For years, I've been shipping my apps with a Perl script that now invokes notarytool to get the notarization, using this command /usr/bin/xcrun notarytool submit --apple-id jerry@sheepsystems.com --keychain-profile SSYShipProduct --team-id 4MAMECY9VS --output-format json /Users/jk/blah/blah/MyApp.zip --wait I used this script with this command several times during September 2024 to ship my apps, and it worked. But now, the above command fails with: Error: No Keychain password item found for profile: SSYShipProduct Run 'notarytool store-credentials' to create another credential profile. Of course, I am now running later versions of macOS beta and Xcode than I was in September. Does anyone know the problem? Screenshots from Terminal and Keychain Access are attached. Thank you.

In Swift I'm using unzip by launching a Process to unzip a file. I added a launchRequirement to the process in order to make sure the executable is code signed by Apple and the identifier is com.apple.unzip. After testing out my code on another machines (both physical and virtual), I found out that in some the identifier is actually com.apple.zipinfo, which broke the SigningIdentifier requirement. It's safe to assume that /usr/bin/unzip can be trusted since it's in a System Integrity Protection (SIP) location, but I'm wondering why this executable has different identifiers?

Can someone please explain why Mac app packaging is so farcically convoluted? Windows app packaging can be picked up in an hour or so. But I've spent longer trying to fathom how to package the Mac version than I did building the app. And it's not done with me yet. Every single line of code requires a deep dive into a new, unrelated skillset. So, it’s sidebar after sidebar. Kafka’s ‘The Trial’ comes to mind. Why does it have to be like this?

Hi, I have a .NET MAUI app which I've added subscriptions to using the Plugin.InAppBilling nuget package. When I tested on TestFlight I got an almost immediate crash. After doing some research I followed advice to add an Entitlements.plist file to Platforms > iOS with the following entry: com.apple.developer.in-app-purchase The distribution provisioning profile I'm using to sign my app has the App ID set to an Identifier which has "In-App Purchase" ticked, but greyed out in it's "Capabilities" section on https://developer.apple.com/. I'm not sure why it's ticked and greyed out, but I assume that means that "In-App Purchase" is enabled. The app runs file locally but when I create an IPA file and add it to Transporter for upload to App Store Connect I get the following error: "Validation failed (409) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'com.apple.developer.in-app-purchase' in 'Payload/[Removed].app/[Removed]' is not supported. (ID: [Removed])". Here is the structure of my csproj code for creating a IPA file for iOS: The command I use: dotnet publish [Removed]/app.csproj -f:net9.0-ios -c:Release ^ /p:PlatformTarget=Arm64 ^ /p:RuntimeIdentifier=ios-arm64 ^ /p:ServerAddress=[Removed] ^ /p:ServerUser=[Removed] ^ /p:ServerPassword=[Removed] ^ /p:ArchiveOnBuild=true ^ /p:BuildIpa=true I'm stuck trying to figure this out. If you could please point out any issues with what I'm doing or if you have any suggestions to resolve the problem I would very much appreciate it. Thanks, Ben

Hi everyone! I've send my .dmg file for notarization, it has been accepted on March 5. Since then there weren't any updates, it hasn't changed its status. What might be the problem? Info about submission: createdDate: 2025-03-05T12:13:18.802Z id: 202d877d-d0c4-4211-bba4-6ebdb169a843 status: Accepted

I encountered code signing issue with Apple Distribution certificate for both iOS and MacCatalyst. The app crashes with "Beta Profile". I followed this instruction to manually re-sign my ipa to confirm that I use the Apple Distribution and the correct Provisioning Profile. https://gist.github.com/WDUK/4239548f76bd77b2c4b0 When I double click on the Apple Distribution certificate in KeyChain Access, it shows "Extension: Apple Mac App Signing (Development)" and "Extension: Apple Developer Certificate (Submission)" I have been stuck in this issue for more than a month. I really need help because I do not know how to proceed further. Thank you.

I do have background Modes added to Xcode. How can I fix this? Automatic signing failed Xcode failed to provision this target. Please file a bug report at https://feedbackassistant.apple.com and include the Update Signing report from the Report navigator. Provisioning profile "iOS Team Provisioning Profile: com.designoverhaul.bladerunner" doesn't include the com.apple.developer.background-modes entitlement. I emailed Dev Support but they said they cant help. Thank you.

