Successfully received submission history. history ...... -------------------------------------------------- createdDate: 2025-10-19T18:34:47.472Z id: d3248896-7841-421e-9470-101df9d0da21 name: ... status: In Progress -------------------------------------------------- createdDate: 2025-10-19T18:12:45.325Z id: e5822fa0-5bcf-4610-81fc-9f541e8ad189 name: ... status: In Progress

Hi, I have a .NET MAUI app which I've added subscriptions to using the Plugin.InAppBilling nuget package. When I tested on TestFlight I got an almost immediate crash. After doing some research I followed advice to add an Entitlements.plist file to Platforms > iOS with the following entry: com.apple.developer.in-app-purchase The distribution provisioning profile I'm using to sign my app has the App ID set to an Identifier which has "In-App Purchase" ticked, but greyed out in it's "Capabilities" section on https://aninterestingwebsite.com/. I'm not sure why it's ticked and greyed out, but I assume that means that "In-App Purchase" is enabled. The app runs file locally but when I create an IPA file and add it to Transporter for upload to App Store Connect I get the following error: "Validation failed (409) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'com.apple.developer.in-app-purchase' in 'Payload/[Removed].app/[Removed]' is not supported. (ID: [Removed])". Here is the structure of my csproj code for creating a IPA file for iOS: The command I use: dotnet publish [Removed]/app.csproj -f:net9.0-ios -c:Release ^ /p:PlatformTarget=Arm64 ^ /p:RuntimeIdentifier=ios-arm64 ^ /p:ServerAddress=[Removed] ^ /p:ServerUser=[Removed] ^ /p:ServerPassword=[Removed] ^ /p:ArchiveOnBuild=true ^ /p:BuildIpa=true I'm stuck trying to figure this out. If you could please point out any issues with what I'm doing or if you have any suggestions to resolve the problem I would very much appreciate it. Thanks, Ben

New to working with xcode and building apps. I started last weekend, and deploying to my usb connected iPhone 16 was working great all week. Yesterday, I upgraded to a paid developer account to start using TestFlight, and I could no longer deploy to my phone. Failed to install embedded profile for com.spred.spred-alpha : 0xe800801a (This provisioning profile does not have a valid signature (or it has a valid, but untrusted signature).) i using automatic provisioning - not a custom provisioning profile. i have tried: deleting all the certificates in keychain for my developer account and recreating them, and also doing the same in the developer portal. logging out and logging back in with my developer id in xcode deleting the app bundle directory and all other associated files in the Xcode/DerivedData directory reinstalling Xcode cleaning my build directory and trying again. changing the bundle identifier to a new name. (It always matches the portal app name) Among other things. It just won’t work. I can run the app inn a simulator, but not get it deployed to my phone. what else can I do? The only things I can think of are that somehow Xcode is still stuck using the free account somehow, or that the free account cert originally used expired after 7 days, and now I’m in some stuck state.

I do have background Modes added to Xcode. How can I fix this? Automatic signing failed Xcode failed to provision this target. Please file a bug report at https://feedbackassistant.apple.com and include the Update Signing report from the Report navigator. Provisioning profile "iOS Team Provisioning Profile: com.designoverhaul.bladerunner" doesn't include the com.apple.developer.background-modes entitlement. I emailed Dev Support but they said they cant help. Thank you.

Hi, I’m hoping someone can help clarify the correct entitlement format for the Enhanced Security capability in a macOS App Store build. Context Our app is a sandboxed macOS app built with Xcode 26.4. We enabled the Enhanced Security capability in Signing & Capabilities, and we configured the entitlements based on the current documentation. What’s confusing me The Xcode 26.4 release notes say apps that already adopted Enhanced Security should remove: com.apple.security.hardened-process.enhanced-security-version com.apple.security.hardened-process.platform-restrictions and replace them with: com.apple.security.hardened-process.enhanced-security-version-string with value 1 com.apple.security.hardened-process.platform-restrictions-string with value 2 Reference: https://aninterestingwebsite.com/documentation/xcode-release-notes/xcode-26_4-release-notes The entitlement reference pages also seem consistent with that: https://aninterestingwebsite.com/documentation/bundleresources/entitlements/com.apple.security.hardened-process.enhanced-security-version-string https://aninterestingwebsite.com/documentation/bundleresources/entitlements/com.apple.security.hardened-process.platform-restrictions-string So our app currently uses the new -string entitlements with values "1" and "2". Our App Review rejection said: The app incorrectly implements sandboxing, or it contains one or more entitlements with invalid values. Entitlement "com.apple.security.hardened-process.enhanced-security-version-string" value must be boolean and true. Entitlement "com.apple.security.hardened-process.platform-restrictions-string" value must be boolean and true. That’s the part I can’t reconcile with the documentation. Questions For a Mac App Store submission built with Xcode 26.4, should these two entitlements use the new string-based form, or Boolean true? If the expected format has changed, is there any updated guidance beyond the Xcode 26.4 release notes and current entitlement reference? If Apple staff or anyone familiar with this can clarify what format is currently expected, I’d really appreciate it. Thanks.

