I am responsible for the mobile app and thus also of the apple developer and app store connect accounts of a company. An external freelancer developed a software package for us which we aim to offer for installation and use on macOS systems of our customers; distributed exclusively outside of the Apple App Store. The software package has nothing to do with the mobile app. MacOS' Gatekeeper currently warns or even prevents our customers regarding the installation of the package on their device; pretty much as described here: https://developer.apple.com/developer-id/. According to a previous talk with Apple's Support, the software package (.app) the Freelancer developed must be signed with one of our own certificates. As we cannot grant selective app store connect access to third persons (only for the concerned certificates), we prefer to not provide access to our entire apple developer account to the freelancer, for the sole reason of the certificate & signing process. According to previous attempts with Apples' support regarding the most feasible solution in this case, they recommended me to manage the signing of the package of the freelancer, and simply request the package from the freelancer. I've thus generated an according Developer ID Certificate, but regarding the signing process, I'm confused. I know how signing works with mobile apps in XCode, but regarding software that is not distributed throughout the App Store on macOS, I'm unsure about the process. Also, as far as I know, the entitlements of the application are involved in the signing process. So my concern is that simply having the software package (.app) from the freelancer is not really enough to complete the signing + notarization process? Won't I need further information about the app's entitlements etc.? I would like to have a clear solution about the procedure that is required in these cases, as online documentations and / or forums as well as previous talks with your non-technical support from Apple did not resolve the issue.

Our app .dmg file was successfully code signed. We then revised the app and created a new .dmg. Running codesign gave an "app is already signed" message. Then running codesign -dv said "code object is not signed at all" Older solutions said to use -f to force signing, but that is no longer an option.

Hello, I have a macOS app built with Flutter’s macOS target (native Xcode project). The app is unsigned (no Developer ID code signing / notarization). The .app bundle looks valid: CFBundlePackageType = APPL Unique CFBundleIdentifier No LSUIElement or LSBackgroundOnly Executable exists and is runnable Placed at /Applications/MyApp.app (top-level), runs fine from Finder However, it does not show up in Launchpad. What I tried: Remove quarantine: xattr -dr com.apple.quarantine "/Applications/MyApp.app" Force Launch Services registration: /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f "/Applications/MyApp.app" Rebuild LS caches: /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -kill -r -domain local -domain system -domain user Reset Launchpad DB and restart Dock: defaults write com.apple.dock ResetLaunchPad -bool true && killall Dock Verified bundle structure/type: mdls -name kMDItemContentType -name kMDItemKind "/Applications/MyApp.app" → shows com.apple.application-bundle / Application Questions Is code signing/notarization required for an app to appear in Launchpad (even if it runs from Finder)? What additional conditions cause Launchpad to skip an otherwise valid, unsigned .app in /Applications? Are there deeper Launch Services or Dock database checks I can run to diagnose why this specific app is excluded?

I added a watchkit extension to an existing app. I get this error when uploading to App Store Connect. Building the archive itself is fine: Prepared archive for uploading Upload failed error: Validation failed Missing Info.plist value. A value for the key “WKApplication”, or “WKWatchKitApp” if your project has a WatchKit App Extension target, is required in “Runner.app/Watch/watch_Watch_App.app” bundle. For details, see: https://developer.apple.com/documentation/watchkit/creating_independent_watchos_apps/setting_up_a_watchos_project have the exact same issue when bundling. I added the flag manually in a additional plist fields entry with WKApplication=1 because my Info.Plist is generated and it didn't help. I wrote a custom Run Script Phase that added the flag and that didn't help as well. I need a reply from someone from Apple here. This needs to be fixed.

Hi guys, Is there any good up-to-date tutorial about publishing a Python based app on Apple Store? Now, I have developed a standalone Python app from PyCharm, and it's using Pyside6 for UI and some major Python libraries. It's a productivity app with a little A.I. features. I used PyInstaller to prepare the app. Currently, I am stuck at the stage of codesign and Apple Review process, because I am manually doing codesign and building the package from command-line. Without using Xcode, things can get messy or miss easily. It would be nice to follow a up-to-date tutorial about how to complete the codesign and Apple Review process for a Python based app. For example, what to do, how to do, what to be careful during the Apple Review process, etc. Thanks!

We have an app which is hybrid using React Native and Native features. We released our app recently which showed issues related to missing packages/corrupt package but xCode didn't gave any error and we were able to Archive and submit app successfully.

To validate incoming XPC connections from other executables, we perform SecCode checks for the dynamic signature of the connection (kSecCSDynamicInformation). Reading the setCodeSigningRequirement(_:) function documentation it appears to perform only static signing checks, is that so? If we use setCodeSigningRequirement(:) function in our listener(:, shouldAcceptNewConnection:) do we still need to check the dynamic information to be properly secure?

