The mentioned way of setting up complications does not work. We can't create the identifier according to the guideline mentioned in the WWDC session. https://developer.apple.com/videos/play/wwdc2020/10049/?time=1021 Timestamp: 17:04 Error: An attribute in the provided entity has invalid value An App ID with Identifier '.watchkitapp.complication' is not available. Please enter a different string. To clarify - the non masked identifier is not used on another property inside our dev program. Without creating the identifier our tests result in not working push notifications. Error message while testing: discarded as application was not registered. Is the way mentioned in the WWDC session still valid? BR

Hi, after 2 years of not updating my app on appstore i wanted to submit an update for my iOS app which also containts a watch app target. When i try to submit it to upload it i get the following errors: Failed registering bundle identifier The app identifier "(myappBundleID).watchkitapp" cannot be registered to your development team because it is nit available. Change your bundle identifier to a unique string to try again. No Profiles for "(myappBundleID).watchkitapp" were found. Xcode culdn't find any iOS App Store provisining profiles matching "(myappBundleID).watchkitapp" Since i have my app already in store with that bundle identifier i don't know why it can not be registered to my team. Also i don't want to change the bundle identifier because then i can not publish it as update to store.

Since around September (iOS 26 release), i'm unable to test my app normally. It says "internet connection is required to verify [my certificate id]", or just crashing. All terms and conditions accepted, everything is valid, certificates are OK. Reinstallation via xcode does not help. Removal of provisioning profile, generating new does not help. Revoking of certificate and generating new does for around week, then it happens again, but do i need to do it every week now? In logs i see the following: default amfid validation failed because of missing trust and/or authorization (0xe8008026) error amfid not valid: 0xe8008026: The provisioning profile requires online authorization. error amfid Unexpected MISError (0xe8008026): The provisioning profile requires online authorization. default +0300 amfid /private/var/containers/Bundle/Application/5B8E560E-75B2-46EF-8606-02072D99E9CF//Frameworks/oss.dylib not valid: Error Domain=AppleMobileFileIntegrityError Code=-400 "An unknown error was encountered" UserInfo={NSURL=file:///private/var/containers/Bundle/Application/5B8E560E-75B2-46EF-8606-02072D99E9CF//Frameworks/oss.dylib, NSLocalizedDescription=An unknown error was encountered} default kernel AMFI: code signature validation failed. It looks like apple validation servers are not working, or is it iOS bug? All provisioning profiles are showing like "valid" in apple developer center. My network is not behind a proxy, connection is direct. If use EXACTLY the same app, signed with the same provisioning, same signature, on another test device, it works! When i reset current device to default settings and installing the EXACTLY same app after it, it works as well. Looking for a help from apple developer support

Hi - appreciate your help in advance! Building a simple habit tracking app. I got approval for FamilyControls distribution. After creating a new provisioning profile with those capabilities enabled, when I try and build in xcode (16.4) using that Profile I get an error stating: "Provisioning profile "CreateMoreFamilyControlsv2" doesn't include the com.apple.developer.deviceactivity and com.apple.developer.deviceactivity.reporting entitlements" I've confirmed bundle identifier matches, Team etc Similarly when i do automatic signing see 3rd screenshot. Not sure what to do at this point, I've heard deviceActivity is automatically applied when family controls is approved but still running into this issue.

I made a macOS application using Swift Package and distributed it in dmg format through Apple Notary service. However, we received a report from a user that it can be launched from a disk image mounted from dmg, but when copied to /Applications, the app is broken and does not start. I looked into why this happened, I noticed that the codesign command returned different results when copying the application bundle and /Applications on the volume mounted dmg with Finder. Mounted dmg: OK ❯ codesign --verify --deep --verbose /Volumes/azoo-key-skkserv/azoo-key-skkserv.app /Volumes/azoo-key-skkserv/azoo-key-skkserv.app: valid on disk /Volumes/azoo-key-skkserv/azoo-key-skkserv.app: satisfies its Designated Requirement Copied by Finder: Bad codesign reports that there are 148 added/missing files. ❯ codesign --verify --deep --verbose /Applications/azoo-key-skkserv.app /Applications/azoo-key-skkserv.app: a sealed resource is missing or invalid file added: /Applications/azoo-key-skkserv.app/Contents/Resources/AzooKeyKanakanjiConverter_KanaKanjiConverterModuleWithDefaultDictionary.bundle/Contents/Resources/Dictionary/louds/グ1.loudstxt3 (skip...) file missing: /Applications/azoo-key-skkserv.app/Contents/Resources/AzooKeyKanakanjiConverter_KanaKanjiConverterModuleWithDefaultDictionary.bundle/Contents/Resources/Dictionary/louds/グ1.loudstxt3 (skip...) Copied by ditto: OK ❯ ditto /Volumes/azoo-key-skkserv/azoo-key-skkserv.app /Applications/azoo-key-skkserv.app ❯ codesign --verify --deep --verbose /Applications/azoo-key-skkserv.app /Applications/azoo-key-skkserv.app: valid on disk /Applications/azoo-key-skkserv.app: satisfies its Designated Requirement I made a simple macOS application to explain this problem in an easy-to-understand way. You can download dmg in github releases, mount dmg, copy it in the Finder, and check if there is a problem by running the codesign command. https://github.com/mtgto/example-utf8-mac-notarization As a result, I learned the following two things. Occurs only with resources with file names whose values change due to NFC/NFD normalization No problems occur with the resources of the application itself. Generated by the Swift Package resources that the application depends on I think this is a problem with Finder or Gatekeeper.