For years, I've been shipping my apps with a Perl script that now invokes notarytool to get the notarization, using this command /usr/bin/xcrun notarytool submit --apple-id jerry@sheepsystems.com --keychain-profile SSYShipProduct --team-id 4MAMECY9VS --output-format json /Users/jk/blah/blah/MyApp.zip --wait I used this script with this command several times during September 2024 to ship my apps, and it worked. But now, the above command fails with: Error: No Keychain password item found for profile: SSYShipProduct Run 'notarytool store-credentials' to create another credential profile. Of course, I am now running later versions of macOS beta and Xcode than I was in September. Does anyone know the problem? Screenshots from Terminal and Keychain Access are attached. Thank you.

Unable to Verify App An internet connection is required to verify trust of the developer "Apple Development: John Doe (ABCXYZ123)". This app will not be available until verified. I've been getting this constantly over the last few weeks. It has been a real struggle to get anything done. Sometimes it goes away on its own after I try to launch the app a few times, but currently it's just staying down and I can't do any work. Apparently there were issues with some Apple server ppq.apple.com before. They seem to be back, because trying again right now: ping ppq.apple.com PING use1-ppq-ext-prod.apple.com (17.33.200.235): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 ^C --- use1-ppq-ext-prod.apple.com ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss ping apple.com PING apple.com (17.253.144.10): 56 data bytes 64 bytes from 17.253.144.10: icmp_seq=0 ttl=60 time=9.776 ms 64 bytes from 17.253.144.10: icmp_seq=1 ttl=60 time=8.726 ms ^C --- apple.com ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 8.726/9.251/9.776/0.525 ms This is incredibly disruptive. Surely there must be a way to disable this online verification? This is a development device that never leaves my desk and never installs any software except the things I build locally from my Mac (which I have trusted on the device).

We've been notarizing apps for a while now and have been through agreement changes before. But we still keep getting the following error when trying to notarize: Conducting pre-submission checks for myapp.dmg and initiating connection to the Apple notary service... Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired. We've been through every document in our account to ensure it is signed. Is there any way to determine what document is not signed or what our issue is ? ...thanks

We have a command line script that runs xcodebuild to make an archive, then runs xcodebuild again to export the archive to make an ipa, and then runs "altool --validate-app" to check that everything will be fine for a subsequent upload to the app store. This has been working fine for a few years but recently stopped working and we cannot figure out why. The validation fails with this error: ERROR: [altool.105912F20] Validation failed (409) Invalid Provisioning Profile. The provisioning profile included in the com. bundle [Payload/.app] is invalid. [Missing code-signing certificate]. A distribution provisioning profile should be used when uploading apps to App Store Connect. (ID: ) The project is configured with 'Automatically manage signing' unchecked, and the profile was created on aninterestingwebsite.com/account/resources/profiles and the matching profile magically appears in the "Provisioning Profile" drop down in Xcode. The profile was created with two certificates checked, but examining the embedded.mobileprovision profile that ends up in the compiled ipa payload it appears to contain 19 certificates (probably all of them for this org?). Is there a way to find out which certificate is missing exactly? And once identified is it a case of adding it to the profile used during compilation to fix this? Ancillary question: why does the embedded.mobileprovision file contain so many certificates, and how does xcodebuild decide which ones it includes there?

