This is my submission, my earliest submission has be stuck for a couple of days can someone please help. This is blocking our launch. -------------------------------------------------- createdDate: 2026-03-01T15:57:46.893Z id: 4cd9bb60-67eb-4f59-be9b-952248da33cf name: Snip-1.0.0-arm64.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-01T15:07:04.101Z id: fc88fa42-6ffe-4fee-86b2-0cec44c4391b name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-28T06:48:58.307Z id: e6cabf68-2963-4971-a057-fb4c5a1bdb4c name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-27T17:02:33.195Z id: 4e038aab-e429-4dfa-abcd-afcd49241a31 name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-27T17:02:21.907Z id: 4a908c50-812b-48c1-949d-8d6d4c9dec40 name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-27T14:28:38.585Z id: bccbc5bc-1cc7-4417-ab57-545b0cc6cc7b name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-27T08:35:47.185Z id: 4219d594-ee41-4905-8ea5-af89dc924b4f name: Snip.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-27T08:07:51.982Z id: 08fce978-8dc1-45bb-aac1-ea932bd08b02 name: Snip.zip status: In Progress

Every recent attempt to create a Installer certificate has failed, and now we've hit the maximum. We can't revoke them either — the portal only shows "Download," not "Revoke." Xcode also fails with: "Signing Certificates Error: There is a problem with the request entity. You already have a current Developer certificate or pending certificate request." This is completely blocking notarization and distribution of our macOS app. Has anyone resolved this, or does it require Apple to intervene on the backend? (This is a relatively new issue, we have successfully done this in the past hundreds of times over the years.)

I'm trying to enable Music Kit for my key however I keep seeing this message "There are no identifiers available that can be associated with the key" even though my identifier has music kit enabled. Can someone help out with this?

I've submitted a few first notarizations for my electron app - I've verified with all the QA and resources that I am doing the correct thing - but its silently just holding all my notarization requests on apples side with no logs. I'm trying to launch my app this week - how should I proceed?

Hi guys, I am new to the Apple Developer Program (enrolled a few days ago) and this is my first app notarization attempt. I've been experiencing significant delays - all submissions have been stuck at "In Progress" for over 24 hours. Details: macOS app signed with Developer ID Application certificate Using xcrun notarytool with app-specific password Hardened runtime enabled codesign --verify --deep --strict passes Team ID: QVHM976XC5 Submission IDs (all stuck "In Progress"): 5f494a89-0db0-4cc6-944f-ca2fe399e870 (latest - 8+ hours) 938f6b8d-0d00-45f5-861d-68fe470df6c2 d0edcbfe-8464-455f-b077-bebaa5b9aab7 I understand new developers may experience longer initial processing, but 24+ hours seems excessive. Is there anything I should check or any additional steps required for new accounts? Any guidance appreciated.

Two months ago I requested the subject entitlement. I'm still waiting for it to be added to our account. Who or how can I find out what going on with it. I have no correspondence from Apple yet saying it was denied and why. https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.developer.persistent-content-capture?language=objc Thank you.

Hi! I am encountering an issue with the notarization process. I'll leave here the outputs of a few command that I think might be useful. user@AndreisMac % pkgutil --check-signature mypkg.pkg Package "mypkg.pkg": Status: signed by a developer certificate issued by Apple for distribution Notarization: trusted by the Apple notary service Signed with a trusted timestamp on: 2026-02-18 18:46:16 +0000 Certificate Chain: ... user@AndreisMac % spctl -a -vv --type install mypkg.pkg mypkg.pkg: rejected origin=Developer ID Installer: MyComp LLC (ABCD) user@AndreisMac % xcrun notarytool submit mypkg.pkg --keychain-profile "notary-profile" --wait Conducting pre-submission checks for mypkg.pkg and initiating connection to the Apple notary service... Submission ID received id: e76f34b3-7c91-451c-a539-8fb39809a5bd Upload progress: 100,00% (13,3 MB of 13,3 MB) Successfully uploaded file id: e76f34b3-7c91-451c-a539-8fb39809a5bd path: /path/to/mypkg.pkg Waiting for processing to complete. Current status: Accepted............... Processing complete id: e76f34b3-7c91-451c-a539-8fb39809a5bd status: Accepted user@AndreisMac % spctl -a -vv --type install mypkg.pkg mypkg.pkg: rejected origin=Developer ID Installer: MyComp LLC (ABCD) As you can see: the installer is signed with a Developer ID Installer (the contents are signed and notarized as well) the first spctl check is failing(even if the installer was already notarized on our build server) trying to notarize again seems to work checking again still shows the installer as rejected I can run the installer locally by removing the quarantine flag, but this is not what I am expecting from a signed&notarized installer. Interestingly enough, trying this installer on a different MacOS machine works as expected(no quarantine) and spctl shows it as notarized(Accepted). Any idea what's wrong with my machine?

