tle: New account — all notarization submissions stuck In Progress 26+ hours Hi, I recently enrolled in the Apple Developer Program and all my notarization submissions have been stuck "In Progress" for over 26 hours with no resolution. Team ID: 799833449H Submission IDs: bb31ba38-9ff4-416d-b6ea-8ad88b84a2be (26+ hours) 8fdd039d-3db4-4e96-8111-37dba9d4afd2 (25+ hours) 685cba55-aacd-4a05-8086-707a6b88e138 (23+ hours) Binary is a universal macOS binary, codesign verifies cleanly with hardened runtime. notarytool log returns "not yet available" for all. Is this the in-depth analysis path for new accounts? Any ETA or action needed from my side?

Hello, My macOS notarization has been blocked since March with: "status": "Rejected", "statusCode": 7000, "statusSummary": "Team is not yet configured for notarization", "issues": null Latest fresh probe: Submission ID: 3201b921-2313-45fd-b274-0e46d3fb03c2 Upload time: 2026-05-09T12:37:16Z Archive: KwantflowNotaryProbe-20260509T123714Z.zip Status: Rejected Error: -2052 / 7000 Issues: None Support cases: 102842156916 — Development and Technical → Other Development or Technical Questions 102882811151 — Development and Technical → Code Signing The archive uploads successfully and notarytool history/log work, but every submission is rejected before binary validation. The log shows no signing, entitlement, hardened runtime, timestamp, or executable issues. Apple forum answers say this is a Developer Program Support issue, not DTS/code-level. I have already contacted Developer Support, but the issue is still unresolved and blocks our macOS release. Has anyone recently resolved -2052 / 7000 / “Team is not yet configured for notarization”? Did Apple need to manually enable something on the team/account? Thank you.

We are implementing an exam mode feature for an educational app used in schools, which restricts device usage during assessments. We requested the Automatic Assessment Configuration capability, received approval from Apple, and confirmed that the capability is listed as Assigned under our App ID in the Apple Developer portal. What works: When using a Development Provisioning Profile (downloaded from the portal), the entitlement key com.apple.developer.automatic-assessment-configuration is included in the profile, and our exam lock feature works correctly in development testing. The problem: When we manually download a Distribution (InHouse/Enterprise) Provisioning Profile from the portal — even after creating a new one — the entitlement key com.apple.developer.automatic-assessment-configuration is not present in the profile. verified this by running: security cms -D -i YourProfile.mobileprovision The key appears in the Development PP but is absent in the manually downloaded Distribution PP, despite the App ID showing the capability as Assigned. Note: When using Xcode's automatic signing, the generated profile does include the entitlement correctly. However, due to our organization's internal security policy, we are required to use manually managed provisioning profiles and cannot use Xcode automatic signing for distribution builds. Questions: Is the com.apple.developer.automatic-assessment-configuration entitlement intentionally restricted to Development profiles only, or is this a known portal issue with managed capabilities not being embedded in manually created Distribution profiles? Is it technically supported and intended to use AEAssessmentSession in an InHouse (Enterprise) distribution environment? If InHouse is not supported, is the correct path to test internally via Development profiles and then submit through App Store distribution to include this entitlement in production? Any guidance on the correct technical direction would be greatly appreciated.

Hello, I've been trying to notarize my macOS app using xcrun notarytool, but all submissions get stuck in "In Progress" status indefinitely (30+ minutes, never resolve). Environment: Tool: xcrun notarytool (Xcode 16) Bundle ID: io.pix-cull.app Team ID: C473MUK7G2 App type: PyInstaller-built .app, wrapped in a signed .dmg Stuck submission IDs: 00e953da (first attempt) f7ab027e 3e35fc3f 293541bc-ba61-4ccb-a273-a8f34cda2422 (most recent) Steps I've already taken: Disabled UPX compression in PyInstaller spec Signed all binaries inside-out (deepest first, .app last) Used --timestamp flag during codesign Verified Apple system status — all services show green Waited 24+ hours on the oldest submission — still "In Progress" What I observe: Running xcrun notarytool info <id> returns status: In Progress every time, no matter how long I wait. The submission never transitions to "Accepted" or "Invalid". Other developers report notarization completing in 2–15 minutes. I also submitted a ticket to Apple Developer Support (DTS), but I'm posting here as well in case anyone has seen this pattern. Is there something wrong with my account that could cause all submissions to stall? Any guidance would be appreciated. Thank you.