I am facing this error on every flutter project build. Although it runs ok. The error happens on the codesign command What do I need to fix ? I have validated that every *.plist file is ok using plutil -lint ERROR MESSAGE /usr/bin/codesign --force --sign MY_SHA_CODE --verbose /Users/macbookair/workspace/flutter_application_1/build/ios/Release-iphoneos/Runner.app/Frameworks/libswiftCore.dylib)` exited with status 0. The command's output was: /Users/macbookair/workspace/flutter_application_1/build/ios/Release-iphoneos/Runner.app/Frameworks/libswiftCore.dylib: a required plist file or resource is malformed Info.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CFBundleDevelopmentRegion</key> <string>$(DEVELOPMENT_LANGUAGE)</string> <key>CFBundleDisplayName</key> <string>Flutter Application 1</string> <key>CFBundleExecutable</key> <string>$(EXECUTABLE_NAME)</string> <key>CFBundleIdentifier</key> <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>flutter_application_1</string> <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> <string>$(FLUTTER_BUILD_NAME)</string> <key>CFBundleSignature</key> <string>????</string> <key>CFBundleVersion</key> <string>$(FLUTTER_BUILD_NUMBER)</string> <key>LSRequiresIPhoneOS</key> <true/> <key>UILaunchStoryboardName</key> <string>LaunchScreen</string> <key>UIMainStoryboardFile</key> <string>Main</string> <key>UISupportedInterfaceOrientations</key> <array> <string>UIInterfaceOrientationPortrait</string> <string>UIInterfaceOrientationLandscapeLeft</string> <string>UIInterfaceOrientationLandscapeRight</string> </array> <key>UISupportedInterfaceOrientations~ipad</key> <array> <string>UIInterfaceOrientationPortrait</string> <string>UIInterfaceOrientationPortraitUpsideDown</string> <string>UIInterfaceOrientationLandscapeLeft</string> <string>UIInterfaceOrientationLandscapeRight</string> </array> <key>CADisableMinimumFrameDurationOnPhone</key> <true/> <key>UIApplicationSupportsIndirectInputEvents</key> <true/></dict> </plist> Please help.

Hi folks, I'm trying to generate a provisioning profile that includes both Healthkit and MusicKit entitlements. The healthKit pieces if fine, and included in the profile. However, despite selecting Musickit under services in the ID setup, the entitlement doesn't seem to be included in the profile. Other steps taken: Setup the app in App Store Connect, generated a media ID and Key. Tried both automatic and manual signing. Are there specifics tricks to getting this one to work?

Hi, I have uploaded the package to notarize using the xcrun command. Verbose logs shows that the upload is success and it shows the submission id as well. After that it is in loop to get the status of the upload. Following is the command I have used. Some part of the command verbose log Multiline [08:46:48.984Z] Info [UPLOAD] Starting S3 multipart upload of file at 'file:///var/folders/ty/lkzb6dxj0hq_b0wplk5lz6jw0000gp/T/TemporaryItems/NSIRD_notarytool_AtDtEn/Fiery%20Remote%20Scan.dmg' with part size 5 MB to Bucket: notary-submissions-prod, Key: prod/AROARQF6ZA5L:dc619a13-da5b-42fe-9b2b-afcadf078bc0 [08:46:48.984Z] Debug [UPLOAD] Received new upload status: Uploading [08:46:56.648Z] Debug [UPLOAD] Received new upload status: Succeeded [08:46:56.649Z] Debug [UPLOAD] multipart upload etag: "364e1cccccc99b5d98f7cccccccccc18d58f-6" [08:46:56.650Z] Info [UPLOAD] Multipart upload process has completed successfully. [08:46:56.651Z] Info [UPLOAD] Attempting to shutdown local S3 upload service. [08:46:56.651Z] Info [UPLOAD] Successfully shutdown local S3 upload service. [08:46:56.652Z] Info [API] Beginning to wait for submission id: dc619a13-cccccccadf078bc0 [08:46:56.652Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/submissions/dc619a13-xxxx-afcadf078bc0?, Parameters: [:], Custom Headers: private<Dictionary<String, String>> [08:46:56.652Z] Debug [JWT] Using cached JWT value for key ID: F73xxxxx [08:46:56.653Z] Debug [AUTHENTICATION] Authenticating request with App Store Connect API credentials. Key ID: F737N55KF2, Issuer ID: e3b80xxxxxx-9ab9-db8ee8ece781 [08:46:56.653Z] Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls. [08:46:57.130Z] Debug [API] Received response status code: 200, message: no error, URL: https://appstoreconnect.apple.com/notary/v2/submissions/dc619a13-da5b-42xxxxxx-afcadf078bc0?, Correlation Key: NUGVFYUAWxxxxxxxHQJ3VRLQ [08:46:57.130Z] Debug [TASKMANAGER] Completed Task with ID 2 has received a parsable response. [08:46:57.130Z] Debug [TASKMANAGER] Ending Task Manager loop. [08:46:57.130Z] Info [API] Initial status: In Progress) [08:46:57.131Z] Info [API] Waiting 5 seconds before next poll... [08:47:02.136Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/submissions/dc619a13-da5b-xxxxxx078bc0?, Parameters: [:], Custom Headers: private<Dictionary<String, String>> [08:47:02.137Z] Debug [JWT] Using cached JWT value for key ID: F737N55KF2 [08:47:02.138Z] Debug [AUTHENTICATION] Authenticating request with App Store Connect API credentials. Key ID: F737N55KF2, Issuer ID: e3b8057xxxxxx597-9ab9-db8ee8ece781 [08:47:02.138Z] Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls. [08:47:02.586Z] Debug [API] Received response status code: 200, message: no error, URL: https://appstoreconnect.apple.com/notary/v2/submissions/dc619a13-da5xxxxxxxdf078bc0?, Correlation Key: YD4I377GRGJxxxxx6M3PAJOA [08:47:02.586Z] Debug [TASKMANAGER] Completed Task with ID 3 has received a parsable response. [08:47:02.586Z] Debug [TASKMANAGER] Ending Task Manager loop. [08:47:02.587Z] Info [API] Received new status: In Progress [08:47:02.587Z] Info [API] Waiting 5 seconds before next poll... BlockQuote This is going on a loop If I try to get the the status of the submission, it shows as "In Progress" xcrun notarytool info dc619a-9b2b-afcadf078bc0 --key AuthKey_F73cccc.p8 --key-id ccccc --issuer ccccc-d19d-4597-9ab9-cccccc Successfully received submission info createdDate: 2026-03-12T08:46:48.761Z id: dc619a13-dccccccadf078bc0 name: xxxxxx.dmg status: In Progress code-block Could you please help us on this? OS: macOS 26.3 Xcode: 26.2 Regards Prema Kumar

