I’m looking for guidance from anyone who has experienced a similar situation. I’m a new Apple Developer Program organization member, and this was my first attempt to notarize a macOS app distributed outside the Mac App Store. What happened: My notarization submissions started failing with statusCode 7000 and the message: “Team is not yet configured for notarization.”. I created a support ticket and received the following reply: “We have escalated this issue to our internal team for further investigation and review.” This was more than 2 months ago, and I have not received any further updates since. About 3 weeks later macOS began rejecting my signed app: codesign --verify --deep --strict --verbose=4 succeeds (reports valid signing identity) spctl -a -vv --type exec returns CSSMERR_TP_CERT_REVOKED Around the same time, I also lost access to the Apple Developer portal. When signing in at developer.apple.com/account, I am redirected to the account access support form instead of the dashboard. My app has not been released to users. If there is an issue with my build, signing, entitlements, or packaging, I am fully willing to fix it immediately. What I cannot understand is the lack of any substantive response from Apple Developer Program Support for over 2 months. What I’m trying to understand: Has anyone encountered this combination of issues: statusCode 7000, Developer ID trust/revocation problems, Blocked developer portal access? Is there any documented appeal, review, or remediation process? If Apple believes a team has violated a policy, how is the developer supposed to find out what needs to be fixed? I’m not asking Apple to bypass security checks. I’m asking for a clear explanation and a path to resolve any issue, if one exists. Any help would be greatly appreciated. Thank you.

From what I can tell, it seems that this is something standard that we have to deal with; however, what is annoying and frustrating is I paid good money to have this service work. My application is for important internal use at our company, and this is causing major issues and starting to make me look pretty bad, frankly. On top of that, there is no feedback at all, no reason given. Notarizing darwin binaries... Conducting pre-submission checks for aria.zip and initiating connection to the Apple notary service... Submission ID received id: ec041209-5652-4772-8689-e9e654432da8 Successfully uploaded file id: ec041209-5652-4772-8689-e9e654432da8 path: /Users/shaneholloman/git/sources/uicnz/aria/dist/darwin-arm64/aria.zip Waiting for processing to complete.

Since this evening (March 10, 2026), I'm unable to launch any developer-signed app on my physical device (iPhone 16 Pro Max, iOS 26.4 beta 23E5223k). The error is: "Unable to launch [app] because it has an invalid code signature, inadequate entitlements or its profile has not been explicitly trusted by the user." On the device itself, it shows: "Unable to Verify App - An internet connection is required to verify the trust of the developer." What I've tried: Created a new Apple Development certificate Deleted and reinstalled the app Restarted the device Tested on both Wi-Fi and cellular Confirmed Developer Mode is enabled Removed all third-party CA certificates from the device Verified the code signature is valid (codesign -dv shows correct Authority chain) The root cause: https://ppq.apple.com is currently returning 502 Bad Gateway. I confirmed this both from my Mac (curl -s -o /dev/null -w "%{http_code}" https://ppq.apple.com → 502) and from Safari on the device. This affects all developer-signed apps, not just a specific project. Is anyone else experiencing this? Is there an ETA for the fix? Environment: Xcode 26.3 (17C519) macOS 26.3.1 (25D2128) iPhone 16 Pro Max, iOS 26.4 (23E5223k)

