Dear Apple Support, sometimes we observe exit code 68 in stapling via xcrun stapler staple <pkg_file.pkg> The notarization went fine but then stapling does not work. The output for the last ast failed launch looks like Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={_kCFStreamErrorCodeKey=-2102, NSUnderlyingError=0x60000363c7b0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "(null)" UserInfo={_kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <4F2E1620-9251-4525-91E7-C5F3E3681CD0>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <4F2E1620-9251-4525-91E7-C5F3E3681CD0>.<1>" NSLocalizedDescription=The request timed out., NSErrorFailingURLStringKey=https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup, NSErrorFailingURLKey=https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup, _kCFStreamErrorDomainKey=4} CloudKit's response is inconsistent with expections: (null) As per manual of stapler and sysexit(3) the exit code means EX_NOHOST (68) The host specified did not exist. This is used in mail addresses or network requests. Make a retry sense or is there any other things which is not set correctly at that time? What is your suggestion to avoid this failure and stabilizing our automation of notarization? Best ergards, Stefan

Hello, I have been hitting status code 7000 on every notarization submission since April 21, 2026. The notable detail: earlier submissions on April 18 and April 20 from the same team were Accepted normally. Whatever flag flipped between April 20 and April 21 is on the notary side, because nothing changed on my end. Team details Team ID: ZS76A62WJ4 Organization: KENOPA LTD (UK private limited company) Role: Account Holder Apple Developer Program: Active until April 17, 2027 Apple Developer Program License Agreement: accepted April 16, 2026 Paid Apps Agreement, Free Apps Agreement: both Active in App Store Connect W-8BEN-E and banking: Active Certificate Type: Developer ID Application Identity: "Developer ID Application: KENOPA LTD (ZS76A62WJ4)" Valid through 2027-02-01, full chain trusted App details Platform: macOS (native AppKit, Objective-C, no Electron) Hardened runtime: enabled Code signing passes verify and strict checks Sandbox: not used (Developer ID distribution outside the App Store) Submission history (Team ID ZS76A62WJ4) Accepted submissions: 2026-04-18 10:00 UTC 39856e43-... 2026-04-18 10:03 UTC 3edf2f4f-... 2026-04-18 10:25 UTC 858c52e7-... 2026-04-20 17:17 UTC 4766f3ce-... 2026-04-21 03:58 UTC 9eed3336-... 2026-04-21 05:44 UTC b759941f-... Then everything since flips to Rejected with code 7000: 2026-04-21 19:10 UTC bedc99ad-... 2026-04-21 20:24 UTC 4dbb55f0-... 2026-04-22 07:36 UTC 50e1420e-... 2026-04-24 04:11 UTC 7e4adf81-... 2026-04-25 04:31 UTC 4c0367ea-... 2026-04-25 08:02 UTC a3ce5f56-... (still In Progress at the time of posting) I can paste the full submission IDs in a follow-up if helpful. Sample notary log The body of every Rejected log is the same: status: Rejected statusCode: 7000 statusSummary: "Team is not yet configured for notarization. Please contact Developer Programs Support..." Submissions all upload successfully, sit "In Progress" for hours-to-days, then flip to Rejected with this code. What I have verified All four agreements (Apple Developer Program License, Apple Developer Agreement, Paid Apps, Free Apps) are accepted and Active. Re-checked under the Account Holder login on both portals. Banking and W-8BEN-E are Active. Developer ID Application, Apple Distribution, and Apple Development certificates are all valid and the private keys import cleanly. App Store Connect API key works (notarytool history returns the full list with no auth errors). Same codesign invocation, same notarytool submit flags, same hardened runtime entitlements that worked on April 18-20 still produce the rejection on April 21+. Existing support channels Opened a support ticket via the developer contact form under "Development and Technical / Other Development or Technical Questions" (the exact path the error message specifies). Also emailed Developer Programs separately. Question Has anyone with the same "was working, then suddenly 7000 with no other change" pattern had it resolved? I am aware that DTS engineers have stated on this forum that they cannot escalate this. I am trying to get a sense of: Typical resolution time once a Developer Programs case is open (reports range from days to two-plus months). Whether anyone has found a particular wording of the support request that gets routed faster. Whether the Account Holder doing anything specific in the portal (re-accepting an agreement, toggling something in Membership, etc.) ever cleared this for someone. Thanks.