To learn how to develop/distribute a DriverKit driver (DEXT) and a UserClient app correctly, I am trying to run the following sample dext and app. https://aninterestingwebsite.com/documentation/driverkit/communicating-between-a-driverkit-extension-and-a-client-app?language=objc I walked throught steps in README.md included in the project and faced issues. First, I referred the "Configure the Sample Code Project" section in the README.md and configured the sample code project to build with automatic signing. I could run the app and activate the dext successfully and made sure the app could communicate with the dext. Next, I tried the manual signing. I followed steps described in the "Configure the Sample Code Project" section carefully. The following entitlements has already been assigned to my team account. DriverKit Allow Any UserClient Access DriverKit USB Transport - VendorID DriverKit I could build both app and dext and could run the app. However, when I clicked the "Install Dext" button to activate the dext, I got the following error: sysex didFailWithError: extension category returned error Am I missing something? I would also like to know detailed steps to publicly distribute my dext and app using our Developer ID Application Certificate, as README.md only shows how to configure the project for development. Xcode version: 16.3 (16E140) Development OS: macOS 15.5 (24F74) Target OS: macOS 15.5 (24F74)

Since 2026-03-17 09:06 UTC, all notarization submissions for one of our teams are stuck in "In Progress" indefinitely. Submission logs return "not yet available", indicating Apple's backend has not started processing. Sample submission IDs: 789d40c4-ff83-469f-9b9b-2ac93183125e 2d4685ed-56ac-49db-8e38-63f0b15650c1 5dc3f242-0add-4725-8386-bb32f8383240 18+ submissions affected. Hundreds of successful notarizations before this date with no issues. Please advise or check backend queue status.

In Swift I'm using unzip by launching a Process to unzip a file. I added a launchRequirement to the process in order to make sure the executable is code signed by Apple and the identifier is com.apple.unzip. After testing out my code on another machines (both physical and virtual), I found out that in some the identifier is actually com.apple.zipinfo, which broke the SigningIdentifier requirement. It's safe to assume that /usr/bin/unzip can be trusted since it's in a System Integrity Protection (SIP) location, but I'm wondering why this executable has different identifiers?

