I have a valid Developer ID Certificate, I've used it to sign an app locally and send the app to other machines of my colleagues to make sure it works and does not get triggered by GateKeeper Now I want to automate the process of signing and notarization on github actions and so I want to export my certificate and upload it there. Initially I tried uploading both the Developer ID Certificate and the G2 CA both as .cer files encoded in base64. But apparently I need my certificate to be in .p12 format When I try to export it from keychain access the option to export as .p12 is disabled. So how can I do it ?

In XCode I create and export a notarized app for "direct distribution". I then create a tar file of the exported .app to distribute to my users. Until today this worked fine. Now when the users try to run the app it pops up a dialog saying "app is damaged and can't be opened. You should move it to the Trash." It is possible to ctrl-click on the app and force it to run but, I think, whether this works or not will depend on system settings and not all users have root access to modify settings. Even simply copying the .app folder from the command line will cause this error.

The Developer App Certificate is not trusted.

Apple has introduced the Wireless Insights Service Predictions capability in iOS 26. After prior alignment with Apple engineers, we are working to integrate this capability into the Douyin App, and intend to provide a TestFlight build for Apple engineers to validate and debug the integration. We have encountered a blocking issue with entitlement configuration: We use our Apple Developer Enterprise Program account to build and submit TestFlight builds. When we manually create and configure provisioning profiles via the Apple Developer Portal, the required entitlement key com.apple.developer.wireless-insights.service-predictions is not available for selection or inclusion in the profile's Entitlements. This completely blocks us from enabling, using, and validating the Wireless Insights Service Predictions capability. For comparison, when we use our Apple Developer Program individual account, the entitlement com.apple.developer.wireless-insights.service-predictions is fully available. It is automatically included in provisioning profiles generated for local debugging, and can also be manually added to custom provisioning profiles via the Apple Developer Portal without issues. We request assistance to resolve this entitlement access discrepancy for our Enterprise Program account, so that we can complete the integration and provide the TestFlight build for validation as planned.

Hi everyone, After I recently changed my Apple ID (iCloud) password, my Developer ID certificate stopped working for signing macOS apps. Symptoms: Signing fails with the Developer ID certificate that was previously working fine. I tried re-downloading the certificate from my Apple Developer account and importing it into the Keychain, but the issue persists. It seems that the Developer ID identity is no longer trusted or properly linked to my system since the password change. Attempts: Re-downloaded and installed the certificate from the developer portal. Verified that the private key is present and linked. Checked keychain access and code-signing identity — everything appears normal, but the signed apps are rejected or the signing process fails. Blocking issue: I am unable to delete or revoke the Developer ID certificate on my account (Apple Support says it's not possible). Also, I can't create a new one due to the certificate limit. Questions: Is it expected for a Developer ID certificate to become invalid after changing the Apple ID password? Is there a recommended way to refresh or restore the certificate trust on macOS? How can I invalidate the current certificate and generate a new one if I'm stuck? Any insights or official guidance would be really appreciated. Thanks in advance!

I submitted a mac app for Notarization. For the first few tries the Notarization failed with an error "Team is not yet configured for Notarization" but few days after my account started to show "ENROLL" option again even though my membership was set to expire on 2026. I am doubting my account has been suspended. I have not received any emails from apple regarding the suspension. I have contacted support but no help yet ! This was the second year, i was paying for the membership. Could you please help me to - Help me get the account unsuspended (if it is, as there is no notification or information regarding this) If the account is suspended due to my app being submitted for Notarization then help me identify the reason so that i can fix them. Mac App is Time Tracking application that runs in background and capture periodic screenshot(NOTE - I am doing this after taking user consent)

I have a free developer account, and I have been creating applications. When I tried to open one of them, it said that this app has been flagged as malware. It is not malware, so I don't know why it has been flagged as this. Not just this app, but suddenly a whole bunch of my apps have been flagged as malware as well! The app I have been developing is basically a windows Taskbar for my macbook air, and it has been working well until the latest update i made where it hides in full screen, suddenly it started taking up significant energy, so i reverted to an older version while i was fixing it. Then, when i try to open it another time, it starts to open, and it says "Malware Blocked and Moved to Bin" “Taskbar.app” was not opened because it contains malware. This action did not harm your Mac”. All versions of the taskbar now contain this message. I try opening some of my other apps, a shared storage client and a shared storage server (where i was testing with app groups), and they couldn't open either, the same malware message appeared. ProPermission couldn't open either (changes permissions on files for me so i don't have to use the terminal or finder). I can run these apps through the Xcode environment (attached process), but when I archieve it into an app bundle, the malware flag appears. Please note that I am certain that these apps do not contain malware, apparently XProtect has incorrectly flagged my apps as malware. Because I do not have the paid developer account, I cannot notarize my apps. I am using MacOS Tahoe 26.1 with Xcode 26.0, and I have tested it with a iMac Intel 2017 with MacOS Ventura.

