The following process to sign my .pkg installer for distribution outside the app store have been working for over a year and recently the notarization fails with a rc = 69. I not aware of any changes other then xtools updates for the latest macos 15.6.1. Admittedly I felt lucky to have gotten it all to work initially and I could really use help. Thanks in advance! Bill The signing (no errors): productsign --sign macos_cert myapp.pkg The notarization (rc=69): xcrun -v notarytool submit myapp.pkg --apple-id my_apple_id --team-id XXXXXXXXXX

We've noticed, that size of our ipa started to vary from time to time. We've found that all the difference was in the LC_CODE_SIGNATURE command under the _LINKEDIT segment of binary. The main reason of that change was the different number of hash slots due to different value of page size: 4096 on macOS SEQUOIA and 16384 on macOS TAHOE. So the size of the final binary was dependent on the machine, it was produced on. I didn't find out any information on why the default page size changed on TAHOE. Apple’s codesign supports a --pagesize argument. For regular builds that setting can be passed via OTHER_CODE_SIGN_FLAGS=--pagesize 16384. But it seems that xcodebuild export ...` completely ignores it: i've tried to pass invalid size (not the power of two), and the export still succeded. I've also managed to get xcodebuild logs via log stream --style compact --predicate 'process == "xcodebuild" OR process == "codesign"' --level trace They have no occurrences of --pagesize: 2026-03-24 13:43:27.236 Df xcodebuild[93993:a08c53] [IDEDistributionPipeline:verbose] invoking codesign: <NSConcreteTask: 0x8a1b21bd0; launchPath='/usr/bin/codesign', arguments='( "-f", "-s", 8C38C4A2CB0388A3DB6BAEFE438F20E044EE6CB2, "--entitlements", "/var/folders/w_/5t00sclx2vlcm4_fvly7wvh00000gn/T/XcodeDistPipeline.~~~T3Dcdf/entitlements~~~c2srXx", "--preserve-metadata=identifier,flags,runtime,launch-constraints,library-constraints", "--generate-entitlement-der", "--strip-disallowed-xattrs", "-vvv", "/var/folders/w_/5t00sclx2vlcm4_fvly7wvh00000gn/T/XcodeDistPipeline.~~~T3Dcdf/Root/Payload/App.app/Frameworks/FLEXWrapper.framework" )'> So here I have some questions: How is the default page size selected? Why the default page size may change between SEQUOIA and TAHOE? How to provide page size to xcodebuild's export or it's a bug that it doesn't look at the value of OTHER_CODE_SIGN_FLAGS?

Hello, At work, we want to release a new version of our cross-platform desktop application this week. Unfortunately, I've had issues getting the dmg signed by the Apple notary service, which will delay the release until it's successful. However, I remade and successfully signed the previously released version (also dmg) with the same credentials, so I know it's not a problem with the file format or my account. I have tried the following to no avail: Lots of Googling Running xcrun notarytool submit with the -v option (verbose) to see more error messages Going to the URL given (appstoreconnect.apple.com/notary/v2/submissions/{submission_id}) and examining the file it downloaded (not much info, let alone helpful info) Contacting Apple developer support over the phone (they couldn't help with this particular issue, since it's "code-level support") The only big change we made this time was switching to Maven for our build tool and dependency management (we previously used Ant with manual dependency management). Does anyone here have any insight? Is there a list of known issues or dependencies that will cause a submission to be invalidated? Or, even better, any way to see why the submission is invalid? Thanks.

Hi Apple Developer Support, We are reaching out to request guidance on a testing constraint we have encountered related to iOS Universal Links and Associated Domains entitlements. As part of aligning with updated recommendations from our authentication provider, we have transitioned our mobile apps to use HTTPS redirect callbacks (Universal Links) instead of custom URI schemes. This works as expected in production and on real physical devices. However, we are encountering a significant issue in our cloud-based device testing environment. When our testing platform re-signs the app to run it on their infrastructure, the re-signing process strips the Associated Domains entitlement from the app bundle. As a result, iOS no longer honors our Universal Links, which breaks the authentication redirect flow — the callback cannot route back into the app after the user authenticates. We have identified a potential workaround that would involve disabling app re-signing in the testing platform, but this requires provisioning under an Apple Enterprise Developer account. This introduces considerable operational complexity, as it would require us to maintain separate signing and distribution paths alongside our existing Apple Developer Program membership. Before pursuing that path, we wanted to understand Apple's perspective on the following: Is there a supported or recommended approach for preserving Associated Domains entitlements when an app is re-signed by a third party (e.g., a cloud testing platform)? Are there any provisioning or entitlement configurations that would allow Universal Links to function correctly in re-signed builds without requiring an Enterprise Developer account? Does Apple have documented best practices for validating Universal Link–based flows in automated or cloud-based testing environments? Are there any alternative deep linking patterns that would be more resilient to re-signing while still meeting App Store and platform security requirements? Any guidance or recommendations from Apple on how to handle this within the bounds of the standard Apple Developer Program would be greatly appreciated. Thank you for your time.

