Hello, I have a question regarding Apple's policy on third-party SDK signatures. I have reviewed the official documentation here: https://developer.apple.com/support/third-party-SDK-requirements/ Our app is developed in the following environment: Minimum Target: iOS 15 Xcode: 26.2 Engine: Unreal Engine 4.27.2 We are integrating the Firebase SDK into our project. However, we are experiencing app crashes caused by an issue within the GoogleAdsOnDeviceConversion.xcframework included in the Firebase SDK (related to a memory optimization issue in UE4). According to an official response from the Firebase team, this crash can be resolved by wrapping the Firebase SDK in a dynamic XCFramework. We have confirmed that this solution does indeed fix the crash. The problem is that wrapping the Firebase SDK in a custom dynamic XCFramework removes all of the original Firebase SDK signatures. The documentation on third-party SDK signatures, which I referenced earlier, states that a signature is required for the Firebase SDK, and this requirement also applies when repackaging it. This leads me to the following questions: Question 1: When we wrap and repackage the Firebase SDK, is it mandatory for the resulting XCFramework to still include the original Google LLC signature? Question 2: To resolve the crash, we intend to use the Firebase SDK by wrapping it in our own dynamic XCFramework (e.g., FirebaseWrapper.xcframework). When we do this, the resulting XCFramework loses the Google LLC signature, and consequently, the final built IPA's signature list does not contain any Firebase-related signatures. Will this be a reason for rejection during App Store review? Question 3: If we wrap the Firebase SDK in a dynamic XCFramework and then sign it with our own developer certificate, would this be a reason for rejection during App Store review?

Hello! We built a macOS .pkg using pkgbuild (contains a DMG + postinstall bash script). The pkg works locally on the build machine but fails on other devices manually / via MDM unless signed. We tried signing with a Developer ID Installer certificate, but: security find-identity -p codesigning -v → 0 valid identities security find-identity -v → shows the cert Private key is present in Keychain OpenSSL check shows: X509v3 Extended Key Usage: Critical (Expected one might be: Code Signing) We recreated CSR + cert multiple times (G2 Sub-CA), ensured Login keychain, unlocked keychain, etc., but same result. Question: Why is the Developer ID Installer cert missing Code Signing usage and not recognized for signing? Is there any account restriction or step we might be missing? Any recommendations on resolving this issue. Thanks!

I've successfully signed Unix apps manually in the past. Today (after signing the new agreement) I can get it to replace the existing signature but it says "rejected" when I check it. Here are the commands I'm using: michaelleahy@Michaels-Mini ~ % sudo codesign --force --deep --options runtime --sign "Developer ID Application: Bookup Corp. (6J8PUT****)” /Users/michaelleahy/Documents/theapp /Users/michaelleahy/Documents/theapp: replacing existing signature michaelleahy@Michaels-Mini ~ % spctl -a -vvvv -t install /Users/michaelleahy/Documents/theapp /Users/michaelleahy/Documents/theapp: rejected source=Unnotarized Developer ID origin=Developer ID Application: Bookup Corp. (6J8PUT****) Here is a command (issued right after the one above) showing an older signed app is accepted: michaelleahy@Michaels-Mini ~ % spctl -a -vvvv -t install /Users/michaelleahy/Documents/olderapp /Users/michaelleahy/Documents/olderapp: accepted source=Notarized Developer ID origin=Developer ID Application: Bookup Corp. (6J8PUT****) What might I be missing? Something changed since the last time I signed an app.

This is my first time submitting an app for notarization. Both submissions have been stuck "In Progress" with no logs available. Body: This is my first time submitting an app for notarization. Both submissions have been stuck "In Progress" with no logs available. Submission 1: ID: 43ea68c1-5291-42c6-b0e1-3cacab4ca01a Submitted: 2026-04-09T02:05:34Z Status: In Progress (15+ hours) Submission 2: ID: 12ea49a0-64cf-495e-af7e-9aad5aabe30f Submitted: 2026-04-09T17:06:51Z Status: In Progress (1+ hour) Details: Team ID: PWTWN9N25D App: Native macOS SwiftUI app (arm64), ~84 MB zipped Signed with Developer ID Application certificate, Hardened Runtime enabled All embedded helper binaries individually codesigned with Hardened Runtime codesign --verify --deep --strict passes Submitted via xcrun notarytool submit with --keychain-profile notarytool log returns "not yet available" for both Apple System Status shows all services available

