I have added an in-app purchase function into my app, and have enabled in-app purchase profile in developer portal(it's on by default and is marked gray in developer portal, I don't know if that's how it supposed to look like). I have issued the agreements and tried signing the app both manually and automatically, but neither of that worked. App can be built successfully in simulator but does not show the simulation window, but cannot build on real device or archive. Errors: Missing com.apple.developer.in-app-purchase, com.apple.developer.in-app-purchase.non-consumable, and com.apple.developer.in-app-purchase.subscription entitlements. Automatic signing failed Xcode failed to provision this target.

Dear Apple Developer Support, We are experiencing an issue where our properly signed, notarized, and stapled PKG installer is being blocked by Gatekeeper on macOS Sequoia (15.3), despite passing all notarization checks. Team ID: 3888L7DV3P Organization: SKY GATE TECHNOLOGYS K.K. Certificate: Developer ID Installer: SKY GATE TECHNOLOGYS K.K. (3888L7DV3P) Issue Details: Our PKG installer is signed with "Developer ID Installer" certificate, notarized (status: Accepted, issues: null), and stapled successfully. pkgutil --check-signature confirms: "signed by a developer certificate issued by Apple for distribution" and "Notarization: trusted by the Apple notary service" xcrun stapler validate confirms: "The validate action worked!" However, spctl --assess --type install returns "rejected" with assessment:verdict = false and assessment:remote = true The system log shows: meetsDeveloperIDLegacyAllowedPolicy = 0 When users download and open the PKG (even from within a notarized DMG), Gatekeeper displays: "Apple could not verify [app] is free of malware" Notably, our .app bundles signed with "Developer ID Application" (same Team ID) pass Gatekeeper without issues. Only PKG installers are affected. Our software is a legitimate enterprise security product (VPN/Zero Trust client) distributed to corporate customers. Could you please: Investigate why our Team ID's PKG installers are being rejected by Gatekeeper's online assessment despite valid notarization Advise on any steps we can take to resolve the meetsDeveloperIDLegacyAllowedPolicy = 0 status for our Team ID Confirm whether there is a trust establishment process for new Developer ID Installer certificates with the Gatekeeper service Thank you for your assistance. Best regards, Riku Ogura Skygate Technologies K.K.

My notarization submission been "In Progress" status for over 30 minutes now. I thought this process should be much faster.

Sharing a solution for a problem that took me a while to figure out. Problem: During development of a macOS 26 app that uses ScreenCaptureKit, the screen capture permissions were being reset after every build. Each time I compiled and ran the app from Xcode, I had to re-authorize screen capture in System Settings. CGPreflightScreenCaptureAccess() would return false even though I'd just granted permission minutes ago. Root cause: I was using ad-hoc code signing during development. macOS ties screen capture permissions to the app's code signing identity. With ad-hoc signing, the identity changes on every build, so the system treats each build as a "new" app. Solution: Switch to an Apple Development certificate for debug builds. In Xcode: Build Settings → Code Signing Identity → Debug → set to "Apple Development" Make sure your development team is selected After this change, the signing identity remains stable across builds, and screen capture permissions persist. This might be related to the broader issue discussed in this forum about ScreenCapture permissions disappearing — if other developers are seeing permissions vanish, it's worth checking whether the code signing identity is changing between sessions.

Hello Colleagues, We have been seeing a delay in our Apple notarization submission that hangs for hours "in progress" without completing: This issue has been occurring since Friday, October 17th. We have also checked the Apple System Status page and there is no indication of any outage for Apple notarization.

Since 2026-03-17 09:06 UTC, all notarization submissions for one of our teams are stuck in "In Progress" indefinitely. Submission logs return "not yet available", indicating Apple's backend has not started processing. Sample submission IDs: 789d40c4-ff83-469f-9b9b-2ac93183125e 2d4685ed-56ac-49db-8e38-63f0b15650c1 5dc3f242-0add-4725-8386-bb32f8383240 18+ submissions affected. Hundreds of successful notarizations before this date with no issues. Please advise or check backend queue status.