Hi, I have two notarization submissions stuck "In Progress" for over 18 hours. This is my first time notarizing on this Developer ID account. Submission 1: c1ae7112-79d9-4ada-92a8-bcf87930b5a3 (submitted ~24 hours ago) Submission 2: e201629a-35ef-48a9-b6c4-efbdeecee839 (submitted ~12 hours ago) Team ID: PH4PLAN782 Bundle ID: com.SoundHawkStudio.ComboDyn Type: macOS Audio Unit plugin (.component), universal binary (x86_64 + arm64), Developer ID Application signed, hardened runtime enabled. I have also filed support case 102876329587. Both submissions remain In Progress with no transition to Accepted or Invalid. Any assistance would be greatly appreciated.

Posting another data point in case it helps the team see the pattern. First-time notariser, Apple Developer Team ID Q9LV8L6XZ9. Four submissions (all Ping.zip, Electron app, arm64, hardened runtime, signed with Developer ID Application) submitted yesterday between 19:13 and 20:27 UTC. All still In Progress 19 hours later with no state change whatsoever. Submission IDs: 3861f4af-ec5e-47f9-93c7-d1583ba98863 c5b200a0-5c13-41cf-8376-83eab8d9afe4 cda1991e-1779-4d1d-9448-d464e64e930a 4f374650-4343-4aa8-8afe-03b150dd52b9 xcrun notarytool log <id> returns "Submission log is not yet available" for every one of them — so Apple hasn't produced any analysis output, successful or not. I appreciate that "in-depth analysis" can take longer for first-time uploads, but 19+ hours on four identical submissions with zero progress looks less like deep analysis and more like the jobs are stuck. Is there anything on the account/team-ID side that might be blocking them from entering the analysis pipeline? Happy to provide anything else that would help.

Hey everyone, Just enrolled in the Apple Developer Program yesterday and tried to notarize my first macOS app. I submitted via notarytool and the submission has been sitting at "In Progress" for over 22 hours now. I've submitted twice and both are stuck. The app is a macOS utility built with PyInstaller. I signed it with my Developer ID Application cert, enabled hardened runtime, added a secure timestamp, and included the appropriate entitlements. Everything looked fine on my end. When I query with notarytool info it just says status: In Progress. No rejection email, no acceptance email, nothing. Is this a known issue for first-time submissions? Or is there something specific about PyInstaller apps that causes this? Submission IDs if anyone from Apple is reading this: b512bd92-7eca-4975-823e-9561d5c2ad63 f90cd69f-cf36-4762-bcda-0d0b047d5f49 Already filed a support ticket but wanted to check here too.

Hi, I have a notarization submission that has been stuck in "In Progress" for over 26 hours with no resolution. Apple's system status page shows no incident for the Developer ID Notary Service. Submission details: Submission ID: 23dc147c-6355-49a8-8ebf-78ae40ba19a3 Team ID: 5DX9FFYJHV App: Chakra Browser (Chromium-based, arm64, macOS) Bundle ID: com.chakra.Browser.development Submitted: 2026-04-22 at 19:09 UTC Current status: In Progress I also have two earlier submissions for the same app that are stuck in the same state: 23fe6ea2-325b-4ae8-84a4-4f913e7d3aea (submitted ~17:58 UTC, same day) 943e737a-1c45-468d-ae6b-1ef7358fc1a5 (submitted ~18:32 UTC, same day) The app is signed with a valid Developer ID Application certificate. The zip is ~243 MB (738 MB app bundle). Entitlements used: com.apple.security.cs.allow-jit, com.apple.security.cs.allow-unsigned-executable-memory, com.apple.security.cs.disable-library-validation. These are standard for Chromium-based browsers. xcrun notarytool log returns "Submission log is not yet available" for all three submissions, so there is no error output to share. Has anyone seen notarization stuck this long without a reported service incident? Is there anything I can do to get these unblocked, or do I need to file a TSI? Thanks