Hi guys, I am new to publishing apps on Apple Store. I used python, pyside6, torch, pyinstaller to build an app for Apple Store. For codesigning, I used the correct "Developer ID Application" to sign the code. When I validate the .app file (codesign -vv --strict ), I got the following my_app.app: valid on disk my_app.app: satisfies its Designated Requirement Next, I used ditto to "ditto -c -k --sequesterRsrc --keepParent my_app.app my_app.zip" to zip it. Then, I submitted this my_app.zip file for notarization with "xcrun notarytool submit ..." and got the following "accepted" message. Received new status: Accepted Current status: Accepted............... [20:08:54.530Z] Info [API] Submission in terminal status: Accepted Processing complete After that, I want to staple it with "xcrun stapler staple my_app.app", but I got the following Could not validate ticket for my_app.app The staple and validate action failed! Error 65. To further investigate it, I ran "spctl -a -vvv my_app.app" and got my_app.app: rejected source=Unnotarized Developer ID origin=Developer ID Application... I don't know why this would happen after notarization accepted. Could someone help me understand this issue? Thanks!

I'm experiencing an issue when exporting an Enterprise distribution certificate where the certificate and private key won't export together - the private key keeps getting left out. I'm running macOS Tahoe. Has anyone encountered the same issue or know of a solution? Any help would be appreciated.

Hi guys, Is there any good up-to-date tutorial about publishing a Python based app on Apple Store? Now, I have developed a standalone Python app from PyCharm, and it's using Pyside6 for UI and some major Python libraries. It's a productivity app with a little A.I. features. I used PyInstaller to prepare the app. Currently, I am stuck at the stage of codesign and Apple Review process, because I am manually doing codesign and building the package from command-line. Without using Xcode, things can get messy or miss easily. It would be nice to follow a up-to-date tutorial about how to complete the codesign and Apple Review process for a Python based app. For example, what to do, how to do, what to be careful during the Apple Review process, etc. Thanks!

Hello, we are currently encountering a similar issue. We need to inject our capabilities into a third-party app by re-signing it (not a full re-signing process—just requiring the provisioning profile and certificate to match). However, this seems to affect the functionality of universal links. We've found that this issue only occurs on iOS 18. We noticed that when re-signing the app, the entitlements related to associated domains are changed to a wildcard: [Key] com.apple.developer.associated-domains [Value] [Array] [String] * However, this doesn’t cause any issues on iOS 17. Through further testing, we discovered that in order for universal links to work properly, we need to restore the original value of com.apple.developer.associated-domains and use a provisioning profile that matches the app's bundle ID. This means our previous re-signing approach using a certificate and provisioning profile from another bundle will no longer work. We’d like to ask: is this a new restriction introduced in iOS 18? If we manually restore the original com.apple.developer.associated-domains entitlement and use a provisioning profile that matches the app’s bundle ID, will universal links function correctly going forward?

The attached file bellow contains the full error error I clone this repo to my mac, change team id and group, and run it in Xcode: https://github.com/protonpass/ios-pass There's no issue when I ran it with the Debug configuration, but when I go to Product > Scheme > Edit Scheme and change the iOS target build configuration to Release then I got that error above. I have tried Archive and export the ipa, verify that the provisioning profile contains my Mac UDID, but when double clicking the ipa to install, I also got the error This app cannot be installed because its integrity could not be verified.

Hi Team, i'm running into same issue with notarization time. I create new, small app for a customer but however the notarization is running since this morning, so almost a few hours. This isn't normal or ? Is there anything what i can do ? Best regard, Lars

Xcode automatic signing consistently fails for the macOS target when adding the App Groups capability, even though the Developer Portal is correctly configured. Error: Provisioning profile “Mac Team Provisioning Profile: com.example.testapp.mobile” doesn’t support the App Groups capability. Setup: • Bundle ID: com.example.testapp.mobile • App Group: $(TeamIdentifierPrefix)group.com.example.testapp.mobile Troubleshooting Steps Tried (None Helped): • Changed bundle identifiers and deleted/recreated them in the Developer Portal • Deleted and recreated App Groups • Removed and re-added the developer account in Xcode • Deleted all provisioning profiles from the system • Cleared Derived Data and Xcode caches • Even tried on a clean macOS system This setup used to work previously. The issue seems to have started after the Apple Developer account was renewed.

Hello Apple Developer Forum Community, I’ve got a problem with the signing process of my AppClip Test App. Can someone help me? As I don’t know hot to get the certificate...

