Hi, ASC API call rejects DEVELOPER_ID_APPLICATION_G2 and does not recognize it, even though it is listed as a valid certificateType in the docs: https://developer.apple.com/documentation/appstoreconnectapi/get-v1-certificates. If it was removed from the certificate list, then why Apple forces to choose the G2 type when creating a DEVELOPER_ID_APPLICATION certificate manually in the Apple Developer account. Can someone from Apple support please check it as it is a contradictory behavior and is a blocker.

Can you help me how to upload it to TestFlight setting and distribution. I have try it but got this error. I have setting profile for camera access to but it still like this.

I created an apple development certificate using an api key. When the certificate was created and I want to revoke the certificate but revoke button and download button is not there. I am an Admin in that account. Not sure how to fix this

Hi everyone, I recently migrated my individual Apple Developer account to an Organization account for my company "". My Team ID remained the same. I'm now facing persistent issues with code signing and push notifications for my iOS app (Bundle ID: com.).
 Current Problems:
 "Untitled" Certificates in Xcode: When I go to Xcode -> Settings -> Accounts -> [My Apple ID] -> Select "" Team -> "Manage Certificates...", a number of my newly created Apple Development and Apple Distribution certificates are listed древ "Untitled". Some older ones are "Revoked". (See attached screenshot if possible).
 "No App ID" for Push Notifications Console: In my app target's "Signing & Capabilities" tab, I've added the "Push Notifications" capability. However, when I click the info button to open the "Push Notifications Console", it states: "no app IDs: Register an App ID with the Push Notifications capability enabled to use the Push Notifications console." This is despite the fact that the Push Notifications capability IS enabled for my App ID com. in the Developer Portal, and I've configured an APNs Auth Key (.p8) for it.
 Push Notifications Not Received (from Backend): While I can successfully send a test push notification directly from the Firebase Console to my device's FCM token, notifications triggered by my backend (Firebase Cloud Functions writing to a Firestore collection, which then triggers another function to send via FCM) are not being delivered to iOS devices. (Android seems to be working more reliably now).
 Setup: Using an APNs Authentication Key (.p8) linked to my Organization Team ID in Firebase Cloud Messaging. Main App ID com. has "Push Notifications" capability enabled. Notification Service Extension com..ImageNotification also has its App ID and Provisioning Profile set up for the Organization team. Created new Development and Distribution certificates and Provisioning Profiles specifically for the Organization team. Using "Automatically manage signing" in Xcode with the Organization team selected for both the main app target and the extension target.
 Troubleshooting Done: Revoked old/problematic certificates and profiles. Recreated CSRs and new Development/Distribution certificates under the Organization team multiple times. Recreated Provisioning Profiles. Cleaned Derived Data in Xcode. Ensured Bundle Identifiers are consistent. Verified APNs Auth Key details (Key ID, Team ID) in Firebase.
 I suspect there's a fundamental issue with how Xcode is recognizing or linking the signing assets for my Organization team after the account type change, despite the Team ID being the same. The "Untitled" certificates are a major red flag.
 Has anyone encountered similar issues, particularly the "Untitled" certificates or the "No App ID" message for the Push Console, after an account migration or when working with Organization accounts? Any insights on how to resolve this would be greatly appreciated.
 Thanks,
Benni

Hi all, I’m trying to notarize a Flutter macOS app built in CI (GitHub Actions). The app builds and signs fine locally—codesign --verify --deep --strict and spctl --assess both pass. However, Apple’s notarization service consistently rejects the app with errors like: The binary is not signed with a valid Developer ID certificate: file_picker.framework The binary is not signed with a valid Developer ID certificate: file_saver.framework The binary is not signed with a valid Developer ID certificate: url_launcher_macos.framework What I’ve tried: Explicitly re-signing all frameworks with my Developer ID Application certificate and --timestamp Removing existing signatures before re-signing Ensuring correct entitlements and bundle identifier Matching the app bundle name and identifier in all places Using both codesign --deep and manual signing of each binary Local validation always passes, but notarization fails in CI Certificate: I am using a “Developer ID Application” certificate (not a “Mac Developer” or “Apple Development” certificate). The output of codesign -dvv for the problematic frameworks shows: Authority=Developer ID Application: [My Name/Team] ([Team ID]) So I believe I am not making the common mistake of using the wrong certificate type. CI Environment: GitHub Actions, macos-latest runner Flutter 3.27.2, stable channel All secrets (cert, Apple ID, app-specific password, team ID) are set up Questions: Has anyone encountered this with Flutter plugins or CI builds? Are there known issues with signing Flutter plugin frameworks for notarization? Is there a way to get more detailed feedback from Apple’s notarization service? Any advice or pointers would be greatly appreciated. I’m happy to provide logs, scripts, or a minimal project if needed. Thanks!