Hello, I am following up on several notarization requests in order to understand the process better. I submitted my first notary request yesterday and it took several hours to complete (where I submitted two other requests along the way thinking they may be stuck). They were all accepted after ~3 hours had passed since the first request was made. In that time I discovered a bug and had to rebuild/codesign, and submitted to notarize again. I've now had two requests with the new build (.zip file) "in progress" for ~18 hours. The bug fix I made between builds was innocuous and I'm wondering if my jobs are getting flagged due to recent account lockouts when I was first setting up my organizations' developer account. I've seen several replies here in the forum from DTS Engineers - hi Quinn :), so I'm aware of the possibility of 'rare' in-depth analysis, however I've experienced it in 100% of my requests. What is causing my requests to always require in-depth analysis and is there anything I can do to prevent it? My notarytool history is below for reference. Thank you in advance. createdDate: 2026-03-15T22:59:23.053Z id: 9c7ecc81-daf4-4cae-afe9-7f8186067f79 status: In Progress -------------------------------------------------- createdDate: 2026-03-15T21:10:04.576Z id: a1df8b50-c897-49f5-ad0d-f2264a03f145 status: In Progress -------------------------------------------------- createdDate: 2026-03-15T20:41:24.946Z id: 640e7cd6-035f-437b-9eab-9a3db415911a status: Accepted -------------------------------------------------- createdDate: 2026-03-15T18:40:26.944Z id: 00b9e907-04eb-4561-8353-dae7520202e0 status: Accepted -------------------------------------------------- createdDate: 2026-03-15T17:16:48.426Z id: 3163ba2b-e3c8-4216-ae8a-bac351b82f8a status: Accepted

All of my notarization submissions have been stuck at "In Progress" for up to 10 days. I have 6 submissions spanning from March 4 to March 11, 2026, and none of them have completed or returned any errors. Affected submissions: dbf20b57-0073-444a-b09a-ac6747b7398e (submitted Mar 4) — In Progress d5886683-be64-455c-805d-cd8b12bbcd35 (submitted Mar 4) — In Progress 10bfa709-da17-49cf-9c89-63f93b5fb756 (submitted Mar 4) — In Progress e8d0866e-43f8-4a18-8129-64e6c5d3895a (submitted Mar 9) — In Progress f9526f25-5650-4c45-98ae-d778c58a2ffa (submitted Mar 9) — In Progress 82ec211f-9179-41fd-afe0-937c9b2c2750 (submitted Mar 11) — In Progress Running `notarytool log` returns "Submission log is not yet available." Team ID: CB4U5M6U9H It is an Electron-based app built with electron-builder. Steps taken to ensure compliance: Signed with a valid Developer ID Application certificate Hardened runtime enabled (hardenedRuntime: true) Proper entitlements configured (com.apple.security.cs.allow-jit, com.apple.security.cs.allow-unsigned-executable-memory, com.apple.security.cs.disable-library-validation) Entitlements inherited for child processes via entitlements.mac.inherit.plist Electron Fuses configured to disable Node.js CLI flags in production (resetAdHocDarwinSignature enabled) App submitted as a zip archive via notarytool submit I've tried resubmitting multiple times across different builds, but all submissions remain stuck. I also have an open support case (102836201208) that was escalated to Senior Advisors on March 11, but have not received any update. Could someone from the notarization team please investigate?

