Is it possible to directly distribute a macOS app with a Developer ID Certificate that belongs to a different team? I am trying to resolve issues that arise when distributing a macOS app with a Network Extension (Packet Tunnel) outside the App Store using a Developer ID Certificate from a different team than the app’s provisioning profiles and entitlements. I started by attempting Direct Distribution in Xcode with automatic signing. However, it fails with the following message: Provisioning profile "Mac Team Direct Provisioning Profile: ” failed qualification checks: Profile doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement. I suspect the issue is that the provisioning profile allows "packet-tunnel-provider-systemextension", whereas the entitlements generated by Xcode contain "packet-tunnel-provider". When I manually modify the .entitlements file to include the -systemextension suffix, the project fails to build because Xcode does not recognize the modified entitlement. If there is a workaround for this issue, please let me know. Due to these issues, I resorted to manually creating a signed and notarized app. My process is as follows: Export the .app from the Xcode archive. Since the exported .app does not contain the necessary entitlements or provisioning profile for direct distribution, I replace Contents/embedded.provisioningprofile in both the .app and the .appex network extension. Sign the app and its components in the following order: codesign --force --options runtime --timestamp --sign "Developer ID Application: <name>" <app>.app/Contents/Frameworks/<fw>.framework/ codesign --force --options runtime --timestamp --sign "Developer ID Application: <name>"<app>.app/Contents/PlugIns/<netext>.appex/Contents/Frameworks/<fw>.framework/Versions/A/<fw> codesign --force --options runtime --entitlements dist-vpn.entitlements --timestamp --sign "Developer ID Application: <name>" <app>.app/Contents/PlugIns/<netext>.appex/ codesign --force --options runtime --entitlements dist.entitlements --timestamp --sign "Developer ID Application: <name>" <app>.app Verify the code signature: codesign --verify --deep --strict --verbose=4 <app>.app - <app>.app: valid on disk - <app>.app: satisfies its Designated Requirement Create a ZIP archive using: ditto -c -k --sequesterRsrc --keepParent <app>.app <app>.zip Notarize the app with notarytool and staple it. The notarization completes successfully with errors: nil. Package the notarized app into a DMG, notarize, and staple the DMG. The app runs successfully on the development machine. However, when moved to another machine and placed in /Applications, it fails to open. Inspecting Console.app reveals Gatekeeper is blocking the launch:
 taskgated-helper <bundleid>: Unsatisfied entitlements: com.apple.developer.networking.networkextension, com.apple.developer.team-identifier taskgated-helper entitlements: { "com.apple.developer.networking.networkextension" = ("packet-tunnel-provider-systemextension"); "com.apple.developer.team-identifier" = <teamid>; } As mentioned earlier, the Developer ID Certificate used for signing belongs to a different team. We are a third-party developer and do not have access to the Developer ID Certificate of the team assigned as the team-identifier. When I changed the bundle identifier (app ID), team, entitlements, and provisioning profiles to match the team associated with the Developer ID Certificate, the app worked. My question is:
 Is this failure caused by using a Developer ID Certificate from a different team, or should it still work if the provisioning profiles and entitlements are correctly set? Could there be an issue elsewhere in the provisioning profiles or entitlements for the original app ID?

