Hi, I currently have multiple notarization submissions that have been stuck in "In Progress" status for many hours without any updates. Here are several examples from my recent submissions: Submission IDs: 01f7a80e-a9cc-49b3-bb93-94b126cf3124 (a.dmg) 7af2b25f-e131-40a4-bcd3-0f7583ebbdc2 (a.dmg) 2b35ec79-d851-41d6-a900-788d4201a273 (b.dmg) 8194b1af-a270-4de9-92f1-ce2a8d4782f2 (c.dmg) 2608dcfc-7652-4efa-97e3-1749e7130dcb (d.zip) These submissions were created between March 11 and March 12, and all of them remain stuck in the "In Progress" state indefinitely. When checking using: xcrun notarytool history all recent submissions appear as: status: In Progress Additionally: No logs are available for these submissions. notarytool --wait eventually times out after 30 minutes with exit code 124. The app bundles are signed with a valid Developer ID Application certificate. All embedded frameworks and dylibs are individually signed using: --options runtime --timestamp Earlier submissions on the same day (for example df41010c-a3c6-4e2d-a455-b657693e8541) were successfully notarized and returned Accepted, so the signing configuration appears to be correct. Because many submissions across different files (DMG and ZIP) are stuck in the same state, it seems possible that the notarization service queue may be stalled. Could you please help confirm: Whether these notarization submissions are stuck on the Apple notarization service side If there is currently a service issue affecting notarization processing Whether I should cancel and resubmit these uploads Any guidance would be greatly appreciated. Thank you.

I am trying to sign my Mac app to use Network Extensions capability. But every time I create a profile it displays that to me: on the other hand on the website it displays this to me:

Not accepted yet (all are still processing, none are rejected) 387af103-42d3-4d95-ae22-0289f90a8559 — In Progress 2d836594-9fb2-41a5-990c-7ea4e0870af0 — In Progress e61ba9e3-5ff1-4856-8e9d-39c08445ff63 — In Progress 1defdeec-50b4-45c5-b32d-53ca6e4538bb — In Progress 34e60b80-20c3-4ea7-93a7-2bb9e7c6f05c — In Progress 09222b71-eae1-4c5c-aca4-368f697b2a39 — In Progress eb5327e8-161e-4185-9920-3facf60b7b4b — In Progress 784fc210-d0bf-4924-b0a6-eb8bbac0f2c8 — In Progress 74bc8f31-b1b0-4bed-9142-0c03100a062a — In Progress 4739620c-894a-4283-a43b-df57b29a1771 — In Progress have created new certificate as well same result. waiting for apple support to give any answers.

I am distributing a macOS application outside the App Store using Developer ID and need to provide provisioning profiles to customers for installation during the package installation process. I have two questions: How can I package and provide the provisioning profile(s) so that the customer can install them easily during the application installation process? Are there any best practices or tools that could simplify this step? In my case, there are multiple provisioning profiles. Should I instruct the customer to install each profile individually, or is there a way to combine them and have them installed all at once? Any guidance on the best practices for this process would be greatly appreciated.

I've submitted my app four times, each time waiting a few hours for something to happen, then reducing the file size of my *.dmg and trying again. The first two seemed to have completed after 36 hours, but I no longer have that specific signed binary (and its a much smaller binary now anyway). The latest two are still "In Progress" and its almost been 48 hours. I know my process isn't wrong, and my app isn't somehow incorrectly built or being denied because two were accepted. The outage page shows green for the notary tool (https://developer.apple.com/system-status/) so I'm not sure what the hold up is.

Hey, when I try to launch my app it prompts me with a "Apple could not verify" popup. The thing is the app has been signed and stapled. xcrun stapler validate .app for my app returns "The validate action worked!" If I also run syspolicy_check distribution .app it returns: "App passed all pre-distribution checks and is ready for distribution" Any idea?

