I have added an in-app purchase function into my app, and have enabled in-app purchase profile in developer portal(it's on by default and is marked gray in developer portal, I don't know if that's how it supposed to look like). I have issued the agreements and tried signing the app both manually and automatically, but neither of that worked. App can be built successfully in simulator but does not show the simulation window, but cannot build on real device or archive. Errors: Missing com.apple.developer.in-app-purchase, com.apple.developer.in-app-purchase.non-consumable, and com.apple.developer.in-app-purchase.subscription entitlements. Automatic signing failed Xcode failed to provision this target.

Hello everyone, I'm facing a critical, blocking issue where my developer account (Team ID: K655PX7A46) is unable to generate a valid provisioning profile with the App Attest entitlement. I have confirmed this is a server-side issue and am hoping to get visibility from an Apple engineer who can investigate. The Problem: When I generate a provisioning profile for an App ID with the "App Attest" capability enabled, the resulting profile is defective. It is missing the required com.apple.developer.app-attest.environment key in its entitlements dictionary, causing Xcode to fail the build. What I Have Proven: The issue is not a misconfiguration. The App Attest capability is correctly enabled and saved on the App ID configuration page. The issue is not isolated to one App ID. I created a brand new App ID from scratch, enabled the capability during creation, and the server still generates a defective profile with the same missing entitlement. I have definitive proof by inspecting the downloaded .mobileprovision file. The contents confirm the required key is missing. Steps to Reproduce on My Account: Create a new App ID on the Developer Portal. Enable the "App Attest" capability and save. Generate a new "iOS App Development" provisioning profile for this App ID. Download the profile and inspect its contents via security cms -D -i [profile]. Observe that the com.apple.developer.app-attest.environment key is missing. The Evidence (Contents of the Defective Profile): Here is the output from inspecting the profile for a brand new App ID (com.technology519.linksi.app2). As you can see, the correct entitlement is missing, and an incorrect devicecheck entitlement is present instead. This is a critical bug in the provisioning profile generation service for my account that is blocking all development. I have already filed a support ticket (Case #102721408444) but have so far only received generic, unhelpful responses. Can an Apple engineer please investigate this server-side issue with my account? Thank you.

Hello, my builds keep failing in Xcode Cloud at the creation of the archive for tesflight. I am receiving an email mentioning "ITMS-90035: Invalid Signature" TMS-90035: Invalid Signature - Code failed to satisfy specified code requirement(s). The file at path “BASELog.app/BASELog” is not properly signed. Make sure you have signed your application with a distribution certificate, not an ad hoc certificate or a development certificate. Verify that the code signing settings in Xcode are correct at the target level (which override any values at the project level). Additionally, make sure the bundle you are uploading was built using a Release target in Xcode, not a Simulator target. If you are certain your code signing settings are correct, choose “Clean All” in Xcode, delete the “build” directory in the Finder, and rebuild your release target. For more information, please consult https://developer.apple.com/support/code-signing. The thing is the archives which are not intended for testflight not App Store connect are not failing. I think I have the required distribution certificates (initially they were created by API for Xcode Icloud, I add 3, revoked them and recreated one manually and the other from Xcode directly) : even though certificats seems ok, in Xcode I see a dev certificate in the managed release and if I try to force a distribution certificate in the build I then get the following warning It looks like my managed profile is not behaving properly, like not embedding a distribution certificate. I looked on the web for the signing issues, and I have found in other threads an issue with assets having special charsets. I checked on my side, the only thing I see is my app icon is named "icon_v1.png" I assume it shouldn't be an issue. I dont see any special char anywhere else in the sources name. Anyone has any idea on what is causing those build fails on the archive?

Hello, we are struggling for hours with the following issue: I have an individual developer account and since yesterday I'm member of developer team with an own organization account. I have access to an app in the team account as an "App-Manager", also the option "Access to Certificates, Identifiers & Profiles" is activated and I can see that it is activated for my account in AppstoreConnect. In "Apple Developer" I can also see the team and can switch to. But then I do not see the "Certificates, Identifiers & Profiles" menu entry. Also the team is not showing up in XCode. What am I missing? Thanks and regards Philipp

I want to export Mac OS application out side App Store and I need to have Developer Id installer certificate to do the same. When I go to certificate section in developer portal - I only see option of Mac App Distribution Mac Installer Distribution Developer ID Application Does anyone know where I can check the Developer ID installer part. Developer ID application doesn't work for signing the app manually.