Hi, I have uploaded the package to notarize using the xcrun command. Verbose logs shows that the upload is success and it shows the submission id as well. After that it is in loop to get the status of the upload. Following is the command I have used. Some part of the command verbose log Multiline [08:46:48.984Z] Info [UPLOAD] Starting S3 multipart upload of file at 'file:///var/folders/ty/lkzb6dxj0hq_b0wplk5lz6jw0000gp/T/TemporaryItems/NSIRD_notarytool_AtDtEn/Fiery%20Remote%20Scan.dmg' with part size 5 MB to Bucket: notary-submissions-prod, Key: prod/AROARQF6ZA5L:dc619a13-da5b-42fe-9b2b-afcadf078bc0 [08:46:48.984Z] Debug [UPLOAD] Received new upload status: Uploading [08:46:56.648Z] Debug [UPLOAD] Received new upload status: Succeeded [08:46:56.649Z] Debug [UPLOAD] multipart upload etag: "364e1cccccc99b5d98f7cccccccccc18d58f-6" [08:46:56.650Z] Info [UPLOAD] Multipart upload process has completed successfully. [08:46:56.651Z] Info [UPLOAD] Attempting to shutdown local S3 upload service. [08:46:56.651Z] Info [UPLOAD] Successfully shutdown local S3 upload service. [08:46:56.652Z] Info [API] Beginning to wait for submission id: dc619a13-cccccccadf078bc0 [08:46:56.652Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/submissions/dc619a13-xxxx-afcadf078bc0?, Parameters: [:], Custom Headers: private<Dictionary<String, String>> [08:46:56.652Z] Debug [JWT] Using cached JWT value for key ID: F73xxxxx [08:46:56.653Z] Debug [AUTHENTICATION] Authenticating request with App Store Connect API credentials. Key ID: F737N55KF2, Issuer ID: e3b80xxxxxx-9ab9-db8ee8ece781 [08:46:56.653Z] Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls. [08:46:57.130Z] Debug [API] Received response status code: 200, message: no error, URL: https://appstoreconnect.apple.com/notary/v2/submissions/dc619a13-da5b-42xxxxxx-afcadf078bc0?, Correlation Key: NUGVFYUAWxxxxxxxHQJ3VRLQ [08:46:57.130Z] Debug [TASKMANAGER] Completed Task with ID 2 has received a parsable response. [08:46:57.130Z] Debug [TASKMANAGER] Ending Task Manager loop. [08:46:57.130Z] Info [API] Initial status: In Progress) [08:46:57.131Z] Info [API] Waiting 5 seconds before next poll... [08:47:02.136Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/submissions/dc619a13-da5b-xxxxxx078bc0?, Parameters: [:], Custom Headers: private<Dictionary<String, String>> [08:47:02.137Z] Debug [JWT] Using cached JWT value for key ID: F737N55KF2 [08:47:02.138Z] Debug [AUTHENTICATION] Authenticating request with App Store Connect API credentials. Key ID: F737N55KF2, Issuer ID: e3b8057xxxxxx597-9ab9-db8ee8ece781 [08:47:02.138Z] Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls. [08:47:02.586Z] Debug [API] Received response status code: 200, message: no error, URL: https://appstoreconnect.apple.com/notary/v2/submissions/dc619a13-da5xxxxxxxdf078bc0?, Correlation Key: YD4I377GRGJxxxxx6M3PAJOA [08:47:02.586Z] Debug [TASKMANAGER] Completed Task with ID 3 has received a parsable response. [08:47:02.586Z] Debug [TASKMANAGER] Ending Task Manager loop. [08:47:02.587Z] Info [API] Received new status: In Progress [08:47:02.587Z] Info [API] Waiting 5 seconds before next poll... BlockQuote This is going on a loop If I try to get the the status of the submission, it shows as "In Progress" xcrun notarytool info dc619a-9b2b-afcadf078bc0 --key AuthKey_F73cccc.p8 --key-id ccccc --issuer ccccc-d19d-4597-9ab9-cccccc Successfully received submission info createdDate: 2026-03-12T08:46:48.761Z id: dc619a13-dccccccadf078bc0 name: xxxxxx.dmg status: In Progress code-block Could you please help us on this? OS: macOS 26.3 Xcode: 26.2 Regards Prema Kumar

I'm unable to notarize my macOS app — notarytool returns statusCode 7000 ("Team is not yet configured for notarization"). My Developer ID certificate is valid (expires 2031), code signing works fine. Timeline: March 4 — opened case 102832266798 via Developer Programs Support March 6 — Apple replied, but the email never arrived (not in spam either) March 9 — sent follow-up requesting the response be resent — no reply March 13 — opened new case 102840272497 via Program Enrollment form — waiting It's been 9 days with no resolution. DTS confirmed this is not a technical issue and referred me to Developer Programs Support. Team ID: 9NL8W3646T Bundle ID: com.traart.app How can I escalate this? Has anyone experienced a similar situation with a new account?

