You can now easily request access to managed capabilities for your App IDs directly from the new Capability Requests tab in Certificates, Identifiers & Profiles > Identifiers. With this update, view available capabilities in one convenient location, check the status of your requested capabilities, and see any notes from Apple related to your requests. Learn more about capability requests.

General: Forums topic: Code Signing Forums subtopics: Code Signing > General, Code Signing > Certificates, Identifiers & Profiles, Code Signing > Notarization, Code Signing > Entitlements Forums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Bundle Resources > Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to the other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained forums post --deep Considered Harmful forums post Don’t Run App Store Distribution-Signed Code forums post Resolving errSecInternalComponent errors during code signing forums post Finding a Capability’s Distribution Restrictions forums post Signing code with a hardware-based code-signing identity forums post New Capabilities Request Tab in Certificates, Identifiers & Profiles forums post Isolating Code Signing Problems from Build Problems forums post Investigating Third-Party IDE Code-Signing Problems forums post Determining if an entitlement is real forums post Code Signing Identifiers Explained forums post Mac code signing: Forums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding nonstandard code structures in a bundle documentation Embedding a command-line tool in a sandboxed app documentation Signing a daemon with a restricted entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example forums post The Care and Feeding of Developer ID forums post TestFlight, Provisioning Profiles, and the Mac App Store forums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hello, We are experiencing repeated notarization delays for our macOS app distributed outside the Mac App Store. Current submission ID: 45d7cac0-bd8a-4d48-b886-1cad7649adf4 Previous affected submission ID: ff61de1e-15f5-4bbe-8b34-a91a6f73b978 Issue description: xcrun notarytool submit succeeds and returns a submission ID. xcrun notarytool info keeps returning In Progress for a very long time. In the current case, the submission has remained In Progress for more than 45 minutes. This issue has happened repeatedly across multiple submissions. What we have already checked: We are not using a local proxy for notarization requests. We separated submit and polling in our build script to verify the exact stage. We retried multiple times. We reduced package contents to rule out newly introduced app content. Could someone from Apple please help check whether these submission IDs are stuck in the notarization pipeline, or advise what additional diagnostics we should provide? Thank you.

Hi, I submitted a Family Controls (Distribution) entitlement request on March 9, 2026 for my iOS app, but I still have not received any approval, rejection, or other status update. At this point, I’m mainly trying to understand: whether this waiting time is currently normal, whether there is any way to check if the request is actually under review, and whether Apple provides any follow-up if more information is needed. This is blocking my progress, because the app depends on the Screen Time / Family Controls APIs. Has anyone recently experienced similar delays, and is there any recommended next step besides waiting? Thanks. Imi

Hi, I do have a strange behavior in my development environment on a Mac mini (M4) running 26.2 and Xcode 26.3. Everything was working as expected. My project had a stable state and I wanted to enable iCloud support. As result I could not run the app any more because code signing failed with the message that my profile does not include the above entitlement. On my notebook (M2) with XCode 26.3 everything is working. Im am using GIT and both computers have identical code. The code compiling and running on my notebook will not run any more on my Max mini. Any help to find what might have broken the code signing and how it could be fixed? Thanks in advance.

Hi everyone, I recently submitted the Family Controls request form and received the following request IDs: 429MKWT5VX
 KNL6T2DC7A
 N62KV78DKC However, I haven’t received any updates yet and I’m not sure how these requests are tracked or when we’ll know if they’re approved. Our app is almost ready to launch and this capability is critical for us. Both the main app and an extension depend on Family Controls, so we’re currently blocked from moving forward. I also raised a support ticket with Apple Developer Support (Case ID: 102838723073), but I haven’t received any response there either. To be honest, this is becoming really stressful. Months of work are stuck at the final step and we’re unable to move forward without this approval. This isn’t just a small personal project and we’re building a production app and were hoping to launch very soon. If anyone has been through this process or has any guidance on the approval timeline, or if someone from Apple could help look into these request IDs, it would genuinely mean a lot to us.

 Thank you

Hi everyone, I recently submitted the Family Controls request form and received the following request IDs: 429MKWT5VX
 KNL6T2DC7A
 N62KV78DKC However, I haven’t received any updates yet and I’m not sure how these requests are tracked or when we’ll know if they’re approved. Our app is almost ready to launch and this capability is critical for us. Both the main app and an extension depend on Family Controls, so we’re currently blocked from moving forward. I also raised a support ticket with Apple Developer Support (Case ID: 102838723073), but I haven’t received any response there either. To be honest, this is becoming really stressful. Months of work are stuck at the final step and we’re unable to move forward without this approval. This isn’t just a small personal project and we’re building a production app and were hoping to launch very soon. If anyone has been through this process or has any guidance on the approval timeline, or if someone from Apple could help look into these request IDs, it would genuinely mean a lot to us.

