General: Forums topic: Code Signing Forums subtopics: Code Signing > General, Code Signing > Certificates, Identifiers & Profiles, Code Signing > Notarization, Code Signing > Entitlements Forums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Bundle Resources > Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to the other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained forums post --deep Considered Harmful forums post Don’t Run App Store Distribution-Signed Code forums post Resolving errSecInternalComponent errors during code signing forums post Finding a Capability’s Distribution Restrictions forums post Signing code with a hardware-based code-signing identity forums post New Capabilities Request Tab in Certificates, Identifiers & Profiles forums post Isolating Code Signing Problems from Build Problems forums post Investigating Third-Party IDE Code-Signing Problems forums post Determining if an entitlement is real forums post Code Signing Identifiers Explained forums post Mac code signing: Forums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding nonstandard code structures in a bundle documentation Embedding a command-line tool in a sandboxed app documentation Signing a daemon with a restricted entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example forums post The Care and Feeding of Developer ID forums post TestFlight, Provisioning Profiles, and the Mac App Store forums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hello, I have been hitting status code 7000 on every notarization submission since April 21, 2026. The notable detail: earlier submissions on April 18 and April 20 from the same team were Accepted normally. Whatever flag flipped between April 20 and April 21 is on the notary side, because nothing changed on my end. Team details Team ID: ZS76A62WJ4 Organization: KENOPA LTD (UK private limited company) Role: Account Holder Apple Developer Program: Active until April 17, 2027 Apple Developer Program License Agreement: accepted April 16, 2026 Paid Apps Agreement, Free Apps Agreement: both Active in App Store Connect W-8BEN-E and banking: Active Certificate Type: Developer ID Application Identity: "Developer ID Application: KENOPA LTD (ZS76A62WJ4)" Valid through 2027-02-01, full chain trusted App details Platform: macOS (native AppKit, Objective-C, no Electron) Hardened runtime: enabled Code signing passes verify and strict checks Sandbox: not used (Developer ID distribution outside the App Store) Submission history (Team ID ZS76A62WJ4) Accepted submissions: 2026-04-18 10:00 UTC 39856e43-... 2026-04-18 10:03 UTC 3edf2f4f-... 2026-04-18 10:25 UTC 858c52e7-... 2026-04-20 17:17 UTC 4766f3ce-... 2026-04-21 03:58 UTC 9eed3336-... 2026-04-21 05:44 UTC b759941f-... Then everything since flips to Rejected with code 7000: 2026-04-21 19:10 UTC bedc99ad-... 2026-04-21 20:24 UTC 4dbb55f0-... 2026-04-22 07:36 UTC 50e1420e-... 2026-04-24 04:11 UTC 7e4adf81-... 2026-04-25 04:31 UTC 4c0367ea-... 2026-04-25 08:02 UTC a3ce5f56-... (still In Progress at the time of posting) I can paste the full submission IDs in a follow-up if helpful. Sample notary log The body of every Rejected log is the same: status: Rejected statusCode: 7000 statusSummary: "Team is not yet configured for notarization. Please contact Developer Programs Support..." Submissions all upload successfully, sit "In Progress" for hours-to-days, then flip to Rejected with this code. What I have verified All four agreements (Apple Developer Program License, Apple Developer Agreement, Paid Apps, Free Apps) are accepted and Active. Re-checked under the Account Holder login on both portals. Banking and W-8BEN-E are Active. Developer ID Application, Apple Distribution, and Apple Development certificates are all valid and the private keys import cleanly. App Store Connect API key works (notarytool history returns the full list with no auth errors). Same codesign invocation, same notarytool submit flags, same hardened runtime entitlements that worked on April 18-20 still produce the rejection on April 21+. Existing support channels Opened a support ticket via the developer contact form under "Development and Technical / Other Development or Technical Questions" (the exact path the error message specifies). Also emailed Developer Programs separately. Question Has anyone with the same "was working, then suddenly 7000 with no other change" pattern had it resolved? I am aware that DTS engineers have stated on this forum that they cannot escalate this. I am trying to get a sense of: Typical resolution time once a Developer Programs case is open (reports range from days to two-plus months). Whether anyone has found a particular wording of the support request that gets routed faster. Whether the Account Holder doing anything specific in the portal (re-accepting an agreement, toggling something in Membership, etc.) ever cleared this for someone. Thanks.