All of my notarization submissions have been stuck at "In Progress" for over a week. I have 6 submissions spanning from March 4 to March 10, 2026, and none of them have completed or returned any errors. Affected submissions: 685708f6 — MeetingRecorder-1.5.0.dmg (submitted Mar 10) — In Progress 6ade1490 — MeetingRecorder-1.5.0.dmg (submitted Mar 10) — In Progress 99d39bd0 — MeetingRecorder-1.4.12.dmg (submitted Mar 6) — In Progress e65f95e1 — MeetingRecorder-1.4.9.dmg (submitted Mar 6) — In Progress eb51b220 — MeetingRecorder-1.4.9.dmg (submitted Mar 5) — In Progress 9cc33cfd — MeetingRecorder-1.4.9.dmg (submitted Mar 4) — In Progress Running notarytool log returns "Submission log is not yet available." Team ID: HXVLV4P425 The app is a macOS menu bar application for meeting recording and transcription. It is signed with a valid Developer ID certificate and has been built with hardened runtime enabled. I've tried resubmitting multiple times across different builds (1.4.9, 1.4.12, 1.5.0), but all submissions remain stuck. Could someone from the notarization team please investigate? Thank you.

We've got an in-house Swift macOS desktop app with a FileProvider extension, which has been working fine on various machines up through Sonoma (and still does). We've just installed it on a Sequoia machine, and on it the FileProvider extension has lost the ability to access the shared app group. It can neither log to the Group Containers folder under ~/Library, nor access the pipe to the main app. The group name is formatted as group.XXXXXXXXXX.com.orgname.appname in both targets. I'm not sure why it combines the iOS and macOS conventions, with both the group prefix and the teamIdentifier one -- it was first built some time before the point in 2025 when macOS supported iOS-style groups -- but again, it's been working. For the record, The provisioning profile for EMPFileProvider has the App Groups capability enabled, and the App Groups capability is present in both build targets in Xcode. The existing group identifier is registered on the website; I've also manually registered the team-ID-less group name, so I can migrate. The question is, is this actually the right approach? Will such a change break the app on pre-Sequoia machines? And if I proceed, what do I need to do to complete the migration? The app was built back in Xcode 12.5; will I need to update the entire build environment to take advantage of Xcode 16.3's explicit support for iOS-style group names, or can I get away with it since I've manually registered the new group?

Hello, We are experiencing repeated notarization delays for our macOS app distributed outside the Mac App Store. Current submission ID: 45d7cac0-bd8a-4d48-b886-1cad7649adf4 Previous affected submission ID: ff61de1e-15f5-4bbe-8b34-a91a6f73b978 Issue description: xcrun notarytool submit succeeds and returns a submission ID. xcrun notarytool info keeps returning In Progress for a very long time. In the current case, the submission has remained In Progress for more than 45 minutes. This issue has happened repeatedly across multiple submissions. What we have already checked: We are not using a local proxy for notarization requests. We separated submit and polling in our build script to verify the exact stage. We retried multiple times. We reduced package contents to rule out newly introduced app content. Could someone from Apple please help check whether these submission IDs are stuck in the notarization pipeline, or advise what additional diagnostics we should provide? Thank you.

I have an app for iOS already on the AppStore and I'm trying to add a macOS version of it. The AppID prefix for this app is different than my Team ID. This mismatch was always fine for submitting my iOS app. However for some reason, the macOS version gets rejected when I upload it. It tells me the AppID prefix must match my Team ID. I do not control my TeamID and I do not control my AppID prefix, they are both given to me by Apple. Yet the error message tells me they must match. How do I get past this? Here is the error message: Validation failed Invalid code signing entitlements. Your application bundle's signature contains code signing entitlements that aren't supported on macOS. Specifically, the "APPID_PREFIX.MY_BUNDLE_ID" value for the com.apple.application-identifier key in "MY_PACKAGE" isn't supported. This value should be a string that starts with your Team ID, followed by a dot ('"), followed by the bundle ID. (ID: 930b77ae-099f-4798-a14a-2803f2a9be9e) Thanks in advance for any pointer.