Hello community, I'm new here, so please excuse my blunt question. I'm trying to understand how everything works and the logic behind it. I have an idea for an app which requires the FamilyControl entitlement. Now I am not sure if the idea even works, so I wanted to test it on my own device. Am I correct, that I cannot even test an App with such entitlements without paying for the ADP? Not even on my own device? I completely understand I need to be a member in the ADP if I want to distribute my app, but I'm not there, yet, and I just want to do a proof-of-concept. I thought I can't be the first one with that question, but couldn't find a past topic on this, so I'm posting it. Regards, Niklas

I've been distributing my Math Education app (Java-based) as a downloadable .dmg. My sw manufacturing process was working well on my Intel-iMac a year ago (signing, notarization, stapling). I need to support Apple Silicon, so I replicated the SW manuf. stack on my M2 MacBook, including putting my Developer and Installer Certificates in the Keychain Access. I get through building the M2,M2,M4 .dmg installer file just fine. But the Codesign is failing. It should be prompting me for my MacOS password (it does this in the Intel-Mac process), but fails this command: codesign --sign "Pierre Bierre (SL7L4YU8GT)" --force --options runtime --verbose --timestamp ~/DFG2D_MacOS_Manufacturing/MacOSInstallers/DFG2D_Mac_J17010_295 The response was: error: The specified item could not be found in the keychain. The signer reference is correct, and works fine on the Intel-Mac codesign process. What could explain why the same script fails in the M2 environment? Does codesign normally prompt for the MacOS user password ? Why would that fail?

We have NFC capabilties enabled for our app ID - com.uob.mightyvn but our minimum deployment target is 15.0. We do not have an option deselect PACE from provisioning profile. Hence, the validation is failed for IPA. Invalid entitlement for core nfc framework. The sdk version '18.2' and min OS version '15.0' are not compatible for the entitlement 'com.apple.developer.nfc.readersession.formats' because 'NDEF is disallowed'

Hi, I've code-signed my app and notarized it, and created a DMG, and when I slacked it or airdropped it to someone for testing the FIRST time they open it, they get a warning that it was Slacked or airdropped to them and do they want to open it. if they say yes everything is fine. So looking through here someone said I need to sign the app and then make a dmg and sign the dmg and then send that for notorization and then staple that. So I did, and I still get a warning the first tie someone try's to run it. What am I doing wrong? I know I can buy software and not get a warning from apple. so how do I get my app to work correctly like that?

Hello, In our Account we have an iOS app with an explicit identifier "ABC123.com.some.app" that is using non-team prefix which is DEF456. It has also explicit identifiers for Widgets bundle and Notification Service. Due to non-team prefix, it can't access e.g. shared keychain and data put there by our other apps. Since we are working on features that require these capabilities, we would like to update the app identifier, so it is prefixed with our team id DEF456. Initially, we thought that the process would require steps like: Create new app, team-prefixed identifier(s) for app and all things that need them Recreate the provisioning profiles with new App Identifier Roll out the app using with new profiles via App Store but when trying to create the new identifier with com.some.app and team id prefix DEF456 we are getting following error: An App ID with Identifier com.some.app is not available. Please enter a different string. Can anybody advise us how to correctly perform such change and what steps are required from our end? We would like to keep our existing App Store entry, ratings and smoothly switch users. We are aware that this kind of migration results in loss of Keychain access. Thanks for any advice on that!

I double-click it, and it doesn't install. I drag it to the provisioning profile folder, and it gets deleted immediately. It's an Apple Developer problem. I've already wiped my Mac clean twice and reinstalled everything, and I'm still having this problem.

One of our apps (built with Xcode 26.1.1 and distributed via TestFlight) crashes upon launch on iOS 17 with Exception Type: EXC_BAD_ACCESS (SIGKILL) and Termination Reason: CODESIGNING 2 Invalid Page. I have never seen this before. Any pointers? On iOS 18 & 26 this does not happen btw.

