I’m unable to notarize the executable and the .app — the status has been showing “In Progress” for over an hour. Upon checking the xcrun logs, it indicates that the submission ID was not received. I also noticed there’s an Apple Developer Service outage reported since October 8, 2025. Could you please let me know when this outage is expected to be resolved? It would be very helpful.

Hi everyone, I’ve just subscribed and configured my Apple Developer account. I tried to notarize the first binary I need to distribute via Homebrew, but I’m experiencing an issue where the process has been stuck in “In Progress” status for more than 21 hours, without completing or returning any errors. Here’s the relevant history: createdDate: 2025-10-15T21:53:41.343Z status: In Progress

Successfully received submission history. history ...... -------------------------------------------------- createdDate: 2025-10-19T18:34:47.472Z id: d3248896-7841-421e-9470-101df9d0da21 name: ... status: In Progress -------------------------------------------------- createdDate: 2025-10-19T18:12:45.325Z id: e5822fa0-5bcf-4610-81fc-9f541e8ad189 name: ... status: In Progress

My notary service has been stuck for more than 5 hours. Is it taking long time because the notary service is down or because i am a new user

Hello, I've developed an application using Electron with JAVACRIPT. I have managed to deploy to both Windows and the web but having trouble deploying the application to my Mac users. It's my first time deploying an application for Mac but feel like I'm stuck at the last hurdle and out of ideas so I'm reaching out for help. My application is successfully signing but during the build and when my Notarize.js is running it seems to get stuck indefinitely. I can check and see the status of the Notarize attempts but they seem to be stuck "In Progress". Here are the logs. Successfully received submission history. history -------------------------------------------------- createdDate: 2025-01-06T00:59:45.245Z id: 1dc39b5f-fdca-4bf2-a6f6-fa793de2786e name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-04T08:01:36.168Z id: c575b015-edd6-4e09-8da5-7ae09f4f67db name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-03T08:30:31.528Z id: 570ae540-8cce-4418-ab09-7f6be33dc245 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-03T07:57:56.701Z id: 42748de8-026a-4663-9fd2-88c7608588d3 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-03T06:30:19.569Z id: 5140caa0-df14-491a-b148-82015f9856da name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-03T05:56:28.916Z id: 535c6be1-4999-4b3e-9766-42512a8deb67 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-03T02:51:04.893Z id: ead2268c-62b2-4b4b-8850-c1cdb5313d6a name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-03T01:50:51.954Z id: d0c44281-a788-4704-a057-4620d284516d name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-03T00:48:54.445Z id: 3d13727c-06a3-49d7-902b-4001522107c3 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-02T13:35:26.715Z id: 1823a550-a9ff-467a-8a60-dd3e42305258 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-02T13:23:41.894Z id: cbc341a2-9a51-43d6-83ae-713443c84fec name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T12:21:44.561Z id: 1af34419-655f-49b8-bea0-05b4232c46a7 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-02T11:34:03.732Z id: 8c4ab3b5-2ea9-4220-9667-94011bcf76fb name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T11:19:16.052Z id: 093dfb8a-9058-417d-acd3-8ea5d0bb654a name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T11:13:14.676Z id: 556b7c1c-d114-4717-b0f7-4f1614ada845 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T10:52:36.834Z id: ce3d3c8a-d218-4978-8757-2ca9d12aad76 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T09:27:13.535Z id: b65ec764-baab-444d-809b-e4242d70548b name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T09:27:01.176Z id: be228acc-e6a2-48f2-937b-5b2962275052 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T09:19:19.182Z id: d99fc10b-c424-4d0c-a2aa-37a9e9165d91 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-02T08:55:43.064Z id: 2e7f8df7-9c0b-4dd0-8df7-8f3428c0bfa0 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T08:19:48.676Z id: 678355da-e413-4b1a-92a8-776a6ff6a055 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T07:58:48.278Z id: 8591f8d7-1d57-4e80-af90-d77190160a20 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T07:54:41.193Z id: f029dfeb-3f14-4f65-83e2-d9356ef6ac00 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T07:27:50.613Z id: 574f2563-d533-4885-947a-2f57170196af name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T07:09:54.203Z id: 589f7f3a-d231-4911-8ad6-9d2c15a61ac0 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T05:39:02.574Z id: 9edd43de-6d14-4743-87fc-ab570bee7399 name: Popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T04:36:12.342Z id: ba02116d-1aad-4521-8667-ad086b14c1cb name: Popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T03:22:49.185Z id: b8585c81-b7f5-4c35-9bd6-62157c6ce4bc name: Popcorn.zip status: In Progress