Hi All, Like many others I'm a little confused with gaining access to the family controls capability. Our app is ready to push to testflight, and we sent the request to apple last week. However only learning today that we need to request for the shield extension as well. I wanted to ask what the expected timeline is for being approved? I've seen posts here saying less than a week, and some people having to wait longer than 6 weeks. Any advise or guidance on getting approved smoothly & swiftly would be highly appreciated

Hoping to get visibility on a Family Controls (Distribution) entitlement request pending without status updates after an app transfer. Context: Digital wellbeing app, 500K+ active iOS users Previous team had Family Controls (Distribution) approved and shipping to production App transferred to new team (H2HM68H8PP) ~1 month ago; entitlement re-requested immediately Capability page shows "View Requests (6)" with no approvals, rejections, or updates Developer Support cases opened (102883853173, 20000112879750, 102875975624) — confirmed they cannot check entitlement status Impact: Core app feature depends on Family Controls. Production app for 500K+ users will break once transfer fully propagates at provisioning level. This is a continuity issue, not a new-app launch — entitlement was previously approved on the prior team. Questions: Recommended escalation path for post-transfer entitlement requests? Should I stop resubmitting to avoid queue deprioritization? Could the entitlements team provide a status update? Happy to share bundle ID, previous team ID, and request dates privately with Apple staff.

I regularly see questions from folks who’ve run into code-signing problems with their third-party IDE. There’s a limit to how much I can help you with such problems. This post explains a simple test you can run to determine what side of that limit you’re on. If you have any questions or comments, please put them in a new thread here on DevForums. Put it in Code Signing > General topic area and apply whatever tags make sense for your specific situation. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Investigating Third-Party IDE Code-Signing Problems DTS doesn’t support third-party tools. If you’re using third-party tooling and encounter a code-signing problem, run this test to determine whether you should seek help from Apple or from your tool’s vendor. IMPORTANT Some third-party tools create Xcode projects that you then build and run in Xcode. While that approach is understandable, it’s not something that DTS supports. So, the steps below make sense even if you’re already using Xcode. To check that code-signing is working in general: Launch Xcode. In Xcode > Settings > Accounts, make sure you’re signed in with your developer account. Create a new project from the app project template for your target platform. For example, if you’re targeting iOS, use the iOS > App project template. When creating the project: Select the appropriate team in the Team popup. Choose a bundle ID that’s not the same as your main app’s bundle ID. Choose whatever language and interface you want. Your language and interface choices are irrelevant to code signing. Choose None for your testing system and storage model. This simplifies your project setup. In the Signing & Capabilities editor, make sure that: "Automatically manage signing” is checked. The Team popup and Bundle Identifier fields match the value you chose in the previous step. Select a simulator as the run destination. Choose Product > Build. This should always work because the simulator doesn’t use code signing [1]. However, doing this step is important because it confirms that your project is working general. Select your target device as the run destination. Choose Product > Build. Then Product > Run. If you continue to have problems, that’s something that Apple folks can help you with. If this works, there’s a second diagnostic test: Repeat steps 1 through 10 above, except this time, in step 4, choose a bundle ID that is the same as your main app’s bundle ID. If this works then your issue is not on the Apple side of the fence, and you should escalate it via the support channel for the third-party tools you’re using. On the other hand, if this fails, that’s something we can help you with. I recommend that you first try to fix the issue yourself. For links to relevant resources, see Code Signing Resources. You should also search the forums, because we’ve helped a lot of folks with a lot of code-signing issues over the years. If you’re unable to resolve the issue yourself, feel free to start a thread here in the forums. Put it in Code Signing > General topic area and apply whatever tags make sense for your specific situation.

I'm distributing a macOS .pkg installer signed with Developer ID Installer and notarized via notarytool. On macOS 26.3 (Tahoe, Build 25D125), the package is rejected by Gatekeeper when downloaded from the internet. What works: pkgutil --check-signature → signed, Developer ID Installer, full chain (G2 intermediate + Apple Root CA) xcrun stapler validate → "The validate action worked!" xcrun notarytool info <id> → status: Accepted The .app inside the .pkg passes spctl -a -vvv → "accepted, source=Notarized Developer ID" What fails: spctl -a -vvv --type install mypackage.pkg → rejected, origin=Developer ID Installer Raw assessment: assessment:remote = true, assessment:verdict = false Double-clicking the downloaded .pkg shows only "Move to Trash" / "Done" (no "Open" option) syspolicyd log: meetsDeveloperIDLegacyAllowedPolicy = 0 (expected, since the cert is new), but no "notarized" match is logged Certificate details: Developer ID Installer, issued Feb 28, 2026, valid until 2031 OID 1.2.840.113635.100.6.1.14 (Developer ID Installer) — critical OID 1.2.840.113635.100.6.1.33 — timestamp 20260215000000Z Intermediate: Developer ID Certification Authority G2 (OID 1.2.840.113635.100.6.2.6) security verify-cert → certificate verification successful Build process: productbuild --distribution ... --sign <SHA1> (also tried productsign) Both produce: Warning: unable to build chain to self-signed root xcrun notarytool submit → Accepted xcrun stapler staple → worked Workaround: xattr -d com.apple.quarantine ~/Downloads/mypackage.pkg allows opening the installer. Question: Is spctl --type install assessment expected to work differently on macOS 26 Tahoe? The same signing and notarization workflow produces .app bundles that pass Gatekeeper, but .pkg installers are rejected. Is there a new requirement for .pkg distribution on macOS 26? Environment: macOS 26.3 (25D125), Xcode CLT 26.3