Hello Apple Support Team, We are developing a macOS application that allows users to import and view PST files (Microsoft Outlook archives). These files contain a complex, proprietary format that requires specialized parsing libraries. To achieve this, we are using Aspose Email for Java, which is currently one of the few reliable libraries that support complete PST parsing across platforms. Why we are using Java & Aspose The Aspose Email Java library provides a comprehensive API to extract mail data (including metadata, attachments, and folder structure) from .pst files. A native Swift or Objective-C alternative with full .pst parsing capability does not exist, which is why we opted for a Java-based helper module that runs in the background and communicates with the macOS app over a Unix domain socket. How we bundle it We package the AsposeEmail.jar and a custom JRE (Java Runtime Environment) created using jlink, tailored to run only our jar. This entire setup (JAR + JRE) is bundled within the Contents/Resources directory of the macOS app, and we invoke the Java runtime using standard process launch APIs from Swift. Problem during App Store Submission When we archive the app and submit it to the App Store, the validation step raises an error: ITMS-90284: Invalid Code Signing - The executable 'com.app.sample.appstore.pkg/Payload/Sample.app/Contents/Resources/custom-jre-universal/lib/cli ent/libjsig.dylib' must be signed with the certificate that is contained in the provisioning profile. ITMS-90284: Invalid Code Signing - The executable 'com.app.aample.appstore.pkg/Payload/Sample.app/Contents/Resources/custom-jre-universal/lib/cli ent/libjvm.dylib' must be signed with the certificate that is contained in the provisioning profile. When we attempt to code sign the custom JRE, especially the .dylib files inside, the runtime breaks. Java is unable to launch correctly and throws permission errors and execution failures. Alternative we thought of (On-Demand Download) To avoid the code signing issue, we decided to remove the JRE from the bundle and instead download it on demand when the user performs an action like "Import PST". However, we realized this may violate the App Store Review Guideline 2.5.2: Our use case, while not dynamically modifying features, does download and execute a Java runtime, which could be interpreted as executing new code post-installation. How can we proceed? We are looking for Apple’s guidance on the correct and compliant path forward: Is there a recommended way to bundle and codesign a custom JRE so it is accepted by the App Store? Is on-demand download of a custom runtime for a very specific parsing task permitted, assuming it doesn't modify app features but simply supports user-initiated operations? We would greatly appreciate any guidance or best practices on how to handle this situation, particularly with respect to App Store compliance. Regards, Maaz Hussain

Starting a few hours ago (roughly 2:45PM Eastern time) we began experiencing elevated latency with the Developer ID Notary Service. There is nothing listed on the developer system status page about degraded performance or a service outage. Operations that usually take ~15 minutes, are stacking up for hours. The oldest pending entry we have was created at 2:45PM Eastern: createdDate: 2025-06-24T18:45:22.539Z id: 5209a4d2-eae4-4714-aa8e-6961677ff2e We currently have 27 pending builds in the notary service since we are required to notarize internal builds to ensure we satisfy our requirements so this is creating an issue for us.

Dear Apple Support, We are experiencing a critical issue affecting some of our macOS users during application updates via DMG. In certain cases, when users attempt to update the app by dragging it from the mounted DMG to the /Applications folder (replacing the old version), the application becomes corrupted. Users receive an error indicating that the app cannot be opened. On retry, they are met with an error stating that the app cannot be overwritten. Upon inspection, the resulting application bundle is incomplete and contains only the following structure: . └── Contents └── CodeResources The only known workaround is to completely remove the existing app from /Applications before copying the new version — this resolves the issue consistently. We’ve observed this issue in the field with increasing frequency, which negatively impacts user trust. We also found similar reports from other developers (e.g., https://github.com/warpdotdev/Warp/issues/5492), suggesting a broader issue. Questions: What could be the underlying cause of this behavior on macOS (e.g., MDM, security policies, filesystem behavior)? Are there any recommended practices to prevent or mitigate this issue when updating apps via DMG? We would appreciate any guidance or clarification you can provide. Best regards, Ivan Poluianov