Notarization submissions stuck “In Progress” for 5+ days (SwiftUI macOS menu bar app) Hello, I’m experiencing an issue where all notarization submissions remain “In Progress” for several days. Environment macOS native app written in Swift / SwiftUI Menu bar application Built with Xcode Developer ID Application signing Hardened Runtime enabled App Sandbox disabled Uses SMAppService for “Start at Login” Artifact structure ClaudeUsageTracker.zip └ ClaudeUsageTracker.app (no nested directory) Verification codesign --verify --deep --strict --verbose=2 ClaudeUsageTracker.app This succeeds without errors. Notarization submissions 2026-03-06 — In Progress ID=215814fc-57c5-4f99-88fe-ed2db4d3e3d9 2026-03-06 — In Progress ID=70948178-191c-4840-a9c7-52c321b725e5 2026-03-09 — In Progress ID=14a88b79-df4d-4d83-9bfe-fa6eafc9bf76 All submissions remain In Progress for 5+ days, and notarytool log is not available yet. Command used xcrun notarytool submit ClaudeUsageTracker.zip \ --keychain-profile "notarytool-profile" The app is a small utility and the archive is only a few MB. Is there a known issue with the notarization queue or with accounts getting stuck in a processing state? Any guidance would be appreciated. Thanks. Repository: https://github.com/grad13/Claude-Usage-Tracker

We are experiencing notarization submissions that remain in the “In Progress” state for an extended period (over 24 hours), with no status transition and no submission log available. This is occurring in an automated CI environment using the Notary REST API (non-interactive submission and polling). Re-submitting the same package only results in additional submissions also stuck in “In Progress”. There does not appear to be any API mechanism to cancel, clear, or expire these submissions once they are created. We have already opened an Apple Developer Support case regarding this issue (Case ID: 102818066745 & 102819008943), but have not yet received clarification on what is causing these long-running “In Progress” states. This issue is impacting our production release pipeline, as we are unable to reliably complete notarization for signed packages within an expected timeframe. Based on other reports in this forum (including thread 811968), this behavior appears similar to cases where notarization requests were delayed due to backend backlog or in-depth analysis. We would appreciate clarification on the following: Is it expected behavior for notarization submissions to remain in “In Progress” for such a long period without logs? Is client-side timeout and re-submission the recommended handling for CI workflows? Are there known service-side conditions (e.g. analysis backlog) that could explain this behavior? Any guidance from Apple DTS or others who have encountered this would be greatly appreciated.

Hi, I currently have multiple notarization submissions that have been stuck in "In Progress" status for many hours without any updates. Here are several examples from my recent submissions: Submission IDs: 01f7a80e-a9cc-49b3-bb93-94b126cf3124 (a.dmg) 7af2b25f-e131-40a4-bcd3-0f7583ebbdc2 (a.dmg) 2b35ec79-d851-41d6-a900-788d4201a273 (b.dmg) 8194b1af-a270-4de9-92f1-ce2a8d4782f2 (c.dmg) 2608dcfc-7652-4efa-97e3-1749e7130dcb (d.zip) These submissions were created between March 11 and March 12, and all of them remain stuck in the "In Progress" state indefinitely. When checking using: xcrun notarytool history all recent submissions appear as: status: In Progress Additionally: No logs are available for these submissions. notarytool --wait eventually times out after 30 minutes with exit code 124. The app bundles are signed with a valid Developer ID Application certificate. All embedded frameworks and dylibs are individually signed using: --options runtime --timestamp Earlier submissions on the same day (for example df41010c-a3c6-4e2d-a455-b657693e8541) were successfully notarized and returned Accepted, so the signing configuration appears to be correct. Because many submissions across different files (DMG and ZIP) are stuck in the same state, it seems possible that the notarization service queue may be stalled. Could you please help confirm: Whether these notarization submissions are stuck on the Apple notarization service side If there is currently a service issue affecting notarization processing Whether I should cancel and resubmit these uploads Any guidance would be greatly appreciated. Thank you.