Hello Apple Developer Support Community, I am encountering a persistent issue while trying to code sign my macOS application (PromptVault.app) using a valid Developer ID Application certificate. The signing process fails with the following warning and error for every native .so file inside the app bundle: `Warning: unable to build chain to self-signed root for signer "(null)" <file-path>: errSecInternalComponent` What I have tried so far: Verified that my Developer ID Application certificate and the associated private key exist correctly in the login keychain. Confirmed that the intermediate certificate "Apple Worldwide Developer Relations - G6" is installed and valid in the System keychain. Added Terminal to Full Disk Access in Security & Privacy to ensure signing tools have required permissions. Executed security set-key-partition-list to explicitly allow code signing tools to access the private key. Reinstalled both developer and Apple intermediate certificates. Used codesign to individually sign .so files and then sign the entire bundle. Ensured macOS and Xcode Command Line Tools are up to date. Created a clean Python virtual environment and rebuilt all dependencies. Tested code signing in multiple ways and with verbose logging. Current status: Despite all these efforts, the same warning and error persist during the signing process of every .so file. This prevents successful code signing and notarization, blocking distribution. Request for assistance: Could anyone confirm if my certificate and keychain setup sounds correct? Are there known issues or extra steps necessary to properly build the trust chain for Developer ID certificates on macOS 15.6.1 (Sequoia)? Any suggestions for resolving the errSecInternalComponent during signing native libraries? Guidance on ensuring the entire certificates chain is trusted and usable by codesign tools? I can provide debug logs, screenshots of my keychain and security settings, or any other diagnostic information if needed. Thanks in advance for your help!

Your development team has reached the maximum number of registered iPhone devices. I am use the free provisioning file. So how can I delete old device and use my new iPhone to develop my app. only way is use a paid account? or register a new Apple ID?

I am experiencing a persistent issue when trying to sign my application, PhotoKiosk.app, using codesign. The process consistently fails with the error errSecInternalComponent, and my troubleshooting indicates the problem is with how the system accesses or validates my certificate's trust chain, rather than the certificate itself. Error Details and Configuration: codesign command executed: codesign --force --verbose --options=runtime --entitlements /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/entitlements.plist --sign "Developer ID Application: Sérgio Mordente (G75SJ6S9NC)" /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/dist/PhotoKiosk.app Error message received: Warning: unable to build chain to self-signed root for signer "(null)" /Users/sergiomordente/Documents/ProjetosPhotocolor/PhotoKiosk-4M/dist/PhotoKiosk.app: errSecInternalComponent Diagnostic Tests and Verifications Performed: Code Signing Identity Validation: I ran the command security find-identity -v -p codesigning, which successfully confirmed the presence and validity of my certificate in the Keychain. The command output correctly lists my identity: D8FB11D4C14FEC9BF17E699E833B23980AF7E64F "Developer ID Application: Sérgio Mordente (G75SJ6S9NC)" This suggests that the certificate and its associated private key are present and functional for the system. Keychain Certificate Verification: The "Apple Root CA - G3 Root" certificate is present in the System Roots keychain. The "Apple Worldwide Developer Relations Certification Authority (G6)" certificate is present and shown as valid. The trust setting for my "Developer ID Application" certificate is set to "Use System Defaults". Attempted Certificate Export via security: To further diagnose the problem, I attempted to export the certificate using the security find-certificate command with the exact name of my identity. Command executed (using double quotes): security find-certificate -c -p "Developer ID Application: Sérgio Mordente (G75SJ6S9NC)" &gt; mycert.pem Error message: security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain. The same error occurred when I tried with single quotes. This result is contradictory to the output of find-identity, which successfully located the certificate. This suggests an internal inconsistency in the Keychain database, where the certificate is recognized as a valid signing identity but cannot be located via a simple certificate search. Additional Troubleshooting Attempts: I have already recreated the "Developer ID Application" certificate 4 times (I am at the limit of 5), and the issue persists with all of them. The application has been rebuilt, and the codesign command was run on a clean binary. Conclusion: The problem appears to be an internal macOS failure to build the trust chain for the certificate, as indicated by the errSecInternalComponent error. Although the certificate is present and recognized as a valid signing identity by find-identity, the codesign tool cannot complete the signature. The failure to find the certificate with find-certificate further supports the suspicion of an inconsistency within the keychain system that goes beyond a simple certificate configuration issue. I would appreciate any guidance on how to resolve this, especially given that I am at my developer certificate limit and cannot simply generate a new one.