I enrolled in the Apple Developer Program as an Individual on March 16, 2026 (Team ID: CAZ8X23YWW). I've been trying to notarize a macOS Electron desktop app ever since. Every submission is immediately rejected with: Status code: 7000 Message: "Team is not yet configured for notarization" What I've done: Accepted all agreements on developer.apple.com Accepted all agreements on App Store Connect Created a Developer ID Application certificate (G2 Sub-CA) App is properly signed with hardened runtime Submitted a support ticket under "Distribution > Other Distribution Questions" on March 18 — no response after 4 days

Hi there, I signed up for Apple Developer Program a few hours back and am trying to sign and notarize a MacOs App. I am using this command xcrun notarytool history --apple-id "" --password "App-specific-password" --team-id "5XR5PM3Y5S" I keep getting this error. I have verified that the apple-id, password and team-id is accurate. This is surely something on Apple's side. Can you help resolve this ? Error: HTTP status code: 403. Invalid or inaccessible developer team ID for the provided Apple ID. Ensure the Team ID is correct and that you are a member of that team.

Since 2026-03-17 09:06 UTC, all notarization submissions for one of our teams are stuck in "In Progress" indefinitely. Submission logs return "not yet available", indicating Apple's backend has not started processing. Sample submission IDs: 789d40c4-ff83-469f-9b9b-2ac93183125e 2d4685ed-56ac-49db-8e38-63f0b15650c1 5dc3f242-0add-4725-8386-bb32f8383240 18+ submissions affected. Hundreds of successful notarizations before this date with no issues. Please advise or check backend queue status.

Sharing a solution for a problem that took me a while to figure out. Problem: During development of a macOS 26 app that uses ScreenCaptureKit, the screen capture permissions were being reset after every build. Each time I compiled and ran the app from Xcode, I had to re-authorize screen capture in System Settings. CGPreflightScreenCaptureAccess() would return false even though I'd just granted permission minutes ago. Root cause: I was using ad-hoc code signing during development. macOS ties screen capture permissions to the app's code signing identity. With ad-hoc signing, the identity changes on every build, so the system treats each build as a "new" app. Solution: Switch to an Apple Development certificate for debug builds. In Xcode: Build Settings → Code Signing Identity → Debug → set to "Apple Development" Make sure your development team is selected After this change, the signing identity remains stable across builds, and screen capture permissions persist. This might be related to the broader issue discussed in this forum about ScreenCapture permissions disappearing — if other developers are seeing permissions vanish, it's worth checking whether the code signing identity is changing between sessions.

My application will create a virtual touchpad. The problem I encountered is: click on the Product menu, select Archives, then select the Distribute App, then click on Drill Distribution, then click on Distribute, and then a prompt appears: Provisioning profile "Mac Team direct Provisioning Profile:"com.xxx.xxx"doesn't match the entitlements file's valuefor the com.apple.developer.driverkit.userclient-access entitlement. But My Identifiers Selected the:DriverKit Allow Any UserClient (development) Do I need toRequest a System Extension or DriverKit Entitlement Select "Virtual HID" in here? https://developer.apple.com/contact/request/system-extension/

Yestoday， I got problem createdDate: 2026-03-17T09:06:38.486Z id: d1c679af-5f41-437b-9ca1-4c96047a58fb name: easyclaw.app.zip status: In Progress -------------------------------------------------- createdDate: 2026-03-17T03:30:38.278Z id: fe1bb550-7f42-41c8-8d38-40ac7f9e7c91 name: easyclaw.app.zip status: Accepted And retry today monring，waiting again： Successfully received submission history. history -------------------------------------------------- createdDate: 2026-03-18T02:17:44.322Z id: 141b0dcb-d0fe-464e-9167-3a15e59aec87 name: easyclaw.app.zip status: In Progress

Unable to Verify App An internet connection is required to verify trust of the developer "Apple Development: John Doe (ABCXYZ123)". This app will not be available until verified. I've been getting this constantly over the last few weeks. It has been a real struggle to get anything done. Sometimes it goes away on its own after I try to launch the app a few times, but currently it's just staying down and I can't do any work. Apparently there were issues with some Apple server ppq.apple.com before. They seem to be back, because trying again right now: ping ppq.apple.com PING use1-ppq-ext-prod.apple.com (17.33.200.235): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 ^C --- use1-ppq-ext-prod.apple.com ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss ping apple.com PING apple.com (17.253.144.10): 56 data bytes 64 bytes from 17.253.144.10: icmp_seq=0 ttl=60 time=9.776 ms 64 bytes from 17.253.144.10: icmp_seq=1 ttl=60 time=8.726 ms ^C --- apple.com ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 8.726/9.251/9.776/0.525 ms This is incredibly disruptive. Surely there must be a way to disable this online verification? This is a development device that never leaves my desk and never installs any software except the things I build locally from my Mac (which I have trusted on the device).