I want to archive app, but can't choost appstore or other release method.

I’m having issues trying to codesign a .app file. We generated the Developer ID Application certificate using the organization owner’s account. I downloaded the certificate to my Mac and imported it into my keychain, but when I run the codesign command below, I get the following error. Could you help me? What am I doing wrong? Is there any other way to sign the .app executable? From what I’ve seen in other posts, it looks like the certificate needs to have a private key, but the certificate I download from the developer portal doesn’t include the key. Also, about exporting it as a .p12 — I couldn’t quite understand if that’s considered a safe practice, since the organization owner’s private key would be included in this certificate that we plan to use in our pipeline.

I’ve been wrestling with this for nearly a week now and none of the proposed fixes have worked. I’m trying to resign an app via Jenkins and have done the following: Created a custom keychain Imported the required .p12 certificates Installed the Apple WWDR certificate in the System keychain Made the login keychain my default Added my development keychain, the login keychain and the System keychain to the user keychain list Unlocked my development keychain Confirmed my signing identity is present Granted the appropriate partition list access to the keychain "security set-key-partition-list -S apple-tool:,codesign: -k pwd /Users/ec2-user/Library/Keychains/development.keychain-db" Yet when I invoke Fastlane’s resign action, I still see: _floatsignTemp/Payload/EverMerge.app/Frameworks/AppLovinSDK.framework: replacing existing signature _floatsignTemp/Payload/EverMerge.app/Frameworks/AppLovinSDK.framework: errSecInternalComponent Encountered an error, aborting! Any guidance on what might be causing this errSecInternalComponent failure or how to get the resign step to succeed would be highly appreciated.

We are facing issue with resigning the app which is developed by 3rd party. In this app we have Sharing functionality feature for which we have enabled Associated Domains capability. When we are signing the app with our certificate and profile this functionality is not working i.e when we are clicking on shared link in the app it is redirecting to app store page instead of content link. However, when 3rd party is directly using our certificate & profile then that functionality is working as expected. Could you please help us with the above issue why it is not working when we are resigning with our certificate and profile?

Is it possible to change the Primary App ID set in the Group with an existing primary App ID to another Primary App ID within the same group If there is a change, whether the sub values of the token will be changed upon successful login If an app corresponding to the existing Group Primary App ID is deleted from the app store, ask whether or not other apps in the same group are affected and what effect it will have If anyone knows about the above, please let me know please