I've recently upgraded to the RC candidates of macOS 26 and Xcode 26. The app I'm building has a helper tool using SMAppService. When I run the app and helper tool in macOS 15 or macOS 26, all works as expected. When it runs on macOS 13 or 14, which previously worked. The helper now crashes on launch with the following reason: Termination Reason: CODESIGNING 4 Launch Constraint Violation I found this developer session which seems to address this, but the plist I've added doesn't seem to satisfy the constraint. https://developer.apple.com/videos/play/wwdc2023/10266/ Here are the contents of my new plist: Are there any gotchas here that I might be missing? Thanks!

I tried building a macOS app with Electron, but I ran into problems during notarization. I used notarytool to upload my DMG and got status: Invalid. xcrun notarytool log output { "logFormatVersion": 1, "jobId": "680bf475-a5f4-4675-9083-aa755d492b18", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "BODYPARK-v3.6.0-mac.app.zip", "uploadDate": "2025-09-25T02:50:41.523Z", "sha256": "e61074b9bba6d03696f2d8b0b13870daafc283960e61ab5002d688e4e82ef6f6", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMagic/mac/libpag.framework/libpag", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "x86_64" }, { "severity": "error", "code": null, "path": "BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMagic/mac/libpag.framework/libpag", "message": "The signature does not include a secure timestamp.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733", "architecture": "x86_64" }, { "severity": "error", "code": null, "path": "BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMagic/mac/libpag.framework/libpag", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "arm64" }, { "severity": "error", "code": null, "path": "BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMagic/mac/libpag.framework/libpag", "message": "The signature does not include a secure timestamp.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733", "architecture": "arm64" } ] } I checked the signature of my .app file: codesign -v -vvv --deep --strict /Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/MacOS/BODYPARK-v3.6.0-mac --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (GPU).app --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (GPU).app --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (Plugin).app --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (Plugin).app --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/TXFFmpeg.framework/Versions/Current/. --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/TXFFmpeg.framework/Versions/Current/. --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/. --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/Helpers/chrome_crashpad_handler --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/Helpers/chrome_crashpad_handler --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/. --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/TXSoundTouch.framework/Versions/Current/. --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/TXSoundTouch.framework/Versions/Current/. --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper.app --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper.app --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (Renderer).app --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (Renderer).app /Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/MacOS/BODYPARK-v3.6.0-mac: valid on disk /Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/MacOS/BODYPARK-v3.6.0-mac: satisfies its Designated Requirement It looks like local signing succeeded, but notarization is failing. I’m a beginner with macOS signing/notarization. Could you please help me figure out what I’m doing wrong and how to fix this? I’d really appreciate any guidance.

I want to export Mac OS application out side App Store and I need to have Developer Id installer certificate to do the same. When I go to certificate section in developer portal - I only see option of Mac App Distribution Mac Installer Distribution Developer ID Application Does anyone know where I can check the Developer ID installer part. Developer ID application doesn't work for signing the app manually.

The Developer App Certificate is not trusted.

I'm experiencing an issue when exporting an Enterprise distribution certificate where the certificate and private key won't export together - the private key keeps getting left out. I'm running macOS Tahoe. Has anyone encountered the same issue or know of a solution? Any help would be appreciated.

I am using a Sonoma VM (14.6) where i have installed xcode 16.2. When i try login into apple id into xcode, i am getting this error. I know i am entering the correct credentials. Not sure why this issue is. In other Sequioa and Tahoe VM , i was able to login.

Hello Apple Developer Forum Community, I’ve got a problem with the signing process of my AppClip Test App. Can someone help me? As I don’t know hot to get the certificate...

Background We are using a Developer ID application certificate to sign our application. We lost the private key and we need to revoke it before we can receive a new one. Per documentation (https://developer.apple.com/support/certificates/), I know that previously installed applications will still be able to run, but new installations will not be able to work. I want to confirm what will happen when we revoke the certificate so we know how to prepare customers for this upcoming change. Questions Will existing installations of the application receive a notice that the certificate has been revoked? Will previously installed applications be able to launch again after they are closed? What will the user see when they try to install the application with the revoked certificate?

如果你的 App 执行设备端收据验证，请确保你的 App 支持 SHA-256 算法。 我的APP接入了apple内购，我需要如何验证我的app支持 SHA-256 算法呢？

After I upgraded to macOS 15.3, all of my current Xcode project have the signing issue, I spent half day and I didn't make any progress, I tried two projects, one is Swift AppKit App calling one C++ dylib, another one is a pure Swift AppKit app, when I build, there will be error: Warning: unable to build chain to self-signed root for signer "Apple Development: Steven Tang (XXXXX)" /Volumes/TwoTSSD/steventang/Library/Developer/Xcode/DerivedData/ImageEnhancement-ddbilgyraofrdyfeljyuknusunza/Build/Products/Release/ImageEnhancement.app: errSecInternalComponent I tried remove account, add account back in Xcode, none of it worked, also tried ChatGPT's WWDR updating and it won't help.