Error 7000 "Team is not yet configured for notarization" - Cannot notarize any apps I'm trying to notarize macOS apps for Developer ID distribution and consistently getting error 7000 on every submission. Error Details: { "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000 } What I've tried: Completed enrollment verification Created new App Store Connect API key with Admin access Created fresh App-Specific Password Submitted via both API key and App-Specific Password authentication All submissions are accepted and uploaded successfully, but after processing they're rejected with error 7000 Technical Details: Active Developer ID Application certificate Hardened runtime enabled Apps are properly code-signed (codesign -vvv passes) Behavior: Over 15 submissions since December 2nd - ALL rejected with the same error 7000. The submissions upload successfully and show "In Progress" for extended periods (sometimes hours) before eventually being rejected. Questions: Has anyone encountered error 7000 and resolved it? What was the fix? Are there any account settings or agreements required specifically for notarization that aren't obvious in the developer portal? Should I contact Apple Developer Support directly, or is there a self-service solution? Any guidance would be greatly appreciated.

In XCode I create and export a notarized app for "direct distribution". I then create a tar file of the exported .app to distribute to my users. Until today this worked fine. Now when the users try to run the app it pops up a dialog saying "app is damaged and can't be opened. You should move it to the Trash." It is possible to ctrl-click on the app and force it to run but, I think, whether this works or not will depend on system settings and not all users have root access to modify settings. Even simply copying the .app folder from the command line will cause this error.

I tried building a macOS app with Electron, but I ran into problems during notarization. I used notarytool to upload my DMG and got status: Invalid. xcrun notarytool log output { "logFormatVersion": 1, "jobId": "680bf475-a5f4-4675-9083-aa755d492b18", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "BODYPARK-v3.6.0-mac.app.zip", "uploadDate": "2025-09-25T02:50:41.523Z", "sha256": "e61074b9bba6d03696f2d8b0b13870daafc283960e61ab5002d688e4e82ef6f6", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMagic/mac/libpag.framework/libpag", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "x86_64" }, { "severity": "error", "code": null, "path": "BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMagic/mac/libpag.framework/libpag", "message": "The signature does not include a secure timestamp.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733", "architecture": "x86_64" }, { "severity": "error", "code": null, "path": "BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMagic/mac/libpag.framework/libpag", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "arm64" }, { "severity": "error", "code": null, "path": "BODYPARK-v3.6.0-mac.app.zip/BODYPARK-v3.6.0-mac.app/Contents/Resources/plugin/XMagic/mac/libpag.framework/libpag", "message": "The signature does not include a secure timestamp.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733", "architecture": "arm64" } ] } I checked the signature of my .app file: codesign -v -vvv --deep --strict /Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/MacOS/BODYPARK-v3.6.0-mac --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (GPU).app --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (GPU).app --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (Plugin).app --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (Plugin).app --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/TXFFmpeg.framework/Versions/Current/. --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/TXFFmpeg.framework/Versions/Current/. --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/. --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/Helpers/chrome_crashpad_handler --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/Helpers/chrome_crashpad_handler --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/. --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/TXSoundTouch.framework/Versions/Current/. --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/TXSoundTouch.framework/Versions/Current/. --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper.app --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper.app --prepared:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (Renderer).app --validated:/Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/Frameworks/BODYPARK-v3.6.0-mac Helper (Renderer).app /Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/MacOS/BODYPARK-v3.6.0-mac: valid on disk /Users/zhangheng/Desktop/development/coach-app/dist_electron/mac-universal/BODYPARK-v3.6.0-mac.app/Contents/MacOS/BODYPARK-v3.6.0-mac: satisfies its Designated Requirement It looks like local signing succeeded, but notarization is failing. I’m a beginner with macOS signing/notarization. Could you please help me figure out what I’m doing wrong and how to fix this? I’d really appreciate any guidance.

