Hello, I've been trying to update my application since days, tried everything, all my environment is unchanged except update to the latest xcode version, I only fixed a bug in my code, and updated my expired certifacates with the same IDs. I've also been able to test the app with testflight. The app is built successfuly, validated, uploaded to the apple connect, submited for review, accepted and published online on the mac app store. I've been able to update the application with the mac app store. Now here is the problem: if I delete the application, and try to reinstall it from the app store, it says: unable to install, try again later - then the mac app store is stuck, I need to quit / restart to be able to try a new install. I also distribute my application outside of the mac app store, I've also signed and notarized my app successfully, with my developer id certificate, I tried with organizer, and also with xcrun notary on the command line, all is ok, but when I run the exported application, it says that the application is damaged (so right click/open works, and the app works well). The only thing that I can see is this (compared with my previous version): spctl -a -vvv -t install myapp.app: myapp.app: rejected (invalid destination for symbolic link in bundle) I don't have the error on my previous version. I've checked all the links inside the package, I don't see any problem or invalid link (and the app can run perfectly.... ) I've also check the logs.json file after the notary result, no problem appears. the whole structure of the application and files inside the .app is exactly the same between the previous version, and the new one with that problem. hope that someone could help me to solve this problem :)

Hello, We currently have an IOS Mobile app using the ad-hoc provisioning profile with a distribution certificate. We are wanting to renew the ad-hoc provisioning profile BEFORE it expires. How do i do this without causing the application to break AND prevent the user from having to re-trust the. Can i simply create a new ad-hoc provisioning profile associated with the old certificate, rebuild the app, and send the link to the user?

Hello, I'm have a new Macbook and setup my Enterprise account. Part of my job is to view the expiration dates on certificates for other users. This should be a simple process but when I click on the certificate, there's a button "view certificates" I should be able to click on and see the expiration date and basic details on that specific certificate. The problem I have is that when I click on "view certificates", I get the error: "An error has occurred. Unable to display information about the selected item." I've tried steps online but to no avail. How can I get this fixed? My two other coworkers are able to just click on that button and view the certificate details, except for me. I've attached the screenshot. Thank you for your help Regards JJ

I got the python app notarized and downloaded it fine. However, if you are caught by Gatekeeper and open the information window, you will see a lock and even if you enter the password to open the lock, it will not work. xattr -d com.apple.quarantine ./test.app You have to exclude it from the gatekeeper directly. I wonder if the downloaded app is unavoidable... or if there is another way.

After updating to Xcode 15.3 and Sonoma, I started getting an error when packaging my app: Provisioning profile failed qualification Profile doesn't include the com.apple.developer.mail-client entitlement. There is no indication in the documentation that this has anything to do with the provisioning profile, and there is no capacility that needs to be added. I was given the "com.apple.developer.mail-client" entitlement from Apple over a year ago as documented in: https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_mail-client, and it worked fine until now.

I have an app that needs re-signing/updating to work on ios 17 (ios 17.4.1). I have renamed the IPA file to zip and extracted it to the desktop. The files in the extracted folder are: ItunesArtwork ItunesMetadata.plist Payload folder Payload folder contains the app App package contents contains all the app files, including the _CodeSignature folder. I extracted the package contents to a folder on the desktop. Xcode 15.3 (15E204a) is installed. Need the steps necessary to complete it and generate the new IPA file to test. Thanks all, Ed

Hi everyone! We use to have an intel Mac machine where we generate the Developer ID Installer & Application certs for signing and notarization process. This process works sweet. Now, we move from an intel to a m1 Mac machine, where we want to do the same process as before. I had try two different approaches, but ending up with the same result. I export the cert with the private key from my intel to the m1 machine, but when I try to sign, I get: Invalid signature. (Not sure what this error means in this case as everything works on the intel machine. I am guessing the cipher for creating either the private key or the signature differs between the architecture) I try to generate new certs for this m1 machine, but I get the following error: You already have a current Developer ID installer certificate or a pending certificate request. I try with the same account, but also with a different account. In both cases got the same error. I create a ticket for apple, where they said to expect a reply between one and two business days, but no luck yet.