The capability associated with "FAMILY_CONTROLS" could not be determined. Please file a bug report at https://feedbackassistant.apple.com and include the Update Signing report from the Report navigator.

I submitted a Family Controls Distribution entitlement request on 4/22 for my app Prof Blob. I received the confirmation page after submitting, but I have not received any approval, rejection, or status update. We are currently blocked from moving forward with our production release submission due to this entitlement. Details: Request ID: Y2L55S3W34 Team ID: 5AXHQ5ZF3G App: Prof Blob Bundle ID: com.spammusubi.blob-screen-time Related extension bundle IDs: com.spammusubi.blob-screen-time.BlobActivityReportExtension com.spammusubi.blob-screen-time.DeviceActivityMonitorExtension com.spammusubi.blob-screen-time.ShieldActionExtension com.spammusubi.blob-screen-time.ShieldConfigurationExtension Purpose: Individual device management for focus and productivity. Prof Blob is a digital wellbeing / screen time management app that uses Apple’s Screen Time APIs to let users select distracting apps and require a short math-based cognitive gate before opening them. The app uses FamilyControls, DeviceActivity, and ManagedSettings. Development builds are working, but the Family Controls Distribution entitlement is required for production builds, TestFlight validation, and App Store submission. Is there a way to expedite this request or confirm that it is still in review? I would be happy to provide any additional information needed to move the request forward.

I've developed a Mac app distributed through the App Store that uses NSAppleScript to control Spotify and Apple Music. I'm experiencing inconsistent behavior with automation permission prompts that's affecting user experience. Expected Behavior: When my app first attempts to send Apple Events to Spotify or Apple Music, macOS should display the automation permission prompt, and upon user approval, the app should appear in System Preferences &gt; Security &amp; Privacy &gt; Privacy &gt; Automation. Actual Behavior: Initial permission prompts work correctly when both apps are actively used after my app download. If a user hasn't launched Spotify/Apple Music for an extended period, the permission prompt fails to appear when they later open the music app. The music app doesn't appear in the Automation privacy pane too. Once this happens, permission prompts never trigger again for that app Steps to Reproduce: Fresh install of my app Don't use Spotify for several days/weeks Launch Spotify Trigger Apple Events from my app to Spotify No permission prompt appears, app doesn't show in Automation settings If you're using Apple Music during this time it runs without any problems. Troubleshooting Attempted: Used tccutil reset AppleEvents [bundle-identifier] - no effect Verified target apps are fully launched before sending Apple Events Tried different AppleScript commands to trigger permissions Problem occurs inconsistently across different Macs Technical Details: macOS 13+ support Using standard NSAppleScript with simple commands like "tell application 'Spotify' to playpause" App Store distribution (no private APIs) Issue affects both Spotify and Apple Music but seems more prevalent with Apple Music Questions: Is there a reliable way to programmatically trigger the automation permission prompt? Are there timing dependencies for when macOS decides to show permission prompts? Could app priority/usage patterns affect permission prompt behavior? I use MediaManager to run the functions and initialize it on AppDidFinishLaunching method and start monitoring there. Any insights or workarounds would be greatly appreciated. This inconsistency is affecting user onboarding and app functionality.

