Hi, I recently got a consistent delay from notary tool. I have viewed all your suggestions and understand that it "occasionally" will have further review and take longer time, but then it will be faster. However, in my case, my app although is accepted many times. It is still significantly delay. It is a native macOS app called ConniePad. Whenever I submit, it took me 2 days or more to finish notarise, which significantly affect my business. Could you please have a look on it. For log detail about the time, and the ids: -------------------------------------------------- createdDate: 2025-04-05T22:54:45.815Z id: 998b5aa8-fc9c-4469-98fe-950d815e734e name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-05T21:32:22.679Z id: c7b1ab49-6f46-4998-8d06-2ffe8a180c8f name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-03T08:39:52.594Z id: aa33d9d0-9d2f-4296-8fc3-d7e0b404596b name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-03T01:23:31.077Z id: b0333d78-497d-491c-b36c-bdfb64520296 name: ConniePad.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-03T01:17:20.925Z id: 83aa12f2-f1bb-457f-940a-4c2281cf8a5f name: ConniePad.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-03T01:12:52.932Z id: 0a921069-fb37-469a-bfb0-6be82e9320ba name: ConniePad.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-03T01:03:30.584Z id: a607fe3c-d10f-43d6-a184-e97df7b632fd name: ConniePad.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-03T00:52:47.322Z id: c42d0ca0-db8a-4431-b5b4-646ccfcad003 name: ConniePad.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-03T00:28:18.626Z id: 7ef8777f-7add-4440-abb5-3c0b19cf92d4 name: ConniePad.app.zip status: Invalid -------------------------------------------------- createdDate: 2025-04-03T00:24:37.320Z id: 36bb1285-0aeb-4c48-b23c-fac737a3d93f name: ConniePad.app.zip status: Invalid -------------------------------------------------- createdDate: 2025-04-02T23:59:27.940Z id: bb4578a5-a67b-49e8-afd0-a9d707c10091 name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-02T08:51:38.295Z id: 93ff89f4-98d3-45ac-9ee8-9483726a9666 name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-02T08:19:13.762Z id: 9e4a62df-3d8a-4cfa-ae9e-56ff35ffe137 name: ConniePad-ConverterTool.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-02T04:15:34.508Z id: 7ee43b74-f73f-462a-bb3d-f6bc53b1cb80 name: ConniePad-ConverterTool.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-02T02:11:53.312Z id: d675e8f6-dc30-48e9-9269-9bc376f1b29e name: ConniePad-ConverterTool.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-02T01:30:32.768Z id: 9901f125-4355-4812-936b-97578ac2de2f name: ConniePad-ConverterTool.zip status: Accepted -------------------------------------------------- createdDate: 2025-04-01T20:47:26.035Z id: a79265bc-8ad3-4a4b-ae39-150801aa9da9 name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-18T22:39:54.189Z id: b808b676-a41c-4536-b4fd-4b567701adcb name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-18T05:21:23.607Z id: 797f5d4f-cd94-4511-9217-11e57c2c7ac3 name: ConniePad.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-18T05:18:30.707Z id: c5b5c260-fb7f-4bda-9548-f5b7e57cb2f3 name: ConniePad.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-17T06:45:37.831Z id: f24c1017-9171-4796-bf97-ea47ef83f7ce name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-17T06:38:17.981Z id: 8dd0ea7e-e810-48f9-a48f-62dcc1406284 name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-17T06:33:27.649Z id: 704e339a-4d99-4e5e-8414-deb8b26c57ac name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-17T06:32:06.925Z id: 8e9b09b6-e061-4361-abc1-0bbd8f33b599 name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-17T06:26:52.444Z id: 2b564641-eb87-4de9-a59c-ff5362b8bf4a name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-17T06:22:04.790Z id: 1aa158bd-0afd-4c60-8e2f-3029388710ab name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-17T06:17:17.141Z id: 3bffcf1d-2fd7-41ba-b70c-f85837499736 name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-17T02:38:47.102Z id: 2dd2fb47-7dff-4f30-b2e0-d8c2bfcf10f5 name: ConniePad.app.zip status: Accepted -------------------------------------------------- createdDate: 2025-03-14T03:23:54.671Z id: 5cafb2a9-03e3-468e-b918-ff24b17fceee name: ConniePad.app.zip status: Accepted