Firstly - I didn't want to post here but my attempts at support call service and support submit issue service BOTH returned errors to me upon 'send'/'submit'. Maybe this is linked to my post below. So, here's another one to add to the list of recent (stuck/fail) posts: I'm unable to get any notarization submissions processed. Over the past 24 hours I've submitted 10+ builds of my macOS app and every submission remains at "In Progress" indefinitely — none have completed. To isolate the issue, I submitted a minimal test app (a single "Hello World" binary, ~50KB zip) using the same Developer ID certificate and API key credentials. That submission is also stuck at "In Progress," which suggests the issue is account-level rather than app-specific. What I've ruled out: Network issues (tested on multiple networks, all VPN/network extensions disabled) Authentication method (tested both app-specific password and App Store Connect API key) Code signing (signatures verify locally; one earlier submission did return "Invalid" with actionable errors, confirming the service can process my submissions) The Apple Developer System Status page shows all services as available. Could you please look into whether there's a processing issue or hold on my account's notarization queue? Submission IDs (all stuck at "In Progress"): 20e4c082-b682-4135-a85e-3f17280b0085 (minimal test app, 2026-04-23T07:03 UTC) 81835570-8a2c-462c-8d5a-bd25733a17c3 (2026-04-23T06:55 UTC) 5b7f337e-3e3f-4502-9fde-0a625a2061e7 (2026-04-23T03:38 UTC) bebe35f3-2944-40de-9caf-1c43b68986bb (2026-04-23 ~04:00 UTC) 3c010292-10d7-4cfc-80e3-8bdb4cdae669 (2026-04-23 ~04:30 UTC) a5ca8b1c-91c1-48db-a78a-9e4fd83fe27f (2026-04-23T03:38 UTC) 937f7a3c-435a-4b00-b5b5-7330b80855d4 (2026-04-23T01:59 UTC) 61af2ba4-f136-4993-a8fc-9cd18021fbb5 (2026-04-23T03:10 UTC) b1b7769a-9f1c-4d2b-b1f0-3224808cc901 (2026-04-23T00:12 UTC) 74653d5c-2edf-47b4-9cf3-1e8d33630f6b (2026-04-22T13:27 UTC) 961af655-30e3-44d3-a01b-1c69f5bccfa6 (2026-04-22T12:54 UTC) Thank you!

Hi, I’m requesting investigation of two CtxVault notarization submissions that have remained "In Progress" well past 24 hours. Team ID: DCY4ZS6CS6 App / archive: CtxVault.zip Platform: macOS direct distribution Pending submissions: e2f25e8c-8bf6-44e6-8e60-24b22467b7e6 — created 2026-04-22T12:50:04.988Z — still In Progress 1f41ff2d-cf61-4509-beba-3389f4496ba7 — created 2026-04-22T12:40:23.167Z — still In Progress Context: This is a new Developer ID release path for a personal team. Earlier submissions were Invalid due to unsigned nested Mach-O files inside a bundled Python runtime. That issue was corrected before the two pending submissions above. The current app is signed with Developer ID Application, hardened runtime, and secure timestamps. Local validation passes: codesign --verify --deep --strict spctl assessment on the signed app notarytool accepts the upload and returns submission IDs, but the submissions do not complete and no log is yet available. Earlier invalid submission for context: b4e665a0-98eb-4b92-b44c-58a0a2c6122e Could someone from Apple please confirm whether this team is stuck in queue or under extended review, and whether any team-side provisioning or backend action is needed? I am intentionally not creating more duplicate submissions while these corrected jobs remain pending. Thanks.