Having reviewed every document, this has been going on for nearly two months. Originally, it was thought that the problem might be related to the fact I had created the developer ID signing certificate on an intel mac, and trying to import and use it on an M1 Mac-Mini. That turned out to not be the case. Completely started over with a new account (the company changed names), requested and was granted the entitlements we needed. Create a new CSR from this new m1 machine, created a Developer ID certificate, installed the certificate on this machine. But no matter what, the codesign fails. Troubleshooting Environment: Brand new Apple Developer account and Developer ID Application certificate (generated CSR on this Mac, installed cert and private key in login keychain) macOS build/signing machine, not running codesign as root Working from Terminal app in GUI session, not via SSH/cron Keychain & Certificate Chain: Verified Developer ID Application: Fidelis Security LLC (J4WGF5B6KZ) certificate and private key are present in login keychain Verified certificate is marked as trusted and has a private key attached Developer ID Certification Authority present and trusted in System keychain (removed any extra from login) Evaluate certificate assistant shows everything is good Apple Root CA present and trusted in System keychain Set all trust settings back to System Defaults after testing with “Always Trust” No expired or duplicate Developer ID intermediates present codesign Troubleshooting: Ran: codesign --force --timestamp --options runtime --sign "Developer ID Application: Fidelis Security LLC (J4WGF5B6KZ)" ./fidelisevents Consistently received: Warning: unable to build chain to self-signed root for signer ... errSecInternalComponent Confirmed correct identity using: security find-identity -v -p codesigning (Shows my Developer ID Application cert as valid) Keychain order confirmed with security list-keychains Tried explicit --keychain argument in codesign (no change) Additional Steps Attempted: Downloaded and re-installed all relevant Apple intermediates/root certificates from https://www.apple.com/certificateauthority/ Rebooted the Mac and killed/restarted the securityd daemon Confirmed no use of sudo or root for codesigning Verified keychain is unlocked Checked that partition list grants access to codesign (set with security set-key-partition-list -S "apple:codesign:" -s -k "" ~/Library/Keychains/login.keychain-db) Attempted to codesign a copy of /usr/bin/true (same error) Ran codesign both with and without --timestamp, both on app bundle and binary Keychain Access showing: Certificate and private key present and linked Correct trust chain System keychain containing all Apple intermediates/roots No trust warnings or red Xs Downloaded the latest Apple CA and Developer ID Root certificates and installed those. None of the forum searches have helped. AI is likewise confused.

IMPORTANT The underlying issue here (FB8830007) was fixed in macOS 11.3, so the advice in this post is irrelevant if you’re building on that release or later. Note This content is a repost of info from another thread because that thread is not world readable (it’s tied to the DTK programme). A number of folks have reported problems where: They have a product that supports older versions of macOS (anything prior to 10.11). If they build their product on Intel, everything works. If they build their product on Apple Silicon, it fails on those older versions of macOS. A developer filed a bug about this (FB8830007) and, based on the diagnosis of that bug, I have some info to share as to what’s going wrong and how you can prevent it. Let’s start with some background. macOS’s code signing architecture supports two different hash formats: sha1, the original hash format, which is now deprecated sha256, the new format, support for which was added in macOS 10.11 codesign should choose the signing format based on the deployment target: If your deployment target is 10.11 or later, you get sha256. If your deployment target is earlier, you get both sha1 and sha256. This problem crops up because, when building for both Intel and Apple Silicon, your deployment targets are different. You might set the deployment target to 10.9 but, on Apple Silicon, that’s raised to the minimum Apple Silicon system, 11.0. So, which deployment target does it choose? Well, the full answer to that is complex but the executive summary is that it chooses the deployment target of the current architecture, that is, Intel if you’re building on Intel and Apple Silicon if you’re building on Apple Silicon. For example: intel% codesign -d --arch x86_64 -vvv Test664892.app … Hash choices=sha1,sha256 … intel% codesign -d --arch arm64 -vvv Test664892.app … Hash choices=sha1,sha256 … arm% codesign -d --arch x86_64 -vvv Test664892.app … Hash choices=sha256 … arm% codesign -d --arch arm64 -vvv Test664892.app … Hash choices=sha256 … The upshot is that you have problems if your deployment target is less than 10.11 and you sign on Apple Silicon. When you run on, say, macOS 10.10, the system looks for a sha1 hash, doesn’t find it, and complains. The workaround is to supply the --digest-algorithm=sha1,sha256, which overrides the hash choice logic in codesign and causes it to include both hashes: arm% codesign -s - --digest-algorithm=sha1,sha256 Test664892.app arm% codesign -d --arch x86_64 -vvv Test664892.app … Hash choices=sha1,sha256 … % codesign -d --arch arm64 -vvv Test664892.app … Hash choices=sha1,sha256 … Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hello, I'm working on an app at work and we finally got to signing and notarizing the app. The app is successfully notarized and stapled, I packaged it in a .dmg using hdiutil and went ahead and notarized and stapled that as well. Now I tried to move this app to another machine through various methods. But every time I download it from another machine, open and extract the contents of the dmg and attempt to open the app, I get the "Apple could not verify my app is free of malware that may harm your Mac or compromise your privacy. When I check the extended attributes there's always the com.apple.quarantine attribute which from what I know, is the reason that this popup appears I've tried uploading it to google drive, sending through slack, onedrive, even tried our AWS servers and last but not least, I tried our Azure servers (which is what we use for distribution of the windows version of our app). I tried uploading to Azure through CloudBerry (MSP360 now), and azure-cli defining the content-type as "application/octet-stream", the content-disposition as "attachment; filename=myApp.dmg", and content-cache-control as "no-transform". None of these worked The only times where a download actually worked with no problems was when I downloaded through the terminal using curl, which obviously not a great solution especially that we're distributing to users who aren't exactly "tech savy" I want the installation experience to be as smooth as other apps outside the App Store (i.e Discord, Slack, Firefox, Chrome etc....) but I've been stuck on this for more than a week with no luck. Any help is greatly appreciated, and if you want me to clarify something further I'd be happy to do so