Hello, I have created multiple Developer ID Application and Developer ID Installer certificates across different Apple OS versions without keeping the Certificate Signing Requests (CSR). As I’m not very experienced with Apple’s system, I made this mistake and now I am unable to create new certificates because I have reached the maximum number of certificates allowed. I develop software based on Electron and have been building and signing my applications with electron-builder, integrating the app signing needed to submit the app to the Apple Store via Transporter. Here is the relevant portion of my package.json build config: "mac": { "appId": "com.nome_app.ext", "type": "distribution", "target": [ "mas" ], "artifactName": "name_app.${ext}", "category": "public.app-category.utilities", "provisioningProfile": "build/prov_prof_mac_name_app.provisionprofile" }, "mas": { "appId": "com.name_app.ravia", "hardenedRuntime": false, "type": "distribution", "gatekeeperAssess": true, "artifactName": "name_app.${ext}", "category": "public.app-category.utilities", "entitlements": "build/entitlements.mas.plist", "extendInfo": { "NSMicrophoneUsageDescription": "This app requires microphone access.", "NSCameraUsageDescription": "This app requires webcam access." }, "entitlementsInherit": "build/entitlements.mas.inherit.plist" } } Currently, I have recreated the Mac Developer Application and Mac Developer Installer certificates, but without valid Developer ID Installer and Developer ID Application certificates, I always get this error during build: `skipped macOS application code signing reason=cannot find valid "Developer ID Application" identity or custom non-Apple code signing certificate, it could cause some undefined behaviour, e.g. macOS localized description not visible, see https://electron.build/code-signing allIdentities= 718241A413826C6A97E2062EAEC155BEF5330CCA "iPhone Distribution: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED) 60B360CCE27FE915799FAE7C8E6A16962F2DE9B0 "3rd Party Mac Developer Installer: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED) 4518A8CE3BAC4F27B09D654DA14F52FBE15A0A85 "3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED) ... (additional identities with CSSMERR_TP_NOT_TRUSTED) Valid identities only: 718241A413826C6A97E2062EAEC155BEF5330CCA "iPhone Distribution: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" (CSSMERR_TP_NOT_TRUSTED) ... • signing file=dist/mas/Studio Medico Specialistico.app platform=mas type=distribution identityName=3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ) identityHash=4518A8CE3BAC4F27B09D654DA14F52FBE15A0A85 provisioningProfile=build/prov_prof_mac_studiomedicospecialistico.provisionprofile • Command failed multiple times: codesign --sign "3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" --force --timestamp --entitlements build/entitlements.mas.inherit.plist /path/to/app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/af.lproj/locale.pak Warning: unable to build chain to self-signed root for signer "3rd Party Mac Developer Application: RAVIA SOFTWARE DI VILLANOVA DOMENICO ANTONIO (T9UD6J5HXZ)" Error: errSecInternalComponent From my understanding, the system cannot find a valid Developer ID Application identity for signing. The existing certificates all show the CSSMERR_TP_NOT_TRUSTED error and the signing command fails with errSecInternalComponent. **I have confirmed that the certificates are installed in my keychain, but they may be missing private keys or not fully trusted. Is there a possibility to reset my Apple Developer account’s Developer ID Application and Developer ID Installer certificates, so I can start fresh and generate new valid certificates? Could you please advise on how to proceed or if there is any way to clear the current certificate limit?** Thank you very much for your help.

