You can now easily request access to managed capabilities for your App IDs directly from the new Capability Requests tab in Certificates, Identifiers & Profiles > Identifiers. With this update, view available capabilities in one convenient location, check the status of your requested capabilities, and see any notes from Apple related to your requests. Learn more about capability requests.

Starting Point I recently transferred an app from an old to a new developer account. The transfer itself went smoothly with the app using the following capabilities: CoreData, CloudKit, Push Notifications, In-App Purchases Keychain is not used After completing the app transfer, I worked on a new update. For this, I set the new developer account as the development team of the project in Xcode. However, as soon as I try to install the new version locally on my physical test device, I get the following error message: application-identifier entitlement string ({new_team_id}.{bundle_id}) does not match installed application's application-identifier string ({old_team_id}.{bundle_id}); rejecting upgrade.` (Note: The test device has the latest production version installed, which was still published by the old developer account. The update can be installed without any problems if no previous version is installed. {new_team_id}, {old_team_id} and {bundle_id} are a substitute for the original content.) What I've tried so far I found a Technical Note on this topic and followed the steps suggested. However, the Apple Support wasn't able to provide me with the required Special Provisioning Profile. That's why I tested a different approach with a dummy application: I have completed an update as described above (new developer account selected as development team). Next, I uploaded it to App Store Connect and published it as a new version. I received the following warning during the upload process, but ignored it since I don't use the keychain: At first glance, the publication process appears to have gone smoothly. While the update caused the above error during local testing, the update via the App Store went smoothly. As the latest production version has now also been published from the new Apple Developer Account, further updates can now also be tested locally on a physical device without any problems. Questions Why is it that the update causes an error when tested locally, but works without problems via the App Store? Can this approach also be used without concern for an app with a large active user base, which also uses the capabilities described above (in particular CoreData & CloudKit) without causing problems? Thanks a lot for your support in advance!

I need to get the distribution certificate SHA-1 and public key in order to apply an official filing, but the certificate in deveoper account page is not downloadble. could someone help me on this? how to download certicate or to get SHA-1 and pubkey of the cert? thanks.

No matter how many times I download what seems to be a cert for Mac App Distribution Certificate Type Mac App Distribution When I look at its Apple Mac App Signing extension property in the keychain, it always says Apple Mac App Signing (Development) Whenever I try to use it to code sign, the signing is 'generic' which fails security checks. AI says... The certificate field Apple Mac App Signing (Development) (1.2.840.113635.100.6.1.7) indicates that the certificate is intended for development purposes. This type of certificate is used for signing macOS applications during the development and testing phases. But that is not what I am expecting to get from the certificate type Mac App Distribution. What can I do to actually get to production?

I would like to code sign an app or installer with an RSA 4096-bit code signing certificate. I created a CSR using RSA4096bit and ECC in Mac Keychain Access, but I was unable to use that CSR to create a code signing certificate on the Apple Developer site. How do I issue an RSA4096-bit or ECC code signing certificate?

The product archive package's signature is invalid. Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate. (90237) I'm receiving this error, despite the fact that I'm using this certificate when creating the pkg (with electron-forge) My configuration is shown below - note the 3rd Party Mac Developer Installer identity when using new MakerPKG. const config: ForgeConfig = { packagerConfig: { asar: true, name: 'Deep Focus', icon: 'resources/icon.icns', osxSign: { identity: 'Apple Distribution: Timeo Williams (3Y4F3KTSJA)', type: 'distribution', provisioningProfile: '/Users/timeo/Desktop/Deep Focus/deepWork/distribution.provisionprofile', preAutoEntitlements: false, // eslint-disable-next-line @typescript-eslint/explicit-function-return-type optionsForFile() { return { entitlements: 'build/entitlements.mas.plist' } } }, extendInfo: 'build/info.plist', osxUniversal: { mergeASARs: true }, appCategoryType: 'public.app-category.productivity', appBundleId: 'com.electron.deepfocus', extraResource: [ 'resources/.env', 'resources/icon.icns', ] }, rebuildConfig: {}, makers: [ new MakerSquirrel({}), new MakerZIP({}), new MakerRpm({}), new MakerDeb({}), new MakerDMG({ appPath: './out/Deep Focus-darwin-arm64/Deep Focus.app', name: 'Deep Focus', icon: './resources/icon.icns', format: 'ULFO', overwrite: true, contents: (opts) => [ { x: 130, y: 220, type: 'file', path: opts.appPath }, { x: 410, y: 220, type: 'link', path: '/Applications' } ] }), new MakerPKG({ name: 'Deep Focus', identity: '3rd Party Mac Developer Installer: Timeo Williams (3Y4F3KTSJA)' }) ], plugins: [ new VitePlugin({ build: [ { entry: 'src/main.ts', config: 'vite.main.config.ts', target: 'main' }, { entry: 'src/preload.ts', config: 'vite.preload.config.ts', target: 'preload' } ], renderer: [ { name: 'main_window', config: 'vite.renderer.config.mts' // Path to Vite config for renderer process } ] }), new FusesPlugin({ version: FuseVersion.V1, [FuseV1Options.RunAsNode]: false, [FuseV1Options.EnableCookieEncryption]: true, [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false, [FuseV1Options.EnableNodeCliInspectArguments]: false, [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true, [FuseV1Options.OnlyLoadAppFromAsar]: true }) ] } Yet, I'm getting the error from Transporter that it's invalid?