Hey, Just recently I realized something I have been overlooking in my build pipelines. I thought that by adding the the "hardened runtime", I disable 3rd-party library injection (I do not have the disable-library-validation entitlement added). However, I was using some checks on my code and I noticed that the "library validation" code signature check fails on my applications (e.g. adding the .libraryValidation requirement via the LightweightCodeRequirements framework) - with codesign -dvvvv /path/to/app I can check it doesn't have the CS_REQUIRE_LV flag: [...] CodeDirectory v=20500 size=937 flags=0x10000(runtime) hashes=18+7 location=embedded [...] then I used in Xcode the "Other Code Signing Flags" setting and added the -o library option, which added the flag: [...] CodeDirectory v=20500 size=937 flags=0x12000(library-validation,runtime) hashes=18+7 location=embedded [...] Is this flag something I should be explicitly setting? Because I was under the impression enabling hardened runtime would be enough. Popular Developer ID distributed applications (e.g. Google Chrome, Parallels Desktop, Slack) all have this flag set.

I am facing an issue while trying to staple a notarization ticket to my signed macOS installer package. Details of my setup: The .pkg file is signed using my Developer ID Installer certificate. The app inside the package is signed using my Developer ID Application certificate. Notarization via xcrun notarytool completes successfully with status: Accepted. However, the stapler command fails with the following error: xcrun stapler staple -v /Users/mac-test/Desktop/IPMPlus_Arm_Installer_signed.pkg Processing: /Users/mac-test/Desktop/IPMPlus_Arm_Installer_signed.pkg Could not validate ticket for /Users/mac-test/Desktop/IPMPlus_Arm_Installer_signed.pkg The staple and validate action failed! Error 65. I verified that all other Apple notarization-related servers (api.apple-cloudkit.com, gs.apple.com, ocsp.apple.com, ocsp2.apple.com, crl.apple.com, developer.apple.com) are reachable. However, the domain cdn-apple-cloudkit.apple.com cannot be resolved from any network, including mobile or public Wi-Fi. Both dig and nslookup return “No answer” even when using external DNS servers like 8.8.8.8 or 1.1.1.1. It appears that cdn-apple-cloudkit.apple.com might be required during the stapler validation process, but the DNS for this domain is not resolving. Could you please confirm whether this CDN endpoint is required for stapling, and if there is currently an outage or configuration issue with cdn-apple-cloudkit.apple.com?

Hello, I had a successful attempt at notarization earlier today in my build pipeline. I've been using the same system for building my macOS application for over a year now. However, subsequent builds seemed to fail. I found a couple similar topics which makes this seem not not an isolated incident: https://developer.apple.com/forums/thread/782950 https://developer.apple.com/forums/thread/783347 https://developer.apple.com/forums/thread/783283 In my case I use the following command to submit the notarization: xcrun notarytool submit FilePath.dmg --apple-id "myappleid@gmail.com" --password "redacted_obviously" --team-id "my-team-id" --wait I left a previous run go for over an hour and the "Current status: In Progress.................. etc" filled the whole terminal. I manually checked the progress of the submissions using the command below: xcrun notarytool log --apple-id "myappleid@gmail.com" --password "redacted_obviously_again" --team-id "my-team-id" [run id] And they all result in the following output: Submission log is not yet available or submissionId does not exist Is anyone else experiencing this? Are there any possible solutions?

We are developing an application using .NET Xamarin.mac. While notarization after signing the package the error was thrown which was attached in a file Then created an simple Xamarin.mac app , in notarization process the same error was thrown. Provide an solution to resolve the issue while notarization. We have tried to codesignin the .app file but below error was thrown unable to build chain to self-signed root for signer "Developer ID Application: SFSecure.app: errSecInternalComponent Notarization error

Multiple notarization submissions have been stuck at "In Progress" status for over 2 days with no resolution or error: 4996643b-4512-4025-9648-028fbafca82f - submitted Jan 18 b6db6cd0-dad7-4a8e-b1fc-379467c1086d - submitted Jan 17 88f269c1-56ea-4404-98ba-edbe9a05b3d2 - submitted Jan 19 No logs available (notarytool log returns "not yet available"). The submissions were uploaded successfully and received submission IDs. Is there a known issue with the notarization service?