My iOS version of the app is available on the App Store with a non-team ID prefix for its bundle ID. It has been available there for a long time and I am not sure why I chose a custom prefix for it. The Mac version of the same app is available on the Mac App Store with a different bundle ID and with a prefix that matches my team ID. I am currently looking to "merge" both apps into a single bundle ID. The plan is to stop using the current Mac app and release a new one as a universal app under the existing bundle ID for the iOS app. Unfortunately, it looks like that the Mac App Store does not actually allow any submissions that have a non-team ID for a prefix. I know that it is a very specific case but any suggestions would be welcomed.

I keep getting this error when trying to install Audio app extension. Everything is reviewed from certificates to profiles, for some reason CreatingCustomAudioEffects sample is deployed correctly but when Creating new Project (Audio Extension App) from new project Option, it doesn't work at all. If I remove Extension from Frameworks and deploy app, then no problem but then App crashes as extension is missing. Something wrong with Xcode? I am pretty sure it used to build new projects but not anymore. Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.0k1RXy/extracted/AudioUnitsAppExtensionTest.app : 0xe8008015 (A valid provisioning profile for this executable was not found.) Please ensure sure that your app is signed by a valid provisioning profile. If this issue persists, please attach the following when sending a report to Apple: A sysdiagnose from this Mac A sysdiagnose from the device failing installation An IPA of the app failing installation

Background We are using a Developer ID application certificate to sign our application. We lost the private key and we need to revoke it before we can receive a new one. Per documentation (https://developer.apple.com/support/certificates/), I know that previously installed applications will still be able to run, but new installations will not be able to work. I want to confirm what will happen when we revoke the certificate so we know how to prepare customers for this upcoming change. Questions Will existing installations of the application receive a notice that the certificate has been revoked? Will previously installed applications be able to launch again after they are closed? What will the user see when they try to install the application with the revoked certificate?

After upgrading the virtual machines used for building and testing our macOS application, it seems that something new in Sequoia is preventing virtual machines from running anything signed with a Mac Development certificate. At first glance the issue seems very similar to this thread, but it could be unrelated. We are using the tart toolset to build and run our VMs. People seem to be having related issues there with Sequoia in particular. I have added the VM's hardware UUID to the Devices list of our account. I have included that device in the devices list of our Mac Development provisioning profile. I have re-downloaded the profile, ensured that it is properly getting built into the app, and ensured that the hardware UUID of the VM matches the embedded provisioning profile: Virtual-Machine App.app/Contents % system_profiler SPHardwareDataType | grep UUID Hardware UUID: 0CAE034E-C837-53E6-BA67-3B2CC7AD3719 Virtual-Machine App.app/Contents % grep 0CAE034E-C837-53E6-BA67-3B2CC7AD3719 ../../App.app/Contents/embedded.provisionprofile Binary file ../../App.app/Contents/embedded.provisionprofile matches However, when I try to run the application, it fails, and while I have searched the system logs to find a more informative error message, the only thing I can find is that the profile doesn't match the device somehow: Virtual-Machine App.app/Contents % open ../../App.app The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x6000039440f0 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}} Virtual-Machine App.app/Contents % log show --info --debug --signpost --last 3m | grep -i embedded.provisionprofile 2025-01-21 16:33:32.369829+0000 0x65ba Error 0x0 2872 7 taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] embedded provisioning profile not valid: file:///private/tmp/builds/app/.caches/Xcode/DerivedData/Build/Products/Debug/App.app/Contents/embedded.provisionprofile error: Error Domain=CPProfileManager Code=-212 "Provisioning profile does not allow this device." UserInfo={NSLocalizedDescription=Provisioning profile does not allow this device.} I don't understand why the provisioning profile wouldn't allow the device if the hardware UUID matches. I have also attempted to add the Provisioning UDID in the devices list instead, but the form rejects that value because it's a different format (the form specifically requests a hardware UUID for macOS development, and a provisioning UDID for everything else). If there is any debugging tool that lets me check a provisioning profile against the running hardware and print a more verbose reason for why it's not allowed on the device, please let me know. Otherwise I'd have to conclude that, since I haven't experienced this issue before on an earlier OS, it has something to do with virtual machines running macOS Sequoia. (The same Mac Development-signed application runs just fine on my MacBook Pro running 15.2, as well as the VM host, which is also running 15.2.) I have also tried resetting the VM's hardware UUID and adding that one to the devices list, to no effect. This is obviously seriously impacting our CI/CD pipelines to allow for proper UI testing of our application. If anyone is aware of any workarounds, I would love to hear them!