I am writing to follow up on my request for Family Control permission, which I submitted through the appropriate form over a week ago. Unfortunately, I have not yet received any response or access to the requested permissions. Could you kindly provide an update on the status of my request? If any further information or action is needed from my end, please let me know.

Hi, I am trying to make my app build on GitHub Action CI pipeline. App builds fine on xcode on my mac. For CI I am using command line xcode. I am getting following error: No profiles for 'com.snslocation.electricians-now' were found: Xcode couldn't find any iOS App Development provisioning profiles matching 'com.snslocation.electricians-now'. Automatic signing is disabled and unable to generate a profile. To enable automatic signing, pass -allowProvisioningUpdates to xcodebuild. (in target 'myapp' from project 'myapp') You can see full log of the build here: https://github.com/nbulatovi/ElectriciansNow/actions/runs/12603115423/job/35127512689 The provisioning profile is present, and verified in the previous steps in the pipeline, however xcode refuses to find it. If I add -allowProvisioningUpdates error stays. I tried manually mapping app id to profile name. Is there a way to get any debug log from xcode profile search, to see why is it not picking up the correct profile? Or can you maybe help in some other way? xcode version is 15.4, iOS SDK 17.5

Even if I recreate everything and register it, it does not register in xcode as shown below. No matter how many times I regenerate the certificate and profile, the same thing happens.

I'm trying to download a profile for a developer download for an app, but I get this error and can't install the profile. I've already registered the device and UDID and added it to the profile. Please let me know what I need to do.

Title: Apple's Outdated and Restrictive Certificate Signing Process: A Barrier to Innovation Introduction In the dynamic field of mobile app development, the agility and freedom offered to developers can significantly dictate the pace of innovation and user satisfaction. Apple's certificate signing process, a legacy from an earlier era of computing, starkly contrasts with more modern approaches, particularly Android's Keystore system. This article delves into the cumbersome nature of Apple's approach, arguing that its outdated and proprietary methods hinder the development process and stifle innovation. The Burdensome Nature of Apple's Certificate Signing Proprietary Restrictions: Apple's certificate signing is not just a process; it's a gatekeeper. By forcing developers to go through its own system to obtain certificates, Apple maintains a tight grip on what gets published and updated. This closed ecosystem approach reflects a dated philosophy in an age where flexibility and openness are key drivers of technological advancement. Complex and Time-Consuming: The process to acquire and maintain a valid certificate for app signing is notoriously intricate and bureaucratic. Developers must navigate a maze of procedures including certificate requests, renewals, and provisioning profiles. Each step is a potential roadblock, delaying urgent updates and bug fixes, which can be crucial for user retention and satisfaction. Lack of Autonomy: Apple's centralized control means every application must be signed under the stringent watch of its guidelines. This lack of autonomy not only slows down the release cycle but also curbs developers' creative processes, as they must often compromise on innovative features to meet Apple's strict approval standards. Comparing Android’s Keystore System Developer-Friendly: In stark contrast, Android’s Keystore system empowers developers by allowing them to manage their cryptographic keys independently. This system supports a more intuitive setup where keys can be generated and stored within the Android environment, bypassing the need for any external approval. Speed and Flexibility: Android developers can use the same key across multiple applications and decide their expiration terms, which can be set to never expire. This flexibility facilitates a quicker development process, enabling developers to push updates and new features with minimal delay. The Impact on the Developer Ecosystem Innovation Stifling: Apple's outdated certificate signing process does not just affect the technical side of app development but also impacts the broader ecosystem. It places unnecessary hurdles in front of developers, particularly small developers who may lack the resources to frequently manage certificate renewals and navigate Apple’s rigorous approval process. Market Response: The market has shown a preference for platforms that offer more freedom and less bureaucratic interference. Android's growing market share in many regions can be partially attributed to its more developer-friendly environment, which directly contrasts with Apple's tightly controlled ecosystem. Conclusion Apple’s certificate signing method, while ensuring a secure environment, is an archaic relic in today’s fast-paced tech world. It binds developers with outdated, proprietary chains that hinder rapid development and innovation. As the technological landscape evolves towards more open and flexible systems, Apple’s restrictive practices could potentially alienate developers and erode its competitive edge. For Apple to maintain its relevance and appeal among the developer community, a significant overhaul of its certificate signing process is not just beneficial—it's necessary.