hông thể cài đặt “TrungDemo” Domain: IXUserPresentableErrorDomain Code: 14 Recovery Suggestion: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.kpOILI/extracted/TrungDemo.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Please ensure that the certificates used to sign your app have not expired. If this issue persists, please attach an IPA of your app when sending a report to Apple. User Info: { DVTErrorCreationDateKey = "2025-04-29 10:51:27 +0000"; IDERunOperationFailingWorker = IDEInstallCoreDeviceWorker; } Failed to install the app on the device. Domain: com.apple.dt.CoreDeviceError Code: 3002 User Info: { NSURL = "file:///Users/studiozego/Library/Developer/Xcode/DerivedData/TrungDemo-blspaulbkwypvhgaxxfjqbppuugg/Build/Products/Debug-iphoneos/TrungDemo.app"; } Không thể cài đặt “TrungDemo” Domain: IXUserPresentableErrorDomain Code: 14 Failure Reason: Không thể cài đặt ứng dụng này vì không thể xác minh tính toàn vẹn của ứng dụng. Recovery Suggestion: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.kpOILI/extracted/TrungDemo.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.kpOILI/extracted/TrungDemo.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Domain: MIInstallerErrorDomain Code: 13 User Info: { FunctionName = "+[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:]"; LegacyErrorString = ApplicationVerificationFailed; LibMISErrorNumber = "-402620392"; SourceFileLine = 80; } Event Metadata: com.apple.dt.IDERunOperationWorkerFinished : { "device_identifier" = "00008132-0001786E22B9001C"; "device_isCoreDevice" = 1; "device_model" = "iPad16,4"; "device_osBuild" = "18.4 (22E240)"; "device_platform" = "com.apple.platform.iphoneos"; "device_thinningType" = "iPad16,4-A"; "dvt_coredevice_version" = "443.19"; "dvt_coresimulator_version" = "1010.10"; "dvt_mobiledevice_version" = "1784.102.1"; "launchSession_schemeCommand" = Run; "launchSession_state" = 1; "launchSession_targetArch" = arm64; "operation_duration_ms" = 1320; "operation_errorCode" = 14; "operation_errorDomain" = IXUserPresentableErrorDomain; "operation_errorWorker" = IDEInstallCoreDeviceWorker; "operation_name" = IDERunOperationWorkerGroup; "param_debugger_attachToExtensions" = 0; "param_debugger_attachToXPC" = 1; "param_debugger_type" = 3; "param_destination_isProxy" = 0; "param_destination_platform" = "com.apple.platform.iphoneos"; "param_diag_113575882_enable" = 0; "param_diag_MainThreadChecker_stopOnIssue" = 0; "param_diag_MallocStackLogging_enableDuringAttach" = 0; "param_diag_MallocStackLogging_enableForXPC" = 1; "param_diag_allowLocationSimulation" = 1; "param_diag_checker_tpc_enable" = 1; "param_diag_gpu_frameCapture_enable" = 0; "param_diag_gpu_shaderValidation_enable" = 0; "param_diag_gpu_validation_enable" = 0; "param_diag_guardMalloc_enable" = 0; "param_diag_memoryGraphOnResourceException" = 0; "param_diag_mtc_enable" = 1; "param_diag_queueDebugging_enable" = 1; "param_diag_runtimeProfile_generate" = 0; "param_diag_sanitizer_asan_enable" = 0; "param_diag_sanitizer_tsan_enable" = 0; "param_diag_sanitizer_tsan_stopOnIssue" = 0; "param_diag_sanitizer_ubsan_enable" = 0; "param_diag_sanitizer_ubsan_stopOnIssue" = 0; "param_diag_showNonLocalizedStrings" = 0; "param_diag_viewDebugging_enabled" = 1; "param_diag_viewDebugging_insertDylibOnLaunch" = 1; "param_install_style" = 2; "param_launcher_UID" = 2; "param_launcher_allowDeviceSensorReplayData" = 0; "param_launcher_kind" = 0; "param_launcher_style" = 99; "param_launcher_substyle" = 0; "param_runnable_appExtensionHostRunMode" = 0; "param_runnable_productType" = "com.apple.product-type.application"; "param_structuredConsoleMode" = 1; "param_testing_launchedForTesting" = 0; "param_testing_suppressSimulatorApp" = 0; "param_testing_usingCLI" = 0; "sdk_canonicalName" = "iphoneos18.4"; "sdk_osVersion" = "18.4"; "sdk_variant" = iphoneos; } System Information macOS Version 15.4.1 (Build 24E263) Xcode 16.3 (23785) (Build 16E140) Timestamp: 2025-04-29T17:51:27+07:00

I'm trying to use the App Store Connect API to get the list of expired certificates. When I make the web service call: https://api.appstoreconnect.apple.com/v1/certificates I'm able to get the list of developer certificate. The distribution certificates are not included in the list. According to the docs, I should all of them in the result set. Is there any thing special that needs to be added the web service call to have the distribution certs included in the result set?

I have Apple Account in that my clients give me App store admin access. still i can't access the Certificates, Identifiers & Profiles its show me Access Unavailable This resource is only for developers enrolled in a developer program or members of an organization’s team in a developer program. But my client already enrol or they give me access of admin level. can you please tell how can i got access of that ?