Firstly - I didn't want to post here but my attempts at support call service and support submit issue service BOTH returned errors to me upon 'send'/'submit'. Maybe this is linked to my post below. So, here's another one to add to the list of recent (stuck/fail) posts: I'm unable to get any notarization submissions processed. Over the past 24 hours I've submitted 10+ builds of my macOS app and every submission remains at "In Progress" indefinitely — none have completed. To isolate the issue, I submitted a minimal test app (a single "Hello World" binary, ~50KB zip) using the same Developer ID certificate and API key credentials. That submission is also stuck at "In Progress," which suggests the issue is account-level rather than app-specific. What I've ruled out: Network issues (tested on multiple networks, all VPN/network extensions disabled) Authentication method (tested both app-specific password and App Store Connect API key) Code signing (signatures verify locally; one earlier submission did return "Invalid" with actionable errors, confirming the service can process my submissions) The Apple Developer System Status page shows all services as available. Could you please look into whether there's a processing issue or hold on my account's notarization queue? Submission IDs (all stuck at "In Progress"): 20e4c082-b682-4135-a85e-3f17280b0085 (minimal test app, 2026-04-23T07:03 UTC) 81835570-8a2c-462c-8d5a-bd25733a17c3 (2026-04-23T06:55 UTC) 5b7f337e-3e3f-4502-9fde-0a625a2061e7 (2026-04-23T03:38 UTC) bebe35f3-2944-40de-9caf-1c43b68986bb (2026-04-23 ~04:00 UTC) 3c010292-10d7-4cfc-80e3-8bdb4cdae669 (2026-04-23 ~04:30 UTC) a5ca8b1c-91c1-48db-a78a-9e4fd83fe27f (2026-04-23T03:38 UTC) 937f7a3c-435a-4b00-b5b5-7330b80855d4 (2026-04-23T01:59 UTC) 61af2ba4-f136-4993-a8fc-9cd18021fbb5 (2026-04-23T03:10 UTC) b1b7769a-9f1c-4d2b-b1f0-3224808cc901 (2026-04-23T00:12 UTC) 74653d5c-2edf-47b4-9cf3-1e8d33630f6b (2026-04-22T13:27 UTC) 961af655-30e3-44d3-a01b-1c69f5bccfa6 (2026-04-22T12:54 UTC) Thank you!

Hi, Two notarization submissions on my Team ID are stuck "In Progress" well past normal turnaround. Looking for guidance on whether this is normal first-time-enrolment latency or whether something needs escalating. Team ID: U7N63C278S Submissions: 2ac71ef0-cbfa-4bdd-9059-c2554050de48 — submitted 2026-05-14 08:09 UTC (currently ~48 hours In Progress) c2b557c5-92a2-4c36-996e-812b61b67fe6 — submitted 2026-05-14 11:33 UTC (currently ~46 hours In Progress) Status: xcrun notarytool history shows both as "In Progress" xcrun notarytool info <id> returns no log URL, no message, no error No rejection email received at the APPLE_ID address Apple System Status shows Developer ID Notary Service as green Context: This is my first notarization from a newly enrolled Developer Program account (enrolled ~5 days ago). I'm aware first-time submissions can be subject to longer in-depth analysis, which is why I haven't escalated sooner. Build verification (already done): codesign --verify --deep --strict -verbose=2 exits 0 Hardened runtime flag (0x10000) present on top-level .app and every nested Mach-O Full Developer ID Application chain (signed by Developer ID Application: poojan (U7N63C278S)) Secure timestamp present Universal binary (x86_64 + arm64) Every nested framework, helper app, and binary signed Built with electron-builder, hardened-runtime entitlements, notarized via notarytool submit --wait Question: Is this within expected first-time-enrolment latency, or is there something on the notary service side that needs a nudge? Happy to provide additional codesign output or the .app bundle structure if useful. Thanks for any guidance.