base" : 6481543168, "size" : 5134811136, "uuid" : "7bc5af5f-1e86-3b36-9036-16025c72cb70" }, "vmSummary" : "ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)\nWritable regions: Total=28.8M written=369K(1%) resident=369K(1%) swapped_out=0K(0%) unallocated=28.5M(99%)\n\n VIRTUAL REGION \nREGION TYPE SIZE COUNT (non-coalesced) \n=========== ======= ======= \nActivity Tracing 256K 1 \nAttributeGraph Data 1024K 1 \nCoreAnimation 48K 3 \nDispatch continuations 6144K 1 \nFoundation 16K 1 \nKernel Alloc Once 32K 1 \nMALLOC 16.8M 10 \nMALLOC guard page 3760K 4 \nSTACK GUARD 64K 4 \nStack 2640K 4 \n__AUTH 3975K 362 \n__AUTH_CONST 60.1M 643 \n__CTF 824 1 \n__DATA 28.6M 604 \n__DATA_CONST 24.9M 650 \n__DATA_DIRTY 4800K 581 \n__FONT_DATA 2352 1 \n__INFO_FILTER 8 1 \n__LINKEDIT 188.3M 7 \n__OBJC_RO 84.3M 1 \n__OBJC_RW 3177K 1 \n__TEXT 839.6M 666 \n__TPRO_CONST 128K 2 \nmapped file 32.7M 3 \npage table in kernel 369K 1 \nshared memory 80K 4 \n=========== ======= ======= \nTOTAL 1.3G 3558 \n", "legacyInfo" : { "threadTriggered" : { "queue" : "com.apple.main-thread" } }, "logWritingSignature" : "96bc482de9d7d2e828b9b488a2feab6193d3c188", "bug_type" : "309", "roots_installed" : 0, "trmStatus" : 1, "trialInfo" : { "rollouts" : [ ], "experiments" : [

Hi, I have some doubts about certificates expiration given this "new" requirement around signing for some common third party SDKs: https://developer.apple.com/support/third-party-SDK-requirements/ Use case: I build an SDK that will be distributed as an XCFramework and will be used in AppStore apps from different people. My SDK internally uses some other third party libraries that are integrated as binaries Let's assume some of those third party libraries are from the list above and therefore seem to be required to be signed. I distribute my SDK with all in order (third party SDKs from that list with valid signatures) People using my SDK over the time provide an update to their apps on the AppStore but by then some of the third party libraries of my SDK has an expired certificate. What would happen? People using my SDK won't have any issues as far as my SDK has a valid signature (despite third party libraries from the list have expired signatures) People using my SDK will get a warning about it but still will be able to submit to the AppStore. In that case, would AppStore Review process decline the update? People using my SDK will get an error, not being able to submit to the AppStore and will require me an update version of the SDK with those third party libraries re-signed. My understanding is that all would work as far as my SDK has a valid signature (after all is the one taking responsibility of the code inside), independently of what happens with the signature of those libraries themselves, am I correct?.

I'm trying to notarize an application for the first time & it's stuck for more than 24 hours now. I ended up submitting the same app more than 5 times, but all are stuck in waiting state. There is no visibility into what's happening & whenever i check the status it just shows as "In Progress". How can i expedite this process ?

I have a macOS application that was previously distributed under my personal Apple Developer account using a Developer ID certificate. We’ve recently transitioned distribution to our company’s Apple Developer account. The app’s bundle identifier has been successfully transferred, and I’ve signed a new build of the app using the company’s Developer ID certificate. The app installs and runs correctly under the new signature. However, I’ve encountered a problem: the app is no longer able to access previously granted permissions (e.g., Screen Recording, System Audio Recording, and Input Monitoring). Furthermore, it cannot re-prompt for these permissions because they appear as already granted in System Settings. From what I understand, this issue is due to the change in the code signing identity. Specifically, the designated requirements used by macOS to identify an app have changed, so the system no longer associates the new version of the app with the previously granted permissions (as outlined in Apple's Technical Note TN3127). The only workaround I’ve found so far is to manually reset the app's permissions using Terminal commands (e.g., tccutil reset), but this is not something we can reasonably ask end users to do. Question: Is there a recommended or supported approach to either preserve permissions when changing Developer ID identities, or programmatically trigger a permissions reset for existing users? We're looking for a seamless solution that doesn't degrade user experience.