My notary service has been stuck for more than 5 hours. Is it because i am a new user or there is an notary service outage.

The problem is the following: We create a keychain item called NotaryTool (There are multiple accounts that use Notary tool and we created it for all of them ) This is created in the following way: $ xcrun notarytool store-credentials This process stores your credentials securely in the Keychain. You reference these credentials later using a profile name. Profile name: NotaryTool We recommend using App Store Connect API keys for authentication. If you'd like to authenticate with an Apple ID and app-specific password instead, leave this unspecified. Path to App Store Connect API private key: //AuthKey_ABCDEFGH.p8 App Store Connect API Key ID: <ABCDEFGH> App Store Connect API Issuer ID: ABCDEF-ABCD-1234-1234-1234567 Validating your credentials... Success. Credentials validated. Credentials saved to Keychain. To use them, specify `--keychain-profile "NotaryTool"` The key is downloaded from Apple and some other IDs are provided alongside. These should remain in the keychain for as long as the user process is running (just like any other process) A few runs are successful when we run with the profile that was created. After a few runs we start seeing a failure. Now we are seeing the following issue where the keychain item just vanishes: Error: No Keychain password item found for profile: NotaryTool\n\nRun 'notarytool store-credentials' to create another credential profile.\nError during the not process\nTue Aug 26 06:02:09 2025 Notarization failed with notarytool with exit code 17664: \nTue Aug 26 06:02:09 2025 could not upload for notarization!!!

Hi everyone, My app notarization has been stuck in the “In Progress” state for the past 4 days. Here are the details: createdDate: 2025-10-12T07:56:46.228Z id: 8f8c9a33-1c72-489e-a189-74c797a12fbc name: DevScribe.zip status: In Progress I checked the Apple System Status page and noticed that the Developer Notarization service has been showing an outage since October 8th. Could this ongoing outage be the reason my notarization is stuck? Is anyone else experiencing the same issue? Any guidance or workaround would be greatly appreciated.