Hi, All notarization submissions for our new Electron macOS app have been stuck in "In Progress" for over 24 hours, with no logs available. Environment: Team ID: T7632V8V2D Certificate: Developer ID Application (valid, identity 83AC47F44D984509D5530439DD32729076B84982) Tool: xcrun notarytool submit (Xcode CLI) App: Electron 33, signed with hardened runtime, entitlements include allow-jit and allow-unsigned-executable-memory File: zip of .app (~236MB for arm64, ~104MB for x64) codesign --verify --deep --strict passes with no issues Apple System Status shows "Developer ID Notary Service: Available" Stuck submissions (all "In Progress", no logs available): ea0fd8d4-1f2d-4266-aa84-aa3f3ba9a8fb (Apr 8, 09:40 UTC) dfaacdd2-1a11-4844-b8b7-b07bae809a7b (Apr 7, 16:49 UTC) 8256e1f0-e501-4423-8744-35b5b78ec87f (Apr 7, 10:32 UTC) a477d536-d84a-4c25-99ca-d125e0a22de1 (Apr 7, 09:07 UTC) This is our first time notarizing any app on this developer account. We understand first-time submissions may be routed to in-depth analysis, but 24+ hours with no progress on any of the 4 submissions seems unusual. Could someone from Apple check our team's queue status? Any guidance would be appreciated. Thank you.

Our team (AI Eesti OU, Team ID: W4WXCM4DLL) submitted our first app for notarization and both submissions have been stuck "In Progress" for over 20 hours. Submission IDs: 7433a69a-af1a-463a-a9fc-c80526eb6eab (submitted 2026-04-06 19:11 UTC) d033e2f1-9b33-4b7d-8f8d-271c99f1c61c (submitted 2026-04-06 21:03 UTC) The app is signed with Developer ID Application, hardened runtime enabled, and codesign --verify --deep --strict passes. This is our first notarization submission as a new team. Is this expected for first-time submissions, or is something stuck?

Hi, I’ve been successfully using notarization with notarytool for over a month (20+ submissions, all accepted within minutes). On April 4th around 07:30 (UTC), my last submissions were accepted without any issue: createdDate: 2026-04-04T07:29:08.877Z id: 38d6e6e0-1183-4fe8-ae4a-3036e1f0f025 name: MacOptimizers.dmg status: Accepted -------------------------------------------- createdDate: 2026-04-04T07:26:36.357Z id: 2abf8289-6e00-4b16-9991-fbda7e66a179 name: macopt_notary_payload.UdtfA3 status: Accepted -------------------------------------------- Later that same day (around 16:30 UTC), after minor bug fixes and UI changes, I submitted a new build. Since then, all notarization requests remain stuck in “In Progress” for more than 48 hours: -------------------------------------------- createdDate: 2026-04-05T07:13:03.369Z id: b4872e7a-e2b5-485e-9223-09f3ed94958f name: macopt_notary_payload.mZls1y status: In Progress -------------------------------------------- createdDate: 2026-04-04T20:07:35.937Z id: 375408f2-3c0a-455e-88a1-9cd08ce7dc35 name: macopt_notary_payload.CvrZNt status: In Progress -------------------------------------------- createdDate: 2026-04-04T17:09:47.481Z id: dad888b3-6aff-4c54-9608-da1f86e44db7 name: macopt_notary_payload.IH0RDr status: In Progress -------------------------------------------- createdDate: 2026-04-04T16:28:03.086Z id: 9e129b21-e682-48ce-baa7-8d2d77051bac name: macopt_notary_payload.GsrSa6 status: In Progress No errors are returned, and notarytool log is not yet available. Is this expected behavior (e.g. extended review), or could there be an issue affecting notarization for my team? Thanks for your help.

I signed all the agreements yesterday what is going on Agreements Apple Developer Program License Agreement Issued March 30, 2026. Accepted April 5, 2026. Apple Developer Agreement Issued June 7, 2015. Accepted December 29, 2017. Uploading the disk image for notarization... Error: HTTP status code: 403. Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired. `notarytool` command status: 1 notarytool returned no output at all. Error output: > > Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired. > >

Team ID: LA64G2ZMY2. Submission f28e6a62-5a46-4554-a4b9-666269b3017f has been "In Progress" for over 24 hours. App is signed with hardened runtime, valid Developer ID certificate, HFS+ DMG format (not APFS - aware of DTS r. 134264492). Codesign verifies clean. All requirements met per Apple documentation. Is notarization provisioning needed for new accounts?