I am trying to sign my Mac app to use Network Extensions capability. But every time I create a profile it displays that to me: on the other hand on the website it displays this to me:

Hi everyone, I'm following up on this post I made earlier about an issue I'm having with FamilyControls and the DeviceActivityMonitor extension not working for external TestFlight testers. To briefly recap: I have official Apple approval for the com.apple.developer.family-controls entitlement (distribution) The entitlement is added to both my main app and the DeviceActivityMonitor extension The App Group is correctly configured for both targets On internal TestFlight builds, everything works as expected: app blocking works, the extension runs, and selected apps are shielded. On external TestFlight builds, users get the Screen Time permission prompt, can select apps to block, but nothing is blocked. Since that post, I submitted a Code Level Support request, and Apple asked me to file a bug report via Feedback Assistant. I did that almost a month ago. The only reply I’ve received since is that they can’t give a timeframe or guarantee it will be resolved. I'm stuck in limbo with no updates and no fix. This feature is critical to my app and I cannot launch without it. I’ve reached out to other developers who use app blocking, and none of them have run into this issue. My setup seems correct, and Apple has not said otherwise. If anyone has experienced something similar, found a workaround, or knows how to get real movement on a bug report like this, I would really appreciate any help. It’s been weeks, and I just want to launch my app. Thanks so much.

When building to macOS on GameMaker, I get the error "this identity cannot be used for signing code" when using the Developer ID Installer certificate. The certificate was neither expired nor revoked, but nonetheless I created new certificates to start fresh but am still getting that error. I don't get issues building to iOS via GameMaker, just to macOS. If it makes any difference, I only noticed this issue started happening after I converted my Apple Developer Program account from an individual account to an organizational account, although it was weeks to months before I built to macOS via GameMaker before then, so I don't know if it correlates with that.

Hello everyone, I'm facing a critical, blocking issue where my developer account (Team ID: K655PX7A46) is unable to generate a valid provisioning profile with the App Attest entitlement. I have confirmed this is a server-side issue and am hoping to get visibility from an Apple engineer who can investigate. The Problem: When I generate a provisioning profile for an App ID with the "App Attest" capability enabled, the resulting profile is defective. It is missing the required com.apple.developer.app-attest.environment key in its entitlements dictionary, causing Xcode to fail the build. What I Have Proven: The issue is not a misconfiguration. The App Attest capability is correctly enabled and saved on the App ID configuration page. The issue is not isolated to one App ID. I created a brand new App ID from scratch, enabled the capability during creation, and the server still generates a defective profile with the same missing entitlement. I have definitive proof by inspecting the downloaded .mobileprovision file. The contents confirm the required key is missing. Steps to Reproduce on My Account: Create a new App ID on the Developer Portal. Enable the "App Attest" capability and save. Generate a new "iOS App Development" provisioning profile for this App ID. Download the profile and inspect its contents via security cms -D -i [profile]. Observe that the com.apple.developer.app-attest.environment key is missing. The Evidence (Contents of the Defective Profile): Here is the output from inspecting the profile for a brand new App ID (com.technology519.linksi.app2). As you can see, the correct entitlement is missing, and an incorrect devicecheck entitlement is present instead. This is a critical bug in the provisioning profile generation service for my account that is blocking all development. I have already filed a support ticket (Case #102721408444) but have so far only received generic, unhelpful responses. Can an Apple engineer please investigate this server-side issue with my account? Thank you.

I am receiving an entitlement error from stripe terminal SDK when integrating Tap to Pay from apple in the info.plist. Im hoping that someone can give me their input on my error output rather than diving into the stripe sdk to point me in the right direction of something I may have missed with entitlements. I have been approved for tap to pay entitlement and am following the instructions here from apple: https://developer.apple.com/documentation/proximityreader/setting-up-the-entitlement-for-tap-to-pay-on-iphone com.apple.developer.proximity-reader.tap-to-pay

The device UDID was registered to the developer account 40 hours ago, the STATUS column was "processing" in the first 24 hours, then turned to empty. But I still can't run my app (with distribution method "development"), when I try to run it after download it through my OTA URL, it prompts “the app cannot be installed because its integrity could not be verified” but everything runs good on a iPhone which was registered a month ago. What should I do now? keep waiting?