I am trying to sign a enterprise app with provisioning profile which shows the tap to pay entitlement on Dev portal, but when downloaded on Xcode, it says the profile is missing the tap to pay capability and entitlement The capability was enabled by apple already, it was working fine until the provisioning profile got renewed.

The problem is described in full with log output in #16844 We are having an issue with TCC prompting users for access to the app group container despite signing with entitlements following all guidelines. This is a regression from the Feb 2025 Changes discussed in App Groups: macOS vs iOS: Working Towards Harmony The problem can only be reproduced with Xcode 16.0 and later. The entitlements for the app include access for the group container with [Key] com.apple.security.application-groups [Value] [Array] [String] G69SCX94XU.duck The documentation notes the group name can be arbitrary, e.g. <team identifier>.<group name>. Cyberduck uses G69SCX94XU.duck by default. Interestingly enough the alert is not shown when a group name matching the bundle identifier is used, e.g. G69SCX94XU.ch.sudo.cyberduck.

I have two certificates in my Accounts>Manage Certificates section. One is active, the other is greyed out with a status of "Not in Keychain". I only have ONE certificate in the developer account online. Timeline: Had an issue with fastlane codesigning and was trying to resolve that. In that attempt I deleted my related Certificates from my keychain Xcode showed them as disabled (greyed out) and not in Keychain. Look up how to resolve, need to revoke certificates in Developer account online. I go and revoke those certificates. Nothing changes I create new certificate and try to add it to xcode>account>certificate managment>"Apple Development". Get an error saying I can't add a new can't do that because a certificate is already pending. I waited a day because I assumed like somethings with apple, updates are not immediate. I come back the next day and am able to add a new certificate. However, the previous one that is greyed out and reads "Not in Keychain" under Status, is still there. How do I remove that "Not in Keychain" certificate? I emailed developer support and they directed me here.

I have certificates in my xcode>settings>account>manage certificates that I cannot get rid of. I know that they are linked to certificates in developer.apple.com but I've removed them from there and they persist in xcode. I have one that says "Not in Keychain", which is true. I deleted all the keychains related to these accounts in an attempt to fix something. I also have ones that say things like "Missing Private key" Our setup is that we have one main account "Company Inc." which I am setup to be an Admin in. I created a certificate under my credentials and added it to my keychain and showed up properly in xcode but I still have the other ones. HOW DO I REMOVE THEM :sob:

I have a major problem with team membership and Xcode. I work in a company, where my apple account was added to the development team with app manager role. I can see that on the apple portal, everything seems fine there. I have been also provided with the provisioning profile for the project and signing certificate of the company. However, when I log into Xcode the team does not show up anywhere. I am able to build the app, but cannot distribute to TestFlight (or anywhere else). When I use manual signing to choose the signing certificate it shows the "unknown team" message next to it. When I check my account in xcode it also only shows my personal team and does not allow to pick any other one (doesn't show any other one). When I click the "+" button on my xcode account to add a certificate an error pops up: "You already have active certificate or a pending request". I do have a pending request to enroll into apple developers program, but everyone says you don't need one if you are added to the team, you can just operate as a team member. Finally, when trying to upload to TestFlight, the following error is displayed: "No team for account ***" I have tried deleting and re-adding all the certificates. I have tried logging in and out of Xcode, I have tried deleting and re-adding my account in Xcode. I have tried reloading everything. My account was deleted and re-added to developers team. Nothing worked. I don't know the source of the issue, nor does my employer. I am new to ios development and this is my first project. Please help!