Hi, I currently have multiple notarization submissions that have been stuck in "In Progress" status for many hours without any updates. Here are several examples from my recent submissions: Submission IDs: 01f7a80e-a9cc-49b3-bb93-94b126cf3124 (AutoTyper.dmg) 7af2b25f-e131-40a4-bcd3-0f7583ebbdc2 (AutoTyper.dmg) 2b35ec79-d851-41d6-a900-788d4201a273 (autoclaw-0.2.15.dmg) 8194b1af-a270-4de9-92f1-ce2a8d4782f2 (z-code_0.21.2_aarch64.unnotarized.dmg) 2608dcfc-7652-4efa-97e3-1749e7130dcb (AutoGLM PC.zip) These submissions were created between March 11 and March 12, and all of them remain stuck in the "In Progress" state indefinitely. When checking using: xcrun notarytool history all recent submissions appear as: status: In Progress Additionally: No logs are available for these submissions. notarytool --wait eventually times out after 30 minutes with exit code 124. The app bundles are signed with a valid Developer ID Application certificate. All embedded frameworks and dylibs are individually signed using: --options runtime --timestamp Earlier submissions on the same day (for example df41010c-a3c6-4e2d-a455-b657693e8541) were successfully notarized and returned Accepted, so the signing configuration appears to be correct. Because many submissions across different files (DMG and ZIP) are stuck in the same state, it seems possible that the notarization service queue may be stalled. Could you please help confirm: Whether these notarization submissions are stuck on the Apple notarization service side If there is currently a service issue affecting notarization processing Whether I should cancel and resubmit these uploads Any guidance would be greatly appreciated. Thank you.

I am seeking clarification on whether the various driverkit entitlement families (com.apple.developer.driverkit.family.*) are available for development on my local Mac without requesting entitlements from Apple. My experience is inconsistent with public statements made by Apple, and I am wondering if there have been changes to development entitlements as of 2026. I am hoping there is something obvious that I have missed. At WWDC2022 Apple stated that "In MacOS... In fact, all DriverKit family entitlements are now available to use for development." On these very forums, Eskimo himself also suggested this was the case in 2024. However, my own experience has been that in my provisioning profile on my paid developer account, I am not able to obtain com.apple.developer.driverkit.family.networking for the purpose of developing a driver for unsupported hardware. As you can see, I do not have the networking entitlement: { .. "Entitlements" => { ... "com.apple.developer.driverkit" => true "com.apple.developer.driverkit.transport.usb" => [ 0 => { "idVendor" => "*" } ] And there appears to be no mechanism to add these entitlement:

Hi everyone, I recently submitted the Family Controls request form and received the following request IDs: 429MKWT5VX
 KNL6T2DC7A
 N62KV78DKC However, I haven’t received any updates yet and I’m not sure how these requests are tracked or when we’ll know if they’re approved. Our app is almost ready to launch and this capability is critical for us. Both the main app and an extension depend on Family Controls, so we’re currently blocked from moving forward. I also raised a support ticket with Apple Developer Support (Case ID: 102838723073), but I haven’t received any response there either. To be honest, this is becoming really stressful. Months of work are stuck at the final step and we’re unable to move forward without this approval. This isn’t just a small personal project and we’re building a production app and were hoping to launch very soon. If anyone has been through this process or has any guidance on the approval timeline, or if someone from Apple could help look into these request IDs, it would genuinely mean a lot to us.

