Hello, We are currently using Apple Notarization (notarytool) for distributing a macOS app, and we are experiencing very long notarization times for large app bundles. [Issue] For apps with large binary sizes, notarization consistently takes around 3.5 to 4.5 hours from submission to completion. This delay is causing practical issues in our release pipeline, especially when: A hotfix or urgent update is required Multiple builds must be notarized in a short time CI/CD-based distribution is expected to complete within a predictable timeframe [Environment] Platform: macOS Notarization method: notarytool Distribution: Outside Mac App Store App size: 100 GB~ (compressed ZIP) Signing: Hardened Runtime enabled, codesigned correctly Submission status: Successfully accepted, but processing time is very long [What we have confirmed] The notarization eventually succeeds (no failures) Re-submitting the same build shows similar processing times Network upload itself completes normally; the delay is in Apple-side processing Smaller apps complete notarization much faster [Questions] Is a 3–4+ hour notarization time expected behavior for large macOS apps? Are there recommended best practices to reduce notarization processing time for large binaries? For example, splitting components, adjusting packaging, or specific signing strategies Is there any official guidance or limitation regarding notarization queueing or processing based on app size? Are there known service-side delays or regional differences that could affect processing time? Any insight or confirmation would be greatly appreciated, as this directly impacts our production release workflow. Thank you.

We've been creating iOS apps for a few years now, but when I tried last month, I got an error in my XCode that says: No profiles for 'com.os.hub.mth2' were found Xcode couldn't find any iOS App Development provisioning profiles matching 'xxx.xxx.xxx.xxx'. I'm not sure if it's the cause or not, but when I look at the signing certificates, the Developer ID Application Certificate says: Missing Private Key The weird part of that is that I see a private key with this name in my Keychain access, so I'm not sure what's wrong. There has been a significant time gap between now and the last time we created a mobile app, so I'm not sure if something changed in XCode/MacOS to cause this issue, or if something expired. I'd appreciate any advice.

We have an application which keeps throwing the error "application is damaged and cannot be opened. You should move it to Trash" I have already referred to the documentation: https://developer.apple.com/forums/thread/706379 and https://developer.apple.com/forums/thread/706442 I have checked the following possible root causes: Codesign of the application using the codesign command Notarization of the application using the spctl command Executable permissions Checked for the presence of "com.apple.quarantine" flag for the application using xattr -l <path to executables" Checked the bundle structure None of the above listed items seemed to be a problem and are as expected. Can you please help us understand what could cause this issue and how to resolve this without recommending an uninstall/reinstall of the application?

I've been trying to have an app I've built notarized by Apple. The processing hangs there for hours just waiting. I even tried with a tiny 1KB test file, it has been stuck for 25+ minutes, and I have 7 real submissions stuck for 24+ hours. Any Apple representative can help please? I need to publish and release my app asap.

Tried notarizing my app yesterday afternoon via Mac terminal, and when I came back to work this morning it was still "In Process...". I closed terminal, and checked appleid.apple.com, and it was asking me to reset my password- maybe because the notarization timed out? Either way, I reset my password, generated a new app-specific password and tried notarizing the app again, but it's now been 3 hours and it's still "In Process..." again. When I check the status via terminal, nothing seems off- and the status is In Progress. How can I determine if there's a bigger issue I need to fix before notarizing? UUID: e7ae29c8-2478-41a3-93b4-3f274de643d0

Hi everyone, Has anyone seen notarization behave like this? We have one specific app (let’s call it App A) with a Network Extension system extension. Whenever we submit App A for notarization: • Its submission stays “In Progress” indefinitely • The provisioning profile for its system extension becomes Invalid on its own • All our other apps suddenly fail notarization • And the whole team immediately gets: StatusCode 7000 – “Team is not yet configured for notarization.” Apple Support restored notarization once(Case 102738171569), and we confirmed other apps notarize fine — until we submit App A again, which instantly triggers the same team-wide block. This cycle has repeated twice. We verified: • Hardened runtime • Proper system extension signing • No private API usage • No get-task-allow • No ATS violations What’s confusing is that this doesn’t look like a normal notarization rejection. Normal failures don’t invalidate provisioning profiles or disable notarization for the entire team. It feels more like an automated security heuristic or misclassification. My questions: 1. Can a single app or system extension trigger an automated team-wide notarization disable? 2. Can an entitlement or NE configuration issue cause StatusCode 7000 instead of a standard rejection? 3. If this could be a false positive, is there a specific team at Apple who can manually review/clear it? Any insight would be greatly appreciated.

