8695e2204eac name: theAIParalegal.zip status: In Progress -------------------------------------------------- createdDate: 2025-04-13T12:14:32.108Z id: 987879aa-db15-405b-bd1d-76db31218f49 name: theAIParalegal.zip status: In Progress -------------------------------------------------- createdDate: 2025-04-12T22:06:30.869Z id: b1f4231c-6d13-4292-88f0-e8ce53cb0141 name: theAIParalegal.zip status: In Progress nicolasserna@Mac ~ %

I've been using /usr/bin/shortcuts for various tasks (eg. Quicksilver uses it to list and run shortcuts), and after updating from 14.7.4 to 14.7.5 the tool gets killed on startup. Eg. here is what it looks like in my shell: ❯ shortcuts list zsh: killed shortcuts list (And this is regardless of whether I have "full disk access" or "developer tools" toggled on or off for iTerm.) Looking at system logs it seems like the binary is missing an entitlement, which causes MACF / Gatekeeper to throw a fit: 2025-04-12 18:38:48.847576 kernel: mac_vnode_check_signature: /usr/bin/shortcuts: code signature validation failed fatally: When validating /usr/bin/shortcuts: in-kernel: com.apple.shortcuts.ShortcutsCommandLine disallowed without com.apple.private.security.restricted-application-groups 2025-04-12 18:38:48.847582 kernel: validation of code signature failed through MACF policy: 1 2025-04-12 18:38:48.847583 kernel: check_signature[pid: 2475]: error = 1 2025-04-12 18:38:48.847587 kernel: proc 95761: load code signature error 4 for file "shortcuts" 2025-04-12 18:38:48.847613 kernel: exec_mach_imgact: not running binary "shortcuts" built against preview arm64e ABI 2025-04-12 18:38:48.855481 syspolicyd: (Security) SecTrustEvaluateIfNecessary 2025-04-12 18:38:48.857970 syspolicyd: [com.apple.syspolicy.exec:default] GK evaluateScanResult: 2, PST: (path: /usr/bin/shortcuts), (team: (null)), (id: (null)), (bundle_id: (null)), 0, 0, 1, 0, 1, 1, 0evaluateScanResult: 2, PST: (path: /usr/bin/shortcuts), (team: (null)), (id: (null)), (bundle_id: (null)), 0, 0, 1, 0, 1, 1, 0 I used Time Machine to compare the binary's entitlements between 14.7.4 and 14.7.5, and looks like in 14.7.5 /usr/bin/shortcuts indeed is missing the com.apple.private.security.restricted-application-groups entitlement that 14.7.4 had. The old binary had these two entitlements that the new one doesn't: [Key] com.apple.private.security.restricted-application-groups [Value] [Array] [String] group.com.apple.shortcuts [String] group.is.workflow.my.app [String] group.is.workflow.shortcuts [Key] com.apple.security.application-groups [Value] [Array] [String] group.com.apple.shortcuts [String] group.is.workflow.my.app [String] group.is.workflow.shortcuts Is there a sensible workaround for this (and by "sensible" I mean something that'd allow me to keep using the tool)? (I already asked this on the support forums but I figured I might as well ask here too)

I have developed a sample app following the example found Updating your app package installer to use the new Service Management API and referring this discussion on XPC Security. The app is working fine, I have used Swift NSXPCConnection in favour of xpc_connection_create_mach_service used in the example. (I am running app directly from Xcode) I am trying to set up security requirements for the client connection using setCodeSigningRequirement on the connection instance. But it fails for even basic requirement connection.setCodeSigningRequirement("anchor apple"). Error is as follows. cannot open file at line 46986 of [554764a6e7] os_unix.c:46986: (0) open(/private/var/db/DetachedSignatures) - Undefined error: 0 xpc_support_check_token: anchor apple error: Error Domain=NSOSStatusErrorDomain Code=-67050 "(null)" status: -67050 I have used codesign -d --verbose=4 /path/to/executable to check the attributes I do get them in the terminal. Other way round, I have tried XPC service provider sending back process id (pid) with each request, and I am probing this id to get attributes using this code which gives all the details. func inspectCodeSignature(ofPIDString pidString: String) { guard let pid = pid_t(pidString) else { print("Invalid PID string: \(pidString)") return } let attributes = [kSecGuestAttributePid: pid] as CFDictionary var codeRef: SecCode? let status = SecCodeCopyGuestWithAttributes(nil, attributes, [], &codeRef) guard status == errSecSuccess, let code = codeRef else { print("Failed to get SecCode for PID \(pid) (status: \(status))") return } var staticCode: SecStaticCode? let staticStatus = SecCodeCopyStaticCode(code, [], &staticCode) guard staticStatus == errSecSuccess, let staticCodeRef = staticCode else { print("Failed to get SecStaticCode (status: \(staticStatus))") return } var infoDict: CFDictionary? if SecCodeCopySigningInformation(staticCodeRef, SecCSFlags(rawValue: kSecCSSigningInformation), &infoDict) == errSecSuccess, let info = infoDict as? [String: Any] { print("🔍 Code Signing Info for PID \(pid):") print("• Identifier: \(info["identifier"] ?? "N/A")") print("• Team ID: \(info["teamid"] ?? "N/A")") if let entitlements = info["entitlements-dict"] as? [String: Any] { print("• Entitlements:") for (key, value) in entitlements { print(" - \(key): \(value)") } } } else { print("Failed to retrieve signing information.") } var requirement: SecRequirement? if SecRequirementCreateWithString("anchor apple" as CFString, [], &requirement) == errSecSuccess, let req = requirement { let result = SecStaticCodeCheckValidity(staticCodeRef, [], req) if result == errSecSuccess { print("Signature is trusted (anchor apple)") } else { print("Signature is NOT trusted by Apple (failed anchor check)") } } var infoDict1: CFDictionary? let signingStatus = SecCodeCopySigningInformation(staticCodeRef, SecCSFlags(rawValue: kSecCSSigningInformation), &infoDict1) guard signingStatus == errSecSuccess, let info = infoDict1 as? [String: Any] else { print("Failed to retrieve signing information.") return } print("🔍 Signing Info for PID \(pid):") for (key, value) in info.sorted(by: { $0.key < $1.key }) { print("• \(key): \(value)") } } If connection.setCodeSigningRequirement does not works I plan to use above logic as backup. Q: Please advise is there some setting required to be enabled or I have to sign code with some flags enabled. Note: My app is not running in a Sandbox or Hardened Runtime, which I want.