Hi, I got the error: /usr/bin/codesign exited with code 1: Warning: unable to build chain to self-signed root for signer "Apple Distribution: Q.A.C.F. - Quality Academy Consultoria E Formacao, Unipessoal, Lda (xxxxxx)" /Users/pedroramalho/Library/Caches/Xamarin/mtbs/builds/drBoxSaude.iOS/3bed3d51415af2e100a4d2bc57e1d36fb42d76ceb190de1db1c4d0dbccbff863/bin/iPhone/Release/drBoxSaude.iOS.app: errSecInternalComponent and /usr/bin/codesign exited with code 1: /Users/pedroramalho/Library/Caches/Xamarin/mtbs/builds/drBoxSaude.iOS/3bed3d51415af2e100a4d2bc57e1d36fb42d76ceb190de1db1c4d0dbccbff863/bin/iPhone/Release/drBoxSaude.iOS.app/Frameworks/libSkiaSharp.framework: replacing existing signature Warning: unable to build chain to self-signed root for signer "Apple Distribution: Q.A.C.F. - Quality Academy Consultoria E Formacao, Unipessoal, Lda (xxxxx)" /Users/pedroramalho/Library/Caches/Xamarin/mtbs/builds/drBoxSaude.iOS/3bed3d51415af2e100a4d2bc57e1d36fb42d76ceb190de1db1c4d0dbccbff863/bin/iPhone/Release/drBoxSaude.iOS.app/Frameworks/libSkiaSharp.framework: errSecInternalComponent Some one can help please

Hi guys, I'm developing a FinderSync Extension that extends Finder contextual menu with a couple of items doing some trivial file operations. I'm using Xcode 16.2 on macOS Sequoia 15.3.2 I could run the containing app in debug, and in System Preferences -> File Providers the flag is enabled for my app finder extension. Anyway, the contextual menu does not show in Finder, probably because the finder extension crashes immediately. Some output: pluginkit -m | grep "com\.[^a]" + com.mycompany.MyApp.MyAppFinderExtension(1.1.14) codesign -dvvv --entitlements - /Users/me/Library/Developer/Xcode/DerivedData/MyApp-dmzhnwmosboixodalsrrbwvwvmqm/Build/Products/Debug/MyApp.app/Contents/PlugIns/MyApp\ Finder\ Extension.appex Executable=/Users/me/Library/Developer/Xcode/DerivedData/MyApp-dmzhnwmosboixodalsrrbwvwvmqm/Build/Products/Debug/MyApp.app/Contents/PlugIns/MyApp Finder Extension.appex/Contents/MacOS/MyApp Finder Extension Identifier=com.mycompany.MyApp.MyAppFinderExtension Format=bundle with Mach-O thin (arm64) CodeDirectory v=20400 size=659 flags=0x2(adhoc) hashes=9+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=b59538ef9e3b6e8cf462a3e260e3bf26d050deb5 CandidateCDHashFull sha256=b59538ef9e3b6e8cf462a3e260e3bf26d050deb5e21fb27d4fa0a4fe5f3e78b7 Hash choices=sha256 CMSDigest=b59538ef9e3b6e8cf462a3e260e3bf26d050deb5e21fb27d4fa0a4fe5f3e78b7 CMSDigestType=2 CDHash=b59538ef9e3b6e8cf462a3e260e3bf26d050deb5 Signature=adhoc Info.plist entries=23 TeamIdentifier=not set Sealed Resources version=2 rules=13 files=9 Internal requirements count=0 size=12 [Dict] [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] [Key] com.apple.security.assets.movies.read-write [Value] [Bool] true [Key] com.apple.security.assets.music.read-write [Value] [Bool] true [Key] com.apple.security.assets.pictures.read-write [Value] [Bool] true [Key] com.apple.security.files.documents.read-write [Value] [Bool] true [Key] com.apple.security.files.downloads.read-write [Value] [Bool] true [Key] com.apple.security.files.user-selected.read-write [Value] [Bool] true [Key] com.apple.security.get-task-allow [Value] [Bool] true [Key] com.apple.security.personal-information.location [Value] [Bool] true The log is showing something very strange: log show --predicate 'eventMessage contains "com.mycompany.MyApp" and messageType = error' --last 1h Filtering the log data using "composedMessage CONTAINS "com.mycompany.MyApp" AND logType == 16" Skipping info and debug messages, pass --info and/or --debug to include. Timestamp Thread Type Activity PID TTL 2025-03-25 10:20:48.428127+0100 0x221af Error 0x53dbe 159 0 tccd: [com.apple.TCC:access] Request message contains a target_token to accessing_process (TCCDProcess: identifier=com.mycompany.MyApp, pid=4140, auid=501, euid=501, binary_path=/Users/me/Library/Developer/Xcode/DerivedData/MyApp-dmzhnwmosboixodalsrrbwvwvmqm/Build/Products/Debug/MyApp.app/Contents/MacOS/MyApp) but TCCDProcess: identifier=com.apple.audio.coreaudiod, pid=184, auid=202, euid=202, binary_path=/usr/sbin/coreaudiod is not a TCC manager for service: kTCCServiceScreenCapture. 2025-03-25 10:20:53.166554+0100 0x22139 Error 0x67ff4 163 0 runningboardd: (RunningBoard) [com.apple.runningboard:general] RBSStateCapture remove item called for untracked item 163-158-7088 (target:[app<application.com.mycompany.MyApp.36628067.36635236.92E24CD3-97A8-4340-A46E-4493456283C7(501)>:4140]) 2025-03-25 10:20:53.166575+0100 0x22139 Error 0x67ff4 163 0 runningboardd: (RunningBoard) [com.apple.runningboard:general] RBSStateCapture remove item called for untracked item 163-158-7087 (target:[app<application.com.mycompany.MyApp.36628067.36635236.92E24CD3-97A8-4340-A46E-4493456283C7(501)>:4140]) 2025-03-25 10:20:53.166582+0100 0x22139 Error 0x67ff4 163 0 runningboardd: (RunningBoard) [com.apple.runningboard:general] RBSStateCapture remove item called for untracked item 163-158-7091 (target:[app<application.com.mycompany.MyApp.36628067.36635236.92E24CD3-97A8-4340-A46E-4493456283C7(501)>:4140]) 2025-03-25 10:20:53.166593+0100 0x22139 Error 0x67ff4 163 0 runningboardd: (RunningBoard) [com.apple.runningboard:general] RBSStateCapture remove item called for untracked item 163-132-7084 (target:[xpcservice<com.apple.finder.FinderSync.IsExtensionEnabled([app<application.com.mycompany.MyApp.36628067.36635236.92E24CD3-97A8-4340-A46E-4493456283C7(501)>:4140])(501)>{vt hash: 0}:4144:4144]) -------------------------------------------------------------------------------------------------------------------- Log - Default: 0, Info: 0, Debug: 0, Error: 13, Fault: 0 Activity - Create: 0, Transition: 0, Actions: 0 Especially the first line: MyApp is not accessing coreaudiod - neither trying to get a ScreenCapture, so ... WTF??? How is it possibile? Why is the system blocking MyApp FinderExtension, or preventing it to run? Thank you in advance _Alex