Hey devs, I have a really weird issue and at this point I cannot determine is it a Big Sur 11.1 or M1 issue or just some macOS settings issue. Short description programatically (from node, electron) I'd like to store x509 cert to keychain. I got the following error message: SecTrustSettingsSetTrustSettings: The authorization was denied since no user interaction was possible. (1) I could reproduce this issue on: a brand new mac mini with M1 chip and Big Sur 11.1 another brand new mac mini with M1 chip and Big Sur 11.1 a 2018 MacBook pro with Intel chip and Big Sur 11.1 I couldn't reproduce this issue on: 2020 MacBook pro with intel i9 chip and Big Sur 11.1 2020 MacBook pro with intel i9 chip and Big Sur 11.0 How am I trying to store the cert node test.js test.js const { exec } = require('child_process') exec( &#9;`osascript -e 'do shell script "security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Users/kotapeter/ssl/testsite.local.crt" with prompt "Test APP wants to store SSL certification to keychain." with administrator privileges'`, &#9;(error, stdout, stderr) => { &#9;&#9;if (error) { &#9;&#9;&#9;console.log(error.stack) &#9;&#9;&#9;console.log(`Error code: ${error.code}`) &#9;&#9;&#9;console.log(`Signal received: ${error.signal}`) &#9;&#9;} &#9;&#9;console.log(`STDOUT: ${stdout}`) &#9;&#9;console.log(`STDERR: ${stderr}`) &#9;&#9;process.exit(1) &#9;} ) testsite.local.crt: ----BEGIN CERTIFICATE MIIDUzCCAjugAwIBAgIUD9xMnL73y7fuida5TXgmklLswsowDQYJKoZIhvcNAQEL BQAwGTEXMBUGA1UEAwwOdGVzdHNpdGUubG9jYWwwHhcNMjEwMTE3MTExODU1WhcN NDEwMTEyMTExODU1WjAZMRcwFQYDVQQDDA50ZXN0c2l0ZS5sb2NhbDCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBANM08SDi06dvnyU1A6//BeEFd8mXsOpD QCbYEHX/Pz4jqaBYwVjD5pG7FkvDeUKZnEVyrsofjZ4Y1WAT8jxPMUi+jDlgNTiF jPVc4rA6hcGX6b70HjsCACmc8bZd+EU7gm4b5eL6exTsVzHc+lFz4eQFXgutYTL7 guDQE/gFHwqPkLvnfg3rgY31p3Hm/snL8NuD154iE9O1WuSxEjik65uOQaewZmJ9 ejJEuuEhMA8O9dXveJ71TMV5lqA//svDxBu3zXIxMqRy2LdzfROd+guLP6ZD3jUy cWi7GpF4yN0+rD/0aXFJVHzV6TpS9oqb14jynvn1AyVfBB9+VQVNwTsCAwEAAaOB kjCBjzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIC9DA7BgNVHSUENDAyBggrBgEFBQcD AQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgwHQYDVR0O BBYEFDjAC2ObSbB59XyLW1YaD7bgY8ddMBkGA1UdEQQSMBCCDnRlc3RzaXRlLmxv Y2FsMA0GCSqGSIb3DQEBCwUAA4IBAQBsU6OA4LrXQIZDXSIZPsDhtA7YZWzbrpqP ceXPwBd1k9Yd9T83EdA00N6eoOWFzwnQqwqKxtYdl3x9JQ7ewhY2huH9DRtCGjiT m/GVU/WnNm4tUTuGU4FyjSTRi8bNUxTSF5PZ0U2/vFZ0d7T43NbLQAiFSxyfC1r6 qjKQCYDL92XeU61zJxesxy5hxVNrbDpbPnCUZpx4hhL0RHgG+tZBOlBuW4eq249O 