Hi, I have two xcrun notarytool submissions stuck in status: In Progress for over 60 hours. Hoping an Apple engineer can take a look, or confirm whether there is an ongoing notarization service incident. Submissions Submission A: 55c155c2-0df9-4157-b2c1-b3510c453b22 Submission B: 06926b24-3e76-4d14-b5f1-2083f0d9dae9 Team ID: 4CXZ4H3C2R Both submitted: 2026-04-21 Both still return status: In Progress at 60+ hours No result email received from Apple xcrun notarytool log <UUID> returns "The log is not yet available" Environment macOS 15 Sequoia Xcode 16.x command-line tools (notarytool 1.x) Developer ID Application certificate, SHA-1 70:86:EB:14:E4:C5:AA:71:2F:C5:3D:A4:3F:E8:79:DE:32:CE:B3:42, valid through 2031-04-20 Hardened Runtime enabled Standard notarization workflow from the same dev environment that has processed previous releases successfully Notarized artifact: single DMG, ~120 MB What I have already tried Apple Developer Support case #102874171230 — opened 2026-04-21. Rep replied 3x suggesting Forums + Feedback Assistant (hence this post). Feedback Assistant FB22576862 — filed 2026-04-22 under Developer Tools > App Notarization > Incorrect/Unexpected Behavior, with attached notarytool poll log showing sustained In Progress. Code-level support request (DTS) — form routes this class of issue out to these Forums (no submit path for notarization service queue issues). Reviewed other Forums threads on similar symptoms from March-April 2026 — multiple teams reporting the same pattern. Asking Can any Apple engineer cross-reference UUIDs A and B against the notarization backend queue state? Is there an ongoing service incident affecting these submissions? Is it safe to resubmit, or will that create duplicate queue entries? Thank you.

Hi, I have an approved com.apple.developer.family-controls entitlement for my main app bundle (com.maxflame.prove-it) and submitted a request on April 18, 2026 to extend it to an embedded extension: com.maxflame.prove-it.DeviceActivityMonitorExtension Request ID: 65CKJZ7DQ4 — status still shows "Submitted" with no further response. The extension uses DeviceActivity callbacks and needs to decode FamilyActivitySelection, which requires the entitlement on the extension bundle as well. In my experience, Family Controls entitlement approvals for the main app bundle have come through within 24 hours. It's now been 5 days with no response for this extension request, which seems unusual. Has anyone else gone through this for extension bundle IDs? Did you need to submit a separate request per bundle, or did Apple extend the approval to your extensions automatically once the main app was approved? And has anyone else experienced longer wait times specifically for extension bundles? Any guidance appreciated.

Hi all, and particularly @Eskimo if you spot this — I believe I'm reproducing the backend issuance bug reported in thread 816377 (https://developer.apple.com/forums/thread/816377) on a different Team ID and would like a second pair of eyes before I burn a TSI. Feedback Assistant filed as FB22582333. Team ID: MCN4U9B2K4 · Bundle ID: com.michaeltocco.Sanbox · Xcode 17 · iOS 18.5 · Automatic signing Setup App ID com.michaeltocco.Sanbox has ShazamKit ticked in App Services; persists through portal reloads. Local entitlements file declares com.apple.developer.shazamkit = YES only (no MusicKit client entitlement, per DTS guidance in thread 799000: https://developer.apple.com/forums/thread/799000). CODE_SIGN_ENTITLEMENTS set in both Debug and Release XCBuildConfiguration buildSettings. NSMicrophoneUsageDescription and NSAppleMusicUsageDescription are both present in the generated Info.plist. What Xcode reports After wiping DerivedData and any Sanbox-matching profiles and running xcodebuild … -allowProvisioningUpdates -destination 'generic/platform=iOS': error: Entitlement com.apple.developer.shazamkit not found and could not be included in profile. This likely is not a valid entitlement and should be removed from your entitlements file. (in target 'Sanbox' from project 'Sanbox') What I verified on the profile Apple just issued $ security cms -D -i 0596f302-….mobileprovision | plutil -extract Entitlements xml1 -o - - shows only the baseline four entitlements — application-identifier, keychain-access-groups, get-task-allow, com.apple.developer.team-identifier. com.apple.developer.shazamkit is absent, which is exactly what thread 816377 describes. What I've already tried Deleted and recreated the App ID from scratch — same symptom. Performed the capability-toggle trick (uncheck ShazamKit → Save → wait 60s → re-check → Save → delete local profiles → rebuild) documented in the "Capability & entitlement updates" help page (https://developer.apple.com/help/account/reference/capability-entitlement-updates/) for the Game Center precedent — same symptom. Confirmed I am building for device, not Simulator. Confirmed the entitlement key name matches DTS guidance in thread 799000 and the live profile dumps in thread 816377. Runtime confirmation When I force a build with only the team wildcard profile, SHManagedSession().result() returns com.apple.ShazamKit Code=202 "Missing entitlements", wrapping an AMS 306 wrapping HTTP 401 from api.shazam.apple.com/v1/catalog/US/match. AMS server correlation key: E5VYL5YSUT4L55KQDDP4MJQAZE. So the server side is consistent: the token the client presents lacks ShazamKit scope because the binary doesn't carry the entitlement, and the binary doesn't carry it because Apple isn't issuing it into the profile. Question Is there a configuration step beyond "tick ShazamKit in App Services" that I've missed for Individual-program accounts, or is this the same backend issuance pathology as thread 816377? Happy to share the security cms output, the decoded plist, the build log, or anything else useful. Thanks.