I am here and I AM UNABLE TO PUBLISH AN UPLDATE! On xcode in the "signing" i see ONLY ME AND NOT THE COMPANY, i am added as administrator in the apple console developer BUT NOTHING CHANGE!! i tried to add an account but I STILL NOT SEE THE COMPANY, ONLY ME HOW TO FIX THIS?? THIS IS THE WORSE WAY TO SETUP AN ACCOUNT I EVER SEE

We have a Mac app that uses some restricted macOS entitlements, thus to test it we embed a development provisioning profile, that needs to contain the correct provisioning UDID. Typically, for test VMs, we extract the provisioning and UDID and add it to the developer portal and then re-generate the provisioning profiles. However when we try to do this in our newly created VM (Apple Silicon), our executable won't run, and macOS logs that the provisioning profile doesn't allow the device: 2025-06-12 12:37:52.168 E taskgated-helper[27489:e97da] [com.apple.ManagedClient:ProvisioningProfiles] embedded provisioning profile not valid: file:///Applications/foo.app/Contents/embedded.provisionprofile error: Error Domain=CPProfileManager Code=-212 "Provisioning profile does not allow this device." UserInfo={NSLocalizedDescription=Provisioning profile does not allow this device.} 2025-06-12 12:37:52.169 E taskgated-helper[27489:e97da] [com.apple.ManagedClient:ProvisioningProfiles] Disallowing com.company.foo because no eligible provisioning profiles found 2025-06-12 12:37:52.169 Df amfid[112:e99b0] [com.apple.xpc:connection] [0xb34c74a00] invalidated because the current process cancelled the connection by calling xpc_connection_cancel() 2025-06-12 12:37:52.169 Df taskgated-helper[27489:e97da] [com.apple.xpc:connection] [0x839144000] invalidated because the client process (pid 112) either cancelled the connection or exited 2025-06-12 12:37:52.169 E amfid[112:e91ac] [com.apple.MobileFileIntegrity.framework:default] Failure validating against provisioning profiles: &lt;private&gt; 2025-06-12 12:37:52.169 E amfid[112:e91ac] [com.apple.MobileFileIntegrity.framework:default] Restricted entitlements not validated, bailing out. Error: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=&lt;private&gt;, NSLocalizedDescription=No matching profile found} 2025-06-12 12:37:52.169 Df amfid[112:e91ac] /Applications/foo.app/Contents/MacOS/foo not valid: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=file:///Applications/foo.app/, NSLocalizedDescription=No matching profile found} The UDID for this VM does look weird, in System Profiler: But I can verify that this UDID string is present in the provisioning profile embedded in the app bundle: $ security cms -D -i /Applications/foo.app/Contents/embedded.provisionprofile | grep -i 7cd9234e9aa4fa8ba528ee417f857b2c993a20a3 &lt;string&gt;7CD9234E9AA4FA8BA528EE417F857B2C993A20A3&lt;/string&gt; I also tried deleting the manually added device from the Developer portal and installing Xcode on the VM and letting Xcode register the device, but I end up in the same situation there. Even after letting Xcode itself register the device, it says that "this device not registered to your account" and then when I click "Register device" it changes into " already exists". Has anyone else managed to get Mac development provisioning profiles to work in a VM?