0Ql+3ShcPom4hzfh975385bfwfUT2s/ovng67IuM9bLSWWe7U+6HbOEvzMIiqK94 YYPmOC62cdhOaZIJmro6lL7eFLqlYfLU4H52ICuntBxvOx0UBExn----END CERTIFICATE testsite.local.key: ----BEGIN RSA PRIVATE KEY MIIEpQIBAAKCAQEA0zTxIOLTp2+fJTUDr/8F4QV3yZew6kNAJtgQdf8/PiOpoFjB WMPmkbsWS8N5QpmcRXKuyh+NnhjVYBPyPE8xSL6MOWA1OIWM9VzisDqFwZfpvvQe OwIAKZzxtl34RTuCbhvl4vp7FOxXMdz6UXPh5AVeC61hMvuC4NAT+AUfCo+Qu+d+ DeuBjfWnceb+ycvw24PXniIT07Va5LESOKTrm45Bp7BmYn16MkS64SEwDw711e94 nvVMxXmWoD/+y8PEG7fNcjEypHLYt3N9E536C4s/pkPeNTJxaLsakXjI3T6sP/Rp cUlUfNXpOlL2ipvXiPKe+fUDJV8EH35VBU3BOwIDAQABAoIBAQDDGLJsiFqu3gMK IZCIcHCDzcM7Kq43l2uY9hkuhltrERJNle70CfHgSAtubOCETtT1qdwfxUnR8mqX 15T5dMW3xpxNG7vNvD/bHrQfyc9oZuV6iJGsPEreJaV5qg/+E9yFzatrIam0SCS7 YL6xovPU58hZzQxuRbo95LetcT2dSBY33+ttY7ayV/Lx7k6nh0xU6RmTPHyyr8m7 yHpoJoSxdT/xv5iBSZ8mM9/2Vzhr14SWipVuwVVhDSfbn8ngHpIoQDkaJLMpWr+m 4z3PqfftAwR6s6i96HnhYLnRir618TQh4B9IEngeEwCMn4XAzE3L+VTaKU1hg9el aMfXzPERAoGBAPa+sJ2p9eQsv0vCUUL8KeRWvwjDZRTd+YAIfpLMWrb0tMmrBM4V V0L2joF76kdDxt1SAlHoYCT/3Rn8EPmK0TN3MEskiXQ7v57iv+LZOZcpe0ppG/4A ZihF9+wUjFCDw4ymnRQD463535O6BgZV+rcZksFRD2AwvEjt1nYm93VXAoGBANsh AYM+FPmMnzebUMB0oGIkNkE9nVb9MPbQYZjEeOeHJqmt1Nl6xLuYBWTmWwCy7J4e QPtnuMCdO6C1kuOGjQPBFIpeyFMzll+E3hKzicumgCpt5U8nTZoKc/jZckRD7n3p lbYYgHOR3A/3GCDK5L3rwziWpSRAGMSCQylvkOC9AoGBAKLfZL3t/r3LO8rKTdGl mhF7oUYrlIGdtJ/q+4HzGr5B8URdeyJ9u8gb8B1Qqmi4OIDHLXjbpvtFWbFZTesq 0sTiHCK9z23GMsqyam9XbEh3vUZ082FK6iQTa3+OYMCU+XPSV0Vq+9NPaWGeHXP5 NTG/07t/wmKASQjq1fHP7vCpAoGBAK4254T4bqSYcF09Vk4savab46aq3dSzJ6KS uYVDbvxkLxDn6zmcqZybmG5H1kIP/p8XXoKCTBiW6Tk0IrxR1PsPHs2D3bCIax01 /XjQ1NTcYzlYdd8gWEoH1XwbJQWxHINummBTyowXguYOhVhM9t8n+eWbn1/atdZF 2i+vS3fhAoGAYKw6rkJfTSEswgBKlQFJImxVA+bgKsEwUti1aBaIA2vyIYWDeV10 G8hlUDlxvVkfwCJoy5zz6joGGO/REhqOkMbFRPseA50u2NQVuK5C+avUXdcILJHN zp0nC5eZpP1TC++uCboJxo5TIdbLL7GRwQfffgALRBpK12Vijs195cc=----END RSA PRIVATE KEY What I've already found If I run the following command from terminal It asks my password first in terminal and after that It asks my password again in OS password prompt. sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Users/kotapeter/ssl/testsite.local.crt It looks like I'm getting the above error message because osascript hides the second password asking dialog. The cert always gets stored in keychain but when I get the error message the cert "Trust" value is not "Always Trust". References StackOverflow question: https://stackoverflow.com/questions/65699160/electron-import-x509-cert-to-local-keychain-macos-the-authorization-was-deni opened issue on sudo-prompt electron package: https://github.com/jorangreef/sudo-prompt/issues/137