Good morning. I have an APPLE DEVELOPER ACCOUNT. I am inquiring about Distributing In House Apps using my own website. All the links so far do not help. They all seem to be relevant to the Apple Store and not In House apps. I have my apps ready for evaluation. I understand you need to evaluate them. I want to apply for a certificate that will allow me to put the apps on my OWN website and have users download these and install to their Apple devices. So far I have been testing using own devices but every build I create does NOT create a manifest file. They do work but obviously I need a manifest for the website. I assume a relevant certificate would provide that. Can you please let me know of any and all information that applies on how to apply for an In House Distribution Certificate and how and where I should upload my apps for evaluation. Thank you so much. John

Dear all, I am not able to transfer a programm to my iPhone 17, i get a certificate issue. Although i followed the general steps. If I was guided to this forum by the german apple support. Before in macOS Sonoma, with iOS 16 and iPhone 8 i have been able building programs for the iPhone. The Simulator has still no issues and works fine. Problem/Error: Certificate installation failed Installing a certificate in the keychain failed (Error Domain=DVTSecErrorDomain Code=-25295 "The specified keychain is not a valid keychain file." UserInfo={NSLocalisedDescription=The specified keychain is not a valid keychain file.}) No profiles for '-.delme2' were found Xcode couldn't find any iOS App Development provisioning profiles matching '-.delme2'. Furthermore, when I try to download a certificate myself via (https://developer.apple.com/account/resources/) I get the error: Unable to find a team with the given Team ID 'XXXXXXXCENSORED' to which you belong. Please contact Apple Developer Program Support. https://developer.apple.com/support In XCode I continue to receive the following information: So no programs can be transferred to my mobile phone. Objective: How do I get the reported errors resolved to transfer programs to my mobile phone?

Hi all, and particularly @Eskimo if you spot this — I believe I'm reproducing the backend issuance bug reported in thread 816377 (https://developer.apple.com/forums/thread/816377) on a different Team ID and would like a second pair of eyes before I burn a TSI. Feedback Assistant filed as FB22582333. Team ID: MCN4U9B2K4 · Bundle ID: com.michaeltocco.Sanbox · Xcode 17 · iOS 18.5 · Automatic signing Setup App ID com.michaeltocco.Sanbox has ShazamKit ticked in App Services; persists through portal reloads. Local entitlements file declares com.apple.developer.shazamkit = YES only (no MusicKit client entitlement, per DTS guidance in thread 799000: https://developer.apple.com/forums/thread/799000). CODE_SIGN_ENTITLEMENTS set in both Debug and Release XCBuildConfiguration buildSettings. NSMicrophoneUsageDescription and NSAppleMusicUsageDescription are both present in the generated Info.plist. What Xcode reports After wiping DerivedData and any Sanbox-matching profiles and running xcodebuild … -allowProvisioningUpdates -destination 'generic/platform=iOS': error: Entitlement com.apple.developer.shazamkit not found and could not be included in profile. This likely is not a valid entitlement and should be removed from your entitlements file. (in target 'Sanbox' from project 'Sanbox') What I verified on the profile Apple just issued $ security cms -D -i 0596f302-….mobileprovision | plutil -extract Entitlements xml1 -o - - shows only the baseline four entitlements — application-identifier, keychain-access-groups, get-task-allow, com.apple.developer.team-identifier. com.apple.developer.shazamkit is absent, which is exactly what thread 816377 describes. What I've already tried Deleted and recreated the App ID from scratch — same symptom. Performed the capability-toggle trick (uncheck ShazamKit → Save → wait 60s → re-check → Save → delete local profiles → rebuild) documented in the "Capability & entitlement updates" help page (https://developer.apple.com/help/account/reference/capability-entitlement-updates/) for the Game Center precedent — same symptom. Confirmed I am building for device, not Simulator. Confirmed the entitlement key name matches DTS guidance in thread 799000 and the live profile dumps in thread 816377. Runtime confirmation When I force a build with only the team wildcard profile, SHManagedSession().result() returns com.apple.ShazamKit Code=202 "Missing entitlements", wrapping an AMS 306 wrapping HTTP 401 from api.shazam.apple.com/v1/catalog/US/match. AMS server correlation key: E5VYL5YSUT4L55KQDDP4MJQAZE. So the server side is consistent: the token the client presents lacks ShazamKit scope because the binary doesn't carry the entitlement, and the binary doesn't carry it because Apple isn't issuing it into the profile. Question Is there a configuration step beyond "tick ShazamKit in App Services" that I've missed for Individual-program accounts, or is this the same backend issuance pathology as thread 816377? Happy to share the security cms output, the decoded plist, the build log, or anything else useful. Thanks.

My Family Controls (Distribution) capability request (C4N7962252) was approved March 15, 2026 for bundle ID com.jedsiegel.unplugtogether. All three Family Controls capabilities are enabled on the App ID. When I generate a provisioning profile (manual or automatic), Xcode reports: "Provisioning profile doesn't match the entitlements file's value for the com.apple.developer.family-controls entitlement." I decoded the profile using security cms -D and found: com.apple.developer.family-controls.app-and-website-usage → present com.apple.developer.family-controls → missing entirely My entitlements file requires com.apple.developer.family-controls with value ["individual"] for AuthorizationCenter. I've tried toggling capabilities off/on, deleting and recreating profiles, switching between automatic and manual signing, and clearing provisioning profile caches. Nothing works because the profile generation itself is not including the entitlement. Team ID: Q4RA4WMD6K Xcode 26.3, targeting iOS 26.2 Has anyone encountered this? Is there a way to get the provisioning system to include this entitlement?