Hello, I'm currently trying to upload a new version of an existing application. But each time I try to validate the archive of the application, I got the following error in Xcode (v16.2) : Invalid code signing entitlements. Your application bundle’s signature contains code signing entitlements that aren’t supported on macOS. Specifically, the “37CG5MY799.com.example.app” value for the com.apple.application-identifier key in “com.example.app.pkg/Payload/app.app/Contents/MacOS/app” isn’t supported. This value should be a string that starts with your Team ID, followed by a dot (“.”), followed by the bundle ID. I suspect that there is a problem with the App ID Prefix (that is 37CG5MY799 for the app) when our team ID is E4R7RJ7LA3 but I cannot find a solution. I asked the Apple Developer Support for help and I have read the documentation they sent but it couldn't solve this problem so they redirected me to the forums. https://developer.apple.com/library/archive/qa/qa1879/_index.html https://developer.apple.com/library/archive/technotes/tn2318/_index.html#//apple_ref/doc/uid/DTS40013777-CH1-OVERVIEW https://developer.apple.com/library/archive/technotes/tn2318/_index.html#//apple_ref/doc/uid/DTS40013777-CH1-TNTAG33 There isn't any obvious App ID Prefix mismatch in the entitlement between the Application's signature entitlement and the Embedded provisioning profile entitlement . Application's signature entitlement : <dict> <key>com.apple.application-identifier</key> <string>37CG5MY799.com.example.app</string> <key>com.apple.developer.team-identifier</key> <string>E4R7RJ7LA3</string> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>group.com.example.app</string> </array> <key>com.apple.security.files.user-selected.read-only</key> <true/> </dict> Embedded provisioning profile entitlement : <dict> <key>com.apple.security.application-groups</key> <array> <string>group.com.example.app</string> <string>E4R7RJ7LA3.*</string> </array> <key>com.apple.application-identifier</key> <string>37CG5MY799.com.example.app</string> <key>keychain-access-groups</key> <array> <string>37CG5MY799.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>E4R7RJ7LA3</string> </dict> The app also have a browser extension that correctly use the Team ID. How to solve this problem ? Thanks for your time, Qeg

My Developer ID certificate will expire in few days, so I downloaded and installed new certificate in login keychain. However my key is still linked to my old certificate. I have my .p12 but even if I delete the old certificate from login keychain and reinstall the .12 file, my old certificate reappears in the login keychain. I tried to select the new certificate in the login keychain and choose Files > Export Items (in Keychain Access) but in the Save dialog under File Format the "Personal Information Exchange (.p12)" option is grayed out. How can I generate a key/.p12 file that will be linked to my new certificate?

We are trying to notarize a MacOS app on our paid developer business account for the past 3 weeks. After many hours of processing, we received the following error: Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, Has anyone else experienced this issue and if so, how was it resolved? We have reached out to support to ask them to enable this configuration and received no reply. Any advice or guidance would be appreciated.

Hey everyone, I’m wondering if anyone has run into any issues with this. Before I uploaded, I guess maybe 20 assets of 1080 x 720, my notarization was taking around 2-3 minutes almost instant. Now I’m looking at 30 minutes. I have no idea when the notarization is going to end. I’m wondering if asset size has any impact on notarization speed, and if so, is this going to be a one-time thing or is this going to happen with all my following builds? Let me know if anyone has run into anything similar or if the notarization service is just down right now. ⁠

I'm working on an app that needs access to device activity. When I add device activity entitlement, I'm getting Provisioning profile "..." doesn't include the com.apple.developer.deviceactivity entitlement. This is failing for both, the main app and the extension, and both have entitlements added. It is not clear how to add it to the profile, the provisioning profile is created/managed by XCode. When I remove the entitlement, I can build my app but it won't be able to use device activity data I reached out to Developer Support, and they sent me here. What is the right way to add device activity entitlement? I'm also seeing another issue with XCode Cloud builds. When I remove device activity entitlement. I can build my app w/o any issue, and I can also install it directly on my iPhone. However, XCode Cloud builds fail wit Run command: 'xcodebuild -exportArchive -archivePath /Volumes/workspace/tmp/d41fc2f1-4f39-4906-8941-112488e75f6c.xcarchive -exportPath /Volumes/workspace/adhocexport -exportOptionsPlist /Volumes/workspace/ci/ad-hoc-exportoptions.plist '-DVTPortalRequest.Endpoint=http://172.16.68.193:8089' -DVTProvisioningIsManaged=YES -IDEDistributionLogDirectory=/Volumes/workspace/tmp/ad-hoc-export-archive-logs -DVTSkipCertificateValidityCheck=YES -DVTServicesLogLevel=3' I suspect that it could be related to my app having DeviceActivityExtension but no device activity entitlement is present. Thanks, Peter.