Unable to notarize Electron-based application. All notarization attempts fail with "The signature of the binary is invalid" for main executable and Electron Framework, despite passing local codesign verification. ENVIRONMENT: macOS: 24.6.0 (Sequoia) Hardware: Apple M4 Max (arm64) electron-builder: 26.0.12 Electron: 36.9.5 (also tested 37.10.2, 38.2.0) Certificate: Developer ID Application: AS LIVE MEDIA SP Z O O Team ID: 2KJ532SU3G Certificate validity: Oct 7 2025 - Oct 8 2030 PROBLEM: Every notarization submission fails with identical error for two binaries: Contents/MacOS/PresentClic Desktop Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework Error message: "The signature of the binary is invalid." Architectures affected: Both x86_64 and arm64 CRITICAL CONTRADICTION: ✅ Local verification PASSES: $ codesign --verify --deep --strict "PresentClic Desktop.app" Result: valid on disk, satisfies Designated Requirement ❌ Apple notarization service FAILS: Error: "The signature of the binary is invalid" LATEST SUBMISSION ID: 11e1a452-4ea7-4562-ac8e-5e76c39eeb6c Local verification output shows all components validated: Electron Framework: validated ✅ All helper apps: validated ✅ All frameworks: validated ✅ Main executable: valid on disk ✅ Authority chain: Developer ID Application → Developer ID CA → Apple Root CA ✅ Timestamp: Present ✅ Runtime Version: 15.4.0 ✅ CONFIGURATION: Entitlements (build/entitlements.mac.plist): com.apple.security.cs.allow-jit: true com.apple.security.cs.allow-unsigned-executable-memory: true com.apple.security.cs.disable-library-validation: true com.apple.security.cs.allow-dyld-environment-variables: true com.apple.security.automation.apple-events: true Standard device/network/file entitlements Build configuration: hardenedRuntime: true gatekeeperAssess: false (tested both true and false) entitlements and entitlementsInherit: properly configured TROUBLESHOOTING STEPS ATTEMPTED (ALL FAILED): ✅ Updated electron-builder from 24.13.3 to 26.0.12 ✅ Downgraded Electron 38 → 37 → 36 ✅ Tested x86_64 and arm64 separately ✅ Regenerated certificate via Xcode (new cert generated 23/11/2025) ✅ Configured App Store Connect API for notarization ✅ Tested multiple entitlements combinations ✅ Manual component-by-component re-signing ✅ Removed all metadata files (._ files) ✅ Tested both ZIP and DMG formats ✅ Automatic electron-builder notarization ✅ Manual notarization via xcrun notarytool ✅ Custom afterSign hooks for re-signing ✅ gatekeeperAssess true and false ✅ Clean builds (removed dist/ directory) ALL attempts result in identical failure. Local codesign verification ALWAYS passes. QUESTIONS: Why does local codesign --verify pass but Apple notarization service fails? Is there a known issue with Electron Framework notarization on macOS Sequoia + Apple Silicon? 3. Are there undocumented requirements for Electron apps that could cause this? 4. Could this be a bug in the notarization service for this specific configuration? ADDITIONAL CONTEXT: Multiple notarization attempts over 24+ hours Different certificates, configurations, architectures - all fail identically No similar reports found in forums or GitHub issues Application functions correctly when Gatekeeper is bypassed This is blocking production distribution to macOS users This appears to be either: A bug in Apple notarization service for Electron apps An incompatibility between electron-builder 26 + Electron 36/37 + macOS Sequoia + Apple Silicon The fact that local verification passes but notarization fails suggests the issue is with the notarization service validation logic, not the actual code signatures. REQUEST: Need guidance on resolving this issue. Standard documentation and troubleshooting steps have not resolved the problem. Thank you for any assistance. Staszek Pliszko

Hello, I'm currently developing an iOS app that uses SensorKit. Everything works fine in development and testing — the app correctly requests and receives SensorKit permissions on test devices. In my App ID configuration, the SensorKit Reader Access entitlement (com.apple.developer.sensorkit.reader.allow) is included and visible in Xcode under the project’s entitlements list. However, when I try to archive and distribute the app, I get the following errors in Xcode: Provisioning profile failed qualification Profile doesn't support SensorKit Reader Access. Provisioning profile failed qualification Profile doesn't include the com.apple.developer.sensorkit.reader.allow entitlement. Even though my provisioning profile includes this entitlement, Xcode still refuses to distribute the app. Here’s what I’ve confirmed so far: The provisioning profile lists com.apple.developer.sensorkit.reader.allow in its entitlements. SensorKit works perfectly in debug and development builds. The issue only occurs when attempting to distribute (Archive → Distribute App). Could this be because my account has only development entitlement for SensorKit and not the distribution entitlement? If so, how can I verify or request the proper distribution entitlement for SensorKit Reader Access? Thank you for any guidance or confirmation from Apple regarding this entitlement behavior.

Hello! I need help with the following issue. I can't create a provisioning profile. The following error message appears: The following devices are either already present and have not been modified, or they contain invalid identifiers. I'm a beginner and have been struggling with this issue for a month and a half. Any help would be appreciated.