Hello, I am new to the apple developer program. I, and my team, are working on porting some medical software that we have written from Windows to MacOS. We obviously want to notarize our app to make it easy for professionals and colleagues to use. The software is entirely written in python and includes ffmpeg for one of the features to export the medical data to video and compiled to a single file with pyinstaller, like so: pyinstaller app_name.py --noconfirm --onefile --add-data "ffmpeg:ffmpeg" chmod +x dist/app_name* We are currently adding the signing and notarization of the app to our github workflow. The workflow build a successful app with the correct structure and is able to be run if we allow it past the MacOS firewall. We are signing the app like so: run: | BINARY_PATH="dist/app_name" IDENTITY=$(security find-identity -p codesigning -v | grep -E 'Developer ID Application|Mac Developer' | head -n1 | awk -F\" '{print $2}') echo "Using identity: $IDENTITY" security unlock-keychain -p "" build.keychain codesign --verbose=4 --force --options runtime --timestamp --entitlements .github/mac_build_tools/entitlements.plist --sign "$IDENTITY" "$BINARY_PATH" codesign --verify --verbose=4 "$BINARY_PATH" We then also move the binary around into an app structure and sign that as well like so echo "Moving contents to SedPlot.app" mkdir -p dist/app_name.app/Contents/MacOS mv "$BINARY_PATH" dist/app_name.app/Contents/MacOS cp .github/mac_build_tools/Info.plist dist/app_name.app/Contents echo -n "APPL????" > dist/app_name.app/Contents/PkgInfo echo "Signing App" codesign --verbose=4 --force --options runtime --timestamp --entitlements .github/mac_build_tools/entitlements.plist --sign "$IDENTITY" dist/app_name.app codesign --verify --verbose=4 dist/app_name.app codesign --display --entitlements :- dist/app_name.app If I upload the artifact and check its properties, everything looks good. It has the correct ID associated with it and shows as valid when I use codesign --verify on it. I start having issues when I move onto notarization, like so: cd dist echo "Zipping and checking the zip" ditto -c -k --keepParent app_name.app app_name.zip zipinfo -1 app_name.zip | head echo "$AC_API_KEY" > AuthKey.p8 SUBMISSION_ID=$(xcrun notarytool submit app_name.zip \ --key AuthKey.p8 \ --key-id "$AC_KEY_ID" \ --issuer "$AC_ISSUER_ID" \ --team-id "TEAM_ID" \ --output-format json | jq -r '.id') echo "Submitted notarization with ID: $SUBMISSION_ID" All of the print statements for errors look good at this point, and the submission ID shows up in my history when I query it. However, all 7 attempts that I have made to notarize this app hang for indefinite amounts of time. We are hoping to submit our tool for publication soon, and it would be helpful to know if there is an issue causing the hang on our end or if this is an issue with new developers. I have been reading around the forums and see some notes about this taking about a week until the system start to "learn" about our development team and our attempts to notarize. I also know that there is limited amounts that can be said about the backend of the notarizations step. What would be helpful is a few things: I would like feedback about if there is a fundamental flaw in our approach for signing and notarizing our application, so that we can identify it. I would appreciate some guidelines about how long to expect this notarization step to take until we can get notarization to finish within 10s of minutes, as we have a hard-coded 30 min wait time for the completion of the notarization in our workflow right now. It would be helpful to know how to check our logs, as requesting the logs for any of our attempts results in being told that the logs are not available yet. In case someone from apple is interested in this and wants to check, the most-recent submission ID (the one that I believe should be most-likely correct and valid) is 9ef24966-42a5-47db-a7e0-c6baf0310ac4 Thank you in advance!

I am facing an issue while trying to staple a notarization ticket to my signed macOS installer package. Details of my setup: The .pkg file is signed using my Developer ID Installer certificate. The app inside the package is signed using my Developer ID Application certificate. Notarization via xcrun notarytool completes successfully with status: Accepted. However, the stapler command fails with the following error: xcrun stapler staple -v /Users/mac-test/Desktop/IPMPlus_Arm_Installer_signed.pkg Processing: /Users/mac-test/Desktop/IPMPlus_Arm_Installer_signed.pkg Could not validate ticket for /Users/mac-test/Desktop/IPMPlus_Arm_Installer_signed.pkg The staple and validate action failed! Error 65. I verified that all other Apple notarization-related servers (api.apple-cloudkit.com, gs.apple.com, ocsp.apple.com, ocsp2.apple.com, crl.apple.com, developer.apple.com) are reachable. However, the domain cdn-apple-cloudkit.apple.com cannot be resolved from any network, including mobile or public Wi-Fi. Both dig and nslookup return “No answer” even when using external DNS servers like 8.8.8.8 or 1.1.1.1. It appears that cdn-apple-cloudkit.apple.com might be required during the stapler validation process, but the DNS for this domain is not resolving. Could you please confirm whether this CDN endpoint is required for stapling, and if there is currently an outage or configuration issue with cdn-apple-cloudkit.apple.com?

Anyone know how long it takes to get Apple to respond to a request for provisioning for endpoint security?