When I create an archive file and attempt to upload the app using the "Distribute App" button, the upload fails with the error "Automatic signing cannot update bundle identifier...". (The detailed message is below.) When creating an archive file in Xcode, I unchecked "Automatically Manage Signing" and proceeded with the archive. The message says "Font Enumeration," but other apps with the same option enabled upload successfully. Therefore, I believe the "Font Enumeration" option is not the issue. I tried creating a new provisioning file, but it still doesn't work. I deleted all DerivedData files from my Mac storage, restarted Xcode, and tried again, but it still doesn't work. This keeps happening only for certain targets (specific apps) in Xcode. Does anyone know how to fix this? Xcode is the latest version. Message: Automatic signing cannot update bundle identifier "com.xxxxxx.xxxxxx". Automatic signing cannot update your registered bundle identifier to enable Font Enumeration. Update your bundle identifier on https://developer.apple.com/account and then try again.

This is my submission, my earliest submission has be stuck for a couple of days can someone please help. This is blocking our launch. -------------------------------------------------- createdDate: 2026-03-01T15:57:46.893Z id: 4cd9bb60-67eb-4f59-be9b-952248da33cf name: Snip-1.0.0-arm64.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-01T15:07:04.101Z id: fc88fa42-6ffe-4fee-86b2-0cec44c4391b name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-28T06:48:58.307Z id: e6cabf68-2963-4971-a057-fb4c5a1bdb4c name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-27T17:02:33.195Z id: 4e038aab-e429-4dfa-abcd-afcd49241a31 name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-27T17:02:21.907Z id: 4a908c50-812b-48c1-949d-8d6d4c9dec40 name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-27T14:28:38.585Z id: bccbc5bc-1cc7-4417-ab57-545b0cc6cc7b name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-27T08:35:47.185Z id: 4219d594-ee41-4905-8ea5-af89dc924b4f name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-27T08:07:51.982Z id: 08fce978-8dc1-45bb-aac1-ea932bd08b02 name: Snip.zip status: In Progress

When completing signing on Xcode, it shows the following error message "No certificate for team '' matching 'Developer ID Application' found" I have already followed the steps to generate a certificate from keychain and made a new certificate on developer portal, along with its associated provisioning profile. Viewing "Manage Certificate" window shows the newly created certificate, but Xcode seems to not be able to locate it.

Some capabilities include distribution restriction. For example, you might be able to use the capability for day-to-day development but have to get additional approval to publish an app using that capability to the App Store. To tell if a capability has such a restriction: Go to Developer > Account. At the top right, make sure you’re logged in as the right team. Under Certificates, IDs & Profiles, click Identifiers. Find the App ID you’re working with and click it. IMPORTANT Some managed capabilities are granted on a per-App ID basis, so make sure you choose the right App ID here. This brings up the App ID editor. In the Capabilities tab, locate the capability you’re working with. Click the little info (i) button next to the capability. The resulting popover lists the supported platforms and distribution channels for that capability. For example, the following shows that the standard Family Controls (Development) capability, which authorises use of the com.apple.developer.family-controls entitlement, is only enabled for development on iOS and visionOS. In contrast, if you’ve been granted distribution access to this capability, you’ll see a different Family Controls (Distribution) capability. Its popover shows that you can use the capability for App Store Connect and Ad Hoc distribution, as well as day-to-day development, on both iOS and visionOS. In the Family Controls example the development-only capability is available to all developers. However, restrictions like this can apply to initially managed capabilities, that is, managed capabilities where you have to apply to use the capability just to get started with your development. For example, when you apply for the Endpoint Security capability, which authorises use of the com.apple.developer.endpoint-security.client entitlement, it’s typically granted for development only. If you want to distribute a product using that capability, you must re-apply for another capability that authorises Developer ID distribution [1]. Some folks encounter problems like this because their managed capability was incorrectly granted. For example, you might have applied for a managed capability from an Organization team but it was granted as if you were an Enterprise team. In this case the popover will show In House where you’d expect it to show App Store Connect. If you’ve believe that you were granted a managed capability for the wrong distribution channel, contact the folks who granted you that capability. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] Endpoint Security clients must use independent distribution; they are not accepted in the Mac App Store. Revision History 2026-03-10 Updated to account for changes on the Apple Developer website. 2022-12-09 First posted.

