I'm having trouble configuring the "IOPCIPrimaryMatch" entitlement. I'm currently developing using "sign to run locally" and have been able to confirm the expected behavior. I was considering signing with "Developer ID Application" for future distribution to customers, but after finding the following forum, I'm now aiming to sign with "Apple Development." https://developer.apple.com/forums/thread/743021 I'm currently having trouble with the IOPCIPrimaryMatch value. The "signing certificate" status in Xcode changes depending on the value, as follows: Successful if the value is as follows: IOPCIPrimaryMatch 0xFFFFFFFF&0x00161916 An error occurs if the value is as follows: IOPCIPrimaryMatch 0xFFFFFFFF&0x00161916 So I tried building and installing using "0xFFFFFFFF&0x00161916", but this time the driver was not assigned to the PCI device. By the way, when I used "sign to run locally", both the installation and assignment were successful with the following: IOPCIPrimaryMatch 0xFFFFFFFF&0x00161916 Could you please tell me the correct way to write this?

Hi First, I hope I'm in the right place, I'm not certain. I'm having my first attempt at IOS development and want to see the progress I've made on my phone. I plugged it in to my Mac and selected it as a preview device and got the following messages in the Signing & Capabilities screen: Your team has no devices from which to generate a provisioning profile. Connect a device to use or manually add device IDs in Certificates, Identifiers & Profiles. https://developer.apple.com/account/ No profiles for '...' were found: Xcode couldn't find any iOS App Development provisioning profiles matching '...'. My account and personal team are shown in the Xcode settings, but it says 0 Provisioned Devices. I also tried restarting, and enabled developer mode on the phone. I checked the provided link, but saw nowhere to add a device ID. Clearly I don't understand what I'm doing. Can anyone help me make sense of this?

Is the Notary service unavailable again? The system-status page shows it as being green but I am back to receiving the same error as previously which fixed itself once the notary service went green again and I am unable to notarize and staple my Distribution PKG.

Hello everyone, I am developing a Flutter iOS application that includes a Widget Extension + Live Activity (ActivityKit). The project runs successfully on the iOS simulator when launched directly from Xcode, but it cannot be signed properly via Flutter and I cannot upload the build to App Store Connect due to the following CodeSign error: Command CodeSign failed with a nonzero exit code Provisioning profile "…" doesn't include the entitlement: com.apple.developer.activitykit.allow-third-party-activity This error never goes away no matter what I try. And the main problem is that my App ID does NOT show any ActivityKit or Live Activity capability in the Apple Developer portal → Identifiers → App ID. So I cannot enable it manually. However: Xcode requires this entitlement Flutter requires this entitlement When I add the entitlement manually in the .entitlements file, Xcode says: “This entitlement must be enabled in your Developer account. It cannot be added manually.” So I am stuck in a loop where: Apple Developer portal does not show ActivityKit capability Xcode demands the ActivityKit entitlement Signing fails App Store upload fails And Live Activity is a critical feature of my app What I have already done ✔ “Automatically manage signing” is enabled ✔ Correct Team is selected for both Runner and the Widget Extension ✔ Bundle IDs are correct: com.yksbuddy.app com.yksbuddy.app.TimerWidgetExtension ✔ Deleted Derived Data completely ✔ Tried removing all ActivityKit-related entitlement keys manually ✔ Deleted Pods, reinstalled, rebuilt ✔ App Group settings match between Runner and Extension ✔ The same Live Activity code works perfectly in a clean Xcode-only project ✔ But fails only inside a Flutter project structure ✔ Xcode builds & runs on simulator, but App Store upload always fails due to missing entitlement Core Problem: In my Apple Developer “Identifiers → App ID” page, the Live Activity / ActivityKit capability does NOT appear at all, so I cannot enable: Live Activities ActivityKit Third-party activity entitlement Without being able to enable this capability, I cannot create a valid provisioning profile that includes: com.apple.developer.activitykit.allow-third-party-activity Flutter + Xcode insists this entitlement must exist, but Apple Developer portal does not give any option to enable it.