Hi Apple Developer Community, I'm trying to resolve the following Xcode build error: *"Provisioning profile 'iOS Team Provisioning Profile: ' doesn't include the com.apple.developer.live-activities entitlement." To fix this, I understand I need to add the Live Activity capability to my App ID and ensure it’s included in the provisioning profile. However, when I go to Certificates, Identifiers & Profiles, select my App ID, and click Edit under "App ID Configuration," the Live Activity capability is not available in the list of capabilities. As a result, I can’t proceed with enabling the entitlement or regenerating a correct provisioning profile. I’ve confirmed: My App ID is explicit (not a wildcard). The app’s deployment target is set to iOS 16.1 or later. I’m signed in with the correct Apple Developer Team account. etc. Has anyone experienced this? Is there a prerequisite that I might be missing? Thanks in advance for your help! Best regards, David Winograd Rokfin, Inc.

Hello, My macOS notarization has been blocked since March with: "status": "Rejected", "statusCode": 7000, "statusSummary": "Team is not yet configured for notarization", "issues": null Latest fresh probe: Submission ID: 3201b921-2313-45fd-b274-0e46d3fb03c2 Upload time: 2026-05-09T12:37:16Z Archive: KwantflowNotaryProbe-20260509T123714Z.zip Status: Rejected Error: -2052 / 7000 Issues: None Support cases: 102842156916 — Development and Technical → Other Development or Technical Questions 102882811151 — Development and Technical → Code Signing The archive uploads successfully and notarytool history/log work, but every submission is rejected before binary validation. The log shows no signing, entitlement, hardened runtime, timestamp, or executable issues. Apple forum answers say this is a Developer Program Support issue, not DTS/code-level. I have already contacted Developer Support, but the issue is still unresolved and blocks our macOS release. Has anyone recently resolved -2052 / 7000 / “Team is not yet configured for notarization”? Did Apple need to manually enable something on the team/account? Thank you.

In our local test configurations, a developer can sign test apps for device installation using any key associated with the company team. However, if a developer accidentally chooses an identity from some other team, installation fails with no information about the problem. It just mentions that no provisioning profile could be found, leaving everyone in the dark about what is wrong. Instead, we would like to pre-validate the selected signing identity by checking the team name or id. This could be done, for example, by extracting the x509 certificate from the signing identity and checking the "OU" field (which is set to the team id). However, none of the apple commands will divulge the x509 certificate from a developer id. So far our best options is to create a fake app, sign the app, then use command: codesign --display --extract-certificates This solution seems excessively serpentine. Is there no direct command that will accept the sha of a signing identity and return a nice .pem containing the associated certificate chain? Or, better yet, is there a command that takes the signing identity and simply returns the name or id of the associated team?

