We have an app which is hybrid using React Native and Native features. We released our app recently which showed issues related to missing packages/corrupt package but xCode didn't gave any error and we were able to Archive and submit app successfully.

I’m having issues trying to codesign a .app file. We generated the Developer ID Application certificate using the organization owner’s account. I downloaded the certificate to my Mac and imported it into my keychain, but when I run the codesign command below, I get the following error. Could you help me? What am I doing wrong? Is there any other way to sign the .app executable? From what I’ve seen in other posts, it looks like the certificate needs to have a private key, but the certificate I download from the developer portal doesn’t include the key. Also, about exporting it as a .p12 — I couldn’t quite understand if that’s considered a safe practice, since the organization owner’s private key would be included in this certificate that we plan to use in our pipeline.

We package a nightly build of our application for distribution. About 1 month ago, this package has started showing the "Apple could not verify 'Application' is free of malware" message. This only happens to our development branch package. We run the same pipeline with the same signature for our stable branch and the stable package does not show this message. $ codesign -dv --verbose=4 KiCad.app Executable=/Applications/KiCad/KiCad/KiCad.app/Contents/MacOS/kicad Identifier=org.kicad.kicad Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=51931 flags=0x10000(runtime) hashes=1612+7 location=embedded VersionPlatform=1 VersionMin=722432 VersionSDK=983552 Hash type=sha256 size=32 CandidateCDHash sha256=4f15435c1d3cc056a83432b78a2f6acae8fb0e6d CandidateCDHashFull sha256=4f15435c1d3cc056a83432b78a2f6acae8fb0e6d03cbe70641719fd1ced3395b Hash choices=sha256 CMSDigest=4f15435c1d3cc056a83432b78a2f6acae8fb0e6d03cbe70641719fd1ced3395b CMSDigestType=2 Executable Segment base=0 Executable Segment limit=3915776 Executable Segment flags=0x1 Page size=4096 CDHash=4f15435c1d3cc056a83432b78a2f6acae8fb0e6d Signature size=9002 Authority=Developer ID Application: KiCad Services Corporation (9FQDHNY6U2) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Dec 19, 2025 at 5:21:05 AM Info.plist entries=17 TeamIdentifier=9FQDHNY6U2 Runtime Version=15.2.0 Sealed Resources version=2 rules=13 files=37238 Internal requirements count=1 size=176 codesign --verify --verbose=4 KiCad.app <snipped all libs validated> KiCad.app: valid on disk KiCad.app: satisfies its Designated Requirement % spctl --assess --verbose=4 KiCad.app KiCad.app: accepted source=Notarized Developer ID We distribute this via dmg. The notarization ticket is stapled to the dmg and the dmg opens without warning. Any help would be appreciated

In XCode I create and export a notarized app for "direct distribution". I then create a tar file of the exported .app to distribute to my users. Until today this worked fine. Now when the users try to run the app it pops up a dialog saying "app is damaged and can't be opened. You should move it to the Trash." It is possible to ctrl-click on the app and force it to run but, I think, whether this works or not will depend on system settings and not all users have root access to modify settings. Even simply copying the .app folder from the command line will cause this error.

I am submitting .dmg notarization requests from Sequoia 15.7.3 using xcrun submit. My developer certificate was created in the last two weeks and is valid. I have had some successful notarizations already so I know that my configuration is correct. However, for the last 48 hours all of my submissions are stuck at 'in progress'. Is there an issue with the notarization service on Apple's side?

I’m working on an iOS VPN app and looking into using NETunnelProvider (Packet Tunnel) for the VPN implementation. From the documentation it seems that Packet Tunnel is required for VPN protocols like OpenVPN, but the Packet Tunnel capability doesn’t appear to be available by default. Does using NETunnelProvider / Packet Tunnel require a special entitlement to be enabled by Apple for App Store apps? If so, what is the general process for requesting or enabling that entitlement?

I've submitted my app four times, each time waiting a few hours for something to happen, then reducing the file size of my *.dmg and trying again. The first two seemed to have completed after 36 hours, but I no longer have that specific signed binary (and its a much smaller binary now anyway). The latest two are still "In Progress" and its almost been 48 hours. I know my process isn't wrong, and my app isn't somehow incorrectly built or being denied because two were accepted. The outage page shows green for the notary tool (https://aninterestingwebsite.com/system-status/) so I'm not sure what the hold up is.

I accidentally mis-copy-pasted when creating a new app identifier, and I can't create the correct one. I missed the leading "c" and I created An App ID with om.automaticduck.MyApp I deleted it, but now I can't create the correct one. The error says An attribute in the provided entity has invalid value An App ID with Identifier 'com.automaticduck.MyApp' is not available. Please enter a different string. Thank you for helping with what I need to do.

I want to export Mac OS application out side App Store and I need to have Developer Id installer certificate to do the same. When I go to certificate section in developer portal - I only see option of Mac App Distribution Mac Installer Distribution Developer ID Application Does anyone know where I can check the Developer ID installer part. Developer ID application doesn't work for signing the app manually.