The problem is the following: We create a keychain item called NotaryTool (There are multiple accounts that use Notary tool and we created it for all of them ) This is created in the following way: $ xcrun notarytool store-credentials This process stores your credentials securely in the Keychain. You reference these credentials later using a profile name. Profile name: NotaryTool We recommend using App Store Connect API keys for authentication. If you'd like to authenticate with an Apple ID and app-specific password instead, leave this unspecified. Path to App Store Connect API private key: //AuthKey_ABCDEFGH.p8 App Store Connect API Key ID: <ABCDEFGH> App Store Connect API Issuer ID: ABCDEF-ABCD-1234-1234-1234567 Validating your credentials... Success. Credentials validated. Credentials saved to Keychain. To use them, specify `--keychain-profile "NotaryTool"` The key is downloaded from Apple and some other IDs are provided alongside. These should remain in the keychain for as long as the user process is running (just like any other process) A few runs are successful when we run with the profile that was created. After a few runs we start seeing a failure. Now we are seeing the following issue where the keychain item just vanishes: Error: No Keychain password item found for profile: NotaryTool\n\nRun 'notarytool store-credentials' to create another credential profile.\nError during the not process\nTue Aug 26 06:02:09 2025 Notarization failed with notarytool with exit code 17664: \nTue Aug 26 06:02:09 2025 could not upload for notarization!!!

base" : 6481543168, "size" : 5134811136, "uuid" : "7bc5af5f-1e86-3b36-9036-16025c72cb70" }, "vmSummary" : "ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)\nWritable regions: Total=28.8M written=369K(1%) resident=369K(1%) swapped_out=0K(0%) unallocated=28.5M(99%)\n\n VIRTUAL REGION \nREGION TYPE SIZE COUNT (non-coalesced) \n=========== ======= ======= \nActivity Tracing 256K 1 \nAttributeGraph Data 1024K 1 \nCoreAnimation 48K 3 \nDispatch continuations 6144K 1 \nFoundation 16K 1 \nKernel Alloc Once 32K 1 \nMALLOC 16.8M 10 \nMALLOC guard page 3760K 4 \nSTACK GUARD 64K 4 \nStack 2640K 4 \n__AUTH 3975K 362 \n__AUTH_CONST 60.1M 643 \n__CTF 824 1 \n__DATA 28.6M 604 \n__DATA_CONST 24.9M 650 \n__DATA_DIRTY 4800K 581 \n__FONT_DATA 2352 1 \n__INFO_FILTER 8 1 \n__LINKEDIT 188.3M 7 \n__OBJC_RO 84.3M 1 \n__OBJC_RW 3177K 1 \n__TEXT 839.6M 666 \n__TPRO_CONST 128K 2 \nmapped file 32.7M 3 \npage table in kernel 369K 1 \nshared memory 80K 4 \n=========== ======= ======= \nTOTAL 1.3G 3558 \n", "legacyInfo" : { "threadTriggered" : { "queue" : "com.apple.main-thread" } }, "logWritingSignature" : "96bc482de9d7d2e828b9b488a2feab6193d3c188", "bug_type" : "309", "roots_installed" : 0, "trmStatus" : 1, "trialInfo" : { "rollouts" : [ ], "experiments" : [

Hello everyone, I'm facing a critical build issue related to Family Controls entitlements and would appreciate any insights or help from the community or Apple engineers. My Goal: I am trying to build and run my app on a physical device to test my DeviceActivityMonitor and ShieldConfigurationExtension. I have already been approved for the Family Controls (Development) entitlement. The Problem: When I try to build, Xcode fails with the following errors, preventing me from testing: For my DeviceActivityMonitor target: Provisioning profile "..." doesn't include the com.apple.developer.deviceactivity entitlement. For my SOSAppShieldExtension target: Provisioning profile "..." doesn't include the com.apple.developer.screen-time-api entitlement. The Core Evidence: This seems to be a server-side issue with how the provisioning profiles are generated. I have used the security cms -D -i command to inspect the downloaded .mobileprovision files. The inspection reveals that the profiles do contain the parent com.apple.developer.family-controls entitlement. However, they are missing the required child entitlements: The profile for my monitor extension is missing com.apple.developer.deviceactivity. The profile for my shield extension is missing com.apple.developer.screen-time-api. Troubleshooting Steps I've Already Taken: I believe I have exhausted all possible client-side fixes. Here is what I have tried over the past few days: Confirmed Approval: I am fully approved for the Family Controls (Development) entitlement. Enabled Capabilities: The "Family Controls" capability is checked and enabled for all three relevant App IDs (main app, monitor extension, shield extension) on the developer portal. Profile Regeneration: I have deleted and regenerated all provisioning profiles for all targets multiple times. Forcing a Server Refresh: I have toggled the "Family Controls" capability off, saved, and then toggled it back on and saved again for each App ID. Creating New Identifiers: I created a brand new, clean App ID for the DeviceActivityMonitor extension (com.sosapp.ios.devicemonitor) and created a new profile for it, but the error persists. Xcode Configuration: I am using manual signing in Xcode and have double-checked that each target is pointing to the correct, newly downloaded provisioning profile. I have also cleaned the build folder and deleted Derived Data multiple times. My Question: Given that my account is approved and the capability is enabled, but the generated profiles are provably missing the necessary child entitlements, this points directly to a bug in the profile generation service on Apple's backend. Has anyone else experienced this specific issue where the parent entitlement is present but the required child entitlements are missing? Is there a known workaround, or can an Apple engineer please investigate the profile generation for my Team ID? Any help would be greatly appreciated. Thank you!