I have a free developer account, and I have been creating applications. When I tried to open one of them, it said that this app has been flagged as malware. It is not malware, so I don't know why it has been flagged as this. Not just this app, but suddenly a whole bunch of my apps have been flagged as malware as well! The app I have been developing is basically a windows Taskbar for my macbook air, and it has been working well until the latest update i made where it hides in full screen, suddenly it started taking up significant energy, so i reverted to an older version while i was fixing it. Then, when i try to open it another time, it starts to open, and it says "Malware Blocked and Moved to Bin" “Taskbar.app” was not opened because it contains malware. This action did not harm your Mac”. All versions of the taskbar now contain this message. I try opening some of my other apps, a shared storage client and a shared storage server (where i was testing with app groups), and they couldn't open either, the same malware message appeared. ProPermission couldn't open either (changes permissions on files for me so i don't have to use the terminal or finder). I can run these apps through the Xcode environment (attached process), but when I archieve it into an app bundle, the malware flag appears. Please note that I am certain that these apps do not contain malware, apparently XProtect has incorrectly flagged my apps as malware. Because I do not have the paid developer account, I cannot notarize my apps. I am using MacOS Tahoe 26.1 with Xcode 26.0, and I have tested it with a iMac Intel 2017 with MacOS Ventura.

I’m unable to notarize the executable and the .app — the status has been showing “In Progress” for over an hour. Upon checking the xcrun logs, it indicates that the submission ID was not received. I also noticed there’s an Apple Developer Service outage reported since October 8, 2025. Could you please let me know when this outage is expected to be resolved? It would be very helpful.

The attached file bellow contains the full error error I clone this repo to my mac, change team id and group, and run it in Xcode: https://github.com/protonpass/ios-pass There's no issue when I ran it with the Debug configuration, but when I go to Product > Scheme > Edit Scheme and change the iOS target build configuration to Release then I got that error above. I have tried Archive and export the ipa, verify that the provisioning profile contains my Mac UDID, but when double clicking the ipa to install, I also got the error This app cannot be installed because its integrity could not be verified.

Hello Apple Developer Forum Community, I’ve got a problem with the signing process of my AppClip Test App. Can someone help me? As I don’t know hot to get the certificate...

Hello, I sent this in as a feedback several weeks ago about watchOS 26.2 beta 2 but since the issue is still active now that watchOS 26.2 is in production I'm reposting here for the community. I would also like to submit a DTS about this issue but honestly don't know the best way to go about it and would appreciate advice about that. There seems to be an issue with VPP distribution for our app on watchOS 26.2. When our watchOS companion app is launched after being installed through VPP to a supervised iPhone, it encounters a dyld error before main() or any application code is even called. The same app launches correctly in every other circumstance we could imagine and test: – Installed through VPP on supervised devices running watchOS 26.1. – Installed from the app store (using an apple id) on a supervised iPhone and paired watch running iOS 26.2 / watchOS 26.2. – Installed through Testflight on a supervised iPhone and paired watch running iOS 26.2 / watchOS 26.2. – Installed through the app store on unsupervised devices running watchOS 26.1 and 26.2. This strongly appears to be a VPP signing issue because we even did the following experiment: Install iPhone and Watch apps through the App Store on a supervised device pair running public iOS 26.2 beta 2 / watchOS 26.2 beta 2. Verify that both apps launch successfully. Use an MDM command to install from VPP over the existing installations Verify that the watch app fails to launch (the iOS app is unaffected) My feedback included some crash logs which I won't be reposting publicly here. Any feedback or ideas appreciated.

Hello Quinn and Apple Developer Support, We are encountering an issue where our notarization queue appears to be stuck, and we would greatly appreciate your help. A few days ago, we assisted another team by submitting their app for notarization using our own Apple Developer account, because their own notarization attempts were getting stuck. However, the submission we made for them under our account has now been stuck in the “In Progress” state for about 5 days. Later, their own submission (using their account) was rejected after 2–3 days, but our submission for them (under our account) has never completed. Since then, all our subsequent notarization requests have also remained “In Progress”, which strongly suggests that the stuck submission is blocking our entire notarization queue. Here are the details from our submission history: xcrun notarytool history --apple-id "xxx" --team-id "xxx" --password "xxx" Partial results: id: 0bafa66f-4f47-4327-811f-a05481be5d0b status: In Progress id: 2d00b75a-a17a-44fc-afa1-71e0e39ec2cd status: In Progress The first ID is our own app’s submission. The second ID belongs to the submission we made for the other team. Both have been stuck in “In Progress” for several days, which seems abnormal. Could you please help us clear or reset the notarization queue for our account so that we can continue submitting our own apps? Thank you very much for your time and assistance! Best regards, gongcj