This issue keeps cropping up on the forums and so I decided to write up a single post with all the details. If you have questions or comments: If you were referred here from an existing thread, reply on that thread. If not, feel free to start a new thread. Use whatever topic and subtopic is appropriate for your question, but also add the Entitlements tag so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Determining if an entitlement is real In recent months there’s been a spate of forums threads involving ‘hallucinated’ entitlements. This typically pans out as follows: The developer, or an agent working on behalf of the developer, changes their .entitlements file to claim an entitlement that’s not real. That is, the entitlement key is a value that is not, and never has been, supported in any way. Xcode’s code signing machinery tries to find or create a provisioning profile to authorise this claim. That’s impossible, because the entitlement isn’t a real entitlement. Xcode reports this as a code signing error. The developer misinterprets that error [1] in one of two ways: As a generic Xcode code signing failure, and so they start a forums thread asking about how to fix that problem. As an indication that the entitlement is managed — that is, requires authorisation from Apple to use — and so they start a forums thread asking how to request such authorisation. The fundamental problem is step 1. Once you start claiming entitlements that aren’t real, you’re on a path to confusion. Note If you’re curious about how provisioning profiles authorise entitlement claims, read TN3125 Inside Code Signing: Provisioning Profiles. There are a couple of ways to check whether an entitlement is real. My preferred option is to create a new test project and use Xcode’s Signing & Capabilities editor to add the corresponding capability to it. Then look at what Xcode did. You might find that Xcode claimed a different entitlement, or added an Info.plist key, or did nothing at all. IMPORTANT If you can’t find the correct capability in the Signing & Capabilities editor, it’s likely that this feature is available to all apps, that is, it’s not gated by an entitlement or anything else. Another thing you can do is search the documentation. The vast majority of real entitlements are documented in Bundle Resources > Entitlements. IMPORTANT When you search for documentation, focus on the Apple documentation. If, for example, you search the Apple Developer Forums, you might be mislead by other folks who are similarly confused. If you find that you’re mistakenly trying to claim a hallucinated entitlement, the fix is trivial: Remove it from your .entitlements file so that your app starts to build again. Then add the capability using Xcode’s Signing & Capabilities editor. This will do the right thing. If you continue to have problems, feel free to ask for help here on the forums. See the top of this post for advice on how to do that. [1] Xcode 26.2, currently being seeded as Release Candidate, is much better about this (r. 155327166). Give it a whirl! Commonly Hallucinated Entitlements This section lists some of the more commonly hallucinated entitlements: com.apple.developer.push-notifications — The correct entitlement is aps-environment (com.apple.developer.aps-environment on macOS), documented here. There’s also the remote-notification value in the UIBackgroundModes property. com.apple.developer.in-app-purchase — There’s no entitlement for in-app purchase. Rather, in-app purchase is available to all apps with an explicit App ID (as opposed to a wildcard App ID). com.apple.InAppPurchase — Likewise. com.apple.developer.storekit — Likewise. com.apple.developer.in-app-purchase.non-consumable — Likewise. com.apple.developer.in-app-purchase.subscription — Likewise. com.apple.developer.app-groups — The correct entitlement is