I’m looking for guidance on a notarization submission that has been stuck in In Progress for over 24 hours. Details: Team ID: 94B7AVM73F Certificate: Developer ID Application: Bilal Ahmed Qureshi (94B7AVM73F) Tool: xcrun notarytool File: FlashcardGeneratorTrial-AppleSilicon.dmg Submission ID: 7817f9d0-32da-452f-9e2d-fff43478ccf6 Submission created: 2026-04-17T22:10:01.402Z Current status: xcrun notarytool info still reports In Progress This has now been ongoing for more than 24 hours The submission uploaded successfully and received a valid submission ID The Developer ID certificate is valid and correctly paired with the private key in Keychain security find-identity -v -p codesigning returns 1 valid identity Environment: First-time notarization on this developer account macOS direct distribution outside the Mac App Store DMG signed with Developer ID Application certificate Hardened runtime and timestamp enabled during signing I’ve seen some other recent reports of long notarization delays, especially for first-time submissions, so I’m trying to understand whether this is expected queueing / in-depth analysis, or whether there may be an issue with this specific submission. Questions: Is this normal for a first notarization on a new Developer ID account? Is there anything I should do besides wait? Can Apple check whether this submission is stuck in the queue? Thanks.

Is anyone else experiencing the same problem as me? I've tried everything but nothing works. Can someone please help me?

Hello, I have a question regarding Apple's policy on third-party SDK signatures. I have reviewed the official documentation here: https://developer.apple.com/support/third-party-SDK-requirements/ Our app is developed in the following environment: Minimum Target: iOS 15 Xcode: 26.2 Engine: Unreal Engine 4.27.2 We are integrating the Firebase SDK into our project. However, we are experiencing app crashes caused by an issue within the GoogleAdsOnDeviceConversion.xcframework included in the Firebase SDK (related to a memory optimization issue in UE4). According to an official response from the Firebase team, this crash can be resolved by wrapping the Firebase SDK in a dynamic XCFramework. We have confirmed that this solution does indeed fix the crash. The problem is that wrapping the Firebase SDK in a custom dynamic XCFramework removes all of the original Firebase SDK signatures. The documentation on third-party SDK signatures, which I referenced earlier, states that a signature is required for the Firebase SDK, and this requirement also applies when repackaging it. This leads me to the following questions: Question 1: When we wrap and repackage the Firebase SDK, is it mandatory for the resulting XCFramework to still include the original Google LLC signature? Question 2: To resolve the crash, we intend to use the Firebase SDK by wrapping it in our own dynamic XCFramework (e.g., FirebaseWrapper.xcframework). When we do this, the resulting XCFramework loses the Google LLC signature, and consequently, the final built IPA's signature list does not contain any Firebase-related signatures. Will this be a reason for rejection during App Store review? Question 3: If we wrap the Firebase SDK in a dynamic XCFramework and then sign it with our own developer certificate, would this be a reason for rejection during App Store review?

We’re planning to distribute our app outside of TestFlight because our testing period is expected to exceed the 90-day limit. Since we have an Apple Developer account, we’re considering using either Ad Hoc distribution or direct installation (debug/development builds) for longer-term testing. I have a few questions regarding this approach: Ad Hoc Distribution Validity What is the effective validity period of an Ad Hoc build? We’re aiming for long-term testing (4-5 months) and would like to avoid unexpected expiration—are there any constraints we should be aware of? Development/Debug Build Expiry & Limitations If we distribute the app using a development (debug) build via provisioning profiles, what is the expiration timeline? Are there practical limitations (e.g., device limits, performance differences, or provisioning renewal requirements) that could impact extended testing? Potential Complications & Best Practices Are there any issues we should anticipate when using these distribution methods for long-term testing? For example: Provisioning profile or certificate expiration Device registration limits Any policy or compliance considerations with Apple We’d appreciate any guidance or best practices for managing long-term testing outside of TestFlight while staying within Apple’s guidelines.

Hello! We built a macOS .pkg using pkgbuild (contains a DMG + postinstall bash script). The pkg works locally on the build machine but fails on other devices manually / via MDM unless signed. We tried signing with a Developer ID Installer certificate, but: security find-identity -p codesigning -v → 0 valid identities security find-identity -v → shows the cert Private key is present in Keychain OpenSSL check shows: X509v3 Extended Key Usage: Critical (Expected one might be: Code Signing) We recreated CSR + cert multiple times (G2 Sub-CA), ensured Login keychain, unlocked keychain, etc., but same result. Question: Why is the Developer ID Installer cert missing Code Signing usage and not recognized for signing? Is there any account restriction or step we might be missing? Any recommendations on resolving this issue. Thanks!