When building xcode project of an application with login item included/embedded (another target), locally it works without problems. But when building on xcode cloud, we are getting the error: ITMS-90286: Invalid code signing entitlements - Your application bundle’s signature contains code signing entitlements that aren’t supported on macOS. Specifically, the “XXX.***.***” value for the com.apple.application-identifier key in “Path_to_login_Item” isn’t supported. This value should be a string that starts with your Team ID, followed by a dot (“.”), followed by the bundle ID. If there are no capabilities added to the login item's target (only com.apple.security.inherit and App Sandbox), the project builds without errors. But our login item needs to access a database in app group container and sync its data with iCloud, so after adding iCloud and App Group entitlements, building on xcode cloud fails with the error written above. Locally it builds and runs without problems. So, what should be done to fix this issue when building on xcode cloud?

Hi all, I'm using a CryptoTokenKit (CTK) extension to perform code signing without having the private key stored on my laptop. The extension currently only supports the rsaSignatureDigestPKCS1v15SHA256 algorithm: func tokenSession(_ session: TKTokenSession, supports operation: TKTokenOperation, keyObjectID: TKToken.ObjectID, algorithm: TKTokenKeyAlgorithm) -> Bool { return algorithm.isAlgorithm(SecKeyAlgorithm.rsaSignatureDigestPKCS1v15SHA256) } This setup works perfectly with codesign, and signing completes without any issues. However, when I try to use productsign, the system correctly detects and delegates signing to my CTK extension, but it seems to always request rsaSignatureDigestPKCS1v15SHA1 instead: productsign --timestamp --sign <identity> unsigned.pkg signed.pkg productsign: using timestamp authority for signature productsign: signing product with identity "Developer ID Installer: <org> (<team>)" from keychain (null) ... Error Domain=NSOSStatusErrorDomain Code=-50 "algid:sign:RSA:digest-PKCS1v15:SHA1: algorithm not supported by the key" ... productsign: error: Failed to sign the product. From what I understand, older versions of macOS used SHA1 for code signing, but codesign has since moved to SHA256 (at least when legacy compatibility isn't a concern). Oddly, productsign still seems to default to SHA1, even in 2025. Is there a known way to force productsign to use SHA256 instead of SHA1 for the signature digest algorithm? Or is there some flag or configuration I'm missing? Thanks in advance!

I will post my app xyz.app uses XY swift package this swift package is a wrapper for XYSDK.xcframework XYSDK.xcframework written in c++ and app running on arm64 macos and iphones succesfully. I got this error when i want to distribute it. Currently i sign .framework for ios with Apple Distribution Certificate and same certificate for macos framework there is no other signing step for swift package or xcframework other than that when i want to archive it validates succesfully. Exporting step shows that app has signed, has provisining profile. but .framework is only signed has no provisioning profile. Also one point i see: i have one target named xyz and its Frameworks, Lİbraries and Embedded Context has only XY package but Embed part has no option like embed and sign etc. Blank. I need more info about what am i doing wrong in which step ? I am stuck and can not move any further like weeks Error Detail: Invalid Signature. The binary with bundle identifier XYSDK at path “xyz.app/Frameworks/XYSDK.framework” contains an invalid signature. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing. (90035)

HI, I upgraded to macos 15.5 and xcode 16.3. Last year I was able to update one of my apps on the App Store without issues. Today, after a successful Testflight test, I now need to submit a new version of my app to the App Store for Distribution as the next version/build. However, when I configure a manual setting for the signing, I can select the correct choices. But when I click automatically manage signing, and choose the correct team, xcode put in the wrong signing certificate. It is choose a development one, and not the distribution one. I am concerned about this since I have read that when using the Archive tool, it choses the automatically manage signing by default. And that check box is selecting the "default" settings. I do not know where these default settings are being set, or how to fix this issue. I do not see any info in my searching up to this point. I hope someone can help. thank you, cc