So we are building a Tauri app and I have no been able to get our App to be Notarized using Developer ID. We have a ticket open for 3 months now. Can anyone help me out here? { "logFormatVersion": 1, "jobId": "e2ec4d13-bb83-41d4-a497-ba80cf830af1", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, "archiveFilename": "HIDDEN", "uploadDate": "2026-01-23T16:13:37.589Z", "sha256": "fd52815d5edf14b66b25529e89c207b2acff2c41642261e1049a479f19f2b72f", "ticketContents": null, "issues": null } How do we escalate to engineering team? Sincerely, Nash Gadre https://camouflagenetworks.com

I have certificates in my xcode>settings>account>manage certificates that I cannot get rid of. I know that they are linked to certificates in developer.apple.com but I've removed them from there and they persist in xcode. I have one that says "Not in Keychain", which is true. I deleted all the keychains related to these accounts in an attempt to fix something. I also have ones that say things like "Missing Private key" Our setup is that we have one main account "Company Inc." which I am setup to be an Admin in. I created a certificate under my credentials and added it to my keychain and showed up properly in xcode but I still have the other ones. HOW DO I REMOVE THEM :sob:

I've submitted my app four times, each time waiting a few hours for something to happen, then reducing the file size of my *.dmg and trying again. The first two seemed to have completed after 36 hours, but I no longer have that specific signed binary (and its a much smaller binary now anyway). The latest two are still "In Progress" and its almost been 48 hours. I know my process isn't wrong, and my app isn't somehow incorrectly built or being denied because two were accepted. The outage page shows green for the notary tool (https://developer.apple.com/system-status/) so I'm not sure what the hold up is.

Hello, I recently had my Electron app notarized by Apple and then performed the following steps: Stapling the Notarization Ticket: xcrun stapler staple "appPath/Aiparalegal.app" Zipping the App for Distribution: ditto -c -k --keepParent "appPath/Aiparalegal.app" theAIParalegal.zip However, after unzipping and attempting to launch the app, macOS displays the following message: Apple could not verify "theAIParalegal" is free of malware that may harm your Mac or compromise your privacy. Yet, when I run validation using: xcrun stapler validate "theAIParalegal.app" I receive confirmation: The validate action worked! spctl -a -vvv -t install "theAIParalegal.app" theAIParalegal.app: accepted source=Notarized Developer ID origin=Developer ID Application: NIPartnership LLC (M92N2796Q9) Could you help me understand why the notarization validation appears successful, yet macOS still displays this security warning? Any advice on how to resolve this would be greatly appreciated. Thank you!

Environment: MacBook Air Apple M2 (macOS Tahoe 26.1) Xcode 26.0 (17A324) Automatic signing enabled Feedback ID: FB21537761 Issue: I'm developing a multiplatform app and encountered an automatic signing failure immediately after adding the Keychain capability. Xcode displays the following error: Automatic signing failed Xcode failed to provision this target. Please file a bug report at https://feedbackassistant.apple.com and include the Update Signing report from the Report navigator. Provisioning profile "Mac Team Provisioning Profile: com.xxx. xxx" doesn't include the currently selected device "FIRF‘s MacBook Air" (identifier 00008112-000904CA3441xxxx). What I've Investigated/Tried: Checked the developer account devices and found that the device with identifier 00008112-000904CA3441xxxx is incorrectly labeled as an “iPod” (it is actually my MacBook Air). Attempted to manually enroll the Mac again, but it still appears as an iPod in the device list. Tried creating a provisioning profile manually, but no devices are available for selection in the device list when generating the profile. Question: Has anyone encountered a similar issue where a Mac is misidentified as an iPod in the developer portal, leading to provisioning failures? Any suggestions on how to resolve this or work around the device recognition problem? Thank you in advance for your help.