 Thank you

Since around September (iOS 26 release), i'm unable to test my app normally. It says "internet connection is required to verify [my certificate id]", or just crashing. All terms and conditions accepted, everything is valid, certificates are OK. Reinstallation via xcode does not help. Removal of provisioning profile, generating new does not help. Revoking of certificate and generating new does for around week, then it happens again, but do i need to do it every week now? In logs i see the following: default amfid validation failed because of missing trust and/or authorization (0xe8008026) error amfid not valid: 0xe8008026: The provisioning profile requires online authorization. error amfid Unexpected MISError (0xe8008026): The provisioning profile requires online authorization. default +0300 amfid /private/var/containers/Bundle/Application/5B8E560E-75B2-46EF-8606-02072D99E9CF//Frameworks/oss.dylib not valid: Error Domain=AppleMobileFileIntegrityError Code=-400 "An unknown error was encountered" UserInfo={NSURL=file:///private/var/containers/Bundle/Application/5B8E560E-75B2-46EF-8606-02072D99E9CF//Frameworks/oss.dylib, NSLocalizedDescription=An unknown error was encountered} default kernel AMFI: code signature validation failed. It looks like apple validation servers are not working, or is it iOS bug? All provisioning profiles are showing like "valid" in apple developer center. My network is not behind a proxy, connection is direct. If use EXACTLY the same app, signed with the same provisioning, same signature, on another test device, it works! When i reset current device to default settings and installing the EXACTLY same app after it, it works as well. Looking for a help from apple developer support

Some capabilities include distribution restriction. For example, you might be able to use the capability for day-to-day development but have to get additional approval to publish an app using that capability to the App Store. To tell if a capability has such a restriction: Go to Developer > Account. At the top right, make sure you’re logged in as the right team. Under Certificates, IDs & Profiles, click Identifiers. Find the App ID you’re working with and click it. IMPORTANT Some managed capabilities are granted on a per-App ID basis, so make sure you choose the right App ID here. This brings up the App ID editor. In the Capabilities tab, locate the capability you’re working with. Click the little info (i) button next to the capability. The resulting popover lists the supported platforms and distribution channels for that capability. For example, the following shows that the standard Family Controls (Development) capability, which authorises use of the com.apple.developer.family-controls entitlement, is only enabled for development on iOS and visionOS. In contrast, if you’ve been granted distribution access to this capability, you’ll see a different Family Controls (Distribution) capability. Its popover shows that you can use the capability for App Store Connect and Ad Hoc distribution, as well as day-to-day development, on both iOS and visionOS. In the Family Controls example the development-only capability is available to all developers. However, restrictions like this can apply to initially managed capabilities, that is, managed capabilities where you have to apply to use the capability just to get started with your development. For example, when you apply for the Endpoint Security capability, which authorises use of the com.apple.developer.endpoint-security.client entitlement, it’s typically granted for development only. If you want to distribute a product using that capability, you must re-apply for another capability that authorises Developer ID distribution [1]. Some folks encounter problems like this because their managed capability was incorrectly granted. For example, you might have applied for a managed capability from an Organization team but it was granted as if you were an Enterprise team. In this case the popover will show In House where you’d expect it to show App Store Connect. If you’ve believe that you were granted a managed capability for the wrong distribution channel, contact the folks who granted you that capability. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] Endpoint Security clients must use independent distribution; they are not accepted in the Mac App Store. Revision History 2026-03-10 Updated to account for changes on the Apple Developer website. 2022-12-09 First posted.

My team is distributing a cross-platform app outside the Mac App Store via ZIP file. The app works perfectly on Windows, but on macOS, while the ZIP downloads and extracts without issue, the app refuses to open. Users see either the app appear in the dock then immediately disappear or a Gatekeeper prompt saying the developer cannot be verified. We suspect the root cause is related to code signing and/or notarization, but we're not entirely sure where the breakdown is occurring. We have a few questions as we work through this. For ZIP-based distribution outside the Mac App Store, is both a Developer ID certificate and Apple notarization required on current macOS versions? We've also seen references to using ditto instead of Finder's built-in Compress option when packaging the ZIP. Is that necessary to properly preserve the app bundle structure and extended attributes? Any guidance on where this process might be going wrong would be hugely appreciated. Thanks!