We have an app with the default email entitlement that was granted several years ago. During our latest deployment, we received an error from our pipeline. When testing a manual submission in Xcode, we saw this error: Entitlement com.apple.developer.mail-client not found and could not be included in profile. This likely is not a valid entitlement and should be removed from your entitlements file. We checked the provisioning profile, and the default email entitlement is still present. It is visible on the certificate portal and also in the embedded.mobileprovision file. Can you suggest what we can do to release a new version of our app?

Domain: MIInstallerErrorDomain Code: 13 Recovery Suggestion: Please ensure that the certificates used to sign your app have not expired. If this issue persists, please attach an IPA of your app when sending a report to Apple. User Info: { DVTErrorCreationDateKey = "2026-04-03 11:27:29 +0000"; IDERunOperationFailingWorker = IDEInstallCoreDeviceWorker; } Failed to install the app on the device. Domain: com.apple.dt.CoreDeviceError Code: 3002 User Info: { NSURL = "file:///Users/admin/Library/Developer/Xcode/DerivedData/Unity-iPhone-cafeohisbuqbtbfzphrtkslqqokm/Build/Products/ReleaseForRunning-iphoneos/UnitySDK.app"; 无法安装“UnitySDK” Domain: IXUserPresentableErrorDomain Code: 14 Failure Reason: 无法安装此App，因为无法验证其完整性。 Recovery Suggestion: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.D7k1ON/extracted/UnitySDK.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.D7k1ON/extracted/UnitySDK.app : 0xe8008018 (The identity used to sign the executable is no longer valid.) Domain: MIInstallerErrorDomain Code: 13 User Info: { FunctionName = "+[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:]"; LegacyErrorString = ApplicationVerificationFailed; LibMISErrorNumber = "-402620392"; SourceFileLine = 80; } Event Metadata: com.apple.dt.IDERunOperationWorkerFinished : { "device_identifier" = "00008120-000C58283600201E"; "device_isCoreDevice" = 1; "device_model" = "iPhone15,3"; "device_osBuild" = "26.4 (23E246)"; "device_osBuild_monotonic" = 2304024600; "device_os_variant" = 1; "device_platform" = "com.apple.platform.iphoneos"; "device_platform_family" = 2; "device_reality" = 1; "device_thinningType" = "iPhone15,3"; "device_transport" = 1; "launchSession_schemeCommand" = Run; "launchSession_schemeCommand_enum" = 1; "launchSession_targetArch" = arm64; "launchSession_targetArch_enum" = 6; "operation_duration_ms" = 2915; "operation_errorCode" = 13; "operation_errorDomain" = MIInstallerErrorDomain; "operation_errorWorker" = IDEInstallCoreDeviceWorker; "operation_error_reportable" = 1; "operation_name" = IDERunOperationWorkerGroup; "param_consoleMode" = 1; "param_debugger_attachToExtensions" = 0; "param_debugger_attachToXPC" = 0; "param_debugger_type" = 3; "param_destination_isProxy" = 0; "param_destination_platform" = "com.apple.platform.iphoneos"; "param_diag_MTE_enable" = 0; "param_diag_MainThreadChecker_stopOnIssue" = 0; "param_diag_MallocStackLogging_enableDuringAttach" = 0; "param_diag_MallocStackLogging_enableForXPC" = 1; "param_diag_allowLocationSimulation" = 1; "param_diag_checker_mtc_enable" = 1; "param_diag_checker_tpc_enable" = 0; "param_diag_gpu_frameCapture_enable" = 3; "param_diag_gpu_shaderValidation_enable" = 0; "param_diag_gpu_validation_enable" = 1; "param_diag_guardMalloc_enable" = 0; "param_diag_memoryGraphOnResourceException" = 0; "param_diag_queueDebugging_enable" = 0; "param_diag_runtimeProfile_generate" = 0; "param_diag_sanitizer_asan_enable" = 0; "param_diag_sanitizer_tsan_enable" = 0; "param_diag_sanitizer_tsan_stopOnIssue" = 0; "param_diag_sanitizer_ubsan_enable" = 0; "param_diag_sanitizer_ubsan_stopOnIssue" = 0; "param_diag_showNonLocalizedStrings" = 0; "param_diag_viewDebugging_enabled" = 1; "param_diag_viewDebugging_insertDylibOnLaunch" = 1; "param_install_style" = 2; "param_launcher_UID" = 2; "param_launcher_allowDeviceSensorReplayData" = 0; "param_launcher_kind" = 0; "param_launcher_style" = 99; "param_launcher_substyle" = 0; "param_lldbVersion_component_idx_1" = 0; "param_lldbVersion_monotonic" = 210000160004; "param_runnable_appExtensionHostRunMode" = 0; "param_runnable_productType" = "com.apple.product-type.application"; "param_testing_launchedForTesting" = 0; "param_testing_suppressSimulatorApp" = 0; "param_testing_usingCLI" = 0; "sdk_canonicalName" = "iphoneos26.4"; "sdk_osVersion" = "26.4"; "sdk_platformID" = 2; "sdk_variant" = iphoneos; "sdk_version_monotonic" = 2304023700; } System Information macOS Version 26.4 (Build 25E246) Xcode 26.4 (24909) (Build 17E192) Timestamp: 2026-04-03T19:27:29+08:00