Dear Apple Developer Support, We are experiencing an issue where our properly signed, notarized, and stapled PKG installer is being blocked by Gatekeeper on macOS Sequoia (15.3), despite passing all notarization checks. Team ID: 3888L7DV3P Organization: SKY GATE TECHNOLOGYS K.K. Certificate: Developer ID Installer: SKY GATE TECHNOLOGYS K.K. (3888L7DV3P) Issue Details: Our PKG installer is signed with "Developer ID Installer" certificate, notarized (status: Accepted, issues: null), and stapled successfully. pkgutil --check-signature confirms: "signed by a developer certificate issued by Apple for distribution" and "Notarization: trusted by the Apple notary service" xcrun stapler validate confirms: "The validate action worked!" However, spctl --assess --type install returns "rejected" with assessment:verdict = false and assessment:remote = true The system log shows: meetsDeveloperIDLegacyAllowedPolicy = 0 When users download and open the PKG (even from within a notarized DMG), Gatekeeper displays: "Apple could not verify [app] is free of malware" Notably, our .app bundles signed with "Developer ID Application" (same Team ID) pass Gatekeeper without issues. Only PKG installers are affected. Our software is a legitimate enterprise security product (VPN/Zero Trust client) distributed to corporate customers. Could you please: Investigate why our Team ID's PKG installers are being rejected by Gatekeeper's online assessment despite valid notarization Advise on any steps we can take to resolve the meetsDeveloperIDLegacyAllowedPolicy = 0 status for our Team ID Confirm whether there is a trust establishment process for new Developer ID Installer certificates with the Gatekeeper service Thank you for your assistance. Best regards, Riku Ogura Skygate Technologies K.K.

I submitted a Family Controls Distribution entitlement request on April 21, 2026 for my app Dopfast. I also resubmitted on April 29, 2026. I received the confirmation page both times but have not received any approval, rejection, or status update. I contacted Developer Support (Case #102879238806) and was told the request is handled by another team and they cannot check the status. Details: Team ID: HSJ6KB4WEZ App: Dopfast (digital wellbeing / screen time management) Bundle ID: com.dopfast Purpose: #2 — individual device management for focus and productivity (personal screen time tracking and app blocking) This entitlement is the only remaining blocker for our App Store submission. The app is fully built and ready to ship. Has anyone experienced similar delays recently? Is there a recommended way to expedite this request?

Hi, Our team already has the Family Controls (Distribution) entitlement approved for the main app and existing Screen Time extensions. We recently added a new Shield Configuration extension to show a custom on-device shield UI using ManagedSettingsUI. It is only used for UI rendering and does not collect or send any user data. However, the entitlement does not seem to be applied to this new extension yet, and we are blocked from proceeding with builds. We have already contacted support but haven’t received an update yet. Case ID: 102881099623 It’s been days without any update, and this has become really stressful for our team since we’re completely blocked at the final step after months of work on this app. Could someone please help to apply/sync the Family Controls distribution entitlement or guide us on the next steps? Happy to share app details privately if needed. Thanks.

I'm trying to setup a macOS 26 build environment in a VM (using UTM and the virtualization framework Apple provides). I have Xcode 26 installed and have logged into my Apple ID and verified that the team and other configuration looks fine in Xcode settings. When trying to build the macOS app, I see errors saying the VM's device ID has not been registered. I have confirmed that the device ID is registered both in the Provisioning portal AND the downloaded .provisionprofiles (in Library > Developer > Xcode > UserData). This problem appears on multiple targets (e.g. the main app and extensions). If I try to manually provision the app, using the Provisioning portal, I can build the product, but it will not launch because of Gatekeeper issues. Finally, signing to run locally doesn't work either. As the app launches, frameworks refuse to load because Team IDs don't match. With ad hoc provisioning, there are no Team IDs. I've come to the conclusion that this just isn't possible. Which is a shame because I need to support products with a build environment on macOS 15 and cannot move over to macOS 26 yet. I suspect many developers outside of Apple are in a similar position.