com.apple.security.application-groups, documented here. And if you’re working on the Mac, see App Groups: macOS vs iOS: Working Towards Harmony. com.apple.developer.background-modes — Background modes are controlled by the UIBackgroundModes key in your Info.plist, documented here. UIBackgroundModes — See the previous point. com.apple.developer.voip-push-notification — There’s no entitlement for this. VoIP is gated by the voip value in the UIBackgroundModes property. com.apple.developer.family-controls.user-authorization — The correct entitlement is com.apple.developer.family-controls, documented here. IMPORTANT As explained in the docs, this entitlement is available to all developers during development but you must request authorisation for distribution. com.apple.developer.device-activity — The DeviceActivity framework has the same restrictions as Family Controls. com.apple.developer.managed-settings — If you’re trying to use the ManagedSettings framework, that has the same restrictions as Family Controls. If you’re trying to use the ManagedApp framework, that’s not gated by an entitlement. com.apple.developer.callkit.call-directory — There’s no entitlement for the Call Directory app extension feature. com.apple.developer.nearby-interaction — There’s no entitlement for the Nearby interaction framework. com.apple.developer.secure-enclave — On iOS and its child platforms, there’s no entitlement required to use the Secure Enclave. For macOS specifically, any program that has access to the data protection keychain also has access to the Secure Enclave [1]. See TN3137 On Mac keychain APIs and implementations for more about the data protection keychain. com.apple.developer.networking.configuration — If you’re trying to configure the Wi-Fi network on iOS, the correct entitlement is com.apple.developer.networking.HotspotConfiguration, documented here. com.apple.developer.musickit — There is no MusicKit capability. Rather, enable MusicKit via the App Services column in the App ID editor, accessible from Developer > Certificates, Identifiers, and Profiles > Identifiers. These app services are tied to your App ID on the server side, meaning that they have no presence in your code signature. com.apple.developer.shazamkit — There is no ShazamKit capability. Like MusicKit, this is an app service. com.apple.mail.extension — Creating an app extension based on the MailKit framework does not require any specific entitlement. com.apple.security.accessibility — There’s no entitlement that gates access to the Accessibility APIs on macOS. Rather, this is controlled by the user in System Settings > Privacy & Security. Note that sandboxed apps can’t use these APIs. See the Review functionality that is incompatible with App Sandbox section of Protecting user data with App Sandbox. com.apple.developer.adservices — Using the AdServices framework does not require any specific entitlement. [1] While technically these are different features, they are closely associated and it turns out that, if you have access to the data protection keychain, you also have access to the SE. Revision History 2026-04-23 Added com.apple.developer.shazamkit to the common hallucinations list. Added a little more info about app services. 2025-12-09 Updated the Xcode footnote to mention the improvements in Xcode 26.2rc. 2025-11-03 Added com.apple.developer.adservices to the common hallucinations list. 2025-10-30 Added com.apple.security.accessibility to the common hallucinations list. 2025-10-22 Added com.apple.mail.extension to the common hallucinations list. Also added two new in-app purchase hallucinations. 2025-09-26 Added com.apple.developer.musickit to the common hallucinations list. 2025-09-22 Added com.apple.developer.storekit to the common hallucinations list. 2025-09-05 Added com.apple.developer.device-activity to the common hallucinations list. 2025-09-02 First posted.