Hi, I'm notarizing my Electron macOS app (DMG) for the first time with our new Developer ID, and most submissions have been stuck in "In Progress" for over 24 hours. Environment: Team ID: BSS9KAH6Z2 Certificate: Developer ID Application (valid until 2031) Tool: xcrun notarytool submit (Xcode CLI) App: Electron 28, signed with hardened runtime File: DMG (~131MB), 104 files inside .app What happened: Total 19 submissions over the past 24 hours Only 4 were Accepted (2 DMGs + 2 zips) The other 15 are still "In Progress" with no log available The 4 Accepted ones took 1~1.5 hours each codesign --verify --deep --strict passes with no issues Accepted submission log shows "issues": null Apple System Status shows "Developer ID Notary Service: Available" What I've tried: Submitting as DMG directly Submitting as ditto zip of .app Submitting via electron-builder's built-in notarize Using both app-specific password and keychain profile auth Verified entitlements (allow-jit, disable-library-validation) Since some submissions did get Accepted, I don't think there's an issue with my signing or configuration. Is this expected for first-time submissions from a new team? Is there anything on Apple's side that needs to be configured for my team? Any help would be appreciated. Thank you.

Hi everyone, I am struggling with a persistent issue regarding my Developer Program membership and Xcode syncing. Even though the Apple Developer Portal shows that my developer license is active and I have full access to App Store Connect, it is unfortunately not possible to sign applications with this account. It behaves as if the license wasn't active. The Symptoms: -Portal status: Active (Account Holder/Admin), -Xcode Settings: When I navigate to Settings > Accounts and select my team, there is a Red X displayed next to "Certificates, Identifiers & Profiles.", Xcode suggests there is an issue accessing these resources and I cannot sign any binaries. Confirmed the membership is active in the web portal. Everything seems configured correctly on the web side, but the account simply doesn't work locally in Xcode. Has anyone faced this specific "Red X" issue despite a valid membership? Is there a specific cache I need to clear or a way to force Xcode to re-fetch the correct status? Any advice on how to resolve this loop would be greatly appreciated. Thanks! :)

Hi everyone, I'm building an app in Xcode 16.4 with a minimum deployment target of iOS 12. The last time I built with this configuration was November 2025 — that build worked perfectly fine. I'm aware that builds from Xcode 16.4 will no longer be accepted by Apple after April 28, 2026, so I decided to push one final update before that deadline. Here's what I did: Built the app with no changes to build settings Uploaded to TestFlight Tested on iOS 12, iOS 26, and a few other versions — everything looked good Passed App Review Published to the App Store Now users on iOS 12 are reporting that the app crashes immediately on launch. Users on iOS 13-26 are unaffected. We've effectively lost a significant portion of our users overnight. We'd really like to restore functionality for them before April 28 — after that we plan to raise the minimum deployment target anyway. There are no crash logs available, as the app appears to never reach application code at all. Below are the relevant logs from Console.app: default 16:33:49.012231+0400 SpringBoard Bootstrapping MY_BUNDLE_ID with intent foreground-interactive error 16:33:49.021533+0400 SpringBoard [MY_BUNDLE_ID] Bootstrap failed with error: <NSError: 0x280f59aa0; domain: BKSProcessErrorDomain; code: 1 (bootstrap-failed); reason: "Failed to start job"> error 16:33:49.021748+0400 SpringBoard Bootstrapping failed for <FBApplicationProcess: 0x101cb4070; MY_BUNDLE_ID; pid: -1> with error: Error Domain=BKSProcessErrorDomain Code=1 "Unable to bootstrap process with bundleID MY_BUNDLE_ID" UserInfo={NSLocalizedDescription=Unable to bootstrap process with bundleID MY_BUNDLE_ID, BKSProcessExitReason=0, NSLocalizedFailureReason=Failed to start job, NSUnderlyingError=0x280f58780 {Error Domain=NSPOSIXErrorDomain Code=3 "No such process" UserInfo={NSLocalizedFailureReason=The process failed to exec, NSLocalizedRecoverySuggestion=Consult /var/log/com.apple.xpc.launchd/launchd.log for more information, NSLocalizedDescription=Unable to get valid task name port right for pid 241}}, BSErrorCodeDescription=bootstrap-failed} default 16:33:49.021934+0400 SpringBoard Adding: <FBApplicationProcess: 0x101cb4070; MY_BUNDLE_ID; pid: -1> default 16:33:49.022111+0400 SpringBoard <FBApplicationProcess: 0x101cb4070; MY_BUNDLE_ID; pid: -1> exited. default 16:33:49.023325+0400 SpringBoard Removing: <FBApplicationProcess: 0x101cb4070; MY_BUNDLE_ID; pid: -1> default 16:33:49.039576+0400 assertiond Submitting new job for "MY_BUNDLE_ID" on behalf of <BKProcess: 0x100d119f0; SpringBoard; com.apple.springboard; pid: 48; agency: SystemShell; visibility: foreground; task: running> default 16:33:49.039982+0400 assertiond Submitted job with label: UIKitApplication:MY_BUNDLE_ID[0xed03][58] error 16:33:49.040128+0400 assertiond Unable to obtain a task name port right for pid 241: (os/kern) failure (0x5) error 16:33:49.040286+0400 assertiond Failed to start job with error <NSError: 0x100c3f180; domain: NSPOSIXErrorDomain; code: 3; reason: "The process failed to exec"> { description = "Unable to get valid task name port right for pid 241"; failureReason = "The process failed to exec"; recoverySuggestion = "Consult /var/log/com.apple.xpc.launchd/launchd.log for more information"; Has anyone encountered this recently? Any help would be greatly appreciated. P.S. I tried rebuilding from scratch without any code changes and uploading a fresh build to TestFlight — but now it won't even launch from TestFlight on iOS 12.