productsign Command Appears to Succeed but Package has No Valid Signature Category: Security, macOS, Code Signing Question: productsign command, when signing a PKG created with productbuild, appears to succeed with a success message (Wrote signed product archive to ...) but spctl verification results in rejected, source=no usable signature, indicating that the signature was not actually applied. Details: Goal: To sign a distribution package created with productbuild using a Developer ID Installer certificate. Certificate Used: Developer ID Installer: [Company Name] ([Team ID]) This certificate was issued by Previous Sub-CA and is not the latest G2 Sub-CA recommended by Apple. We cannot create a new G2 Sub-CA certificate as we have reached the limit of 5. productsign Command: productsign --sign "Developer ID Installer: [Company Name] ([Team ID])" [input.pkg] [output.pkg] productsign Output: Wrote signed product archive to [output.pkg] (Appears as a success message). spctl Signature Verification: spctl -a -vv [output.pkg] Result: rejected, source=no usable signature Notarization Service Results (Behavioral difference between Macs): On Mac A, the submission status was Accepted. On Mac B, the status was Invalid, with the notarization log message being The binary is not signed.. Troubleshooting Steps Taken: We attempted to sign both component and distribution packages with productsign, and in both cases, the signature was not recognized by the system. We skipped productsign and relied on the notarization service's auto-signing, but the notarization log still reported The binary is not signed., and the notarization failed. We have confirmed that the certificate and private key are properly associated in Keychain Access. My Questions: Given that we are using an older Previous Sub-CA certificate and cannot create a new one, why does productsign appear to succeed when the signature is not being applied? What could cause the behavioral difference where notarization is Accepted on Mac A but Invalid on Mac B? Is this a known issue with Apple's tools, or is it possibly caused by the specific structure of our PKG? What is the recommended workflow or debugging method to successfully sign and notarize a PKG under these circumstances? Thank you for your assistance

Hello, We have a working application with several entitlements - com.apple.developer.endpoint-security.client and com.apple.developer.team-identifier. Recently, the Developer ID signing certificate expired and we created a new one according to the instructions on the website. Also the provisioning profile for those entitlements expired so we edited it to use the new certificate. We built using xcodebuild in a script and signed with codesign, We supply the certificate id and the entitlement in a plist file like this : codesign --timestamp --force --sign "${application_signature}" --options=runtime "${obj}" --entitlements "${SR_ENTITLEMENT_PATH}" (those env vars hold the correct values for the cert id and plist path as far as we checked). The signing works and looks ok with "codesign -dvvv": (XXXX replaces the real file name for privacy) Signature size=9050 Authority=Developer ID Application: XXXXXX. (XXXXX) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=16 Oct 2025 at 11:09:53 AM Info.plist=not bound TeamIdentifier=XXXXX Runtime Version=14.5.0 Sealed Resources=none Internal requirements count=1 size=184 [Dict] [Key] com.apple.application-identifier [Value] [String] XXXXX.com.XXXX.XXXX [Key] com.apple.developer.endpoint-security.client [Value] [Bool] true [Key] com.apple.developer.team-identifier [Value] [String] XXXXXX` But when the app need to run it is killed and the console shows the following: amfid: /private/tmp/XXXXX not valid: Error Domain=AppleMobileFileIntegrityError Code=-420 "The signature on the file is invalid" UserInfo={NSURL=file:///private/tmp/XXXXX, NSLocalizedDescription=The signature on the file is invalid} kernel: mac_vnode_check_signature: /private/tmp/CybereasonSensor: code signature validation failed fatally: When validating /private/tmp/XXXXX: Code has restricted entitlements, but the validation of its code signature failed. We didn't change any code or build differently (it's done by a CI jenkins job. So if the file is signed and the and has the entitlements why does it fail? what should be done? Thanks, Boaz