I'm trying to compile my project to upload to the Apple Store, but I'm encountering the following error and I'm not finding a solution. Target release_unpack_ios failed: Exception: Failed to codesign /Users/projetos03/Library/Developer/Xcode/DerivedData/Runner-fawumbalfprcejfqeukpogdffliw/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter with identity 8AEA2F49955A0 9A7CD98E041ABA46E18BAE7745E . /Users/projetos03/Library/Developer/Xcode/DerivedData/Runner-fawumbalfprcejfqeukpogdffliw/Build/Intermediates.noindex/ArchiveIntermediates/Runner/BuildProductsPath/Release-iphoneos/Flutter.framework/Flutter: replacing existing signature Warning: unable to build chain to self-signed root for signer "Apple Development: Flavio Alves (36WNMDQCH4)"

My app stops responding during the 'signing scold.app' process while uploading to App Store Connect in Xcode 15.3. What should I do?

I'm trying to add a feature to my app which requires OpenMP as third party library. The first time an openMP API gets called makes the app crash. The Xcode terminal reports this: OMP: Error #179: Function Can't open TEMP failed: OMP: System error #1: Operation not permitted Assertion failure at kmp_runtime.cpp(6918): temp_reg_status_file_name. OMP: Error #13: Assertion failure at kmp_runtime.cpp(6918). Console app reports this: Sandbox: deny(1) ipc-posix-shm-write-create /__KMP_REGISTERED_LIB_31975 I cannot substitute or get rid of the OpenMP library as it is used by other third party libs needed by the feature I’m developeng. Hope there is a workaround to the sandbox security restrictions that allows to use the lib. Thanks, Andrea

My app crashes while uploading to App Store Connect in Xcode 15.3. What should I do?

Many of the trusted execution problems I see are caused by folks signing their product using the --deep option. While that can work in some circumstances, I generally recommend against it. There are two issues with --deep: It applies the same code signing options to every code item that it signs, something that’s not appropriate in general. For example, you might have an app containing a nested command-line tool, where the app and the tool need different entitlements. The --deep option will apply the same entitlements to both, which is a serious mistake. It only signs code that it can find, and it only finds code in nested code sites. If you put code in a place where the system is expecting to find data, --deep won’t sign it. The first issue is fundamental to how --deep works, and is the main reason you should not use it. Indeed, on macOS it may cause the trusted execution system to block your program from running. For the details, see the Check for Entitlements on Library Code section of Resolving Library Loading Problems. The second issue is only a problem if you don’t follow the rules for nesting code and data within a bundle, as documented in Placing Content in a Bundle. However, my experience is that the products that don’t follow those rules are exactly the same sort of products that try to use --deep. The alternative to --deep is to sign each code item separately, from the inside out. If your product has lots of nested code, automate this using a script. Note One exception to the prohibition on --deep is Automator apps. If you’re signing an Automator app, see this DevForums post. For detailed information on how to correctly sign and package Mac software, see Creating distribution-signed code for macOS and Packaging Mac software for distribution. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Revision history: 2024-05-06 Update some links to reference the Real Documentation™ rather than my legacy DevForums posts. 2022-06-14 Added a link to Resolving Library Loading Problems. Replaced the link to Signing a Mac Product For Distribution with a link to Creating Distribution-Signed Code for Mac. Made other minor editorial changes. 2021-10-21 Replaced the nested code reference with one to Placing Content in a Bundle. Minor editorial changes. 2020-09-15 Adopted the correct terminology for Automator apps. 2020-03-09 First version.

Hello, I am currently facing an issue with my iOS app and its associated Preview extension. I am trying to save a file to a shared container using App Groups, so that my main app can read the file. The code works perfectly on the iOS simulator, but when I run the app on a physical device I encounter a "You don't have permission to save the file" error. Here's the relevant code snippet: let appGroupIdentifier = "group.com.yourcompany.yourapp" func saveDataToSharedContainer(fileName: String, data: Data) -> Bool { guard let containerURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupIdentifier) else { print("Error: Unable to access the shared container.") return false } let fileURL = containerURL.appendingPathComponent(fileName) do { try data.write(to: fileURL, options: .atomic) print("Data saved to shared container successfully.") return true } catch { print("Error: Unable to save data to shared container. \(error)") return false } } I have already verified the following: App Groups capability is enabled for both the main app target and the extension target. The App Group identifier is consistent in both the main app target and the extension target, as well as in the Swift code. Provisioning profiles and signing certificates are up-to-date, and the issue persists after cleaning the project and resetting the provisioning profiles. Despite trying these steps, the issue remains unresolved. This error is reproducible in a new project with a Preview extension. I would greatly appreciate any insights or suggestions from the community to help me resolve this issue. Thank you in advance!