I paid for an Apple Developer membership, but can only sign 3 apps and restricted to 7 day certificates. I don't even seem to have a way to verify if I am in fact enrolled in the developer program despite being charged for it

Hey there, I'm experiencing an issue with notarization of my macOS application, which is blocking a release. We have signing/notarization hooked up to our CI process, both for prior releases as well as development builds (at the trunk tip). The notarization process has typically taken anywhere from a few minutes to a few tens of minutes, but for our most recent release, it's taking an unreasonably long time. I've compiled the submission info for each build (+ reattempted notarizations) below. What's interesting is that the oldest one was accepted- however, it timed out our CI process, so we never actually released it. Subsequent builds are more or less identical in terms of their content, however, they've been stewing in the notarization process for over 13 hours in some cases. % xcrun notarytool info 67413dae-64f5-4372-972d-e0ac158e18e3 Successfully received submission info createdDate: 2025-04-02T16:28:25.999Z id: 67413dae-64f5-4372-972d-e0ac158e18e3 name: Warp Vault.app.zip status: In Progress % xcrun notarytool info 0c72b243-4a8d-4976-a97b-75689d7e2497 Successfully received submission info createdDate: 2025-04-02T05:49:05.861Z id: 0c72b243-4a8d-4976-a97b-75689d7e2497 name: Warp Vault.app.zip status: In Progress % xcrun notarytool info 8e2edfc2-58bc-4b33-bc8e-078155759a81 Successfully received submission info createdDate: 2025-04-02T05:23:28.870Z id: 8e2edfc2-58bc-4b33-bc8e-078155759a81 name: Warp Vault.app.zip status: In Progress % xcrun notarytool info 8fb17b0c-ace4-4b6f-bef8-68d22696814d Successfully received submission info createdDate: 2025-04-02T05:07:48.187Z id: 8fb17b0c-ace4-4b6f-bef8-68d22696814d name: Warp Vault.app.zip status: Accepted At the time of checking, the UTC date was: % TZ="UTC" date Wed Apr 2 18:42:14 UTC 2025 It's interesting to me that the notarization process is taking this long. We've notarized many development builds (with debugging flags enabled) in the time between our last public release and our attempt to notarize this one. What's more, the original build for this release was notarized within the span of about 15 minutes, but subsequent submissions of the same build have hung for tens of hours. My two questions are: How can I get our pending notarizations "unstuck"?, and To prevent these types of hangs in the future, should I also routinely build/sign/notarize non-debug builds of my application during the development process? Best regards and many thanks, Charlton

I'm getting this error when uploading a build of my macOS app to App Store Connect. It has always worked before, and nothing changed about my use of app groups, and the iOS build uploaded without any problems. Cleaning the build folder and derived data folder doesn't help. I'm using automatically managed signing in Xcode. Invalid code signing entitlements. Your application bundle’s signature contains code signing entitlements that aren’t supported on macOS. Specifically, the “[group.]” value for the com.apple.security.application-groups key in “.pkg/Payload/.app/Contents/MacOS/” isn’t supported. This value should be a string or an array of strings, where each string is the “group” value or your Team ID, followed by a dot (“.”), followed by the group name. If you're using the “group” prefix, verify that the provisioning profile used to sign the app contains the com.apple.security.application-groups entitlement and its associated value(s).