Made a notarization request a few hours ago and woke up to check the history and it's no longer available. Not rejected/accepted just not found. I have gone ahead to make another request but I have no confidence because I expect the same thing to happen again. Any guidance? See logs below: daramfon@MacBook-Pro-3 frontend % xcrun notarytool history --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" Successfully received submission history. history -------------------------------------------------- createdDate: 2026-02-20T23:53:14.066Z id: 6f2fadc0-2e8f-4331-a253-68f81334ebc6 name: Speakeasy AI-0.1.0-arm64.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-20T23:47:12.897Z id: 435aec4f-5356-49a5-898d-48aaafb7949f name: Speakeasy AI.zip status: In Progress -------------------------------------------------- createdDate: 2026-02-20T22:35:23.947Z id: 95896757-873a-4e54-a527-03dc767c9cb5 name: Speakeasy AI.zip status: In Progress daramfon@MacBook-Pro-3 frontend % xcrun notarytool history --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" No submission history. daramfon@MacBook-Pro-3 frontend % xcrun notarytool info 6f2fadc0-2e8f-4331-a253-68f81334ebc6 --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" Submission does not exist or does not belong to your team. id: 6f2fadc0-2e8f-4331-a253-68f81334ebc6

Hi everyone, For the past three days I've been unable to notarize my app — every attempt fails with an HTTP 500 error from Apple's notarization service. What's unusual is that the error occurs not only during submission, but also when simply validating credentials via store-credentials. Example: $ xcrun notarytool store-credentials "notarytool-password" \ --apple-id <id> --team-id <team> --password <app-specific-password> Validating your credentials... Error: HTTP status code: 500. Internal Server Error Request ID: K6NYCMIFNM66OI2WRG3ORZEDUE.0.0 Please try again at a later time. Since the failure happens at credential validation — before any package is even uploaded — I'm fairly confident this is a server-side issue, not something wrong with my setup or the binary. I've tried across different network connections, same result. Has anyone else been hitting this? Is there a known outage or incident on Apple's notarization infrastructure? Any way to escalate or get a status update beyond checking developer.apple.com/system-status/? Thanks

Hello, I am attempting to request the endpoint-security.client entitlement for my app using the following form: https://developer.apple.com/contact/request/system-extension/ After submitting the form, I consistently receive an HTTP 500 error from Apple’s servers. Could you please provide guidance on whether this is a known issue or if there is something I may be doing incorrectly? I appreciate your assistance.

Seeing my notarizations getting stuck. This is becoming a blocker for releasing. What's strange is that earlier versions of the same app (very similar) passed notarization very quickly. Any advice or recourse?

Is there a way to check your app signature to verify if any one has tampered with the ipa file. I want to know specifically how to determine and handle this type of situation. How can i do a check for this in code(swift).

How do you renew a "Developer ID Application" certificate? Should there be a "renew" button on the expiration date? Or can you renew it sooner? Or are you required to create a new certificate? Does this count against your limit of five Developer ID Application certificates? I thought there was a way to renew it, but I don't see that option. I also couldn't find any Apple documentation about how to renew, only how to create and how there's a limit to how many you can create.