Hi, I'm notarizing my Electron macOS app (DMG) for the first time with our new Developer ID, and most submissions have been stuck in "In Progress" for over 24 hours. Environment: Team ID: BSS9KAH6Z2 Certificate: Developer ID Application (valid until 2031) Tool: xcrun notarytool submit (Xcode CLI) App: Electron 28, signed with hardened runtime File: DMG (~131MB), 104 files inside .app What happened: Total 19 submissions over the past 24 hours Only 4 were Accepted (2 DMGs + 2 zips) The other 15 are still "In Progress" with no log available The 4 Accepted ones took 1~1.5 hours each codesign --verify --deep --strict passes with no issues Accepted submission log shows "issues": null Apple System Status shows "Developer ID Notary Service: Available" What I've tried: Submitting as DMG directly Submitting as ditto zip of .app Submitting via electron-builder's built-in notarize Using both app-specific password and keychain profile auth Verified entitlements (allow-jit, disable-library-validation) Since some submissions did get Accepted, I don't think there's an issue with my signing or configuration. Is this expected for first-time submissions from a new team? Is there anything on Apple's side that needs to be configured for my team? Any help would be appreciated. Thank you.

Hi, I’m hoping someone can help clarify the correct entitlement format for the Enhanced Security capability in a macOS App Store build. Context Our app is a sandboxed macOS app built with Xcode 26.4. We enabled the Enhanced Security capability in Signing & Capabilities, and we configured the entitlements based on the current documentation. What’s confusing me The Xcode 26.4 release notes say apps that already adopted Enhanced Security should remove: com.apple.security.hardened-process.enhanced-security-version com.apple.security.hardened-process.platform-restrictions and replace them with: com.apple.security.hardened-process.enhanced-security-version-string with value 1 com.apple.security.hardened-process.platform-restrictions-string with value 2 Reference: https://developer.apple.com/documentation/xcode-release-notes/xcode-26_4-release-notes The entitlement reference pages also seem consistent with that: https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.security.hardened-process.enhanced-security-version-string https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.security.hardened-process.platform-restrictions-string So our app currently uses the new -string entitlements with values "1" and "2". Our App Review rejection said: The app incorrectly implements sandboxing, or it contains one or more entitlements with invalid values. Entitlement "com.apple.security.hardened-process.enhanced-security-version-string" value must be boolean and true. Entitlement "com.apple.security.hardened-process.platform-restrictions-string" value must be boolean and true. That’s the part I can’t reconcile with the documentation. Questions For a Mac App Store submission built with Xcode 26.4, should these two entitlements use the new string-based form, or Boolean true? If the expected format has changed, is there any updated guidance beyond the Xcode 26.4 release notes and current entitlement reference? If Apple staff or anyone familiar with this can clarify what format is currently expected, I’d really appreciate it. Thanks.

Hello, I am a new macOS developer. I've been working on my first Mac application and I am trying to notarize it for distribution using notarytool. However, I've encountered a persistent issue where all my submissions are stuck in the "In Progress" status for several days. As this is my first time going through this process, I initially thought I might have done something wrong. However, I have verified my app with codesign --verify --verbose --deep and it returns "valid on disk" and "satisfies its Designated Requirement". I have also tried bumping the version from 0.1.0 to 0.1.1 and removing spaces from the file names, but the new submission is also stuck. Stuck Submission History (Total 4 submissions): ID: 8cb4aebb-e2d5-4091-b279-18272c3a6ca9 (Created: 2026-04-03 - Latest) ID: 0e9a3584-1a21-471a-bc72-4da3f98e2683 (Created: 2026-04-02) ID: 59b70ef1-0b8e-480d-ba33-df872a691610 (Created: 2026-04-01) ID: 685d8fdb-1e55-4cdd-8203-688991c50dd3 (Created: 2026-04-01) As a first-time developer, it’s frustrating to see these initial submissions hang for so long without any logs or errors to troubleshoot. Is there any specific reason why a first-time submission for a new Mac app might be queued this long? I would appreciate it if someone from Apple could help clear these stuck submissions or provide some guidance as to what might be causing this delay. Thank you very much.

Hello! All notarization submissions for our team (i.e., me) have been stuck "In Progress" since my first attempt on 2026-03-31. This includes a trivial Hello World CLI binary (single print statement, ~8KB), confirming the issue is account/team-level, not related to package content. Team ID: KK4X4YSB8V (Selitic B.V.) This is our first time notarizing. Binary is properly signed with Developer ID Application certificate, hardened runtime enabled, valid timestamp. codesign --verify and spctl pass locally. Submission history (all stuck): Successfully received submission history. history -------------------------------------------------- createdDate: 2026-04-01T11:29:01.416Z id: 39f5e536-d1a6-429b-947d-1a3ac497c03d name: hello-test2.zip status: In Progress -------------------------------------------------- createdDate: 2026-04-01T09:21:47.585Z id: 46322e0f-026c-4b9d-ab1f-d15d7013c6c6 name: hello-test.zip status: In Progress -------------------------------------------------- createdDate: 2026-04-01T07:23:47.576Z id: 8199ab8c-7897-461e-8a85-329d3eb22568 name: nekode-notarize.zip status: In Progress -------------------------------------------------- createdDate: 2026-04-01T05:49:10.593Z id: 410ebd83-8f7d-436a-b30e-2106e9847b2a name: nekode-notarize.zip status: In Progress -------------------------------------------------- createdDate: 2026-04-01T05:48:52.555Z id: 3d096415-46f9-4743-9dee-692f1c359249 name: nekode-notarize.zip status: In Progress -------------------------------------------------- createdDate: 2026-03-31T20:07:52.318Z id: a0e2e5a5-e0ea-4815-86d4-d1c335c4680a name: nekode-notarize.zip status: In Progress -------------------------------------------------- createdDate: 2026-03-31T20:07:15.593Z id: 1684585c-c454-479d-add6-7fd33ae8da2a name: nekode-notarize.zip status: In Progress notarytool log returns "Submission log is not yet available" for all submissions, indicating Apple's backend has not started processing. No pending agreements visible on developer.apple.com/account. Certificate is valid (expiry 2031). Could someone check the backend queue status for my team? Any guidance appreciated.