Problem My ARM64 macOS application is being immediately killed with SIGKILL when launched. No crash report is generated, and the process terminates instantly. Environment macOS Version: 15.x (Sequoia) Architecture: ARM64 (Apple Silicon) Certificate: Mac Developer certificate (development signing) App Type: Native ARM64 application with embedded Java runtime Symptoms ./MacOS/myapp Immediately returns: zsh: killed ./MacOS/myapp Investigation Results System Logs Show Security Policy Rejection kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 92850, /path/to/myapp syspolicyd: (Security) MacOS error: -67062 Error Code Analysis Error -67062 = errSecCSReqFailed (Code signature requirement failed) This is a Gatekeeper enforcement issue, not a code signing problem 3. Code Signature is Valid codesign -dvvv myapp Shows valid signature with Mac Developer certificate Authority=Mac Developer: Name (TEAMID) Authority=Apple Worldwide Developer Relations Certification Authority Authority=Apple Root CA What We Tried (That Didn't Help) ✅ Removed hardened runtime flag from Java components ✅ Added JIT entitlements (com.apple.security.cs.allow-jit) ✅ Verified Mach-O structure is correct ✅ Confirmed all libraries are ARM64 ✅ Re-signed with proper entitlements None of these fixed the issue because the problem is Gatekeeper policy enforcement. Question How can I allow this development-signed ARM64 app to run on macOS 15 without full notarization? I've tried: Removing quarantine attributes Various code signing approaches Different entitlements But Gatekeeper still blocks it with error -67062. Is there a way to add a security exception for development builds, or do I need to use a Developer ID certificate even for internal testing? Additional Context This is for internal development/testing. The app works fine when properly notarized, but we need a way to test development builds without going through the full notarization process each time. Any suggestions would be greatly appreciated!

Our team already has Family Controls (Distribution) entitlement approved for the main app and existing Screen Time extensions. We recently added a new Shield Configuration extension to show a custom on-device shield UI using ManagedSettingsUI. It is only used for UI rendering and does not collect or send any user data. However, the entitlement does not seem to be applied to this new extension yet, and we are blocked from proceeding with builds. We have already contacted support but haven’t received an update yet. Case ID: 102881099623 Could someone please help to apply/sync for the Family Controls distribution entitlement or guide us on the next steps? Happy to share app details privately if needed. Thanks.

Hi, We applied for Tap to Pay on iPhone entitlement and were approved, but on distribution support it's only showing Development. We can build and debug Tap to Pay on development, but unable to build release. We opened ticket with Apple support but they were saying it was configured correctly. I attached screenshot of our developer account entitlement for Tap to Pay. It clearly said Development only.

Hi all — looking for diagnosis help, posting publicly in case other devs hit the same issue. Symptom Every notarytool submission for the past 32 days returns: statusCode: 7000 statusSummary: "Team is not yet configured for notarization. Please contact Developer Programs Support..." Account state (all healthy as far as I can tell) Team ID: P6V2783F8M Membership: Active, Individual, paid Free Apps Agreement: Active Paid Apps Agreement: Active (signed Jan 4, 2026) W-8BEN tax form: Active Bank account: Active Developer ID Application certificate: valid, used for signing Bundle ID: dev.tinyclaw.desktop (registered) App is correctly signed codesign -dvvv shows: Authority=Developer ID Application: Yang Yang (P6V2783F8M) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Apr 11, 2026 Hardened runtime + secure timestamp both enabled. spctl --assess passes locally. Submissions (all rejected with 7000) 5a903f08-bd17-4d59-ac63-12e191e2bb5a 49b670da-0f79-4814-809a-f675791f15c3 febfb37a-b445-4d03-b7c4-bf573304f219 9013e185-10e2-42d4-91c1-3378083266eb bfc64627-5eb6-402c-ac25-e79648d2c251 (latest, 2026-05-02) Different builds, different versions (0.5.22-beta.7 → 0.5.27), different DMGs. Same 7000 every time. Credentials revalidated with a fresh app-specific password — same result. DTS Case 102855668616 open since Apr 2 — 4+ weeks of template responses, no engineering progress. Question Has anyone seen 7000 persist this long after a clean Individual enrollment? Is there a specific team-side flag that has to be flipped server-side, that DTS L1 can't see or escalate? Any suggestion on which DTS topic forces escalation to the notarization service team specifically? Happy to share more diagnostic output. Thanks.

I have a macOS app (a background daemon) that I distribute outside the App Store as a .pkg installer. My build process is: Build the app (xcodebuild archive) Sign the app with Developer ID Application Package it with pkgbuild, signed with Developer ID Installer Notarize with notarytool Staple with stapler This works perfectly on my local machine using custom build_pkg.sh. I'm trying to automate this in Xcode Cloud using a ci_post_xcodebuild.sh script so a new build is triggered whenever I push to git repository. The problem is: • security find​-identity shows 0 valid identities in the post-build script environment • The archived app has Signature​=adhoc (no Developer ID signing) • pkgbuild can't sign the .pkg without a Developer ID Installer certificate • Notarization rejects everything because nothing is signed with Developer ID My question: Is there any way to make Developer ID certificates available in Xcode Cloud's post-build scripts? Or is Xcode Cloud only designed for App Store distribution, and I need to use a different CI (like GitHub Actions) for Developer ID / notarized .pkg workflows? Are there other ways to trigger creation of notarized pkg files whenever I push to GitHub?