From what I can tell, it seems that this is something standard that we have to deal with; however, what is annoying and frustrating is I paid good money to have this service work. My application is for important internal use at our company, and this is causing major issues and starting to make me look pretty bad, frankly. On top of that, there is no feedback at all, no reason given. Notarizing darwin binaries... Conducting pre-submission checks for aria.zip and initiating connection to the Apple notary service... Submission ID received id: ec041209-5652-4772-8689-e9e654432da8 Successfully uploaded file id: ec041209-5652-4772-8689-e9e654432da8 path: /Users/shaneholloman/git/sources/uicnz/aria/dist/darwin-arm64/aria.zip Waiting for processing to complete.

I’m looking for guidance from anyone who has experienced a similar situation. I’m a new Apple Developer Program organization member, and this was my first attempt to notarize a macOS app distributed outside the Mac App Store. What happened: My notarization submissions started failing with statusCode 7000 and the message: “Team is not yet configured for notarization.”. I created a support ticket and received the following reply: “We have escalated this issue to our internal team for further investigation and review.” This was more than 2 months ago, and I have not received any further updates since. About 3 weeks later macOS began rejecting my signed app: codesign --verify --deep --strict --verbose=4 succeeds (reports valid signing identity) spctl -a -vv --type exec returns CSSMERR_TP_CERT_REVOKED Around the same time, I also lost access to the Apple Developer portal. When signing in at developer.apple.com/account, I am redirected to the account access support form instead of the dashboard. My app has not been released to users. If there is an issue with my build, signing, entitlements, or packaging, I am fully willing to fix it immediately. What I cannot understand is the lack of any substantive response from Apple Developer Program Support for over 2 months. What I’m trying to understand: Has anyone encountered this combination of issues: statusCode 7000, Developer ID trust/revocation problems, Blocked developer portal access? Is there any documented appeal, review, or remediation process? If Apple believes a team has violated a policy, how is the developer supposed to find out what needs to be fixed? I’m not asking Apple to bypass security checks. I’m asking for a clear explanation and a path to resolve any issue, if one exists. Any help would be greatly appreciated. Thank you.

Hi, I’m requesting the Family Controls distribution capability for my app and its extensions. The main app bundle ID was approved within 1 day. However, I later realized the associated extensions (Shield Configuration, Device Activity Monitor, Device Activity Report) also require separate approval. I submitted those extension requests 4 days ago, and they are still in "Submitted" with no updates. This is currently blocking me from proceeding with TestFlight/App Store submission, since the extensions require the approved capability. Is this delay expected for extension bundle IDs? Thanks for your help.

Hello, I am following up on several notarization requests in order to understand the process better. I submitted my first notary request yesterday and it took several hours to complete (where I submitted two other requests along the way thinking they may be stuck). They were all accepted after ~3 hours had passed since the first request was made. In that time I discovered a bug and had to rebuild/codesign, and submitted to notarize again. I've now had two requests with the new build (.zip file) "in progress" for ~18 hours. The bug fix I made between builds was innocuous and I'm wondering if my jobs are getting flagged due to recent account lockouts when I was first setting up my organizations' developer account. I've seen several replies here in the forum from DTS Engineers - hi Quinn :), so I'm aware of the possibility of 'rare' in-depth analysis, however I've experienced it in 100% of my requests. What is causing my requests to always require in-depth analysis and is there anything I can do to prevent it? My notarytool history is below for reference. Thank you in advance. createdDate: 2026-03-15T22:59:23.053Z id: 9c7ecc81-daf4-4cae-afe9-7f8186067f79 status: In Progress -------------------------------------------------- createdDate: 2026-03-15T21:10:04.576Z id: a1df8b50-c897-49f5-ad0d-f2264a03f145 status: In Progress -------------------------------------------------- createdDate: 2026-03-15T20:41:24.946Z id: 640e7cd6-035f-437b-9eab-9a3db415911a status: Accepted -------------------------------------------------- createdDate: 2026-03-15T18:40:26.944Z id: 00b9e907-04eb-4561-8353-dae7520202e0 status: Accepted -------------------------------------------------- createdDate: 2026-03-15T17:16:48.426Z id: 3163ba2b-e3c8-4216-ae8a-bac351b82f8a status: Accepted