Hello, My project fails to build/run on a physical device or archive, due to a persistent provisioning error. Exact Error: Provisioning profile "iOS Team Provisioning Profile: com.huiwan.Ohra-Journal" doesn't include the BGTaskSchedulerPermittedIdentifiers entitlement. I have already performed extensive troubleshooting, and all local configurations appear to be correct: Capabilities: "Background Modes" with the "Background processing" option is enabled in the target's "Signing & Capabilities" tab. Info.plist: The Permitted background task scheduler identifiers key is present in the target's Info.plist, and it contains the correct task identifier (com.huiwan.ohra-journal.refresh). Entitlements File: The .entitlements file is correctly configured by Xcode. Full Reset: I have tried a complete reset procedure, including deleting ~/Library/Developer/Xcode/DerivedData and ~/Library/MobileDevice/Provisioning Profiles/, restarting Xcode, and letting the automatic signing system regenerate the profile from scratch. The issue persists. Despite all these correct local settings, the provisioning profile automatically generated by Xcode is consistently missing the required entitlement. This strongly suggests a server-side issue with the provisioning service for my App ID (com.huiwan.Ohra-Journal). I filed a bug report on the Feedback Assistant (FB20268285) a week ago but have not received a response. This issue is completely blocking my development and ability to submit the app. Could you please investigate the status of my App ID and the provisioning services associated with it? Thank you.

I've created a new project in Xcode. I'm running the Xcode 16.4 and MacOS 15.5. I'm trying to run my barebones project on my iPhone 16 (I'm just getting started). I turned on developer mode on my iPhone and went through the whole process. But in the Signing & Capabilities of my project under status I see two errors... There is a problem with the request entity A device with number 'XXXX8801C' already exists on this team. Provisioning profile "iOS Team Provisioning Profile: [MyBundleID]" doesn't include the currently selected device "My iPhone" (identifier XXXX8801C). I noticed in the devices on the developer portal that my device is showing as "Processing." I feel ike it's stuck. But I can't figure out how to clear it all out and try again. It's been 24 hours since this error came up. I've tried to clear trusted computers on the iPhone. I've deleted the "Derived Data" folder. I've removed my developer account from Xcode and added it again. I've restarted both my Mac and my iPhone multiple times. I've noticed it asked to authorize my computer twice. When I clear the authorized computers and then plug the phone back in it asks twice again. So I'm not sure if this is the issue? No idea why it asks twice but I'm only ever able to respond to the second request as the first request gets blocked in the UI by the second requests if that makes sense? I'm also not able to turn off developer mode on my iPhone. The switch isn't there as the docs state it should be. So again, I feel like this is the phone and the developer portal stuck causing the problem. Note: I saw someone else had encountered this problem and I replied to it and boosted it. But it looks like it was posted in 2017? Hence this new post.

Hello, I have an Apple Developer Enterprise account, and Apple Support has already enabled MDM for my account. I successfully downloaded and installed my MDM Vendor Certificate (it shows up in Keychain as MDM Vendor: [My Company Name] with its private key). Here’s what I’ve done so far: Exported the Vendor Certificate + private key as a .p12, then converted to .pem and .key using OpenSSL. Generated an unsigned CSR with CN=com.apple.mgmt.External. using OpenSSL. Attempted to sign the CSR using: my Vendor certificate the Vendor private key Apple Worldwide Developer Relations (WWDR) intermediate certificate OpenSSL smime -sign command with DER output Problem: Every time I try to upload the vendor-signed CSR to the Apple Push Certificates Portal, I get an error (CSR rejected). Sometimes OpenSSL even fails with “unable to load certificates” depending on how the WWDR certificate is included. My Questions: What is the correct OpenSSL command and certificate chain Apple expects for signing the CSR? Do I need to include any additional intermediates besides WWDR? Is there an official Apple reference example for generating the vendor-signed CSR that the Push Certificates Portal will accept? Any guidance from the community (or someone who has successfully done this end-to-end) would be greatly appreciated. Thank you, Sergio Sanchez

My post-build script takes the "developeridexport" archive export, zips it up and uses notarytool to notarize it. I then add the .zip to a .dmg disk image. The next step is to codesign the disk image before notarizing that too. The issue is my Developer ID Application certificate is not accessible to the build host. (When I was doing this in Microsoft AppCenter (now defunct), it had a copy of my Developer ID Application certificate.) What steps do I need to take to get the disk image signed for notarization? Thanks! Lance