I am developing and distributing an XCFramework, and I want to ensure that it remains valid for as long as possible. I have some questions regarding certificate expiration and revocation: I understand that if an XCFramework is signed with a timestamp, it remains valid even after the signing certificate expires. However, if the signing certificate is revoked, the XCFramework immediately becomes unusable. As far as I know, Apple allows a maximum of two active distribution certificates at the same time. I assume that once a certificate expires, it will eventually need to be revoked in order to issue a third certificate. Is this correct? If an expired certificate is later revoked, will the XCFrameworks signed with that certificate also become invalid, even though they were timestamped? I want to ensure that released XCFrameworks remain valid for as long as possible. What is the best approach to achieve this? If anyone has insights or official documentation references on how to manage signing certificates for long-term XCFramework validity, I would appreciate your guidance. Thank you!

i was complete my program, and export a mac app already it work ok in my macmini, but if i want send it to app store, that i have no way now i still do not know how to make this app perfect like, when i use pyinstaller to build this app, is there any info or elements need make with? i can sign my app now, even i use codesign -dvvv my.app to check the sign, it is also ok, there no any feedback said it anything wrong. so, any master know fix app sign or any infoplist please tech me... help

The mentioned way of setting up complications does not work. We can't create the identifier according to the guideline mentioned in the WWDC session. https://developer.apple.com/videos/play/wwdc2020/10049/?time=1021 Timestamp: 17:04 Error: An attribute in the provided entity has invalid value An App ID with Identifier '.watchkitapp.complication' is not available. Please enter a different string. To clarify - the non masked identifier is not used on another property inside our dev program. Without creating the identifier our tests result in not working push notifications. Error message while testing: discarded as application was not registered. Is the way mentioned in the WWDC session still valid? BR

Hey everyone, I was granted access to Family Controls (Distribution) for my main App ID The entitlement is visible and enabled in the App ID configuration. I’ve successfully created and used a provisioning profile that injects com.apple.developer.family-controls for the main app. ✅ However, the issue is with an extension target under the same parent App ID and all others Despite enabling the Family Controls (Development) capability in this extension’s App ID config, every new provisioning profile I generate for the extension fails to include the entitlement. I’ve confirmed this by: • Dumping the .mobileprovision with security cms -D → no sign of com.apple.developer.family-controls • Recreating the profile multiple times (Development and Distribution) • Ensuring the entitlement is toggled on in the portal • Validating the parent app profile does include it ⸻ ❗Question: Is there a known issue where Family Controls doesn’t get injected into extension App IDs even after team approval? Or is there an extra step I need to take to get this entitlement injected properly into provisioning profiles for app extensions?

I am distributing a macOS application outside the App Store using Developer ID and need to provide provisioning profiles to customers for installation during the package installation process. I have two questions: How can I package and provide the provisioning profile(s) so that the customer can install them easily during the application installation process? Are there any best practices or tools that could simplify this step? In my case, there are multiple provisioning profiles. Should I instruct the customer to install each profile individually, or is there a way to combine them and have them installed all at once? Any guidance on the best practices for this process would be greatly appreciated.

I have 14 total devices, from way back. I am currently in a financial bind and can't renew just yet. BUT I am at past my time to reset the device list back to zero. But the screen to do that is behind the paid account. Catch 22 Can we fix it? As it stands I must email tech support, but this is a bug so I posted

I tried to create a new IOS provisioning profile and re-apply it to the app using Xcode to build it, but I got into trouble. The build is good, but it bounces when running the app. I would appreciate it if you could let me know what to do.

It requires a provisioning profile, and while I have one, I cannot select it within Signing & Capabilities since it is empty. On blank projects it works as intended, but whenever the Unity stuff gets imported, it just disappears entirely, making it impossible to export Unity Titles to visionOS.

We want to make an app for the customers to install ipa files without use of third party apps or Other devices like Xcode, ITunes