I created a new App project, I didn't write any my code, I just built it and install it to my iPhone, then I got the error as below: 无法安装“test” Domain: IXUserPresentableErrorDomain Code: 14 Recovery Suggestion: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.X9zsVD/extracted/test.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Please ensure that the certificates used to sign your app have not expired. If this issue persists, please attach an IPA of your app when sending a report to Apple. User Info: { DVTErrorCreationDateKey = "2025-04-13 03:40:21 +0000"; IDERunOperationFailingWorker = IDEInstallCoreDeviceWorker; } -- Failed to install the app on the device. Domain: com.apple.dt.CoreDeviceError Code: 3002 User Info: { NSURL = "file:///Users/ltf/Library/Developer/Xcode/DerivedData/test-fnnhrmtlclvfdnennxoorbywbuze/Build/Products/Debug-iphoneos/test.app"; } -- Can't install “test” Domain: IXUserPresentableErrorDomain Code: 14 Failure Reason: 无法安装此App，因为无法验证其完整性。 Recovery Suggestion: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.X9zsVD/extracted/test.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) -- Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.X9zsVD/extracted/test.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Domain: MIInstallerErrorDomain Code: 13 User Info: { FunctionName = "+[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:]"; LegacyErrorString = ApplicationVerificationFailed; LibMISErrorNumber = "-402620392"; SourceFileLine = 79; } -- Event Metadata: com.apple.dt.IDERunOperationWorkerFinished : { "device_identifier" = "00008120-001E51C011F9A01E"; "device_isCoreDevice" = 1; "device_isWireless" = 1; "device_model" = "iPhone15,5"; "device_osBuild" = "18.3.2 (22D82)"; "device_platform" = "com.apple.platform.iphoneos"; "device_thinningType" = "iPhone15,5"; "dvt_coredevice_version" = "443.19"; "dvt_coresimulator_version" = "1010.10"; "dvt_mobiledevice_version" = "1784.120.2"; "launchSession_schemeCommand" = Run; "launchSession_state" = 1; "launchSession_targetArch" = arm64; "operation_duration_ms" = 2527; "operation_errorCode" = 14; "operation_errorDomain" = IXUserPresentableErrorDomain; "operation_errorWorker" = IDEInstallCoreDeviceWorker; "operation_name" = IDERunOperationWorkerGroup; "param_debugger_attachToExtensions" = 0; "param_debugger_attachToXPC" = 1; "param_debugger_type" = 3; "param_destination_isProxy" = 0; "param_destination_platform" = "com.apple.platform.iphoneos"; "param_diag_113575882_enable" = 0; "param_diag_MainThreadChecker_stopOnIssue" = 0; "param_diag_MallocStackLogging_enableDuringAttach" = 0; "param_diag_MallocStackLogging_enableForXPC" = 1; "param_diag_allowLocationSimulation" = 1; "param_diag_checker_tpc_enable" = 1; "param_diag_gpu_frameCapture_enable" = 0; "param_diag_gpu_shaderValidation_enable" = 0; "param_diag_gpu_validation_enable" = 0; "param_diag_guardMalloc_enable" = 0; "param_diag_memoryGraphOnResourceException" = 0; "param_diag_mtc_enable" = 1; "param_diag_queueDebugging_enable" = 1; "param_diag_runtimeProfile_generate" = 0; "param_diag_sanitizer_asan_enable" = 0; "param_diag_sanitizer_tsan_enable" = 0; "param_diag_sanitizer_tsan_stopOnIssue" = 0; "param_diag_sanitizer_ubsan_enable" = 0; "param_diag_sanitizer_ubsan_stopOnIssue" = 0; "param_diag_showNonLocalizedStrings" = 0; "param_diag_viewDebugging_enabled" = 1; "param_diag_viewDebugging_insertDylibOnLaunch" = 1; "param_install_style" = 2; "param_launcher_UID" = 2; "param_launcher_allowDeviceSensorReplayData" = 0; "param_launcher_kind" = 0; "param_launcher_style" = 99; "param_launcher_substyle" = 0; "param_runnable_appExtensionHostRunMode" = 0; "param_runnable_productType" = "com.apple.product-type.application"; "param_structuredConsoleMode" = 1; "param_testing_launchedForTesting" = 0; "param_testing_suppressSimulatorApp" = 0; "param_testing_usingCLI" = 0; "sdk_canonicalName" = "iphoneos18.4"; "sdk_osVersion" = "18.4"; "sdk_variant" = iphoneos; } -- System Information macOS Version 15.5 (Build 24F5042g) Xcode 16.3 (23785) (Build 16E140) Timestamp: 2025-04-13T11:40:21+08:00