I am experiencing an issue with Apple Development certificate creation in Xcode for my organization account. Account details: Organization: Jtecx LLC Team ID: 8V397ULNY4 Issue: When I attempt to create a new Apple Development certificate in Xcode under the Jtecx LLC (8V397ULNY4) team, the certificate is consistently generated under a different team: Apple Development: Joseph Salmond (67P4AAZ5TA) This appears to be my personal team, not the organization team. Impact: Because of this mismatch: Provisioning profiles created under 8V397ULNY4 cannot find a matching signing certificate Xcode shows “Signing Certificate: None” Xcode reports that the provisioning profile does not include the signing certificate I am unable to run or test the app on physical devices due to signing failures Troubleshooting performed: Deleted all Apple Development certificates from Keychain Access Revoked existing Apple Development certificates in the Apple Developer Portal Created a new Certificate Signing Request (CSR) using Keychain Access Generated a new Apple Development certificate through the Apple Developer portal Downloaded and installed the certificate into Keychain Attempted certificate creation via Xcode (Settings → Accounts → Manage Certificates → + → Apple Development) Verified installed identities using Terminal (security find-identity) Confirmed that only the following development identity is being created: Apple Development: Joseph Salmond (67P4AAZ5TA) Deleted this identity and repeated the process multiple times Recreated provisioning profiles after generating new certificates Downloaded and installed new provisioning profiles Attempted both manual signing and “Automatically manage signing” in Xcode Revoked certificates directly from Xcode and allowed Xcode to regenerate them Confirmed that Apple Distribution certificates are correctly issued under 8V397ULNY4 Despite all of the above steps, every new Apple Development certificate continues to be created under Team ID 67P4AAZ5TA instead of 8V397ULNY4. Expected behavior: When creating an Apple Development certificate while the Jtecx LLC (8V397ULNY4) team is selected, the certificate should be issued under that same team: Apple Development: Joseph Salmond (8V397ULNY4) Requested fix: Please investigate and correct the team association so that: Apple Development certificates are generated under the correct team (8V397ULNY4) is properly associated with the Jtecx LLC developer team for certificate issuance Xcode correctly creates and uses development certificates for the organization team Additional notes: Apple Distribution certificates are working correctly under 8V397ULNY4 Only Apple Development certificates are affected This issue is blocking local development and testing on physical devices Thank you.

Hi all, I enrolled in the Apple Developer Program on April 29 and immediately started notarizing my Electron-based macOS app. All submissions are stuck "In Progress" for 24–67 hours, with no Accepted or Invalid verdict. Team ID: VKFQG6Q29S Account: Individual, newly enrolled 2026-04-29 Submissions stuck (all "In Progress"): 2142f524-4c36-4452-a25d-2260d3b7010d (created 2026-04-30, ~50h) 6237312a-ae36-4a98-8ffe-37193c150a69 (created 2026-04-30, ~54h) 5184f493-f574-4f34-a536-8184bf4ce4eb (created 2026-04-29, ~64h) c108ed9f-1908-4c47-9b32-c55d34da99c7 (created 2026-04-29, ~67h) e1502fcd-dad6-402d-a0aa-550a1907ee46 (created 2026-05-01, fresh — submitted via App Store Connect API key as a control) What I have verified: Developer ID Application certificate is valid and trusted (security find-identity -v -p codesigning shows it) Inside-out signing: every Mach-O binary signed individually with hardened runtime, secure timestamp, entitlements; Helper apps and frameworks sealed top-level AFTER inner binaries; parent .app sealed last; DMG container codesigned codesign --verify --deep --strict --verbose=2 /path/to/app → "valid on disk" and "satisfies its Designated Requirement" I tried both auth methods: App-Specific Password (notarytool keychain profile A) and App Store Connect API Key (Team Key, Developer role, validated successfully). Both produce the same "In Progress" stall. Three earlier submissions returned "Invalid" within minutes with concrete errors (missing entitlements on shm-bridge .dylib, broken parent seal etc.), which I fixed. After the fixes, every submission gets stuck "In Progress" with no terminal status. I opened a Code Signing support case (102882655678) on April 30, no response yet. Has anyone else experienced extended "In Progress" hold on a freshly enrolled Developer ID? Is there a known first-submission review queue, and what's the typical SLA? Any way to escalate or is waiting the only path? Thank you.