I’m attempting to use a Locked Camera Capture Extension (created from Xcode’s template / following Apple’s “Creating a camera experience for the Lock Screen” guidance). The extension builds, embeds, and installs on a physical device, but I cannot get it provisioned with the required entitlement com.apple.developer.locked-camera-capture. Environment Xcode: 26.0.1 (17A400) iOS: 26.2.1 (device) Apple Developer Program: paid Individual (Team ID: FT55UW9363) Key issue: provisioning profile for the ExtensionKit appex lacks the locked-camera entitlement The locked camera capture target is embedded as an ExtensionKit extension: .../DirectionalCamera.app/Extensions/LockedCapture.appex I decoded the embedded provisioning profile inside that .appex and printed its Entitlements dictionary: security cms -D -i ".../DirectionalCamera.app/Extensions/LockedCapture.appex/embedded.mobileprovision" > /tmp/locked_profile.plist /usr/libexec/PlistBuddy -c "Print:Entitlements" /tmp/locked_profile.plist Entitlements present in the embedded profile: Dict { com.apple.developer.avfoundation.multitasking-camera-access = true application-identifier = FT55UW9363.arp.geocam.LockedCapture keychain-access-groups = Array { FT55UW9363.* com.apple.token } get-task-allow = true com.apple.security.application-groups = Array { group.arp.geocam } com.apple.developer.team-identifier = FT55UW9363 } Critically, the required entitlement is absent: /usr/libexec/PlistBuddy -c "Print:Entitlements:com.apple.developer.locked-camera-capture" /tmp/locked_profile.plist Print: Entry, ":Entitlements:com.apple.developer.locked-camera-capture", Does Not Exist Build behavior If I manually add com.apple.developer.locked-camera-capture to the extension’s .entitlements, Xcode refuses to sign with: “Provisioning profile failed qualification: Profile doesn't include the com.apple.developer.locked-camera-capture entitlement.” Notes The only other embedded extension is a widget/control extension under .../DirectionalCamera.app/PlugIns/... with a separate profile (expected). Question Has anyone successfully provisioned a Locked Camera Capture Extension on a standard paid developer account? Is com.apple.developer.locked-camera-capture gated/restricted (requiring Apple to enable it for a specific Team ID / App ID), or is there a specific capability in the Developer portal that maps to it? If it’s restricted, what is the official process to request enablement for a team/app-id? Any pointers appreciated.

We have NFC capabilties enabled for our app ID - com.uob.mightyvn but our minimum deployment target is 15.0. We do not have an option deselect PACE from provisioning profile. Hence, the validation is failed for IPA. Invalid entitlement for core nfc framework. The sdk version '18.2' and min OS version '15.0' are not compatible for the entitlement 'com.apple.developer.nfc.readersession.formats' because 'NDEF is disallowed'

I am on a mission to secure our key material for our iOS app's code signing certificate. My first endeavor with storing the code signing certificate on a YubiKey is a marginal success - it seems that with a pin policy that requires entering the PIN at least once we must enter the PIN umpteen times per build. Creating a certificate with a policy of never would be ill-advised. On the other hand, we could chose to store the code signing certificate in the Secure Enclave. However, it seems that I am only allowed to create eliptic curve private keys and not RSA keys in the secure enclave. When I attempt to upload a certificate signing request to AppStoreConnect, I am told that only an RSA2048 key will do. What I am after is a way to authenticate access to the certificate once per boot so that we can make multiple builds per day without manual intervention whilst also ensuring that the key material is not stored on disk. A yubikey would be preferable, but I am fine with the secure enclave if need be. Is there a way to achieve this? Best regards, Emīls

One of our apps (built with Xcode 26.1.1 and distributed via TestFlight) crashes upon launch on iOS 17 with Exception Type: EXC_BAD_ACCESS (SIGKILL) and Termination Reason: CODESIGNING 2 Invalid Page. I have never seen this before. Any pointers? On iOS 18 & 26 this does not happen btw.