Hi Team, i'm running into same issue with notarization time. I create new, small app for a customer but however the notarization is running since this morning, so almost a few hours. This isn't normal or ? Is there anything what i can do ? Best regard, Lars

I'm facing a persistent issue with provisioning profiles not including the com.apple.developer.in-app-purchase entitlement, even though the In-App Purchase capability is clearly enabled in the Developer Portal for my app. What I’ve already done: Confirmed that the In-App Purchase capability is enabled in the App ID configuration Deleted all provisioning profiles locally (~/Library/MobileDevice/Provisioning Profiles) Regenerated both Development and App Store provisioning profiles from scratch Tried Xcode's automatic signing (after properly registering the device) Verified the provisioning profiles via Terminal (security cms -D -i ...) — the IAP entitlement is missing every time Recreated valid distribution and development certificates Cleaned the Xcode project and settings The result: Every attempt to build or archive the app in Xcode returns: Missing entitlement: com.apple.developer.in-app-purchase I've also opened a support case with Apple, but so far I’ve only been redirected to general documentation. Has anyone encountered this recently? Is there a known delay or sync issue on Apple’s side when enabling capabilities? Can the provisioning profile or entitlement data be manually refreshed by Apple? Is there any workaround that worked for you in this situation?

we have organization account I'm the admin of team. and i have additional resources: Additional Resources Access to Reports Access to Certificates, Identifiers & Profiles. Access to Cloud Managed Distribution Certificate Create Apps Generate Individual API Keys Issues: i can't find my team certificate in Xcode I don't have access to https://aninterestingwebsite.com/account/resources/

Unable to notarize Electron-based application. All notarization attempts fail with "The signature of the binary is invalid" for main executable and Electron Framework, despite passing local codesign verification. ENVIRONMENT: macOS: 24.6.0 (Sequoia) Hardware: Apple M4 Max (arm64) electron-builder: 26.0.12 Electron: 36.9.5 (also tested 37.10.2, 38.2.0) Certificate: Developer ID Application: AS LIVE MEDIA SP Z O O Team ID: 2KJ532SU3G Certificate validity: Oct 7 2025 - Oct 8 2030 PROBLEM: Every notarization submission fails with identical error for two binaries: Contents/MacOS/PresentClic Desktop Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework Error message: "The signature of the binary is invalid." Architectures affected: Both x86_64 and arm64 CRITICAL CONTRADICTION: ✅ Local verification PASSES: $ codesign --verify --deep --strict "PresentClic Desktop.app" Result: valid on disk, satisfies Designated Requirement ❌ Apple notarization service FAILS: Error: "The signature of the binary is invalid" LATEST SUBMISSION ID: 11e1a452-4ea7-4562-ac8e-5e76c39eeb6c Local verification output shows all components validated: Electron Framework: validated ✅ All helper apps: validated ✅ All frameworks: validated ✅ Main executable: valid on disk ✅ Authority chain: Developer ID Application → Developer ID CA → Apple Root CA ✅ Timestamp: Present ✅ Runtime Version: 15.4.0 ✅ CONFIGURATION: Entitlements (build/entitlements.mac.plist): com.apple.security.cs.allow-jit: true com.apple.security.cs.allow-unsigned-executable-memory: true com.apple.security.cs.disable-library-validation: true com.apple.security.cs.allow-dyld-environment-variables: true com.apple.security.automation.apple-events: true Standard device/network/file entitlements Build configuration: hardenedRuntime: true gatekeeperAssess: false (tested both true and false) entitlements and entitlementsInherit: properly configured TROUBLESHOOTING STEPS ATTEMPTED (ALL FAILED): ✅ Updated electron-builder from 24.13.3 to 26.0.12 ✅ Downgraded Electron 38 → 37 → 36 ✅ Tested x86_64 and arm64 separately ✅ Regenerated certificate via Xcode (new cert generated 23/11/2025) ✅ Configured App Store Connect API for notarization ✅ Tested multiple entitlements combinations ✅ Manual component-by-component re-signing ✅ Removed all metadata files (._ files) ✅ Tested both ZIP and DMG formats ✅ Automatic electron-builder notarization ✅ Manual notarization via xcrun notarytool ✅ Custom afterSign hooks for re-signing ✅ gatekeeperAssess true and false ✅ Clean builds (removed dist/ directory) ALL attempts result in identical failure. Local codesign verification ALWAYS passes. QUESTIONS: Why does local codesign --verify pass but Apple notarization service fails? Is there a known issue with Electron Framework notarization on macOS Sequoia + Apple Silicon? 3. Are there undocumented requirements for Electron apps that could cause this? 4. Could this be a bug in the notarization service for this specific configuration? ADDITIONAL CONTEXT: Multiple notarization attempts over 24+ hours Different certificates, configurations, architectures - all fail identically No similar reports found in forums or GitHub issues Application functions correctly when Gatekeeper is bypassed This is blocking production distribution to macOS users This appears to be either: A bug in Apple notarization service for Electron apps An incompatibility between electron-builder 26 + Electron 36/37 + macOS Sequoia + Apple Silicon The fact that local verification passes but notarization fails suggests the issue is with the notarization service validation logic, not the actual code signatures. REQUEST: Need guidance on resolving this issue. Standard documentation and troubleshooting steps have not resolved the problem. Thank you for any assistance. Staszek Pliszko