I have recently enrolled in the Apple Developer to get my app notarized, and submitted an Archive for notarization, but it is taking forever. It has almost been a whole day, but the status is still in progress, whereas I have seen other developers say that the same takes 10-15 mins to an hour for them. Am I doing anything wrong? Please guide me through this.

Anyone know how long it takes to get Apple to respond to a request for provisioning for endpoint security?

Hi, I was sent here by Apple developer account, it seems here is the only option for me, so your help is very much appreciated! Basically we are building a chromium based browser on iOS, we applied the "com.apple.developer.web-browser" entitlement, and it shows up in our identifier, profile etc. The app is signed with the new entitlement and published to the app store. However it is not listed as an option for default browser, doesn't matter which device I tried. I did verified that the Info.plist contains http/https urlschemes as required. In fact a few of us checked all available documents multiple times and still couldn't see why.

Hi All, Like many others I'm a little confused with gaining access to the family controls capability. Our app is ready to push to testflight, and we sent the request to apple last week. However only learning today that we need to request for the shield extension as well. I wanted to ask what the expected timeline is for being approved? I've seen posts here saying less than a week, and some people having to wait longer than 6 weeks. Any advise or guidance on getting approved smoothly & swiftly would be highly appreciated

Validation failed (409) Missing Code Signing Entitlements. No entitlements found in bundle 'com.seeyon.yiboyun.child' for executable 'Payload/M3.app/PlugIns/CMPSharePublish.appex/CMPSharePublish'." (ID: 6e5429ed-b896-45a0-ab23-bb8fcb472072)

Hi everyone, I'm following up on this post I made earlier about an issue I'm having with FamilyControls and the DeviceActivityMonitor extension not working for external TestFlight testers. To briefly recap: I have official Apple approval for the com.apple.developer.family-controls entitlement (distribution) The entitlement is added to both my main app and the DeviceActivityMonitor extension The App Group is correctly configured for both targets On internal TestFlight builds, everything works as expected: app blocking works, the extension runs, and selected apps are shielded. On external TestFlight builds, users get the Screen Time permission prompt, can select apps to block, but nothing is blocked. Since that post, I submitted a Code Level Support request, and Apple asked me to file a bug report via Feedback Assistant. I did that almost a month ago. The only reply I’ve received since is that they can’t give a timeframe or guarantee it will be resolved. I'm stuck in limbo with no updates and no fix. This feature is critical to my app and I cannot launch without it. I’ve reached out to other developers who use app blocking, and none of them have run into this issue. My setup seems correct, and Apple has not said otherwise. If anyone has experienced something similar, found a workaround, or knows how to get real movement on a bug report like this, I would really appreciate any help. It’s been weeks, and I just want to launch my app. Thanks so much.

I’m looking for guidance on a notarization submission that has been stuck in In Progress for over 24 hours. Details: Team ID: 94B7AVM73F Certificate: Developer ID Application: Bilal Ahmed Qureshi (94B7AVM73F) Tool: xcrun notarytool File: FlashcardGeneratorTrial-AppleSilicon.dmg Submission ID: 7817f9d0-32da-452f-9e2d-fff43478ccf6 Submission created: 2026-04-17T22:10:01.402Z Current status: xcrun notarytool info still reports In Progress This has now been ongoing for more than 24 hours The submission uploaded successfully and received a valid submission ID The Developer ID certificate is valid and correctly paired with the private key in Keychain security find-identity -v -p codesigning returns 1 valid identity Environment: First-time notarization on this developer account macOS direct distribution outside the Mac App Store DMG signed with Developer ID Application certificate Hardened runtime and timestamp enabled during signing I’ve seen some other recent reports of long notarization delays, especially for first-time submissions, so I’m trying to understand whether this is expected queueing / in-depth analysis, or whether there may be an issue with this specific submission. Questions: Is this normal for a first notarization on a new Developer ID account? Is there anything I should do besides wait? Can Apple check whether this submission is stuck in the queue? Thanks.