Hey, when I try to launch my app it prompts me with a "Apple could not verify" popup. The thing is the app has been signed and stapled. xcrun stapler validate .app for my app returns "The validate action worked!" If I also run syspolicy_check distribution .app it returns: "App passed all pre-distribution checks and is ready for distribution" Any idea?

Hi Apple Developer Community, I'm experiencing an issue with Family Controls entitlements for my iOS app that I'd like to discuss and see if others have encountered similar problems. Background: My app (BrightStart) uses Family Controls to help users build healthy morning routines by temporarily blocking distracting apps until they complete a sunlight exposure session. The core functionality relies on automatic time-based blocking (e.g., block social media apps from 6-8am daily). The Problem: I have Family Controls working perfectly in development builds, but I'm blocked from distributing via TestFlight due to entitlement issues with my Device Activity Monitor extension. Technical Details: Main app bundle ID: app.brightstart.app ✅ Has both "Family Controls (Development)" and "Family Controls (Distribution)" options available Extension bundle ID: app.brightstart.app.BrightStartMonitorExtension ❌ Only shows "Family Controls (Development)" - no Distribution option Error when archiving for TestFlight: ❌ Provisioning profile failed qualification Profile doesn't support Family Controls (Development). Family Controls (Development) feature is for development only. Please use Family Controls (Distribution) for distribution. Impact: Cannot upload to TestFlight for beta testing Native FamilyActivityPicker falls back to mock UI in distributed builds Automatic scheduled app blocking (via DeviceActivityMonitor) doesn't function in production Questions for the community: Has anyone successfully gotten "Family Controls (Distribution)" enabled for a Device Activity Monitor extension? Is this a known limitation, or should I expect this option to be available? Are there alternative approaches for time-based automatic app blocking that work in distribution builds? Should I contact Apple Support directly about enabling this entitlement for the extension? Btw, Cursor wrote this summary above, so it could be just hallucinating the issue? Would really appreciate anyone's thoughts here.

I am working on a MacOS application in which I need System Extension along with some network extension capabilities. In order to distribute the app externally, I have to create a Developer ID application (provisioning profile) using the App ID that already has Network extension capability. I have followed this documentation to create the App ID and provisioning profiles: https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.developer.networking.networkextension?language=objc What I have: 2 App IDs (For app with network and system extension capability and for extension with only network extension capability) *2 Developer ID application (For both App and Extension) My App's entitlement file contains: <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>packet-tunnel-provider</string> </array> My system extension's entitlement file contains: <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>dns-proxy</string> </array> Both the targets now have the following error: Provisioning profile "StandaloneCSAExtension" doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement. Note: Instead of Developer ID application if I create a normal development provisioning profile with the same App ID, everything works perfectly fine, the only reason why we need to move to Developer ID application is because we need to distribute the app externally. Please help me if I have missed anything. Thanks in advance!

Hi I am building obs studio using cmake and Xcode. I used cmake --preset macos -DOBS_CODESIGN_IDENTITY="" to generate the build folder and inside X code used Provisioning Profile with Developer ID Application certification. The build was generated successfully but when I tried to turn on the virtual camera I see missing Missing entitlement com.apple.developer.system-extension.install error. (My Provisioning profile has System Extension Capability checked on apple developer portal) If I use this flow instead: cmake --preset macos -DOBS_CODESIGN_TEAM=63B5A5WDNG Build using Xcode with Automatic manage signing with Apple Developer Certificate. Obs studio builds successfully and Virtual camera extension also works fine. My primary goal is to notarise my app which contains OBS studio and Blackhole Audio driver for distribution outside app store. If I try to sign my obs app generated in second step codesign --deep --force --timestamp --verify --verbose \ --options runtime --sign "Developer ID Application:***" "OBS.app" The obs app fails to launch due to some errors. Can anyone please guide me which step I might be doing wrong, Much Appreciated. Thanks

Hi everyone, We're experiencing a critical and persistent code signing failure (HTTP 403) after accepting the latest Apple Developer Agreement, blocking our application release. Problem: Despite confirming the new Apple Developer Agreement is signed and active on the portal, code signing attempts return an HTTP 403 error, stating a "required agreement is missing or has expired." Steps Taken: Accepted new Apple Developer Agreement. Verified active developer membership and valid certificates (good for years). Cleared caches, restarted systems. Confirmed Team ID, Apple ID, and provisioning profile validity. Any help is greatly appreciated, its been stuck for more than 2 days now.