Dear Apple support, Since the last couple of days, we have some (very) long running notarization requests. Similar requests were done normally under 1 minute. This behavior is unexpected to us, and we did not see it before. The issue occurs for a small CLI tool submitted as a ZIP archive. Checking the documentation, I come across the section about "Avoid long notarization response times and size limits" (https://developer.apple.com/documentation/security/customizing-the-notarization-workflow#Avoid-long-notarization-response-times-and-size-limits). One fact is mentioned “Limit notarizations to 75 per day.” What is behavior if that limitation is reached? Is that limitation per Apple ID or per team ID? Are there some known issues about Notarization Service? Best regards, Stefan

Product: macOS, Notarization Tool: notarytool, Stapler Tool: xcrun stapler, Application: master-billing.app, DMG: master-billing.dmg I'm attempting to notarize and staple a macOS .dmg file containing a signed .app. Notarization completes successfully, but the stapling step fails with Error 65. All tools are up-to-date and I'm following the official Apple process. #!/bin/bash set -e APP="dist/mac-arm64/master-billing.app" DMG="dist/mac-arm64/master-billing.dmg" IDENTITY="Developer ID Application: NAME (TEAM ID)" PROFILE="notarysiva" VOLUME_NAME="MasterBilling" Sign binaries and frameworks find "$APP" -type f ( -name ".dylib" -or -name ".so" -or -name "*.node" -or -perm -u+x ) -exec codesign --force --options runtime --timestamp --sign "$IDENTITY" {} ; find "$APP" -type d ( -name ".app" -or -name ".framework" ) -exec codesign --force --options runtime --timestamp --sign "$IDENTITY" {} ; codesign --deep --force --options runtime --timestamp --sign "$IDENTITY" "$APP" Create DMG hdiutil create -volname "$VOLUME_NAME" -srcfolder "$APP" -ov -format UDZO "$DMG" Sign DMG codesign --sign "$IDENTITY" --timestamp "$DMG" Verify DMG signature codesign --verify --verbose=2 "$DMG" Submit for notarization xcrun notarytool submit "$DMG" --keychain-profile "$PROFILE" --wait Staple ticket xcrun stapler staple -v "$DMG" Signing all binaries, dylibs, and frameworks... . . ✅ App signing complete. 💽 Creating DMG... ...................................................................................... created: /Users/one/Documents/MASTER/bill-master/dist/mac-arm64/master-billing.dmg 🔏 Signing the DMG... ✅ Verifying DMG signature... dist/mac-arm64/master-billing.dmg: valid on disk dist/mac-arm64/master-billing.dmg: satisfies its Designated Requirement 📤 Submitting DMG for notarization... Conducting pre-submission checks for master-billing.dmg and initiating connection to the Apple notary service... Submission ID received id: 32927c3c-7459-42b4-a90c Upload progress: 100.00% (123 MB of 123 MB) Successfully uploaded file id: 32927c3c-7459-42b4-a90c path: /Users/one/Documents/MASTER/bill-master/dist/mac-arm64/master-billing.dmg Waiting for processing to complete. Current status: Accepted............ Processing complete id: 32927c3c-7459-42b4-a90c status: Accepted 📌 Stapling notarization ticket to DMG... Processing: /Users/one/Documents/MASTER/bill-master/dist/mac-arm64/master-billing.dmg . . . Downloaded ticket has been stored at file:///var/folders/1l/ht34h5y11mv3rhv8dlxy_g4c0000gp/T/5bb9e667-dfe1-4390-8354-56ced7f48fa0.ticket. Could not validate ticket for /Users/one/Documents/MASTER/bill-master/dist/mac-arm64/master-billing.dmg The staple and validate action failed! Error 65.

Hi all, I’m trying to notarize a Flutter macOS app built in CI (GitHub Actions). The app builds and signs fine locally—codesign --verify --deep --strict and spctl --assess both pass. However, Apple’s notarization service consistently rejects the app with errors like: The binary is not signed with a valid Developer ID certificate: file_picker.framework The binary is not signed with a valid Developer ID certificate: file_saver.framework The binary is not signed with a valid Developer ID certificate: url_launcher_macos.framework What I’ve tried: Explicitly re-signing all frameworks with my Developer ID Application certificate and --timestamp Removing existing signatures before re-signing Ensuring correct entitlements and bundle identifier Matching the app bundle name and identifier in all places Using both codesign --deep and manual signing of each binary Local validation always passes, but notarization fails in CI Certificate: I am using a “Developer ID Application” certificate (not a “Mac Developer” or “Apple Development” certificate). The output of codesign -dvv for the problematic frameworks shows: Authority=Developer ID Application: [My Name/Team] ([Team ID]) So I believe I am not making the common mistake of using the wrong certificate type. CI Environment: GitHub Actions, macos-latest runner Flutter 3.27.2, stable channel All secrets (cert, Apple ID, app-specific password, team ID) are set up Questions: Has anyone encountered this with Flutter plugins or CI builds? Are there known issues with signing Flutter plugin frameworks for notarization? Is there a way to get more detailed feedback from Apple’s notarization service? Any advice or pointers would be greatly appreciated. I’m happy to provide logs, scripts, or a minimal project if needed. Thanks!