I have a free developer account, and I have been creating applications. When I tried to open one of them, it said that this app has been flagged as malware. It is not malware, so I don't know why it has been flagged as this. Not just this app, but suddenly a whole bunch of my apps have been flagged as malware as well! The app I have been developing is basically a windows Taskbar for my macbook air, and it has been working well until the latest update i made where it hides in full screen, suddenly it started taking up significant energy, so i reverted to an older version while i was fixing it. Then, when i try to open it another time, it starts to open, and it says "Malware Blocked and Moved to Bin" “Taskbar.app” was not opened because it contains malware. This action did not harm your Mac”. All versions of the taskbar now contain this message. I try opening some of my other apps, a shared storage client and a shared storage server (where i was testing with app groups), and they couldn't open either, the same malware message appeared. ProPermission couldn't open either (changes permissions on files for me so i don't have to use the terminal or finder). I can run these apps through the Xcode environment (attached process), but when I archieve it into an app bundle, the malware flag appears. Please note that I am certain that these apps do not contain malware, apparently XProtect has incorrectly flagged my apps as malware. Because I do not have the paid developer account, I cannot notarize my apps. I am using MacOS Tahoe 26.1 with Xcode 26.0, and I have tested it with a iMac Intel 2017 with MacOS Ventura.

I am currently having issues uploading my app to appstoreconnect.apple.com/notary/ for notarization. It times out after hanging for a while. I get the following error. 13:42:04 "LocalDataTask <D84AED32-B05B-4439-8BDC-40C0F89B89F1>.<1>" 13:42:04 ), NSLocalizedDescription=The request timed out., NSErrorFailingURLStringKey=https://appstoreconnect.apple.com/notary/v2/asp?, NSErrorFailingURLKey=https://appstoreconnect.apple.com/notary/v2/asp?, _kCFStreamErrorDomainKey=4})

During the release of our macOS App, we encountered the following issue: We need to support dynamic code loading of WebAssembly (wasm) inside our App, mainly by loading WebAssembly (wasm) binary modules. We discovered a problem: a wasm file is neither an executable nor a bundle, so it cannot be code-signed. Since our App needs to pass notarization, we have not set the com.apple.security.cs.allow-unsigned-executable-memory entitlement. Without setting com.apple.security.cs.allow-unsigned-executable-memory, loading a wasm module results in an “unsigned code” error that causes the process to crash. Could you please advise on what we should do to avoid this problem? Is it possible to apply for a special entitlement to allow com.apple.security.cs.allow-unsigned-executable-memory?

Coming from Windows, I'm finding Mac app packaging farcically complicated, to the level of a Python sketch. I mastered Windows packaging, via Inno, in an hour or so, but it has taken me, on and off, the best part of a week to get to the point I am at with the Mac OS, and I'm nowhere near finished (rather, it hasn't finished with me). Every time I surmount one hurdle, another pops up, seemingly just for the jollies. I'm currently stuck at: 'Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired.' My account lists no agreements in this category. I understand the need for security, but not the labyrinthine nature of the process. An inner-party member in the former Soviet Union overheard a drunken Stalin say, “I trust no one; not even myself". Apple trusts no one, but has true contempt for developers. Is there a simple way to work through the packaging process? Let me rephrase that: please God, let there be a simpler way of working through the process! Regards, in extremis, Richard

Today, I used xcrun notarytool submit to upload my packaged Electron app for macOS—once as a .zip file and once as a .dmg—for Apple notarization. However, both submissions have been stuck at "Current status: In Progress" for several hours now. I’ve also checked the status using xcrun notarytool info, and it keeps returning status: In Progress. Could someone please help me understand what might be going wrong? This is quite urgent—if a technical support engineer or anyone from the team could take a look, I’d be glad to provide the UUIDs of my notarization requests.

Hi all, I'm a solo iOS developer trying to update an app I released in 2010. My current Team ID is Q37598Q8GE, but the app's original App ID uses an old prefix, YHX995W43P. When I try to create a new App ID with the original Bundle ID (eu.andela.woordenes) to generate a new distribution provisioning profile, I get the error:An attribute in the provided entity has invalid value An App ID with Identifier 'eu.andela.woordenes' is not available. Please enter a different string. I understand this might be due to the old prefix from pre-2011, when Apple allowed multiple prefixes per account. I still have access to the app in App Store Connect and want to push an update, not create a new app. How can I resolve this?Can I reuse the existing App ID (eu.andela.woordenes with prefix YHX995W43P) for a new provisioning profile, or do I need to match my current Team ID (Q37598Q8GE)? If the Bundle ID is already taken by my current app, how do I update the app without changing the Bundle ID? Any steps to fix the prefix mismatch in Xcode or App Store Connect?