Hello, We recently resubmitted our Family Controls (Distribution) request with a much more detailed explanation after our previous declined. Our entire app (including an extension) depends on this capability, and right now we’re completely blocked from launching. Months of work are stuck at this final step and it’s honestly becoming very stressful with no visibility on the timeline. If anyone has experience with the approval timeline after resubmitting, or if someone from Apple could help look into it, it would truly mean a lot. 4C6XLQWZQY Y5JJ7GT6BP 3ZBSC333WU Thank you

In my application I validate the authenticity of my own binaries by checking that the Team Identifier in the code signature matches a predefined value. Currently I do not perform a full signature validation that verifies the certificate chain up to Apple’s root CA. When attempting to do this using SecStaticCodeCheckValidityWithErrors (or validateWithRequirement), the operation sometimes takes several minutes. During that time the calling thread appears blocked, and the system logs show: trustd: [com.apple.securityd:SecError] Malformed anchor records, not an array Because of this delay, I decided to rely only on the Team Identifier. My question is: Can it be assumed that if a Mach-O binary contains a Team Identifier in its code signature, then it must have been signed with a valid Apple Developer certificate? Or are there cases where a binary could contain a Team ID but still not be signed by Apple’s trust chain? Thanks for the help !

I'm unable to notarize my macOS app — notarytool returns statusCode 7000 ("Team is not yet configured for notarization"). My Developer ID certificate is valid (expires 2031), code signing works fine. Timeline: March 4 — opened case 102832266798 via Developer Programs Support March 6 — Apple replied, but the email never arrived (not in spam either) March 9 — sent follow-up requesting the response be resent — no reply March 13 — opened new case 102840272497 via Program Enrollment form — waiting It's been 9 days with no resolution. DTS confirmed this is not a technical issue and referred me to Developer Programs Support. Team ID: 9NL8W3646T Bundle ID: com.traart.app How can I escalate this? Has anyone experienced a similar situation with a new account?

All of my notarization submissions have been stuck at "In Progress" for up to 10 days. I have 6 submissions spanning from March 4 to March 11, 2026, and none of them have completed or returned any errors. Affected submissions: dbf20b57-0073-444a-b09a-ac6747b7398e (submitted Mar 4) — In Progress d5886683-be64-455c-805d-cd8b12bbcd35 (submitted Mar 4) — In Progress 10bfa709-da17-49cf-9c89-63f93b5fb756 (submitted Mar 4) — In Progress e8d0866e-43f8-4a18-8129-64e6c5d3895a (submitted Mar 9) — In Progress f9526f25-5650-4c45-98ae-d778c58a2ffa (submitted Mar 9) — In Progress 82ec211f-9179-41fd-afe0-937c9b2c2750 (submitted Mar 11) — In Progress Running `notarytool log` returns "Submission log is not yet available." Team ID: CB4U5M6U9H It is an Electron-based app built with electron-builder. Steps taken to ensure compliance: Signed with a valid Developer ID Application certificate Hardened runtime enabled (hardenedRuntime: true) Proper entitlements configured (com.apple.security.cs.allow-jit, com.apple.security.cs.allow-unsigned-executable-memory, com.apple.security.cs.disable-library-validation) Entitlements inherited for child processes via entitlements.mac.inherit.plist Electron Fuses configured to disable Node.js CLI flags in production (resetAdHocDarwinSignature enabled) App submitted as a zip archive via notarytool submit I've tried resubmitting multiple times across different builds, but all submissions remain stuck. I also have an open support case (102836201208) that was escalated to Senior Advisors on March 11, but have not received any update. Could someone from the notarization team please investigate?

I have an app for iOS already on the AppStore and I'm trying to add a macOS version of it. The AppID prefix for this app is different than my Team ID. This mismatch was always fine for submitting my iOS app. However for some reason, the macOS version gets rejected when I upload it. It tells me the AppID prefix must match my Team ID. I do not control my TeamID and I do not control my AppID prefix, they are both given to me by Apple. Yet the error message tells me they must match. How do I get past this? Here is the error message: Validation failed Invalid code signing entitlements. Your application bundle's signature contains code signing entitlements that aren't supported on macOS. Specifically, the "APPID_PREFIX.MY_BUNDLE_ID" value for the com.apple.application-identifier key in "MY_PACKAGE" isn't supported. This value should be a string that starts with your Team ID, followed by a dot ('"), followed by the bundle ID. (ID: 930b77ae-099f-4798-a14a-2803f2a9be9e) Thanks in advance for any pointer.