I'm submitting a native macOS app (Swift/SwiftUI, arm64) that includes Sparkle.framework for auto-updates. All binaries are signed with a Developer ID Application certificate using --options runtime and --timestamp. I've submitted 12+ times over the past two days, both from local notarytool submit and from GitHub Actions CI. Every submission uploads successfully and returns a valid submission ID, but then stays at "In Progress" indefinitely — none have resolved to Accepted or Invalid. Two early submissions did eventually come back "Invalid" — Apple's rejection log showed the Sparkle nested binaries had ad-hoc signatures (they were being signed as individual Mach-O files instead of bundle directories). I fixed this with proper inside-out bundle signing. Since the fix, local codesign --verify --deep --strict passes cleanly, but all ~10 subsequent submissions remain stuck at "In Progress". 9UT54V24XG Would appreciate any guidance, or if someone from the notary team could check our queue. Happy to provide specific submission IDs.

Hi, I’m requesting the Family Controls distribution capability for my app and its extensions. The main app bundle ID was approved within 1 day. However, I later realized the associated extensions (Shield Configuration, Device Activity Monitor, Device Activity Report) also require separate approval. I submitted those extension requests 4 days ago, and they are still in "Submitted" with no updates. This is currently blocking me from proceeding with TestFlight/App Store submission, since the extensions require the approved capability. Is this delay expected for extension bundle IDs? Thanks for your help.

I am trying to notarize my first macOS app for direct distribution outside the Mac App Store using Developer ID Application signing. Team ID: 32S6XVAQPY Environment: macOS app distributed via Developer ID notarytool with a saved keychain profile archive exported locally, app zipped with ditto What I already verified locally: The archived app is signed with: Developer ID Application: (32S6XVAQPY) codesign --verify --deep --strict passes spctl shows: source=Unnotarized Developer ID syspolicy_check distribution only reports the expected missing notary ticket Hardened runtime is enabled The app bundle and nested Sparkle executables were re-signed and now have valid Developer ID signatures with secure timestamps Important note: I previously had a real signing issue in nested Sparkle binaries, and Apple rejected that submission quickly as Invalid. I fixed those signatures, and now new submissions no longer fail quickly but remain stuck In Progress. Submission IDs currently stuck: bea6c4b3-b107-4c81-8042-6c58b1cf5087 5489e29c-d583-4779-a125-ca0fbd9cad0b Earlier invalid submission with a concrete Sparkle signing error: 10df648b-eca8-428f-98d6-4cb4096153ad Apple reported invalid Developer ID / missing secure timestamp on: Sparkle.framework/Versions/B/Updater.app/Contents/MacOS/Updater Sparkle.framework/Versions/B/Autoupdate Sparkle.framework/Versions/B/XPCServices/Downloader.xpc/Contents/MacOS/Downloader Sparkle.framework/Versions/B/XPCServices/Installer.xpc/Contents/MacOS/Installer That Sparkle issue has since been fixed locally and re-verified. Question: Is there currently a notarization backlog or any known issue affecting first-time macOS notarizations or Developer ID submissions? At this point the remaining submissions appear valid locally but sit In Progress for a very long time.

I’ve developed a macOS app, but I’ve had trouble using a script to fully codesign it and package it into a .dmg file. I was only able to complete codesigning using the third-party app itself—not via command-line scripts. Is it possible to write a script that automates the entire process of codesigning the app? To provide the best user experience for those downloading the app outside of the Mac App Store, is it correct to first package it as a .app and then wrap that into a .dmg file for distribution? Currently, the app is available on the web as a .dmg. When downloaded, it appears in a folder and can be double-clicked to launch. However, macOS displays a warning that it was downloaded from the internet. Can I use a script to remove that quarantine warning? If possible, I’d appreciate a step-by-step explanation and a sample command-line script to: Codesign the app properly Package it into a signed .dmg Remove the quarantine attribute for local testing or distribution Is the reason I was only able to codesign it inside the third-party app due to how that app was built, or can this always be done from the command line?

I requested the Family Controls (distribution) capability but am not sure if I did it correct. I applied, answered the questions why i needed it and submitted. Its been about 2 weeks since applying. In the app configurations, it on apple dev site, it shows in the request history that I submitted it on March 17, but I can click the request (+) button and request it again. Just want to make sure I didn't mess anything up--it seems like they would prevent me from sendin another request if I had already requested it. It hasn't taken them this long to get back to me in the past which is why I am confused. If anyone knows how to speed up the process, please let me know! Thanks.