Hello, I am trying to publish a simple app to the App Store for the first time, and I am getting these 2 errors. Please note the knowledge base URLs shown in the screenshot are not clickable. I think this should be addressed. Any guidance on how to correct these issues will be greatly appreciated. Sincerely, Anis

Hello Apple Support, While attempting to staple a notarization ticket for our signed installer package, the stapler command fails with Error 65. Upon investigation, we found that connections to oscdn.apple.com present an SSL certificate issued to a248.e.akamai.net, which does not include oscdn.apple.com in its Subject Alternative Name (SAN). This mismatch prevents our macOS environment from validating tickets and completing the stapling process. Steps tried: Verified notarization status (Accepted). DNS flushed, tried different DNS (8.8.8.8, 1.1.1.1). curl to oscdn.apple.com consistently fails with SSL error 60. Please advise on resolving this certificate mismatch. also when I try to run the stapler command with my pkg "xcrun stapler staple/Users/mactest/Desktop/IPMPlus_Macos_Installer.signed.pkg" getting the output like :- Processing: /Users/mactest/Desktop/IPMPlus_Macos_Installer.signed.pkg Could not validate ticket for /Users/mac-test/Desktop/IPMPlus_Macos_Installer.signed.pkg The staple and validate action failed! Error 65. please help Thank you.

The device UDID was registered to the developer account 40 hours ago, the STATUS column was "processing" in the first 24 hours, then turned to empty. But I still can't run my app (with distribution method "development"), when I try to run it after download it through my OTA URL, it prompts “the app cannot be installed because its integrity could not be verified” but everything runs good on a iPhone which was registered a month ago. What should I do now? keep waiting?

I am receiving an entitlement error from stripe terminal SDK when integrating Tap to Pay from apple in the info.plist. Im hoping that someone can give me their input on my error output rather than diving into the stripe sdk to point me in the right direction of something I may have missed with entitlements. I have been approved for tap to pay entitlement and am following the instructions here from apple: https://developer.apple.com/documentation/proximityreader/setting-up-the-entitlement-for-tap-to-pay-on-iphone com.apple.developer.proximity-reader.tap-to-pay

My app uses a Provisioning Profile (as it bundles up a Network System Extension). I do not use "Automatically manage signing" as its causes code signing/deployment issues 🤷‍♂️ In Xcode (version 26), if I enable " Enhanced Security" and check "Enable Hardware Memory Tagging", Xcode states: Provisioning profile "<>" doesn't include the com.apple.security.hardened-process.checked-allocations and com.apple.security.hardened-process.checked-allocations.soft-mode entitlements. Normally to resolve such errors one simply adds the Capability in "Edit your App ID Configuration" and then regenerates the Provisioning Profile. However, I don't see any such capability to would add these entitlements? (I thought "Hardened Process" would be the one - but alas, no). Clicking the "for more information" link in Xcode to view the relevant(?) "Apple Developer Documentation" generates another error 😵‍💫 Didn't see anything in: https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app

Hello, We are currently facing an issue with the Apple Notary Service that is completely blocking our production pipeline. For the past three days, every single submission has been stuck in the "In Progress" state indefinitely. Some submissions have been pending for over 48 hours, and none of them ever proceed to analysis. When checking the status via xcrun notarytool history, all entries show "In Progress". Attempting to retrieve logs with xcrun notarytool log always returns: Submission log is not yet available. This strongly suggests that the processing hasn't even started. This issue occurs consistently from my local machine (MacBook Air M3) and Our GitHub Actions CI workflow. Both environments are properly configured with Electron + Electron-Builder, and the app is correctly signed and uploaded each time. We have verified multiple times all credentials and code signing settings, no exceptions so far or problems in the pipeline. Here are a few stuck submission IDs: This is not a normal delay, it looks like a backend issue affecting our account or this specific App ID. Please escalate this case as soon as possible. We appreciate your urgent attention. Best

I’m unable to notarize the executable and the .app — the status has been showing “In Progress” for over an hour. Upon checking the xcrun logs, it indicates that the submission ID was not received. I also noticed there’s an Apple Developer Service outage reported since October 8, 2025. Could you please let me know when this outage is expected to be resolved? It would be very helpful.