I have an IME for Indic languages that I currently distribute outside of the Mac App Store because it does not seem to be supported. IMEs needs to be installed under /Library/Input Methods/ which I believe is not allowed for App Store apps. I could distribute it as an embedded helper app within my larger distribution app that I then install on start up - but I believe even that is not allowed. Is there a sanctioned way to distribute IMEs via the Mac App Store? The iOS store has support which I was able to use effectively.

Hi everyone, I'm developing a macOS app using Tauri 2. I need to test In-App Purchases (IAP), which requires running the actual built .app (it doesn't work properly in the development environment).I tried two approaches: Apple Development Certificate (free account): After cargo tauri build, the app "Mind Elixir.app" shows this error when I try to open it: “Mind Elixir.app” was not opened because it contains malware. This action did not harm your Mac. Apple Distribution Certificate: The app builds successfully, but because it is not notarized, Gatekeeper completely blocks it and I cannot open it at all. I just want to test IAP locally on my own Mac during development. Is there any other way to get a properly signed and runnable .app for testing IAP? Any help or workaround would be greatly appreciated. Thanks!

I’m looking for guidance on a notarization submission that has been stuck in In Progress for over 24 hours. Details: Team ID: 94B7AVM73F Certificate: Developer ID Application: Bilal Ahmed Qureshi (94B7AVM73F) Tool: xcrun notarytool File: FlashcardGeneratorTrial-AppleSilicon.dmg Submission ID: 7817f9d0-32da-452f-9e2d-fff43478ccf6 Submission created: 2026-04-17T22:10:01.402Z Current status: xcrun notarytool info still reports In Progress This has now been ongoing for more than 24 hours The submission uploaded successfully and received a valid submission ID The Developer ID certificate is valid and correctly paired with the private key in Keychain security find-identity -v -p codesigning returns 1 valid identity Environment: First-time notarization on this developer account macOS direct distribution outside the Mac App Store DMG signed with Developer ID Application certificate Hardened runtime and timestamp enabled during signing I’ve seen some other recent reports of long notarization delays, especially for first-time submissions, so I’m trying to understand whether this is expected queueing / in-depth analysis, or whether there may be an issue with this specific submission. Questions: Is this normal for a first notarization on a new Developer ID account? Is there anything I should do besides wait? Can Apple check whether this submission is stuck in the queue? Thanks.

Hello, I'm submitting my first macOS app for notarization from a new Developer ID team. All three submissions have been stuck at "In Progress" for several hours now. notarytool log returns "Submission log is not yet available" for all of them. Submission IDs: 39856e43-46ee-45ed-b1c7-771fb6603258 (submitted 2026-04-18T10:00 UTC) 3edf2f4f-cbaf-4e14-ba3b-c1b4e111827e (submitted 2026-04-18T10:03 UTC) 858c52e7-3386-41a8-8fee-a31c49980319 (submitted 2026-04-18T10:25 UTC) Details: This is the first notarization attempt for this Developer ID team App is signed with Developer ID Application certificate, hardened runtime enabled codesign --verify --deep --strict passes All nested code (including Sparkle framework helpers) is properly signed Only public system frameworks are linked (IOKit, AppKit, Foundation, etc.) Entitlements: app-sandbox + Sparkle mach-lookup exceptions only No private API usage Is this expected for first-time submissions, or could someone check the backend queue status for these submissions? Any guidance appreciated.

This is my first time submitting an app for notarization. Both submissions have been stuck "In Progress" with no logs available. Body: This is my first time submitting an app for notarization. Both submissions have been stuck "In Progress" with no logs available. Submission 1: ID: 43ea68c1-5291-42c6-b0e1-3cacab4ca01a Submitted: 2026-04-09T02:05:34Z Status: In Progress (15+ hours) Submission 2: ID: 12ea49a0-64cf-495e-af7e-9aad5aabe30f Submitted: 2026-04-09T17:06:51Z Status: In Progress (1+ hour) Details: Team ID: PWTWN9N25D App: Native macOS SwiftUI app (arm64), ~84 MB zipped Signed with Developer ID Application certificate, Hardened Runtime enabled All embedded helper binaries individually codesigned with Hardened Runtime codesign --verify --deep --strict passes Submitted via xcrun notarytool submit with --keychain-profile notarytool log returns "not yet available" for both Apple System Status shows all services available