It is not working properly. What should I do?

I’m building an Electron app for macOS that I plan to distribute to users in a .dmg outside the Mac App Store. I have a Developer ID Application certificate (from Apple’s Developer Portal) and a private key, and I can see “Developer ID Certification Authority” in my System Roots keychain. • My Developer ID Application certificate is in the login keychain, and it shows up under “My Certificates” with its private key. • On Keychain, certificate shows red message "not trusted", but when I evaluate and check it specifically for codesigning it shows a green checkmark and success • Developer ID Certification Authority is in System Roots. • security find-identity -p codesigning – shows my certificate, but shows 0 valid identities • Updated operating system and deleted and recreated a new certificate, still get the same issue

It'd be great if someone would give an overview of the steps to create a new app from an existing one. Can I copy my Xcode project to get started? After I copy my Xcode project, what do I need to do in Xcode? What do I need to do regarding certificate(s) and bundle id. Are there any steps where order is super important? Feel free, of course, to provide a link to an article and/or video on this as that'd be awesome if the information is current. What I've found online is typically out-of-date or more specific - not an overview.

Hi, I'm having a really hard time figuring out why I cannot perform cloud signing via Developer ID with xcodebuild. I have a macOS application, which I can perfectly cloud sign the following way: Sign into Xcode with my Admin + Account Holder Apple ID. Delete my Developer ID Application certificate from Keychain Access. In Xcode, click Archive. When archived, click "Distribute App" in Xcode Organizer. The app is cloud signed. I prove this by extracting the certificate codesign --extract-certificates -- /path/to/app.app then locate the 1.2.840.113635.100.6.1.32 bit mentioned by Quinn in this post. I however do it by simply opening the certifiacte with Keychain Access, where I can investigate the content of the certificate, rather than use that tool he does. Then, I do the following to attempt to cloud sign via xcodebuild: Create an API Key for the whole team in Users and Access > Integrations > App Store Connect with the "Admin" role selected. Download the private key .p8 file to ~/Downloads. Sign out of my Apple ID in Xcode by removing the account in Settings > Accounts. Create an archive: xcodebuild archive -scheme "<redacted scheme name>" -archivePath ~/Downloads/archive.xcarchive -authenticationKeyIssuerID <redacted issuer id> -authenticationKeyID <redacted key id> -authenticationKeyPath ~/Downloads/AuthKey_<redacted key id>.p8 -allowProvisioningUpdates The archive is successfully created, with a new "Apple Development: Created via API (TEAM ID)" naming. Export the archive: xcodebuild -exportArchive -archivePath ~/Downloads/archive.xcarchive -authenticationKeyIssuerID <redacted issuer id> -authenticationKeyID <redacted key id> -authenticationKeyPath ~/Downloads/AuthKey_<redacted key id>.p8 -allowProvisioningUpdates -exportOptionsPlist ~/Downloads/exportOptions.plist -exportPath ~/Downloads which then fails: 2025-03-07 10:27:58.706 xcodebuild[2152:40704] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/tn/yy7ynz3d0yb4p3sd_5q_wl0h0000gn/T/<redacted app name> macOS_2025-03-07_10-27-58.706.xcdistributionlogs". error: exportArchive Cloud signing permission error error: exportArchive No signing certificate "Developer ID Application" found ** EXPORT FAILED ** Opening the distribution logs, I find this in the Provisioning Log: 2025-03-07 09:09:58 +0000 2025-03-07 09:09:58 +0000 IDEProvisioningRepair(<redacted app name>.app): 2025-03-07 09:09:58 +0000 IDEProvisioningRepair(<redacted app name>.app): Sending request 84E57539-BC1D-407A-8402-7BCE9F2FD100 to <https://appstoreconnect.apple.com/xcbuild/v1/certificates> for session DVTServicesTeamBasedSession <issuer: <redacted issuer id>; key identifier: <redacted key id>>. Method: POST Headers: { Accept = "application/vnd.api+json"; "Accept-Encoding" = "gzip, deflate"; Authorization = "Bearer <redacted bearer token>"; "Content-Length" = 116; "Content-Type" = "application/vnd.api+json"; "User-Agent" = Xcode; "X-HTTP-Method-Override" = GET; "X-Xcode-Version" = "16.2 (16C5032a)"; } Payload: {"urlEncodedQueryParams":"teamId=<redacted team id>&filter%5BcertificateType%5D=DEVELOPER_ID_APPLICATION_MANAGED&limit=200"} 2025-03-07 09:09:59 +0000 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): Received response for 84E57539-BC1D-407A-8402-7BCE9F2FD100 @ <https://appstoreconnect.apple.com/xcbuild/v1/certificates>. Code = 0 2025-03-07 09:09:59 +0000 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): 2025-03-07 09:09:59 +0000 IDEProvisioningRepair(<redacted app name>.app): Response payload: { "errors" : [ { "id" : "3d09690a-e26f-497f-b576-25104064387e", "status" : "403", "code" : "FORBIDDEN_ERROR", "title" : "This request is forbidden for security reasons", "resultCode" : 7495, "detail" : "You haven't been given access to cloud-managed distribution certificates. Please contact your team's Account Holder or an Admin to give you access. If you need further assistance, contact Apple Developer Program Support at https://developer.apple.com/contact/." } ] } Which is really weird, since I am using an API key with Admin rights. If I create a new key, and use it only for this command, App Store Connect does show the "Last Used" date as today after running the command. I thought some time might need to pass, but the issue has been persisting since yesterday. What could be wrong here? I do have a managed Developer ID Application certificate showing in my account but I still can't retrieve it with an Admin right imbued API key.

Hey everyone, We’re running into a frustrating issue with Xcode Cloud builds submitted to App Store Review. After every build, we must manually delete all code signing certificates generated by Xcode Cloud; otherwise, the reviewers can’t open the exported App Store app. When they try to open it, they see the error: “Apple Information Security: A process was blocked from running and moved to Trash: [Our App Name]” Oddly enough, if we delete all Xcode Cloud-generated certificates and then trigger a new Xcode Cloud build, the problem temporarily disappears—until the next submission, where we have to repeat the process. Has anyone else encountered this issue? Any recommendations on how to prevent this from happening? We’d rather not keep trashing certificates after every build. Thanks!