The Developer App Certificate is not trusted.

Hello, We have a working application with several entitlements - com.apple.developer.endpoint-security.client and com.apple.developer.team-identifier. Recently, the Developer ID signing certificate expired and we created a new one according to the instructions on the website. Also the provisioning profile for those entitlements expired so we edited it to use the new certificate. We built using xcodebuild in a script and signed with codesign, We supply the certificate id and the entitlement in a plist file like this : codesign --timestamp --force --sign "${application_signature}" --options=runtime "${obj}" --entitlements "${SR_ENTITLEMENT_PATH}" (those env vars hold the correct values for the cert id and plist path as far as we checked). The signing works and looks ok with "codesign -dvvv": (XXXX replaces the real file name for privacy) Signature size=9050 Authority=Developer ID Application: XXXXXX. (XXXXX) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=16 Oct 2025 at 11:09:53 AM Info.plist=not bound TeamIdentifier=XXXXX Runtime Version=14.5.0 Sealed Resources=none Internal requirements count=1 size=184 [Dict] [Key] com.apple.application-identifier [Value] [String] XXXXX.com.XXXX.XXXX [Key] com.apple.developer.endpoint-security.client [Value] [Bool] true [Key] com.apple.developer.team-identifier [Value] [String] XXXXXX` But when the app need to run it is killed and the console shows the following: amfid: /private/tmp/XXXXX not valid: Error Domain=AppleMobileFileIntegrityError Code=-420 "The signature on the file is invalid" UserInfo={NSURL=file:///private/tmp/XXXXX, NSLocalizedDescription=The signature on the file is invalid} kernel: mac_vnode_check_signature: /private/tmp/CybereasonSensor: code signature validation failed fatally: When validating /private/tmp/XXXXX: Code has restricted entitlements, but the validation of its code signature failed. We didn't change any code or build differently (it's done by a CI jenkins job. So if the file is signed and the and has the entitlements why does it fail? what should be done? Thanks, Boaz

I added a new device and it's not recognizing the device model. This causes a message saying "Unable to verify" when signing an app. Has anyone else encountered this issue? This only happens with this one device, not others.

I have added an in-app purchase function into my app, and have enabled in-app purchase profile in developer portal(it's on by default and is marked gray in developer portal, I don't know if that's how it supposed to look like). I have issued the agreements and tried signing the app both manually and automatically, but neither of that worked. App can be built successfully in simulator but does not show the simulation window, but cannot build on real device or archive. Errors: Missing com.apple.developer.in-app-purchase, com.apple.developer.in-app-purchase.non-consumable, and com.apple.developer.in-app-purchase.subscription entitlements. Automatic signing failed Xcode failed to provision this target.

I suddenly started to receive the following email with the error in it stating that my uploaded app is not available to be used in TestFlight: ITMS-90886: 'Cannot be used with TestFlight because the signature for the bundle at “MyApp.app/Contents/PlugIns/MyAppWidgetExtension.appex” is missing an application identifier but has an application identifier in the provisioning profile for the bundle. Bundles with application identifiers in the provisioning profile are expected to have the same identifier signed into the bundle in order to be eligible for TestFlight.' It was all working fine and now I am not sure even where to start looking. Signing, provisioning and everything else is managed automatically.

The device UDID was registered to the developer account 40 hours ago, the STATUS column was "processing" in the first 24 hours, then turned to empty. But I still can't run my app (with distribution method "development"), when I try to run it after download it through my OTA URL, it prompts “the app cannot be installed because its integrity could not be verified” but everything runs good on a iPhone which was registered a month ago. What should I do now? keep waiting?