Hello, I’m having trouble enabling Background Location updates on my iOS app. Xcode: 26.0 beta Team: Individual Developer Program (paid, activated recently) Device: iPhone (physical device, registered and provisioned) Problem When building to device, I get the error: Provisioning profile "iOS Team Provisioning Profile: com.mybundle.id" doesn't include the com.apple.developer.background-modes entitlement. Automatic signing failed. On the simulator the build succeeds, but on device the signing fails unless I remove the background-modes entitlement from .entitlements. What I tried Enabled Background Modes → Location updates in Signing & Capabilities (UI only). Info.plist contains UIBackgroundModes = location and the required NSLocation…UsageDescription keys. Cleaned Derived Data, removed cached provisioning profiles (~/Library/Developer/Xcode/UserData/Provisioning Profiles). Changed Bundle Identifier to force regeneration of provisioning profiles. Deleted and recreated provisioning profiles from Xcode. Tried both with and without manual .entitlements edits. Current status Provisioning profile shows only App Groups, In-App Purchase, Push Notifications. Entitlements section in the downloaded profile is missing com.apple.developer.background-modes. As a result, background location cannot be enabled on device. Question Is this a known issue with Xcode 16/26 beta or with Individual Developer accounts? How can I get com.apple.developer.background-modes included in my provisioning profile so that location tracking continues while the screen is locked? Thank you.

Hi guys, I am new to publishing apps on Apple Store. I used python, pyside6, torch, pyinstaller to build an app for Apple Store. For codesigning, I used the correct "Developer ID Application" to sign the code. When I validate the .app file (codesign -vv --strict ), I got the following my_app.app: valid on disk my_app.app: satisfies its Designated Requirement Next, I used ditto to "ditto -c -k --sequesterRsrc --keepParent my_app.app my_app.zip" to zip it. Then, I submitted this my_app.zip file for notarization with "xcrun notarytool submit ..." and got the following "accepted" message. Received new status: Accepted Current status: Accepted............... [20:08:54.530Z] Info [API] Submission in terminal status: Accepted Processing complete After that, I want to staple it with "xcrun stapler staple my_app.app", but I got the following Could not validate ticket for my_app.app The staple and validate action failed! Error 65. To further investigate it, I ran "spctl -a -vvv my_app.app" and got my_app.app: rejected source=Unnotarized Developer ID origin=Developer ID Application... I don't know why this would happen after notarization accepted. Could someone help me understand this issue? Thanks!

Hello, when building and signing my application in a Github actions workflow, I am facing an issue on the latest version of xCode (16.4). This issue is resolved by downgrading to 16.3. My CI/CD pipeline is running headless and installing provisioning profile to ~/Library/MobileDevice/Provisioning Profiles.

Hello, We are currently facing an issue with the Apple Notary Service that is completely blocking our production pipeline. For the past three days, every single submission has been stuck in the "In Progress" state indefinitely. Some submissions have been pending for over 48 hours, and none of them ever proceed to analysis. When checking the status via xcrun notarytool history, all entries show "In Progress". Attempting to retrieve logs with xcrun notarytool log always returns: Submission log is not yet available. This strongly suggests that the processing hasn't even started. This issue occurs consistently from my local machine (MacBook Air M3) and Our GitHub Actions CI workflow. Both environments are properly configured with Electron + Electron-Builder, and the app is correctly signed and uploaded each time. We have verified multiple times all credentials and code signing settings, no exceptions so far or problems in the pipeline. Here are a few stuck submission IDs: This is not a normal delay, it looks like a backend issue affecting our account or this specific App ID. Please escalate this case as soon as possible. We appreciate your urgent attention. Best

I have an app for iOS already on the AppStore and I'm trying to add a macOS version of it. The AppID prefix for this app is different than my Team ID. This mismatch was always fine for submitting my iOS app. However for some reason, the macOS version gets rejected when I upload it. It tells me the AppID prefix must match my Team ID. I do not control my TeamID and I do not control my AppID prefix, they are both given to me by Apple. Yet the error message tells me they must match. How do I get past this? Here is the error message: Validation failed Invalid code signing entitlements. Your application bundle's signature contains code signing entitlements that aren't supported on macOS. Specifically, the "APPID_PREFIX.MY_BUNDLE_ID" value for the com.apple.application-identifier key in "MY_PACKAGE" isn't supported. This value should be a string that starts with your Team ID, followed by a dot ('"), followed by the bundle ID. (ID: 930b77ae-099f-4798-a14a-2803f2a9be9e) Thanks in advance for any pointer.