Original Problem We use codesign and notarytool in a scripted environment to build and distribute binaries daily. We also do manual builds by logging into the build server using SSH. This has been working for many years, but after updating to a new "Developer ID Application" certificate, codesign was failing with errSecInternalComponent and the console logs showed errSecInteractionNotAllowed. Summary of Resolution Attempting to fix the problem resulted in multiple copies of the same Certificate which were NOT shown by Keychain Access. I had to run security delete-identity multiple times to clear out the redundant Identities and then imported the certificate using the security CLI tool. Details I originally followed these instructions for requesting and installing a new certificate: https://developer.apple.com/help/account/certificates/create-developer-id-certificates/ Tip: Use the security tool intead These instructions fail to mention two critical points: 1) they assume the machine you generate the request on is the same machine you will be using to perform signatures, and 2) KeyChain Access does not allow you to set permissions for applications like codesign. I made the mistake of following the instructions on my workstation, and then tried to import the certificate to the build machine by double clicking on the .cer file. When that did not work, I followed various forum suggestions and eventually realized I need to export the private key as a .p12 file from the workstation, and import it into the build machine. Tip: The term "Certificate" often refers to a public certificate by itself, while "Identity" to refers to the combination of a public certificate and private key. At this point, I could use codesign, but only within Terminal.app while logged into the build machine's console. I tried various security commands to reimport the Identity, set a key partition list, and unlock the keychain, but none of them allowed codesign to work from within SSH or cron scripts. Eventually I stumbled upon this: sudo security find-identity -v Password: 1) 3C255…1560 "Developer ID Application: Data Expedition, Inc. (VK…8X)" 2) 3C255…1560 "Developer ID Application: Data Expedition, Inc. (VK…8X)" 3) 3C255…1560 "Developer ID Application: Data Expedition, Inc. (VK…8X)" 4) EA377…96DD "Developer ID Application: Data Expedition, Inc. (VK…8X)" 5) 3C255…1560 "Developer ID Application: Data Expedition, Inc. (VK…8X)" 6) 3C255…1560 "Developer ID Application: Data Expedition, Inc. (VK…8X)" 7) 3C255…1560 "Developer ID Application: Data Expedition, Inc. (VK…8X)" 8) 3C255…1560 "Developer ID Application: Data Expedition, Inc. (VK…8X)" 9) 3C255…1560 "Developer ID Application: Data Expedition, Inc. (VK…8X)" 10) 3C255…1560 "Developer ID Application: Data Expedition, Inc. (VK…8X)" 10 valid identities found Keychain Access only showed one copy of the Identity in each keychain, but with security I could see there were actually 9. Tip: Keychain Access does not accurately display keychain contents. If it shows no contents at all, type a letter in the search box. Identities are distinguished from lone Certificates by a drop-down caret to the left of the certificate name. Clicking that shows the key. To fix the redundant Identities, I had to run this command four times to delete the nine copies: security delete-identity -Z 3C255…1560 I repeated this until the identity (I used the SHA1 hash of the certificate) no longer showed up in security find-identity -v. I then re-imported the certificate and key using security import, which is what I should have done from the begininng. The Correct Way Here are the commands I used to get things going after I deleted all the problem certificates: security import mycertificate.cer -k /Library/Keychains/System.keychain -T /usr/bin/codesign This next command I ran in Terminal.app on the console so it could display a password prompt: security import ImportThisKey.p12 -k /Library/Keychains/System.keychain -T /usr/bin/codesign After this, I used security find-identity -v to verify that there was only one copy of the Identity. I then verified that codesign could be used from SSH and cron-scripts even while logged out of the console. I suspect that a lot of mysterious certificate problems might be caused by duplicate certificates, each with different permissions. As far as I can tell, there is no way to uniquely identify a certificate/identity or the permissions attached to them. The system just searches based on hash, or team-id, or other non-unique property and seems to just arbitrarily pick one. I hope this helps someone else stuck with errSecInternalComponent errors!

Hi everyone, I am attempting to generate an Ad Hoc provisioning profile for my iOS app that includes MusicKit capabilities, but the generated .mobileprovision file consistently lacks the required entitlement, despite the configuration appearing correct in the developer portal. The Issue: I have enabled MusicKit under the "App Services" tab for my App ID. I have saved this configuration, verified it is checked in the UI, and then regenerated and downloaded my provisioning profile. However, when I inspect the internal contents of the .mobileprovision file, the Entitlements dictionary does not contain the com.apple.developer.music-kit key. It only contains the standard keys (Team ID, App ID, etc.). Steps Taken: Created a brand new App ID to rule out legacy data issues. Explicitly enabled "MusicKit" under the App Services tab for this new identifier. Created a fresh Ad Hoc Distribution profile linked to this new ID. Downloaded the profile and inspected the file structure: the MusicKit entitlement is completely absent. Attempted toggling the service off and on, saving, and regenerating the profile multiple times. Has anyone experienced a specific bug where "App Services" (like MusicKit) fail to propagate to the Provisioning Profile generator? Is there a secondary "Capability" (e.g., Media Library) that must also be enabled to trigger the inclusion of the MusicKit entitlement? Any guidance would be appreciated.

I'm building a content filtering app using NEURLFilterManager and NEURLFilterControlProvider (introduced in iOS 26). The app uses a PIR server for privacy-preserving URL filtering. Everything works with development-signed builds, but App Store export validation rejects: Entitlement value "url-filter-provider" for com.apple.developer.networking.networkextension — "not supported on iOS" I have "Network Extensions" enabled on my App IDs in the developer portal, but the provisioning profiles don't seem to include url-filter-provider, and I don't see a URL filter option in the Capability Requests tab. What I've tried: Entitlement values: url-filter-provider, url-filter — both rejected at export Extension points: com.apple.networkextension.url-filter, com.apple.networkextension.url-filter-control — both rejected Regenerating provisioning profiles after enabling Network Extensions capability My setup: iOS 26, Xcode 26 Main app bundle: com.pledgelock.app URL filter extension bundle: com.pledgelock.app.url-filter PIR server deployed and functional Is there a specific request or approval process needed for the url-filter-provider entitlement? The WWDC25 session "Filter and tunnel network traffic with NetworkExtension" mentions this entitlement but I can't find documentation on how to get it approved for distribution. Any guidance appreciated. Thanks!