I'm looking to automate device provisioning using App Store Connect API. Two things are snagging me: Updating Profiles API: Adding a new device seems clunky (read-all-devices, save, delete profile, recreate with a new device). Is there a simpler way to do it? I looked over the documentation and it seems like there's no streamlined way to do it, am I correct? Entitlements API: Not public yet? Does anyone know about any plans to open it up soon? I asked Apple Support and they didn't provide any information on this. Specifying entitlements during provisioning is an important step. Thanks for any help!

Hi, we have an app that has been in development since Catalina and ever since Sonoma came out we noticed that when executing our pkg installer the application is installed correctly but the postinstall script is not executed. The weird thing is that if I run the pkg for the first time the postinstall does not execute BUT if I run it again then it DOES!! Looking through the logs I found these ones that confirm the execution of the script is being blocked. We haven't changed anything in the way we build the installer so I'm not quite sure how to fix this. 2024-04-25 16:29:51.570662-0300 0x1c62 Error 0x0 308 0 syspolicyd: [com.apple.syspolicy.exec:default] Unable (errno: 2) to read file at <private> for pid: 784 process path: <private> library path: (null) 2024-04-25 16:29:51.570662-0300 0x1c62 Error 0x0 308 0 syspolicyd: [com.apple.syspolicy.exec:default] Terminating process due to Malware rejection: 784, <private> 2024-04-25 16:29:51.570679-0300 0x1d13 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Sleep interrupted, signal 0x100 2024-04-25 16:29:51.570682-0300 0x1d13 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 784, /private/tmp/PKInstallSandbox.m5Av3O/Scripts/com.mycompany.myapp.pkg.BSOjtt/postinstall The app as well as the installer are both signed, notarized and stapled. Here you can see the script which just simply executes the app. #!/bin/bash echo "Running postinstall" /Applications/myapp.app/Contents/MacOS/myapp --load-system-extension & exit 0 Any help would be much appreciated. Thanks!

I have a personal app I use only for myself on my iPhone. I do not distribute this. Its stops working every year when my renewal comes up. Once I renew my subscription I reload the app onto my phone and it works again. Is there a way that I can have it work forever without having to reload it every year? Sometimes I forget to reload after my renewal and it does not work until I do so.

I am able to successfully install the app on my device, but I am unable to verify the app. Steps to reproduce: Navigate to Settings -> VPN & Device Management on iPhone 14 Select developer under Developer App Select trust this computer Attempt to Verify App The "Verify App" button has no effect. The app can still be installed when built, but is not able to be opened. Navigating to ppq.apple.com in a browser results in a "cannot be trusted":

We have a legacy app written in a mix of C, ObjC, C++ and ObjC++ with .xib files. It is not sandboxed. It sends an Apple Event to TV (the app of that name from Apple, not a physical TV) using /usr/bin/osascript, calling a compiled Apple Script which is in our app bundle's Resources directory with parameters which we generate in our app at runtime. The first time it does this on a fresh system, the OS puts up a dialog asking for permission to control TV, and after the user clicks Allow, our app appears under Security and Privacy in the Automation section. That's all fine, but what is unexpected is that the app has no Apple Events entitlement (com.apple.security.automation.apple-events), and it doesn't have a NSAppleEventsUsageDescription string either. The documentation at https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_automation_apple-events says Your app doesn’t need the Apple Events Entitlement if it only sends Apple events to itself or to other processes signed with the same team ID. but we're not on the Apple team. When I filter the log for messages from tccd pertaining to our app, it does indeed complain : Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={TCCDProcess: identifier=<our bundle id>” But despite those complaints, everything works - I can send the event, and TV acts upon it. Is this working only by accident, and might fail in some minor future OS update? tccd also complains about the microphone Prompting policy for hardened runtime; service: kTCCServiceMicrophone requires entitlement com.apple.security.device.audio-input but it is missing for requesting={TCCDProcess: identifier=<our bundle ID> but we don't use the microphone tccd complains about this too <path-to-our-app> attempted to call TCCAccessRequest for kTCCServiceAccessibility without the recommended com.apple.private.tcc.manager.check-by-audit-token entitlement What does that mean, and should we be concerned?

An error occurred. Unable to import “Apple Development: Name ()”. Error: -25294 Mac mini M1 macOS Sonoma Version 14.4.1

I need to obtain the user's EID within my app. We are a mobile network operator and have also applied for Apple's eSIM development. Does Apple provide a certified developer access to an API for obtaining EID? I understand that there is no public API available, but I'm unsure if approved operators can access EID. If so, how can I apply for this private API?