1.Provisioning profile "xxx" doesn't include signing certificate "Developer ID Application: xxxxx". 2.Provisioning profile "xxx" doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement. I decoded the profile, <dict> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> <string>dns-settings</string> <string>relay</string> <string>url-filter-provider</string> <string>hotspot-provider</string> </array> <key>com.apple.security.application-groups</key> <array> <string>xxxxx</string> <string>xxxxx</string> </array> <key>com.apple.developer.networking.vpn.api</key> <array> <string>allow-vpn</string> </array> <key>com.apple.application-identifier</key> <string>xxxxx</string> <key>keychain-access-groups</key> <array> <string>xxxxx</string> </array> <key>com.apple.developer.team-identifier</key> <string>xxxxx</string> </dict> Kindly help me to resolve this.

The Developer App Certificate is not trusted.

Hi All, I am building my own MDM server. It seems that in order for the MDM commands to function an MDM Push Certificate for the APNS framework. And in order to get the MDM Push Certificate from the Apple Push Certificates Portal (https://identity.apple.com/pushcert/) you need to upload your CSR usually provided and sign by the MDM Vendor of your choosing. I am familiar with this process. But now that I am the MDM Vendor, I am not sure where to get this MDM Vendor CSR Signing Certificate. I've already submitted a formal request via the "contact us" form. Apple's response pointed me to the documentation on Setting Up Push Notifications and the MDM Vendor CSR Signing Certificate help page (which I had already reviewed): https://aninterestingwebsite.com/documentation/devicemanagement/setting-up-push-notifications-for-your-mdm-customers https://aninterestingwebsite.com/help/account/certificates/mdm-vendor-csr-signing-certificate/ The issue is that these documents describe using the signing certificate, but not the process for obtaining it as a new, independent vendor. So does anyone know of a portal or method of generating this “MDM Vendor Certificate”? or maybe I'm going about this all wrong and there is a simpler way… the again, its apple, so I’m probably on the right path just beed a little direction please. (I am not sure where to get this MDM Vendor CSR Signing Certificate.)

I have recently enrolled in the Apple Developer to get my app notarized, and submitted an Archive for notarization, but it is taking forever. It has almost been a whole day, but the status is still in progress, whereas I have seen other developers say that the same takes 10-15 mins to an hour for them. Am I doing anything wrong? Please guide me through this.

I came across your contact on the Apple Developer Forums. I'm encountering an unusual issue during the notarization process. The error message states: "Team is not yet configured for notarization. Please contact Developer Programs Support at aninterestingwebsite.com under the topic Development and Technical / Other Development or Technical Questions." Any guidance you could provide would be greatly appreciated. Here are the error details for reference: json { "logFormatVersion": 1, "jobId": "b6023a7c-dc85-4fa5-91dd-fba92c9ed831", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at aninterestingwebsite.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, "archiveFilename": "Bytemonk.dmg", "uploadDate": "2025-07-02T07:07:07.945Z", "sha256": "b9494170cc040a76045ed263de22e6b89a5455142af16ce502530e1c1ee72ddf", "ticketContents": null, "issues": null }

I have a free developer account, and I have been creating applications. When I tried to open one of them, it said that this app has been flagged as malware. It is not malware, so I don't know why it has been flagged as this. Not just this app, but suddenly a whole bunch of my apps have been flagged as malware as well! The app I have been developing is basically a windows Taskbar for my macbook air, and it has been working well until the latest update i made where it hides in full screen, suddenly it started taking up significant energy, so i reverted to an older version while i was fixing it. Then, when i try to open it another time, it starts to open, and it says "Malware Blocked and Moved to Bin" “Taskbar.app” was not opened because it contains malware. This action did not harm your Mac”. All versions of the taskbar now contain this message. I try opening some of my other apps, a shared storage client and a shared storage server (where i was testing with app groups), and they couldn't open either, the same malware message appeared. ProPermission couldn't open either (changes permissions on files for me so i don't have to use the terminal or finder). I can run these apps through the Xcode environment (attached process), but when I archieve it into an app bundle, the malware flag appears. Please note that I am certain that these apps do not contain malware, apparently XProtect has incorrectly flagged my apps as malware. Because I do not have the paid developer account, I cannot notarize my apps. I am using MacOS Tahoe 26.1 with Xcode 26.0, and I have tested it with a iMac Intel 2017 with MacOS Ventura.

I recently had to update my certificates for a project. I deleted a few old ones, and I currently have one Development certificate. I needed to create another Development certificate specifically, it's saying "Maximum number of certificates generated." I thought the maximum was two Development certificates? Has anyone else had this issue? Thinking it could be a stuck workflow or something like that.