We have an app with the default email entitlement that was granted several years ago. During our latest deployment, we received an error from our pipeline. When testing a manual submission in Xcode, we saw this error: Entitlement com.apple.developer.mail-client not found and could not be included in profile. This likely is not a valid entitlement and should be removed from your entitlements file. We checked the provisioning profile, and the default email entitlement is still present. It is visible on the certificate portal and also in the embedded.mobileprovision file. Can you suggest what we can do to release a new version of our app?

I'm trying to sign my application but the build times out after 90 minutes waiting for notarytool to return. This seems to be getting worse and worse. I have now updated the timeout to 10hours, to see if I can get a response at all. Something is very wrong with the tool. This was working fine up until about the 28th March 2026.

Team ID: MB9VR977ND We have changed apple developer account for the our application, after changing account we have submitted app for notarization multiple times but all showing in-progress without any logs. do we need to wait until this passed from apple side ? does submitting many request has any issue ? Submission id: 8c5ac51d-bcd3-4fc4-9b38-671e5ea2bf14

My company only needed an Apple Developer Program account in order to sign macOS binaries. Because our scope was very limited, we enrolled with an individual account. Now our scope may grow, supporting more Apple features. As a result, we may need to change to an Organization account. If we change the account type, will this invalidate the certificate we use to sign the macOS binaries?

Hi, I submitted a Family Controls (Distribution) entitlement request for my app Faith Lock (com.faithlock.ios) - a prayer-focused iOS app that uses the Screen Time API to help users block distracting apps. I received an approval email, but the portal still shows the request as "Submitted" and the Distribution option does not appear under Additional Capabilities for my identifier. This is blocking me from submitting to App Store Connect. Details: Bundle ID: com.faithlock.ios Team ID: F86P575UNP Request IDs: 3PWTDR8KL3 / 885ZK276KK Status in portal: Submitted (unchanged since approval email) Has anyone experienced this? Is there a way to get the portal manually updated to reflect the approval? Any help or escalation from a DTS engineer would be greatly appreciated. Thank you.

All notarization submissions remain stuck "In Progress" and never complete. Tested both DMG and ZIP formats — same result. This has been consistent across 5+ attempts on March 29, 2026. App: Electron desktop app (arm64), signed with Developer ID Application, hardened runtime enabled, secure timestamp present. DMG submissions (all stuck): 568cc9c3-e711-41ba-99ce-6af5a1860ae9 (10 min timeout) e0a345c3-ddf8-4771-bdda-e0bc133ff723 (20 min timeout) 6757e5a9-d95b-45b3-95d5-41cb23384bea (20 min timeout) ZIP submission (.app bundle via ditto, ~207MB): Also stuck "In Progress" for 10+ minutes notarytool log returns "Submission log is not yet available" for all submissions. Developer ID Notary Service shows "Available" on System Status page. Environment: macOS GitHub Actions runner (macos-latest), latest Xcode, xcrun notarytool. Seeing similar reports from other developers this week. Is there a known service issue?

Hi, My first notarization submission has been stuck in "In Progress" for several hours with no status change. I'm wondering if it's being held for in-depth analysis given the nature of the app. The app is a macOS dictation utility triggered by a global hotkey. It captures audio input, transcribes it, and pastes the result at the cursor position in whatever app the user is focused on. Because of how it works, it relies on a combination of APIs that may be less common in typical submissions: continuous microphone access, programmatic clipboard manipulation, global keyboard event monitoring, and Accessibility APIs to inject text into the frontmost application. This is the first submission for this app, so there's no prior notarization history for the system to learn from. Is this the kind of profile that typically triggers in-depth analysis? Is there anything I should check or provide, or is waiting the right move here? Thanks