Hello everyone, I'm facing a critical, blocking issue where my developer account (Team ID: K655PX7A46) is unable to generate a valid provisioning profile with the App Attest entitlement. I have confirmed this is a server-side issue and am hoping to get visibility from an Apple engineer who can investigate. The Problem: When I generate a provisioning profile for an App ID with the "App Attest" capability enabled, the resulting profile is defective. It is missing the required com.apple.developer.app-attest.environment key in its entitlements dictionary, causing Xcode to fail the build. What I Have Proven: The issue is not a misconfiguration. The App Attest capability is correctly enabled and saved on the App ID configuration page. The issue is not isolated to one App ID. I created a brand new App ID from scratch, enabled the capability during creation, and the server still generates a defective profile with the same missing entitlement. I have definitive proof by inspecting the downloaded .mobileprovision file. The contents confirm the required key is missing. Steps to Reproduce on My Account: Create a new App ID on the Developer Portal. Enable the "App Attest" capability and save. Generate a new "iOS App Development" provisioning profile for this App ID. Download the profile and inspect its contents via security cms -D -i [profile]. Observe that the com.apple.developer.app-attest.environment key is missing. The Evidence (Contents of the Defective Profile): Here is the output from inspecting the profile for a brand new App ID (com.technology519.linksi.app2). As you can see, the correct entitlement is missing, and an incorrect devicecheck entitlement is present instead. This is a critical bug in the provisioning profile generation service for my account that is blocking all development. I have already filed a support ticket (Case #102721408444) but have so far only received generic, unhelpful responses. Can an Apple engineer please investigate this server-side issue with my account? Thank you.

I have tried everything and still I am getting this. Just for a test I created a new app (Master-Detail template Xcode 11.5) I have created an entry in the iTunes Connect to receive the app upon archiving and uploading. I regenerated all new certificates for iOS Development and Distribution. I created all new Provisioning profiles. The Dev profile builds deploys and runs on my device The Dist profile builds but when I select the distribution profile I get the "Profile doesn't include the com.apple.application-identifier entitlement." error. When I download the profile within Xcode all looks good for the distribution profile: App ID: matches correctly Certificated: 1 Included includes the new signing certificate "iPhone Distribution...." Capabilities: 3 Included Includes Game Center, In-App Purchase, and Keychain Sharing Entitlements: 5 Included Includes application-identifier, keychain-access-groups, beta-reports-active, get-task-allow, and com.apple.developer.team-identifier. Im not sure what is going on. This is a standard process I have performed for quite a while. As a matter of fact I just submitted 3 applications last Sunday. Thank you for any suggestions.

I'm trying to help out one of our vendors by building a skeleton PCI dext which they can flesh out. However, I can't seem to get the signing right. I can't sign it at all using no team or my personal team. "Signing for requires a development team", and "Personal development teams ... do not support the System Extension capability". I can't sign the driver because "DriverKit Team Provisioning Profile: doesn't match the entitlements file's value for the com.apple.developer.driverkit.transport.pci entitlement. I think this problem occurs because our company has already been assigned a transport.pci entitlement, but for our own PCI vendor ID. But I want to build and test software that works with our vendor's PCI device. I tried generating a profile for the driver manually, it contained only our own company's PCI driver match: IOPCIPrimaryMatch = "0x0000MMMM&0x0000FFFF"; where MMMM is our own PCI vendor ID. Is there a better way to inspect the profile Xcode is using than the postage-stamped sized info popup which truncates the information? I would download the generated profile but it doesn't appear on the profile, but Xcode is accessing it from somewhere. When I look at the available capabilities I can add to an app identifier on the Developer portal, I see com.apple.developer.driverkit.transport.usb, which is "development only". There's no "development only" capability for PCI. Does this mean it isn't possible to develop even a proof-of-concept PCI driver without being first granted the DriverKit PCI (Primary Match) entitlement? When adding capabilities to a driver, the list of available capabilities shown in Xcode has one "DriverKit PCI (Primary Match) entry", but if I double click it, two such entries appear in the Signing and Capabilities tab for my driver target. On the Developer portal, when I look at my driver's Identifier, there are two Capabilities labelled DriverKit PCI (Primary Match). Why?