Hello, I am a new macOS developer. I've been working on my first Mac application and I am trying to notarize it for distribution using notarytool. However, I've encountered a persistent issue where all my submissions are stuck in the "In Progress" status for several days. As this is my first time going through this process, I initially thought I might have done something wrong. However, I have verified my app with codesign --verify --verbose --deep and it returns "valid on disk" and "satisfies its Designated Requirement". I have also tried bumping the version from 0.1.0 to 0.1.1 and removing spaces from the file names, but the new submission is also stuck. Stuck Submission History (Total 4 submissions): ID: 8cb4aebb-e2d5-4091-b279-18272c3a6ca9 (Created: 2026-04-03 - Latest) ID: 0e9a3584-1a21-471a-bc72-4da3f98e2683 (Created: 2026-04-02) ID: 59b70ef1-0b8e-480d-ba33-df872a691610 (Created: 2026-04-01) ID: 685d8fdb-1e55-4cdd-8203-688991c50dd3 (Created: 2026-04-01) As a first-time developer, it’s frustrating to see these initial submissions hang for so long without any logs or errors to troubleshoot. Is there any specific reason why a first-time submission for a new Mac app might be queued this long? I would appreciate it if someone from Apple could help clear these stuck submissions or provide some guidance as to what might be causing this delay. Thank you very much.

Hi, We're having problems starting an Ad Hoc ipa on an iPad with iOS 12.7.7 and 12.7.8. The iPad's UUID has been added to the provisioning profile. The iPad that we are trying to start the app on is online, so Apple's certificate validation server should be reachable. We don't have any problems with iOS versions above iOS 12. The .ipa was built using the latest version of Xcode (26.2, build 17C52). Here is the anonymised and reduced console log (only the app launch / bootstrap part): default 07:29:35.683108+0100 SpringBoard Icon touch began: <private> default 07:29:35.752640+0100 SpringBoard Icon tapped: <private> default 07:29:35.768538+0100 trustd cert[0]: SubjectCommonName =(leaf)[]> 0 default 07:29:35.791500+0100 SpringBoard Trust evaluate failure: [leaf IssuerCommonName LeafMarkerOid SubjectCommonName] default 07:29:35.793654+0100 trustd cert[0]: IssuerCommonName =(path)[]> 0 default 07:29:36.043497+0100 assertiond Submitting new job for "<APP_BUNDLE_ID>" on behalf of SpringBoard (pid: 48) default 07:29:36.044393+0100 SpringBoard Bootstrapping <APP_BUNDLE_ID> with intent foreground-interactive error 07:29:36.045124+0100 SpringBoard [<APP_BUNDLE_ID>] Bootstrap failed with error: domain: BKSProcessErrorDomain, code: 1 (bootstrap-failed), reason: "Failed to start job" error 07:29:36.045214+0100 SpringBoard Bootstrapping failed for <APP_BUNDLE_ID> (pid: -1): Error Domain=BKSProcessErrorDomain Code=1 "Unable to bootstrap process with bundleID <APP_BUNDLE_ID>" NSLocalizedFailureReason=Failed to start job NSUnderlyingError=NSPOSIXErrorDomain Code=3 "No such process" BKLaunchdOperation=launch_get_running_pid_4SB BKLaunchdJobLabel=<LAUNCHD_JOB_LABEL> BKSProcessJobLabel=<LAUNCHD_JOB_LABEL> default 07:29:36.046078+0100 assertiond Submitted job with label: <LAUNCHD_JOB_LABEL> default 07:29:36.046442+0100 assertiond Unable to get pid for '<LAUNCHD_JOB_LABEL>': No such process (3) error 07:29:36.046542+0100 assertiond Failed to start job: NSPOSIXErrorDomain Code=3 "No such process" default 07:29:36.046607+0100 assertiond Deleted job with label: <LAUNCHD_JOB_LABEL> default 07:29:36.081068+0100 SpringBoard Application process state changed for <APP_BUNDLE_ID>: pid: -1; taskState: Not Running