I have 2 Notarisation stuck for nearly 24 hours oth submission UUIDs: b78aa323-9993-40fd-a510-4fff5e989e8f and 952714cb-3a59-4caa-9343-674ca7dd86d4 Team ID 6A754AWMJB This is a Developer ID distribution (not App Store)

My app's notarization progress is stuck. ID: aa61b008-a329-4e31-bb23-648029510e36 Forum mod DTS Engineer gives "copy-paste" answers to every user who has this problem.

I submitted a Family Controls Distribution entitlement request on 4/22 for my app Prof Blob. I received the confirmation page after submitting, but I have not received any approval, rejection, or status update. We are currently blocked from moving forward with our production release submission due to this entitlement. Details: Request ID: Y2L55S3W34 Team ID: 5AXHQ5ZF3G App: Prof Blob Bundle ID: com.spammusubi.blob-screen-time Related extension bundle IDs: com.spammusubi.blob-screen-time.BlobActivityReportExtension com.spammusubi.blob-screen-time.DeviceActivityMonitorExtension com.spammusubi.blob-screen-time.ShieldActionExtension com.spammusubi.blob-screen-time.ShieldConfigurationExtension Purpose: Individual device management for focus and productivity. Prof Blob is a digital wellbeing / screen time management app that uses Apple’s Screen Time APIs to let users select distracting apps and require a short math-based cognitive gate before opening them. The app uses FamilyControls, DeviceActivity, and ManagedSettings. Development builds are working, but the Family Controls Distribution entitlement is required for production builds, TestFlight validation, and App Store submission. Is there a way to expedite this request or confirm that it is still in review? I would be happy to provide any additional information needed to move the request forward.

A signed DriverKit extension fails OSSystemExtensionRequest activation on macOS 26.4.1. The user-facing error is OSSystemExtensionErrorDomain code 4 ("Extension not found in App bundle") — but the dext is in the bundle, the identifier matches, and sysextd confirms it received the request: sysextd: [com.apple.sx:XPC] client activation request for com.arqitekta.bluefield.rshim.driver sysextd: attempting to realize extension with identifier com.arqitekta.bluefield.rshim.driver …and then nothing further. systemextensionsctl list reports 0 extensions. Question: Which log subsystem/category surfaces the kernel-side reason that sysextd aborts after "attempting to realize"? com.apple.sx only shows the request was accepted; whatever vetoes the realize step isn't in that subsystem (or isn't at info/debug level). Is there a separate predicate for the kernelmanagerd / dext-loading path I should be capturing? Environment: macOS 26.4.1 (25E253), Apple Silicon Mac Studio Xcode 26.2 (17C52), DriverKit SDK 25.2 SIP disabled, systemextensionsctl developer on Apple Developer Program, signed "Apple Development: …" DriverKit entitlement request 264CFJJU36 approved; profile includes com.apple.developer.driverkit, allow-any-userclient-access, transport.pci Already verified: Dext at Contents/Library/SystemExtensions/RshimDriver.dext CFBundleIdentifier matches the request, CFBundlePackageType=DEXT codesign --verify --deep --strict passes on app + dext embedded.provisionprofile parses, contains the expected entitlements Three IOKitPersonalities (BF2 / BF2-alt / BF3) using Apple's placeholder IOPCIPrimaryMatch Installer app entitled with com.apple.developer.system-extension.install only spctl -a -vv on the dext reports "rejected" — expected for development signing, should be bypassed under developer mode Minimal repro: https://github.com/jfabienke/bluefield-macos-toolkit/tree/dev-stub-entitlements/rshim-dext — build.sh produces the failing app dext. Captured artefacts (build output, embedded profile dump, signing report, repro shell script) under rshim-dext/dts-artifacts/. Looking for either (a) the right log show predicate to find the actual refusal reason, or (b) an environmental requirement on macOS 26 I'm missing.

Hi, I have an approved com.apple.developer.family-controls entitlement for my main app bundle (com.maxflame.prove-it) and submitted a request on April 18, 2026 to extend it to an embedded extension: com.maxflame.prove-it.DeviceActivityMonitorExtension Request ID: 65CKJZ7DQ4 — status still shows "Submitted" with no further response. The extension uses DeviceActivity callbacks and needs to decode FamilyActivitySelection, which requires the entitlement on the extension bundle as well. In my experience, Family Controls entitlement approvals for the main app bundle have come through within 24 hours. It's now been 5 days with no response for this extension request, which seems unusual. Has anyone else gone through this for extension bundle IDs? Did you need to submit a separate request per bundle, or did Apple extend the approval to your extensions automatically once the main app was approved? And has anyone else experienced longer wait times specifically for extension bundles? Any guidance appreciated.