I'm trying to enable Music Kit for my key however I keep seeing this message "There are no identifiers available that can be associated with the key" even though my identifier has music kit enabled. Can someone help out with this?

Hello, I sent this in as a feedback several weeks ago about watchOS 26.2 beta 2 but since the issue is still active now that watchOS 26.2 is in production I'm reposting here for the community. I would also like to submit a DTS about this issue but honestly don't know the best way to go about it and would appreciate advice about that. There seems to be an issue with VPP distribution for our app on watchOS 26.2. When our watchOS companion app is launched after being installed through VPP to a supervised iPhone, it encounters a dyld error before main() or any application code is even called. The same app launches correctly in every other circumstance we could imagine and test: – Installed through VPP on supervised devices running watchOS 26.1. – Installed from the app store (using an apple id) on a supervised iPhone and paired watch running iOS 26.2 / watchOS 26.2. – Installed through Testflight on a supervised iPhone and paired watch running iOS 26.2 / watchOS 26.2. – Installed through the app store on unsupervised devices running watchOS 26.1 and 26.2. This strongly appears to be a VPP signing issue because we even did the following experiment: Install iPhone and Watch apps through the App Store on a supervised device pair running public iOS 26.2 beta 2 / watchOS 26.2 beta 2. Verify that both apps launch successfully. Use an MDM command to install from VPP over the existing installations Verify that the watch app fails to launch (the iOS app is unaffected) My feedback included some crash logs which I won't be reposting publicly here. Any feedback or ideas appreciated.

I made a macOS application using Swift Package and distributed it in dmg format through Apple Notary service. However, we received a report from a user that it can be launched from a disk image mounted from dmg, but when copied to /Applications, the app is broken and does not start. I looked into why this happened, I noticed that the codesign command returned different results when copying the application bundle and /Applications on the volume mounted dmg with Finder. Mounted dmg: OK ❯ codesign --verify --deep --verbose /Volumes/azoo-key-skkserv/azoo-key-skkserv.app /Volumes/azoo-key-skkserv/azoo-key-skkserv.app: valid on disk /Volumes/azoo-key-skkserv/azoo-key-skkserv.app: satisfies its Designated Requirement Copied by Finder: Bad codesign reports that there are 148 added/missing files. ❯ codesign --verify --deep --verbose /Applications/azoo-key-skkserv.app /Applications/azoo-key-skkserv.app: a sealed resource is missing or invalid file added: /Applications/azoo-key-skkserv.app/Contents/Resources/AzooKeyKanakanjiConverter_KanaKanjiConverterModuleWithDefaultDictionary.bundle/Contents/Resources/Dictionary/louds/グ1.loudstxt3 (skip...) file missing: /Applications/azoo-key-skkserv.app/Contents/Resources/AzooKeyKanakanjiConverter_KanaKanjiConverterModuleWithDefaultDictionary.bundle/Contents/Resources/Dictionary/louds/グ1.loudstxt3 (skip...) Copied by ditto: OK ❯ ditto /Volumes/azoo-key-skkserv/azoo-key-skkserv.app /Applications/azoo-key-skkserv.app ❯ codesign --verify --deep --verbose /Applications/azoo-key-skkserv.app /Applications/azoo-key-skkserv.app: valid on disk /Applications/azoo-key-skkserv.app: satisfies its Designated Requirement I made a simple macOS application to explain this problem in an easy-to-understand way. You can download dmg in github releases, mount dmg, copy it in the Finder, and check if there is a problem by running the codesign command. https://github.com/mtgto/example-utf8-mac-notarization As a result, I learned the following two things. Occurs only with resources with file names whose values change due to NFC/NFD normalization No problems occur with the resources of the application itself. Generated by the Swift Package resources that the application depends on I think this is a problem with Finder or Gatekeeper.

Is the Notary service unavailable again? The system-status page shows it as being green but I am back to receiving the same error as previously which fixed itself once the notary service went green again and I am unable to notarize and staple my Distribution PKG.