My Developer ID certificate will expire in few days, so I downloaded and installed new certificate in login keychain. However my key is still linked to my old certificate. I have my .p12 but even if I delete the old certificate from login keychain and reinstall the .12 file, my old certificate reappears in the login keychain. I tried to select the new certificate in the login keychain and choose Files > Export Items (in Keychain Access) but in the Save dialog under File Format the "Personal Information Exchange (.p12)" option is grayed out. How can I generate a key/.p12 file that will be linked to my new certificate?

I am using matlab to create an application (.app) using matlab application compiler. Along with that, I use matlab to create an installer for that. Unfortunately, the installer is in (.app) format. So do some custom things to install the dependencies and copying my application to Applications folder. I am able to sign the original application with Developer ID application certificate. But I am not able to sign the installer in .app format with Developer ID installer certificate. Is there any flag in any signing executable that allows me to use Developer ID installer certificate to sign .app file instead of typical (.pkg/.dmg)? Any help would be much appreciated.

I have local LLM application, the backend is in python and frontend is in electron.js , all complied in a .pkg file or .dmg file I have created the valid certifcates for notarization But it fails everytime, I have attached the logs steps I followed Created a certificate all steps related to getting it setup, ran productsign command on pkg file ran codesign for dmg xcruntool submit command If anyone has any idea on how proceed codesigningdmg (2).txt code-singingpkg.txt

I have a free developer account, and I have been creating applications. When I tried to open one of them, it said that this app has been flagged as malware. It is not malware, so I don't know why it has been flagged as this. Not just this app, but suddenly a whole bunch of my apps have been flagged as malware as well! The app I have been developing is basically a windows Taskbar for my macbook air, and it has been working well until the latest update i made where it hides in full screen, suddenly it started taking up significant energy, so i reverted to an older version while i was fixing it. Then, when i try to open it another time, it starts to open, and it says "Malware Blocked and Moved to Bin" “Taskbar.app” was not opened because it contains malware. This action did not harm your Mac”. All versions of the taskbar now contain this message. I try opening some of my other apps, a shared storage client and a shared storage server (where i was testing with app groups), and they couldn't open either, the same malware message appeared. ProPermission couldn't open either (changes permissions on files for me so i don't have to use the terminal or finder). I can run these apps through the Xcode environment (attached process), but when I archieve it into an app bundle, the malware flag appears. Please note that I am certain that these apps do not contain malware, apparently XProtect has incorrectly flagged my apps as malware. Because I do not have the paid developer account, I cannot notarize my apps. I am using MacOS Tahoe 26.1 with Xcode 26.0, and I have tested it with a iMac Intel 2017 with MacOS Ventura.

I’m unable to notarize the executable and the .app — the status has been showing “In Progress” for over an hour. Upon checking the xcrun logs, it indicates that the submission ID was not received. I also noticed there’s an Apple Developer Service outage reported since October 8, 2025. Could you please let me know when this outage is expected to be resolved? It would be very helpful.

Hi, I recently created and installed new code signing certificates/keys on my main Mac. How to easily copy these certificates/keys to my another Mac with the same Apple ID? Earlier Quinn suggested: "The easiest way to do this is use Xcode’s import/export feature. Launch Xcode, choose Xcode > Settings, select Accounts, select the account in question, then choose Export Apple ID and Code Signing Assets from the action (…) menu." And it worked fine in 2020-2021. However import/export options are no longer available in XCode 16 anymore. Please suggest a simple solution.

Greetings! I've notarized my app but it spends always over 1 hour. I think it's because the app size is about 30GB, but is there any way to reduce it?

Hello, We are currently facing an issue with the Apple Notary Service that is completely blocking our production pipeline. For the past three days, every single submission has been stuck in the "In Progress" state indefinitely. Some submissions have been pending for over 48 hours, and none of them ever proceed to analysis. When checking the status via xcrun notarytool history, all entries show "In Progress". Attempting to retrieve logs with xcrun notarytool log always returns: Submission log is not yet available. This strongly suggests that the processing hasn't even started. This issue occurs consistently from my local machine (MacBook Air M3) and Our GitHub Actions CI workflow. Both environments are properly configured with Electron + Electron-Builder, and the app is correctly signed and uploaded each time. We have verified multiple times all credentials and code signing settings, no exceptions so far or problems in the pipeline. Here are a few stuck submission IDs: This is not a normal delay, it looks like a backend issue affecting our account or this specific App ID. Please escalate this case as soon as possible. We appreciate your urgent attention. Best