I am trying to set up code signing for my macOS/Tauri app and I’m running into a problem with my Developer ID Application certificate in Keychain Access. Steps I followed: Generated a CSR on my Mac using Keychain Access → Certificate Assistant → Request a Certificate From a Certificate Authority. Uploaded the CSR to the Apple Developer portal. Downloaded the resulting .cer file and installed it in my login Keychain. The certificate appears under All Items, but it does not show under My Certificates, and there is no private key attached. What I expected: The certificate should pair with the private key created during CSR generation and show under My Certificates, allowing me to export a .p12 file. What I’ve tried so far: Verified that the WWDR Intermediate Certificate is installed. Ensured I’m on the same Mac and same login Keychain where I created the CSR. Revoked and regenerated the certificate multiple times. Tried importing into both login and system Keychains. Problem: The certificate never links with the private key and therefore cannot be used for signing. Has anyone experienced this issue or knows why the certificate would fail to pair with the private key in Keychain Access? Any workaround or fix would be greatly appreciated.

productsign Command Appears to Succeed but Package has No Valid Signature Category: Security, macOS, Code Signing Question: productsign command, when signing a PKG created with productbuild, appears to succeed with a success message (Wrote signed product archive to ...) but spctl verification results in rejected, source=no usable signature, indicating that the signature was not actually applied. Details: Goal: To sign a distribution package created with productbuild using a Developer ID Installer certificate. Certificate Used: Developer ID Installer: [Company Name] ([Team ID]) This certificate was issued by Previous Sub-CA and is not the latest G2 Sub-CA recommended by Apple. We cannot create a new G2 Sub-CA certificate as we have reached the limit of 5. productsign Command: productsign --sign "Developer ID Installer: [Company Name] ([Team ID])" [input.pkg] [output.pkg] productsign Output: Wrote signed product archive to [output.pkg] (Appears as a success message). spctl Signature Verification: spctl -a -vv [output.pkg] Result: rejected, source=no usable signature Notarization Service Results (Behavioral difference between Macs): On Mac A, the submission status was Accepted. On Mac B, the status was Invalid, with the notarization log message being The binary is not signed.. Troubleshooting Steps Taken: We attempted to sign both component and distribution packages with productsign, and in both cases, the signature was not recognized by the system. We skipped productsign and relied on the notarization service's auto-signing, but the notarization log still reported The binary is not signed., and the notarization failed. We have confirmed that the certificate and private key are properly associated in Keychain Access. My Questions: Given that we are using an older Previous Sub-CA certificate and cannot create a new one, why does productsign appear to succeed when the signature is not being applied? What could cause the behavioral difference where notarization is Accepted on Mac A but Invalid on Mac B? Is this a known issue with Apple's tools, or is it possibly caused by the specific structure of our PKG? What is the recommended workflow or debugging method to successfully sign and notarize a PKG under these circumstances? Thank you for your assistance