IMPORTANT The underlying issue here (FB8830007) was fixed in macOS 11.3, so the advice in this post is irrelevant if you’re building on that release or later. Note This content is a repost of info from another thread because that thread is not world readable (it’s tied to the DTK programme). A number of folks have reported problems where: They have a product that supports older versions of macOS (anything prior to 10.11). If they build their product on Intel, everything works. If they build their product on Apple Silicon, it fails on those older versions of macOS. A developer filed a bug about this (FB8830007) and, based on the diagnosis of that bug, I have some info to share as to what’s going wrong and how you can prevent it. Let’s start with some background. macOS’s code signing architecture supports two different hash formats: sha1, the original hash format, which is now deprecated sha256, the new format, support for which was added in macOS 10.11 codesign should choose the signing format based on the deployment target: If your deployment target is 10.11 or later, you get sha256. If your deployment target is earlier, you get both sha1 and sha256. This problem crops up because, when building for both Intel and Apple Silicon, your deployment targets are different. You might set the deployment target to 10.9 but, on Apple Silicon, that’s raised to the minimum Apple Silicon system, 11.0. So, which deployment target does it choose? Well, the full answer to that is complex but the executive summary is that it chooses the deployment target of the current architecture, that is, Intel if you’re building on Intel and Apple Silicon if you’re building on Apple Silicon. For example: intel% codesign -d --arch x86_64 -vvv Test664892.app … Hash choices=sha1,sha256 … intel% codesign -d --arch arm64 -vvv Test664892.app … Hash choices=sha1,sha256 … arm% codesign -d --arch x86_64 -vvv Test664892.app … Hash choices=sha256 … arm% codesign -d --arch arm64 -vvv Test664892.app … Hash choices=sha256 … The upshot is that you have problems if your deployment target is less than 10.11 and you sign on Apple Silicon. When you run on, say, macOS 10.10, the system looks for a sha1 hash, doesn’t find it, and complains. The workaround is to supply the --digest-algorithm=sha1,sha256, which overrides the hash choice logic in codesign and causes it to include both hashes: arm% codesign -s - --digest-algorithm=sha1,sha256 Test664892.app arm% codesign -d --arch x86_64 -vvv Test664892.app … Hash choices=sha1,sha256 … % codesign -d --arch arm64 -vvv Test664892.app … Hash choices=sha1,sha256 … Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi DTS, I have 4 notarytool submissions all stuck in "In Progress" with no movement for 12+ hours. 'xcrun notarytool log <id›' returns "Submission log is not yet available" for all of them - they don't appear to have been processed at all. Team Identifier: NS22D2XK8A 1 .dmg submission at 2026-05-12T01:35Z (12+ hours stuck) dmg submissions between 10:04Z and 12:12Z This is my first time notarizing with this Team ID - possibly the new-account first-submission "in-depth analysis" delay? The DMG passes every standard check: Signed with Developer ID Application (Team NS22D2XK8A) Hardened runtime on all 6 embedded binaries (codesign flags 0x10000) Full authority chain: Developer ID App → Developer ID CA → Apple Root CA Secure timestamp present Entitlements: allow-jit, allow-unsigned-executable-memory, disable-library-validation, network.client, network.server, files.user-selected. read-write codesign --verify -deep --strict passes cleanly spctl source = "Developer ID Application" (correct) DMG itself signed inside-out per TN2206 I have read the other recent "stuck In Progress" threads from new Developer IDs - same pattern. Could the queue be unblocked, or is there a team-side configuration that needs flipping? Happy to provide submission UUIDs + filenames privately via Feedback Assistant or DM. Thanks!

It has been 20 days since we applied for Family Controls (Distribution) permission, but the status still shows as Submitted. Is there any way to expedite the review process?

Hi, I'm currently at 19 hours waiting for notarization. My dev account is new and this is the first time I'm submitting anything to be notarized. I've gathered from my research that this is normal (unfortunately). I figure the only thing I can do is wait, but is there any way for me to know if I'm waiting for a human to manually review it? I was going to file a support request, but I saw that they won't be responding to any support requests until after their Thanksgiving break, and I assume nobody is manually reviewing notary submissions for the next week+. I attached the submission below, thanks! createdDate: 2025-11-21T21:17:10.082Z id: c9746d42-1dc7-4641-aec1-62c6cedff1a2 name: ***********.zip status: In Progress

Can someone please explain why Mac app packaging is so farcically convoluted? Windows app packaging can be picked up in an hour or so. But I've spent longer trying to fathom how to package the Mac version than I did building the app. And it's not done with me yet. Every single line of code requires a deep dive into a new, unrelated skillset. So, it’s sidebar after sidebar. Kafka’s ‘The Trial’ comes to mind. Why does it have to be like this?