Hello guys, I currently have a problem with Xcode cloud. When I setup a simple workflow in my Xcode project that just archives it and builds the project for TestFlight Internal testing, it will fail and give the following error: Invalid Signature. Code failed to satisfy specified code requirement(s). The file at path “DropIn.app/DropIn” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing. I've already been searching for solutions and double checked the documentation. My Xcode project is a simple iOS app with the app target and two other targets for tests and UI tests. I made sure the checkbox "Automatically manage signing" is ticked in all targets. The workflow has only one action "Archive - iOS" with TestFlight (Internal Testing Only) and a post-action "TestFlight Internal Testing - iOS" with an internal testing group assigned. I've seen people having similar problems where it turned out they had a non roman character in their name? This would also affect me if that's the case, since my name includes "ö". I also checked on app store connect and already deleted xcode cloud data, removed all certificates recreated the workflow, but it still gives this error. Any ideas on how to fix this?

I work for Brave, a browser with ~80M users. We want to introduce a new system for automatic updates called Omaha 4 (O4). It's the same system that powers automatic updates in Chrome. O4 runs as a separate application on users' systems. For Chrome, this works as follows: An app called GoogleUpdater.app regularly checks for updates in the background. When a new version is found, then GoogleUpdater.app installs it into Chrome's installation directory /Applications/Google Chrome.app. But consider what this means: A separate application, GoogleUpdater.app, is able to modify Google Chrome.app. This is especially surprising because, for example, the built-in Terminal.app is not able to modify Google Chrome.app. Here's how you can check this for yourself: (Re-)install Chrome with its DMG installer. Run the following command in Terminal: mkdir /Applications/Google\ Chrome.app/test. This works. Undo the command: rm -rf /Applications/Google\ Chrome.app/test Start Chrome and close it again. mkdir /Applications/Google\ Chrome.app/test now fails with "Operation not permitted". (These steps assume that Terminal does not have Full Disk Access and System Integrity Protection is enabled.) In other words, once Chrome was started at least once, another application (Terminal in this case) is no longer allowed to modify it. But at the same time, GoogleUpdater.app is able to modify Chrome. It regularly applies updates to the browser. For each update, this process begins with an mkdir call similarly to the one shown above. How is this possible? What is it in macOS that lets GoogleUpdater.app modify Chrome, but not another app such as Terminal? Note that Terminal is not sandboxed. I've checked that it's not related to codesigning or notarization issues. In our case, the main application (Brave) and the updater (BraveUpdater) are signed and notarized with the same certificate and have equivalent requirements, entitlements and provisioning profiles as Chrome and GoogleUpdater. The error that shows up in the Console for the disallowed mkdir call is: kernel (Sandbox) System Policy: mkdir(8917) deny(1) file-write-create /Applications/Google Chrome.app/foo (It's a similar error when BraveUpdater tries to install a new version into /Applications/Brave Browser.app.) The error goes away when I disable System Integrity Protection. But of course, we cannot ask users to do that. Any help would be greatly appreciated.

I have a valid dev certificate and created a valid provisioning Profile. I have added the Device UDID too , which I can see in provisioning Profile too. In XCode-16 both certificate and provisioning Profile looks good and no issue here with the expiration date too. Issue - While running the app on my iPhone connected to Mac.its shows the build is successful but shows the followinf errors . An IPA of APP failing the installation. Unable to install the App `A valid provisioning profile for this executable was not found. Domain: com.apple.dt.MobileDeviceErrorDomain`