I've been running into issues with Xcode Cloud/my workflow when it's trying to archive the app. I've tested locally and both archiving and building the app for release works. I've tried a few things to clear it. pod deintegrate and pod install Checking off "archive" for the build scheme Creating a certificate for both development and distribution. I made sure automatic signing was enabled as well. I have a ci_scripts/ci_post_clone.sh script that successfully completes. Have tried setting the xcode version of the workflow to 16.2 which is what my local xcode version is. I've switched it back to the latest, 16.4. running pod update Updating flutter However, I consistently get the following 2 errors : `Showing All Messages Run command: 'xcodebuild archive -workspace /Volumes/workspace/repository/ios/Runner.xcworkspace -scheme Runner -destination generic/platform=iOS -archivePath /Volumes/workspace/build.xcarchive -derivedDataPath /Volumes/workspace/DerivedData -resultBundleVersion 3 -resultBundlePath /Volumes/workspace/resultbundle.xcresult -resultStreamPath /Volumes/workspace/tmp/resultBundleStreame3592434-5b88-48da-a3c4-f750abee4d08.json -IDEPostProgressNotifications=YES CODE_SIGN_IDENTITY=- AD_HOC_CODE_SIGNING_ALLOWED=YES CODE_SIGN_STYLE=Automatic DEVELOPMENT_TEAM=JG794CQD68 COMPILER_INDEX_STORE_ENABLE=NO -hideShellScriptEnvironment' ` and Showing All Messages Unhandled exception: ProcessException: No such file or directory Command: /Users/local/flutter/bin/flutter assemble --no-version-check --output=/Volumes/workspace/DerivedData/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/ -dTargetPlatform=ios -dTargetFile=lib/main.dart -dBuildMode=release -dConfiguration=Release -dIosArchs=arm64 -dSdkRoot=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS18.5.sdk -dSplitDebugInfo= -dTreeShakeIcons=true -dTrackWidgetCreation=false -dDartObfuscation=false -dAction=install -dFrontendServerStarterPath= --ExtraGenSnapshotOptions= --DartDefines=RkxVVFRFUl9WRVJTSU9OPTMuMzUuMQ==,RkxVVFRFUl9DSEFOTkVMPXN0YWJsZQ==,RkxVVFRFUl9HSVRfVVJMPWh0dHA6Ly9naXRodWIuY29tL2ZsdXR0ZXIvZmx1dHRlci5naXQ=,RkxVVFRFUl9GUkFNRVdPUktfUkVWSVNJT049MjBmODI3NDkzOQ==,RkxVVFRFUl9FTkdJTkVfUkVWSVNJT049MWU5YTgxMWJmOA==,RkxVVFRFUl9EQVJUX1ZFUlNJT049My45LjA= --ExtraFrontEndOptions= -dSrcRoot=/Volumes/workspace/repository/ios -dTargetDeviceOSVersion= -dCodesignIdentity=- release_ios_bundle_flutter_assets #0 _ProcessImpl._runAndWait (dart:io-patch/process_patch.dart:519:7) #1 _runNonInteractiveProcessSync (dart:io-patch/process_patch.dart:686:18) #2 Process.runSync (dart:io-patch/process_patch.dart:79:12) #3 Context.runSyncProcess (file:///Users/local/flutter/packages/flutter_tools/bin/xcode_backend.dart:154:20) #4 Context.runSync (file:///Users/local/flutter/packages/flutter_tools/bin/xcode_backend.dart:118:34) #5 Context.buildApp (file:///Users/local/flutter/packages/flutter_tools/bin/xcode_backend.dart:539:34) #6 Context.run (file:///Users/local/flutter/packages/flutter_tools/bin/xcode_backend.dart:51:9) #7 main (file:///Users/local/flutter/packages/flutter_tools/bin/xcode_backend.dart:17:5) #8 _delayEntrypointInvocation.<anonymous closure> (dart:isolate-patch/isolate_patch.dart:312:33) #9 _RawReceivePort._handleMessage (dart:isolate-patch/isolate_patch.dart:193:12) Command PhaseScriptExecution failed with a nonzero exit code Any help here would be greatly appreciated.

Hi there, can anyone help here. I think somewhere along the way I screw certificates or don't have the right one, anyway long story short when building product I get this error: Embedded binary is not signed with the same certificate as the parent app. Verify the embedded binary target's code sign settings match the parent app's.

Background We are using a Developer ID application certificate to sign our application. We lost the private key and we need to revoke it before we can receive a new one. Per documentation (https://developer.apple.com/support/certificates/), I know that previously installed applications will still be able to run, but new installations will not be able to work. I want to confirm what will happen when we revoke the certificate so we know how to prepare customers for this upcoming change. Questions Will existing installations of the application receive a notice that the certificate has been revoked? Will previously installed applications be able to launch again after they are closed? What will the user see when they try to install the application with the revoked certificate?

I'm hoping to make certain in-house apps fail to launch by revoking the in-house certificate that they were built on. This is by way of encouraging users of these apps to download updates built on a new certificate. How long will it take app built on a now-revoked certificate to no longer launch? Also, what is Apple's process for checking the validity of an in-house certificate in an app built on that certificate, running on iOS devices? I understand that provisioning profiles have built-in expiration dates, but will an in-house app that's built on a valid provisioning profile keep running even on a revoked certificate if the revocation happened before the certificate's own expiration date? Craig Umanoff