Hey, Just recently I realized something I have been overlooking in my build pipelines. I thought that by adding the the "hardened runtime", I disable 3rd-party library injection (I do not have the disable-library-validation entitlement added). However, I was using some checks on my code and I noticed that the "library validation" code signature check fails on my applications (e.g. adding the .libraryValidation requirement via the LightweightCodeRequirements framework) - with codesign -dvvvv /path/to/app I can check it doesn't have the CS_REQUIRE_LV flag: [...] CodeDirectory v=20500 size=937 flags=0x10000(runtime) hashes=18+7 location=embedded [...] then I used in Xcode the "Other Code Signing Flags" setting and added the -o library option, which added the flag: [...] CodeDirectory v=20500 size=937 flags=0x12000(library-validation,runtime) hashes=18+7 location=embedded [...] Is this flag something I should be explicitly setting? Because I was under the impression enabling hardened runtime would be enough. Popular Developer ID distributed applications (e.g. Google Chrome, Parallels Desktop, Slack) all have this flag set.

I made a macOS application using Swift Package and distributed it in dmg format through Apple Notary service. However, we received a report from a user that it can be launched from a disk image mounted from dmg, but when copied to /Applications, the app is broken and does not start. I looked into why this happened, I noticed that the codesign command returned different results when copying the application bundle and /Applications on the volume mounted dmg with Finder. Mounted dmg: OK ❯ codesign --verify --deep --verbose /Volumes/azoo-key-skkserv/azoo-key-skkserv.app /Volumes/azoo-key-skkserv/azoo-key-skkserv.app: valid on disk /Volumes/azoo-key-skkserv/azoo-key-skkserv.app: satisfies its Designated Requirement Copied by Finder: Bad codesign reports that there are 148 added/missing files. ❯ codesign --verify --deep --verbose /Applications/azoo-key-skkserv.app /Applications/azoo-key-skkserv.app: a sealed resource is missing or invalid file added: /Applications/azoo-key-skkserv.app/Contents/Resources/AzooKeyKanakanjiConverter_KanaKanjiConverterModuleWithDefaultDictionary.bundle/Contents/Resources/Dictionary/louds/グ1.loudstxt3 (skip...) file missing: /Applications/azoo-key-skkserv.app/Contents/Resources/AzooKeyKanakanjiConverter_KanaKanjiConverterModuleWithDefaultDictionary.bundle/Contents/Resources/Dictionary/louds/グ1.loudstxt3 (skip...) Copied by ditto: OK ❯ ditto /Volumes/azoo-key-skkserv/azoo-key-skkserv.app /Applications/azoo-key-skkserv.app ❯ codesign --verify --deep --verbose /Applications/azoo-key-skkserv.app /Applications/azoo-key-skkserv.app: valid on disk /Applications/azoo-key-skkserv.app: satisfies its Designated Requirement I made a simple macOS application to explain this problem in an easy-to-understand way. You can download dmg in github releases, mount dmg, copy it in the Finder, and check if there is a problem by running the codesign command. https://github.com/mtgto/example-utf8-mac-notarization As a result, I learned the following two things. Occurs only with resources with file names whose values change due to NFC/NFD normalization No problems occur with the resources of the application itself. Generated by the Swift Package resources that the application depends on I think this is a problem with Finder or Gatekeeper.

I've been successfully notarizing my apps for a year or so now, with intermittent releases every so often, usually succeeding with notarization in a couple of minutes. These apps are all written in Python, but I worked through all the jank required to get them to notarize cleanly a while ago and have no issues since. Today I submitted a couple of builds which have been stuck for hours. They're just "in progress", so no logs I can look at, no emails or anything on my developer account page. How can I begin to debug this? Successfully received submission info createdDate: 2025-06-24T18:43:37.140Z id: 8d1a1ca9-f0ad-426f-a714-89aaf9e01a07 name: pinpal-2025.6.25.for-notarizing.app.zip status: In Progress I should note that in addition to the comment added within 10 minutes of creation of this issue, within the last day, we also have: https://developer.apple.com/forums/thread/789389 https://developer.apple.com/forums/thread/789599 https://developer.apple.com/forums/thread/789995 So it seems pretty likely something is going on on the backend.