I have a macOS VPN app with a Network Extension (packet tunnel provider) distributed outside the App Store via Developer ID. Everything works perfectly when running from Xcode. After archiving and exporting for Developer ID distribution, the extension launches but immediately gets killed by nesessionmanager. The error: Signature check failed: code failed to satisfy specified code requirement(s) followed by: started with PID 0 status changed to disconnected, last stop reason Plugin failed What makes this interesting: the extension process does launch. AMFI approves it, taskgated-helper validates the provisioning profile and says allowing entitlement(s) due to provisioning profile, the sandbox is applied, PacketTunnelProvider is created — but then Apple's Security framework internally fails the designated requirement check and nesessionmanager kills the session. Key log sequence: taskgated-helper: Checking profile: Developer ID - MacOS WireGuardExtension taskgated-helper: allowing entitlement(s) for com.xx.xx.WireGuardNetworkExtension due to provisioning profile (isUPP: 1) WireGuardNetworkExtensionMac: AppSandbox request successful WireGuardNetworkExtensionMac: creating principle object: PacketTunnelProvider WireGuardNetworkExtensionMac: Signature check failed: code failed to satisfy specified code requirement(s) nesessionmanager: started with PID 0 error (null) nesessionmanager: status changed to disconnected, last stop reason Plugin failed Setup: macOS 15, Xcode 16 Developer ID Application certificate Manual code signing, Developer ID provisioning profiles with Network Extensions capability Extension in Contents/PlugIns/ (standard appex, not System Extension) Extension entitlement: packet-tunnel-provider-systemextension NSExtensionPointIdentifier: com.apple.networkextension.packet-tunnel codesign --verify --deep --strict PASSES on the exported app Hardened runtime enabled on all targets What I've verified: Both app and extension have matching TeamIdentifier Both are signed with the same Developer ID Application certificate The designated requirement correctly references the cert's OIDs The provisioning profiles are valid and taskgated-helper explicitly approves them No custom signature validation code exists in the extension — the "Signature check failed" comes from Apple's Security framework What I've tried (all produce the same error): Normal Xcode archive + export (Direct Distribution) Manual build + sign script (bypassing Xcode export entirely) Stripping all signatures and re-signing from scratch Different provisioning profiles (freshly generated) Comparison with official WireGuard app: I noticed the official WireGuard macOS app (which works with Developer ID) uses packet-tunnel-provider (without -systemextension suffix) in its entitlements. My app uses packet-tunnel-provider-systemextension. However, I cannot switch to the non-systemextension variant because the provisioning profiles from Apple Developer portal always include the -systemextension variants when "Network Extensions" capability is enabled, and AMFI rejects the mismatch. Questions: Is there a known issue with packet-tunnel-provider-systemextension entitlement + PlugIn-based Network Extension + Developer ID signing? Should the extension be using packet-tunnel-provider (without -systemextension) for Developer ID distribution? If so, how do I get a provisioning profile that allows it? The "Signature check failed" happens after taskgated-helper approves the profile — what additional code requirement check is the NE framework performing, and how can I satisfy it? Any guidance would be appreciated. I've exhausted all signing approaches I can think of.