I keep having issues with my account. I have certificates that will not revoke. I create new certificates, then I create new profiles for development, distribution and for developer ID application distribution outside of the app store as well. With my app in Xcode, I can only get the Developer profile to work to allow builds. My distribution profile builds and then fails, with an error 5. The Developer ID Application profile will not even accept the profile in XCode, sighting that there is no code signing, yet I have checked things over and over again. Ontop of this, I had developers in the past in my team and they added a whole lot of certificates for Developer ID that I just cannot use now. I also cannot revoke them. I have no active apps on the app store now, so I was wondering if Apple or someone can assist me in removing ALL the certificates, all the profiles and get a clean slate, so that I can setup everything from scratch again, because I have lost countless of hours getting nowhere and I cannot get Apple support to assist? Anyone been through this before?

Hi, Out app is approved on app store, however we want to distribute outside apps tore as well. But notarization always fails with error: Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, Any help to address this issue is highly appreciated.

Hello Quinn and Apple Developer Support, We are encountering an issue where our notarization queue appears to be stuck, and we would greatly appreciate your help. A few days ago, we assisted another team by submitting their app for notarization using our own Apple Developer account, because their own notarization attempts were getting stuck. However, the submission we made for them under our account has now been stuck in the “In Progress” state for about 5 days. Later, their own submission (using their account) was rejected after 2–3 days, but our submission for them (under our account) has never completed. Since then, all our subsequent notarization requests have also remained “In Progress”, which strongly suggests that the stuck submission is blocking our entire notarization queue. Here are the details from our submission history: xcrun notarytool history --apple-id "xxx" --team-id "xxx" --password "xxx" Partial results: id: 0bafa66f-4f47-4327-811f-a05481be5d0b status: In Progress id: 2d00b75a-a17a-44fc-afa1-71e0e39ec2cd status: In Progress The first ID is our own app’s submission. The second ID belongs to the submission we made for the other team. Both have been stuck in “In Progress” for several days, which seems abnormal. Could you please help us clear or reset the notarization queue for our account so that we can continue submitting our own apps? Thank you very much for your time and assistance! Best regards, gongcj

trying to deploy the LotBot app to my physical device, rtd2, which is listed as a device in the App Developer Portal. when I create a provision file it is always for W246SX52AS, as seen in the developer portal, but from Xcode I am showing a app id of "Apple Development: Richard Dukes (86537MF8N2)". Message: I am unable to create a "Apple Development: Richard Dukes (W246SX52AS)" so I may deploy to the device and the App Store. I have signed out and back in to Xcode with my account but when creating the profile it is always the 86537MF8N2. 95E07D345D31D45E4589FA7EA6FDF161E079C100 "Apple Distribution: Richard Dukes (W246SX52AS)" 5AC76CE9331F80AE953C4C76FC21DE5C2416293E "Apple Development: Richard Dukes (86537MF8N2)" How can I get Xcode to use W246SX52AS? I have these help tickets open as well. case ID is 102678952862 case ID is 102678950460 I have been fighting this for a while. Please help me figure out to get this resolved.

We are developing an application for MAC machine using .NET. After developing and signing the package in notarization process was failed with the error in the attached file. Then we have created the simple Xamarin.MAC to check whether able to notarize it . But with the simple project also we have faced the same error. Provide us the solution to fix these issues We have tried to codesiginin the app to resolve the notarization error, but while code signing the below error was thrown "unable to build chain to self-signed root for signer "Developer ID Application" (not mentioning the certificate id) SFSecure.app: errSecInternalComponent" Notarization-error

Good afternoon, Our team is currently developing a mobile application that includes video call functionality, and we are seeking the optimal approach to enable incoming calls on iOS devices. Ideally, we would like calls to be delivered even when the app is completely closed or after the device is restarted. As I understand it, this may require obtaining VoIP permissions; otherwise, calls may only work when the app is open or running in the background. I would appreciate it if you could confirm my understanding and advise me on the steps or requirements for obtaining the appropriate permissions. Currently, when I try to launch the app in XCode, I see an error (screenshot).

In XCode I create and export a notarized app for "direct distribution". I then create a tar file of the exported .app to distribute to my users. Until today this worked fine. Now when the users try to run the app it pops up a dialog saying "app is damaged and can't be opened. You should move it to the Trash." It is possible to ctrl-click on the app and force it to run but, I think, whether this works or not will depend on system settings and not all users have root access to modify settings. Even simply copying the .app folder from the command line will cause this error.