We're building an SDK (let's call it MyFramework) which is distributed as an .xcframework for developers to integrate it into their own apps. Recently, we've added tvOS support by adding it as a supported destination for the SDK. Essentially, the SDK became a cross-platform framework and easy to be adopted in both iOS and tvOS apps. The .xcframework is generated fine, all builds correctly. We've tested the SDK integrated in test apps. We've also submitted an iOS archive app to the AppStore connect, just to make sure all is well with the AppStore submission. However, when I tried submitting a tvOS archive app (that integrates the same SDK) to the AppStore connect, the build was marked as invalid binary and we've got the following error message: ITMS-90562: Invalid Bundle - One of the nested bundles is built for a platform which is different from the main bundle platform. Please make sure that all bundles have correct platform specification. First, I thought that any of the modules of the framework was not correctly configured for tvOS but that was not the case. Everything compiles ok and it runs in debug as expected. It only fails when trying to submit the tvOS app that integrates the SDK. After a lot of investigating, we realised that the reason for the AppStore submission error is because we codesign the framework. We use codesign to distribute it as cryptographically signed xcframework. codesign --timestamp -v --sign "Apple Distribution: Company (xxxxxxxxxx)" "MyFramework.xcframework" As soon as we remove the above line from our CI/CD pipeline that generates the xcframework, and submit a tvOS archive app that integrates the unsigned framework, the AppStore submission error goes away and the TestFlight build can be tested. I've also tried to just strip the _CodeSignature folder from the .xcframework package but it still fails. So the only solution currently is to not codesign the xcframework to be able to upload tvOS archive apps that integrate the SDK to the AppStore connect. However, we're still puzzled as to why only the tvOS archive app gets the invalid binary error when it integrates a signed SDK. I feel like the error message is quite misleading if we have to stop signing the SDK xcframework for it to be accepted during the AppStore submission. Anyone has any idea? Or has anyone encountered a similar issue? Thanks!

Hello Apple Forum, We were testing out the following entitlements: 'Increased Memory Limit', 'Extended Virtual Addressing', 'Extended Virtual Addressing(Debug)' when we realized the maximum allocation amount of the memory dropped from our previous test of 32GB to 16GB. We were testing these on the following devices: iPad Pro 12.9(6th Gen) 18.4(Beta, 22E4232a) iPad Pro 11 M4 18.3.2 Each device has 16GB of physical RAM and because we are able to reach 16GB of allocation usage until app crashes, we believe the entitlements are applied correctly. Each test device was on charging mode and battery mode with 60, 80 100% battery. We understand allocating memory is complex and os is more optimized for battery efficiency, hence possibly limiting max usage of memory. However, through the same testing method we have done on iPadOS 18.3 and 4, we were able to allocate 31~32GB of RAM on testing done on January this year. (iPadOS 18.0, or maybe 18.1?) which make us wonder, has there been a change in core os that handles memory allocation since 18.0? And what can be the cause of this drop? The code we ran for our memory testing is as follows: private var allocatedMemory: [UnsafeMutableRawPointer] = [] public func allocate1GBMemory() { let sizeInBytes = 1024 * 1024 * 1024 if let pointer = malloc(sizeInBytes) { for i in 0..<sizeInBytes { pointer.advanced(by: i).storeBytes(of: UInt8(i % 256), as: UInt8.self) } allocatedMemory.append(pointer) logger.print("Allocated 1GB of memory. Total allocated: \(allocatedMemory.count)GB") } else { logger.print("Failed to allocate memory") } } Each functions call increases memory usage by allocating 1GB of space and we have called this function until it reaches 16GB then the app crashes.

I am developing a background program that is included in the app as an extension. I would like to include logic to check the teamID and code signature validity of the program I created to ensure that it has not been tampered with. Is this possible?

Trying to play around with Secure Enclave Protected keychain operations in a Tauri-based MacOS app and running into issues. After much digging and trial and error, here is my understanding and where I'm at: To access these keychain related APIs, the app must be codesigned, and have the following entitlements: <key>com.apple.application-identifier</key> <string>XXXXXXXXXX.com.myorg.myapp</string> <key>com.apple.developer.team-identifier</key> <string>XXXXXXXXXX</string> <key>keychain-access-groups</key> <array> <string>XXXXXXXXXX.*</string> </array> Currently using a Development cert, generated from Xcode, not a paid account I had to install the intermediate cert from https://www.apple.com/certificateauthority/ XXXXXXXXXX is the "Team ID", which can be found on my Development cert under Details > "Organizational Unit" If I build the app and run it (without signing) I get code 34018 If I sign the app and try to run it, I am no longer able to boot it, with error: The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x12a60a130 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}} Not quite sure what is missing - any help is much appreciated.