Dears, this is my first ever piece of code on Mac. I wanted to try ShazamKit. I created App Id and enabled App Service ShazamKit. I properly configured my app (a very small test app) with the proper boundle id, Team and entitlements file. I keep receiving this error in the Signing in section: Automatic signing failed Xcode failed to provision this target. Please address the following issues preventing automatic signing from creating a valid profile. Entitlement com.apple.developer.shazamkit not found and could not be included in profile. This likely is not a valid entitlement and should be removed from your entitlements file I noticed the message is mentioning "profile"...does it refer to a "Profile" as in "Certificate"/"Identifiers"/"Devices"/"Profiles"/"Keys"/"Services" option? I did not create any "Profile". I just enabled the App Service under "Certificates, Identifiers & Profiles"=>"Identifiers"=>"Edit your App ID Configuration"=>"App Services" Thx!

I have a macOS app that captures screen images. The first time I run this application, a dialog is shown directing the user to give my app Screen Recording permission. Is there a way I can trigger this dialog earlier and detect whether the permission was granted?

Hello, After deploying our app, we encountered an issue where the app fails to launch properly on certain devices. To rule out potential code issues, we created a new clean project and tested it with the basic setup (certificate, bundle ID, and team). The app installs and runs fine on most devices, but it fails to open immediately on specific models. (The affected model is listed below.) Version: iOS 18.3.1 Model: iPhone 14 Pro After reviewing the console logs, we found an issue related to the app launching process. Could this issue be related to the app's configuration or the provisioning profile? We would appreciate any insight into why this issue occurs only on certain devices. Thank you for your help!

Is it possible to directly distribute a macOS app with a Developer ID Certificate that belongs to a different team? I am trying to resolve issues that arise when distributing a macOS app with a Network Extension (Packet Tunnel) outside the App Store using a Developer ID Certificate from a different team than the app’s provisioning profiles and entitlements. I started by attempting Direct Distribution in Xcode with automatic signing. However, it fails with the following message: Provisioning profile "Mac Team Direct Provisioning Profile: ” failed qualification checks: Profile doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement. I suspect the issue is that the provisioning profile allows "packet-tunnel-provider-systemextension", whereas the entitlements generated by Xcode contain "packet-tunnel-provider". When I manually modify the .entitlements file to include the -systemextension suffix, the project fails to build because Xcode does not recognize the modified entitlement. If there is a workaround for this issue, please let me know. Due to these issues, I resorted to manually creating a signed and notarized app. My process is as follows: Export the .app from the Xcode archive. Since the exported .app does not contain the necessary entitlements or provisioning profile for direct distribution, I replace Contents/embedded.provisioningprofile in both the .app and the .appex network extension. Sign the app and its components in the following order: codesign --force --options runtime --timestamp --sign "Developer ID Application: <name>" <app>.app/Contents/Frameworks/<fw>.framework/ codesign --force --options runtime --timestamp --sign "Developer ID Application: <name>"<app>.app/Contents/PlugIns/<netext>.appex/Contents/Frameworks/<fw>.framework/Versions/A/<fw> codesign --force --options runtime --entitlements dist-vpn.entitlements --timestamp --sign "Developer ID Application: <name>" <app>.app/Contents/PlugIns/<netext>.appex/ codesign --force --options runtime --entitlements dist.entitlements --timestamp --sign "Developer ID Application: <name>" <app>.app Verify the code signature: codesign --verify --deep --strict --verbose=4 <app>.app - <app>.app: valid on disk - <app>.app: satisfies its Designated Requirement Create a ZIP archive using: ditto -c -k --sequesterRsrc --keepParent <app>.app <app>.zip Notarize the app with notarytool and staple it. The notarization completes successfully with errors: nil. Package the notarized app into a DMG, notarize, and staple the DMG. The app runs successfully on the development machine. However, when moved to another machine and placed in /Applications, it fails to open. Inspecting Console.app reveals Gatekeeper is blocking the launch:
 taskgated-helper <bundleid>: Unsatisfied entitlements: com.apple.developer.networking.networkextension, com.apple.developer.team-identifier taskgated-helper entitlements: { "com.apple.developer.networking.networkextension" = ("packet-tunnel-provider-systemextension"); "com.apple.developer.team-identifier" = <teamid>; } As mentioned earlier, the Developer ID Certificate used for signing belongs to a different team. We are a third-party developer and do not have access to the Developer ID Certificate of the team assigned as the team-identifier. When I changed the bundle identifier (app ID), team, entitlements, and provisioning profiles to match the team associated with the Developer ID Certificate, the app worked. My question is:
 Is this failure caused by using a Developer ID Certificate from a different team, or should it still work if the provisioning profiles and entitlements are correctly set? Could there be an issue elsewhere in the provisioning profiles or entitlements for the original app ID?