Hi, We're having problems starting an Ad Hoc ipa on an iPad with iOS 12.7.7 and 12.7.8, probably iOS 12 in general. The iPad's UUID is added to the certificate. And we don't have problems with iOS versions > iOS 12. Here is the anonymized Console Log: default 09:05:12.088994+0100 SpringBoard immediate edge swipe: failed default 09:05:12.095189+0100 SpringBoard Icon touch began: <private> default 09:05:12.096204+0100 SpringBoard Found a reasonable launch image for <private>, not pre-warming SplashBoard. Load image into the snapshot instance. default 09:05:12.117737+0100 powerd Activity changes from 0x2 to 0x1. UseActiveState:1 default 09:05:12.118572+0100 powerd hidActive:1 displayOff:0 assertionActivityValid:0 now:0xcb6 hid_ts:0xcb6 assertion_ts:0x0 default 09:05:12.145354+0100 backboardd [HID] [MT] dispatchEvent Dispatching event with 1 children, _eventMask=0x23 _childEventMask=0x3 Cancel=0 Touching=0 inRange=0 default 09:05:12.152820+0100 SpringBoard Icon tapped: <private> default 09:05:12.158236+0100 dasd Trigger: <private> is now [1] default 09:05:12.159538+0100 dasd Don't have <private> for type 1 default 09:05:12.170128+0100 trustd cert[0]: SubjectCommonName =(leaf)[]> 0 default 09:05:12.170407+0100 trustd cert[0]: LeafMarkerOid =(leaf)[]> 0 default 09:05:12.182388+0100 trustd OCSPSingleResponse: nextUpdate 0.54 days ago default 09:05:12.186084+0100 trustd OCSPSingleResponse: nextUpdate 0.62 days ago default 09:05:12.187067+0100 SpringBoard Trust evaluate failure: [leaf IssuerCommonName LeafMarkerOid SubjectCommonName] default 09:05:12.238604+0100 trustd Task <TASK_UUID_REDACTED_1>.<1> resuming, QOS(0x19) default 09:05:12.240650+0100 trustd TIC TCP Conn Start [12:0xADDR_REDACTED] default 09:05:12.241136+0100 trustd [C12 Hostname#HASH_REDACTED:80 tcp, pid: PID_REDACTED, url hash: HASH_REDACTED] start default 09:05:12.245884+0100 trustd TIC TCP Conn Start [13:0xADDR_REDACTED] default 09:05:12.246361+0100 trustd [C13 Hostname#HASH_REDACTED:80 tcp, pid: PID_REDACTED, url hash: HASH_REDACTED] start default 09:05:12.256520+0100 trustd nw_connection_report_state_with_handler_locked [C12] reporting state failed error Network is down error 09:05:12.256978+0100 trustd TIC TCP Conn Failed [12:0xADDR_REDACTED]: 1:50 Err(50) error 09:05:12.262697+0100 trustd Task <TASK_UUID_REDACTED_1>.<1> HTTP load failed (error code: -1009 [1:50]) error 09:05:12.271646+0100 trustd Task <TASK_UUID_REDACTED_1>.<1> load failed with error Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." default 09:05:12.271898+0100 trustd Failed to download ocsp response http://ocsp.apple.com/ocsp03-wwdrg311/... with error Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." default 09:05:12.280643+0100 SpringBoard Activating <private> from icon default 09:05:12.281399+0100 CommCenter #I CTServerConnection from pid PID_REDACTED has closed (conn=0xADDR_REDACTED) default 09:05:12.513629+0100 SpringBoard Bootstrapping com.example.myapp with intent foreground-interactive default 09:05:12.514084+0100 assertiond Submitting new job for "com.example.myapp" on behalf of <BKProcess: 0xADDR_REDACTED; SpringBoard; com.apple.springboard; pid: PID_REDACTED; ...> default 09:05:12.514909+0100 assertiond Submitted job with label: UIKitApplication:com.example.myapp[REDACTED][REDACTED] error 09:05:12.516769+0100 SpringBoard [com.example.myapp] Bootstrap failed with error: <NSError: 0xADDR_REDACTED; domain: BKSProcessErrorDomain; code: 1 (bootstrap-failed); reason: "Failed to start job"> error 09:05:12.516935+0100 SpringBoard Bootstrapping failed for <FBApplicationProcess: 0xADDR_REDACTED; com.example.myapp; pid: -1> with error: Error Domain=BKSProcessErrorDomain Code=1 "Unable to bootstrap process with bundleID com.example.myapp" default 09:05:12.517589+0100 SpringBoard <FBApplicationProcess: 0xADDR_REDACTED; com.example.myapp; pid: -1> exited. default 09:05:12.542638+0100 SpringBoard Application process state changed for com.example.myapp: <SBApplicationProcessState: 0xADDR_REDACTED; pid: -1; taskState: Not Running; visibility: Unknown> default 09:05:13.072994+0100 SpringBoard Front display did change: <SBApplication: 0xADDR_REDACTED; com.example.myapp> Is there any know problem with running Ad Hoc ipas on iOS 12? Thanks Christian

Hi, My first notarization submission has been stuck in "In Progress" for several hours with no status change. I'm wondering if it's being held for in-depth analysis given the nature of the app. The app is a macOS dictation utility triggered by a global hotkey. It captures audio input, transcribes it, and pastes the result at the cursor position in whatever app the user is focused on. Because of how it works, it relies on a combination of APIs that may be less common in typical submissions: continuous microphone access, programmatic clipboard manipulation, global keyboard event monitoring, and Accessibility APIs to inject text into the frontmost application. This is the first submission for this app, so there's no prior notarization history for the system to learn from. Is this the kind of profile that typically triggers in-depth analysis? Is there anything I should check or provide, or is waiting the right move here? Thanks