Hi, I'm building a wellness app called that helps users manage their phone usage based on their consumption, using the Screen Time API. I need the Family Controls (Distribution) entitlement to ship it. I've already submitted multiple requests across all my bundle IDs, but due to the lack of confirmation feedback after each submission, I may have submitted more than needed. Regardless, the oldest request submitted was on April 22nd (exactly 2 weeks ago), without any reply or change. Is this normal ? Also, I came across a forum post (https://developer.apple.com/forums/thread/821964?answerId=885672022#885672022) suggesting that the entitlement is now scoped at the team level rather than per bundle ID, and that I should resubmit a single request. I want to do the right thing here but I'm not sure whether to resubmit or wait and I don't want to make the situation worse than it already is. We're about a month away from our launch date and this is the last remaining blocker for both TestFlight and App Store submission. Any guidance on next steps, or help prioritizing this, would mean a lot. Thanks so much,

I've tried to notarize my app recently and got the error:{ "logFormatVersion": 1, "jobId": "...", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization", "statusCode": 7000, "archiveFilename": "myapp.dmg", "uploadDate": "2019-06-20T06:24:53Z", "sha256": "...", "ticketContents": null, "issues": null }I've never heard about "team configuration for notarization" previously. What are the steps to resolve that issue?Thanks in advance.

Our team already has Family Controls (Distribution) entitlement approved for the main app and existing Screen Time extensions. We recently added a new Shield Configuration extension to show a custom on-device shield UI using ManagedSettingsUI. It is only used for UI rendering and does not collect or send any user data. However, the entitlement does not seem to be applied to this new extension yet, and we are blocked from proceeding with builds. We have already contacted support but haven’t received an update yet. Case ID: 102881099623 Could someone please help to apply/sync for the Family Controls distribution entitlement or guide us on the next steps? Happy to share app details privately if needed. Thanks.

Hi all, I'm a solo iOS developer trying to update an app I released in 2010. My current Team ID is Q37598Q8GE, but the app's original App ID uses an old prefix, YHX995W43P. When I try to create a new App ID with the original Bundle ID (eu.andela.woordenes) to generate a new distribution provisioning profile, I get the error:An attribute in the provided entity has invalid value An App ID with Identifier 'eu.andela.woordenes' is not available. Please enter a different string. I understand this might be due to the old prefix from pre-2011, when Apple allowed multiple prefixes per account. I still have access to the app in App Store Connect and want to push an update, not create a new app. How can I resolve this?Can I reuse the existing App ID (eu.andela.woordenes with prefix YHX995W43P) for a new provisioning profile, or do I need to match my current Team ID (Q37598Q8GE)? If the Bundle ID is already taken by my current app, how do I update the app without changing the Bundle ID? Any steps to fix the prefix mismatch in Xcode or App Store Connect?

Yestoday， I got problem createdDate: 2026-03-17T09:06:38.486Z id: d1c679af-5f41-437b-9ca1-4c96047a58fb name: easyclaw.app.zip status: In Progress -------------------------------------------------- createdDate: 2026-03-17T03:30:38.278Z id: fe1bb550-7f42-41c8-8d38-40ac7f9e7c91 name: easyclaw.app.zip status: Accepted And retry today monring，waiting again： Successfully received submission history. history -------------------------------------------------- createdDate: 2026-03-18T02:17:44.322Z id: 141b0dcb-d0fe-464e-9167-3a15e59aec87 name: easyclaw.app.zip status: In Progress

I am currently having issues uploading my app to appstoreconnect.apple.com/notary/ for notarization. It times out after hanging for a while. I get the following error. 13:42:04 "LocalDataTask <D84AED32-B05B-4439-8BDC-40C0F89B89F1>.<1>" 13:42:04 ), NSLocalizedDescription=The request timed out., NSErrorFailingURLStringKey=https://appstoreconnect.apple.com/notary/v2/asp?, NSErrorFailingURLKey=https://appstoreconnect.apple.com/notary/v2/asp?, _kCFStreamErrorDomainKey=4})