Hello, we have a product package which is structured like this: / Installer.pkg / Distribution / Main Component.pkg / Scripts / preinstall / postinstall / helper [ Mach-O executable ] / Payload / Application Bundle.app / Another Component.pkg ... The helper is our custom CLI helper tool which we build and sign and plan to use it in pre/post install scripts. I'd like to ask if we need to independently notarize and staple the helper executable or just the top level pkg notarization is sufficient in this case? We already independently notarize and staple the Application Bundle.app so it has ticket attached. But that's because of customers who often rip-open the package and pick only the bundle. We don't plan to have helper executable used outside of installation process. Thank you, o/

It's been over 24h and it's still in progress. Is there a timeout for a failed notarization? or do we just wait for days.. weeks.. moths? Successfully received submission info createdDate: 2025-06-25T09:52:03.153Z id: 2ae713a5-c2e3-432f-84ee-e5d3d4aed621 name: slideshow-city-1.1.0-arm64.dmg status: In Progress

Hello, I went through the verification process to get the Tap to Pay on iPhone entitlement, and after a couple of corrections I was finally assured that I was granted the entitlement for production use. However, in App Store Connect, I can only see "Development" for "Provisioning Support" of the entitlement, and I'm not able to publish the app to Testflight because the profile doesn't support the entitlement (I'm using automatic code signing with XCode). Where is this going wrong? The Tap to Pay support assured me they granted the right entitlement and pointed me to the developer support. Thank you, Johannes

I've signed an app, zipped it, and uploaded it to github. When I download it on another Mac, I get "it can't be opened because it could not be verified for malware". But on that computer, I can verify it with codesign, and it appears to be correct (as far as I can tell). I can copy/paste the app from my other Mac, and that copy will run without problem. sys_policy, however, gives: Notary Ticket Missing File: ReView.app Severity: Fatal Full Error: A Notarization ticket is not stapled to this application. Type: Distribution Error This is the same for the copy that runs, and the copy that doesn't. The difference between them appears to be a quarantine xattr. I can delete this, and the app launches without incident. Is this expected? Why should a signed app be quarantined just because it's been downloaded? The whole point of paying the fee is to avoid the security obstacles...! ;-)

Hello, We are currently facing an issue with the Apple Notary Service that is completely blocking our production pipeline. For the past three days, every single submission has been stuck in the "In Progress" state indefinitely. Some submissions have been pending for over 48 hours, and none of them ever proceed to analysis. When checking the status via xcrun notarytool history, all entries show "In Progress". Attempting to retrieve logs with xcrun notarytool log always returns: Submission log is not yet available. This strongly suggests that the processing hasn't even started. This issue occurs consistently from my local machine (MacBook Air M3) and Our GitHub Actions CI workflow. Both environments are properly configured with Electron + Electron-Builder, and the app is correctly signed and uploaded each time. We have verified multiple times all credentials and code signing settings, no exceptions so far or problems in the pipeline. Here are a few stuck submission IDs: This is not a normal delay, it looks like a backend issue affecting our account or this specific App ID. Please escalate this case as soon as possible. We appreciate your urgent attention. Best

I've tried to notarize my app recently and got the error:{ "logFormatVersion": 1, "jobId": "...", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization", "statusCode": 7000, "archiveFilename": "myapp.dmg", "uploadDate": "2019-06-20T06:24:53Z", "sha256": "...", "ticketContents": null, "issues": null }I've never heard about "team configuration for notarization" previously. What are the steps to resolve that issue?Thanks in advance.

Hey there! Thanks so much for all the great posts about this topic! I'm fairly new to Mac development since a few months back, and I've been really impressed with Apple's developer tools and ecosystem so far. It's been an exciting journey building for macOS! However, I've hit a bit of a roadblock with the notarization process via direct download and would really appreciate some guidance from you more experienced developers. I understand that Apple has built a well-designed automated system to maintain high security for users, but I'm wondering: What's the normal timeframe for notarization to complete? What are usually the most common reasons if it takes longer than expected? Is there anyone at Apple who can help if the process gets stuck? I'm really excited to launch my app and continue developing for this amazing platform, so any tips from experienced Apple developers would be hugely appreciated! Thanks in advance! 🙏