Hello, I sent this in as a feedback several weeks ago about watchOS 26.2 beta 2 but since the issue is still active now that watchOS 26.2 is in production I'm reposting here for the community. I would also like to submit a DTS about this issue but honestly don't know the best way to go about it and would appreciate advice about that. There seems to be an issue with VPP distribution for our app on watchOS 26.2. When our watchOS companion app is launched after being installed through VPP to a supervised iPhone, it encounters a dyld error before main() or any application code is even called. The same app launches correctly in every other circumstance we could imagine and test: – Installed through VPP on supervised devices running watchOS 26.1. – Installed from the app store (using an apple id) on a supervised iPhone and paired watch running iOS 26.2 / watchOS 26.2. – Installed through Testflight on a supervised iPhone and paired watch running iOS 26.2 / watchOS 26.2. – Installed through the app store on unsupervised devices running watchOS 26.1 and 26.2. This strongly appears to be a VPP signing issue because we even did the following experiment: Install iPhone and Watch apps through the App Store on a supervised device pair running public iOS 26.2 beta 2 / watchOS 26.2 beta 2. Verify that both apps launch successfully. Use an MDM command to install from VPP over the existing installations Verify that the watch app fails to launch (the iOS app is unaffected) My feedback included some crash logs which I won't be reposting publicly here. Any feedback or ideas appreciated.

Hello, We are currently facing an issue with the Apple Notary Service that is completely blocking our production pipeline. For the past three days, every single submission has been stuck in the "In Progress" state indefinitely. Some submissions have been pending for over 48 hours, and none of them ever proceed to analysis. When checking the status via xcrun notarytool history, all entries show "In Progress". Attempting to retrieve logs with xcrun notarytool log always returns: Submission log is not yet available. This strongly suggests that the processing hasn't even started. This issue occurs consistently from my local machine (MacBook Air M3) and Our GitHub Actions CI workflow. Both environments are properly configured with Electron + Electron-Builder, and the app is correctly signed and uploaded each time. We have verified multiple times all credentials and code signing settings, no exceptions so far or problems in the pipeline. Here are a few stuck submission IDs: This is not a normal delay, it looks like a backend issue affecting our account or this specific App ID. Please escalate this case as soon as possible. We appreciate your urgent attention. Best

I’ve been wrestling with this for nearly a week now and none of the proposed fixes have worked. I’m trying to resign an app via Jenkins and have done the following: Created a custom keychain Imported the required .p12 certificates Installed the Apple WWDR certificate in the System keychain Made the login keychain my default Added my development keychain, the login keychain and the System keychain to the user keychain list Unlocked my development keychain Confirmed my signing identity is present Granted the appropriate partition list access to the keychain "security set-key-partition-list -S apple-tool:,codesign: -k pwd /Users/ec2-user/Library/Keychains/development.keychain-db" Yet when I invoke Fastlane’s resign action, I still see: _floatsignTemp/Payload/EverMerge.app/Frameworks/AppLovinSDK.framework: replacing existing signature _floatsignTemp/Payload/EverMerge.app/Frameworks/AppLovinSDK.framework: errSecInternalComponent Encountered an error, aborting! Any guidance on what might be causing this errSecInternalComponent failure or how to get the resign step to succeed would be highly appreciated.

I’m having issues trying to codesign a .app file. We generated the Developer ID Application certificate using the organization owner’s account. I downloaded the certificate to my Mac and imported it into my keychain, but when I run the codesign command below, I get the following error. Could you help me? What am I doing wrong? Is there any other way to sign the .app executable? From what I’ve seen in other posts, it looks like the certificate needs to have a private key, but the certificate I download from the developer portal doesn’t include the key. Also, about exporting it as a .p12 — I couldn’t quite understand if that’s considered a safe practice, since the organization owner’s private key would be included in this certificate that we plan to use in our pipeline.

Hi Apple DTS & community folks, I’m reaching out regarding an issue we’ve encountered with the com.apple.developer.mail-client capability for our app (bundle identifier: so.notion.Mail). We were granted this entitlement last week to allow the app to be set as a default Mail client. While everything works as expected when archiving and distributing builds locally in Xcode, we’re running into a problem when using Xcode Cloud. Specifically, Xcode Cloud attempts to archive and distribute an Ad-Hoc build, but the Ad-Hoc provisioning profile does not include this special entitlement. Since we’re using Xcode-managed profiles, we don’t have the ability to create or adjust an explicit profile ourselves. This issue only arises in Xcode Cloud—local distribution works unless we explicitly attempt an Ad-Hoc build (which is not our intent). I’ve included a screenshot of the error for reference. We found this forum post describing the same issue, where the resolution was Apple enabling the entitlement for Ad-Hoc builds. We’d like to request that Apple enable this capability for Ad-Hoc builds for the Notion Mail application so that Xcode Cloud distribution functions correctly. Thank you for your help!