Hello, I have a question regarding Apple's policy on third-party SDK signatures. I have reviewed the official documentation here: https://developer.apple.com/support/third-party-SDK-requirements/ Our app is developed in the following environment: Minimum Target: iOS 15 Xcode: 26.2 Engine: Unreal Engine 4.27.2 We are integrating the Firebase SDK into our project. However, we are experiencing app crashes caused by an issue within the GoogleAdsOnDeviceConversion.xcframework included in the Firebase SDK (related to a memory optimization issue in UE4). According to an official response from the Firebase team, this crash can be resolved by wrapping the Firebase SDK in a dynamic XCFramework. We have confirmed that this solution does indeed fix the crash. The problem is that wrapping the Firebase SDK in a custom dynamic XCFramework removes all of the original Firebase SDK signatures. The documentation on third-party SDK signatures, which I referenced earlier, states that a signature is required for the Firebase SDK, and this requirement also applies when repackaging it. This leads me to the following questions: Question 1: When we wrap and repackage the Firebase SDK, is it mandatory for the resulting XCFramework to still include the original Google LLC signature? Question 2: To resolve the crash, we intend to use the Firebase SDK by wrapping it in our own dynamic XCFramework (e.g., FirebaseWrapper.xcframework). When we do this, the resulting XCFramework loses the Google LLC signature, and consequently, the final built IPA's signature list does not contain any Firebase-related signatures. Will this be a reason for rejection during App Store review? Question 3: If we wrap the Firebase SDK in a dynamic XCFramework and then sign it with our own developer certificate, would this be a reason for rejection during App Store review?

Hi, I’ve been successfully using notarization with notarytool for over a month (20+ submissions, all accepted within minutes). On April 4th around 07:30 (UTC), my last submissions were accepted without any issue: createdDate: 2026-04-04T07:29:08.877Z id: 38d6e6e0-1183-4fe8-ae4a-3036e1f0f025 name: MacOptimizers.dmg status: Accepted -------------------------------------------- createdDate: 2026-04-04T07:26:36.357Z id: 2abf8289-6e00-4b16-9991-fbda7e66a179 name: macopt_notary_payload.UdtfA3 status: Accepted -------------------------------------------- Later that same day (around 16:30 UTC), after minor bug fixes and UI changes, I submitted a new build. Since then, all notarization requests remain stuck in “In Progress” for more than 48 hours: -------------------------------------------- createdDate: 2026-04-05T07:13:03.369Z id: b4872e7a-e2b5-485e-9223-09f3ed94958f name: macopt_notary_payload.mZls1y status: In Progress -------------------------------------------- createdDate: 2026-04-04T20:07:35.937Z id: 375408f2-3c0a-455e-88a1-9cd08ce7dc35 name: macopt_notary_payload.CvrZNt status: In Progress -------------------------------------------- createdDate: 2026-04-04T17:09:47.481Z id: dad888b3-6aff-4c54-9608-da1f86e44db7 name: macopt_notary_payload.IH0RDr status: In Progress -------------------------------------------- createdDate: 2026-04-04T16:28:03.086Z id: 9e129b21-e682-48ce-baa7-8d2d77051bac name: macopt_notary_payload.GsrSa6 status: In Progress No errors are returned, and notarytool log is not yet available. Is this expected behavior (e.g. extended review), or could there be an issue affecting notarization for my team? Thanks for your help.

Hello! We built a macOS .pkg using pkgbuild (contains a DMG + postinstall bash script). The pkg works locally on the build machine but fails on other devices manually / via MDM unless signed. We tried signing with a Developer ID Installer certificate, but: security find-identity -p codesigning -v → 0 valid identities security find-identity -v → shows the cert Private key is present in Keychain OpenSSL check shows: X509v3 Extended Key Usage: Critical (Expected one might be: Code Signing) We recreated CSR + cert multiple times (G2 Sub-CA), ensured Login keychain, unlocked keychain, etc., but same result. Question: Why is the Developer ID Installer cert missing Code Signing usage and not recognized for signing? Is there any account restriction or step we might be missing? Any recommendations on resolving this issue. Thanks!