 Thank you

I've already submitted multiple cases about this issue. My Family Controls Distribution request was apparently approved (or I was told via Developer Support) for my Device Activity extension, but the Distribution option still does not appear in the identifier. This is blocking my ability to distribute via TestFlight. I need someone who can update the identifier capabilities or explain why the approved capability is not showing.

I have been code signing my py2app Python applications for over 5 years. Recently, my application notarizes and staples with no errors. However, when I try to verify the signature I get the above error. I do not see any errors in the appropriate notary log file. Can't figure out how to post the log file. The associated ID is: eb78c6b0-cdd2-414f-9dd3-24315a27d457 Can anyone point me to an appropriate reference ?

Since this evening (March 10, 2026), I'm unable to launch any developer-signed app on my physical device (iPhone 16 Pro Max, iOS 26.4 beta 23E5223k). The error is: "Unable to launch [app] because it has an invalid code signature, inadequate entitlements or its profile has not been explicitly trusted by the user." On the device itself, it shows: "Unable to Verify App - An internet connection is required to verify the trust of the developer." What I've tried: Created a new Apple Development certificate Deleted and reinstalled the app Restarted the device Tested on both Wi-Fi and cellular Confirmed Developer Mode is enabled Removed all third-party CA certificates from the device Verified the code signature is valid (codesign -dv shows correct Authority chain) The root cause: https://ppq.apple.com is currently returning 502 Bad Gateway. I confirmed this both from my Mac (curl -s -o /dev/null -w "%{http_code}" https://ppq.apple.com → 502) and from Safari on the device. This affects all developer-signed apps, not just a specific project. Is anyone else experiencing this? Is there an ETA for the fix? Environment: Xcode 26.3 (17C519) macOS 26.3.1 (25D2128) iPhone 16 Pro Max, iOS 26.4 (23E5223k)

Notarization submissions stuck “In Progress” for 5+ days (SwiftUI macOS menu bar app) Hello, I’m experiencing an issue where all notarization submissions remain “In Progress” for several days. Environment macOS native app written in Swift / SwiftUI Menu bar application Built with Xcode Developer ID Application signing Hardened Runtime enabled App Sandbox disabled Uses SMAppService for “Start at Login” Artifact structure ClaudeUsageTracker.zip └ ClaudeUsageTracker.app (no nested directory) Verification codesign --verify --deep --strict --verbose=2 ClaudeUsageTracker.app This succeeds without errors. Notarization submissions 2026-03-06 — In Progress ID=215814fc-57c5-4f99-88fe-ed2db4d3e3d9 2026-03-06 — In Progress ID=70948178-191c-4840-a9c7-52c321b725e5 2026-03-09 — In Progress ID=14a88b79-df4d-4d83-9bfe-fa6eafc9bf76 All submissions remain In Progress for 5+ days, and notarytool log is not available yet. Command used xcrun notarytool submit ClaudeUsageTracker.zip \ --keychain-profile "notarytool-profile" The app is a small utility and the archive is only a few MB. Is there a known issue with the notarization queue or with accounts getting stuck in a processing state? Any guidance would be appreciated. Thanks. Repository: https://github.com/grad13/Claude-Usage-Tracker

I am seeking clarification on whether the various driverkit entitlement families (com.apple.developer.driverkit.family.*) are available for development on my local Mac without requesting entitlements from Apple. My experience is inconsistent with public statements made by Apple, and I am wondering if there have been changes to development entitlements as of 2026. I am hoping there is something obvious that I have missed. At WWDC2022 Apple stated that "In MacOS... In fact, all DriverKit family entitlements are now available to use for development." On these very forums, Eskimo himself also suggested this was the case in 2024. However, my own experience has been that in my provisioning profile on my paid developer account, I am not able to obtain com.apple.developer.driverkit.family.networking for the purpose of developing a driver for unsupported hardware. As you can see, I do not have the networking entitlement: { .. "Entitlements" => { ... "com.apple.developer.driverkit" => true "com.apple.developer.driverkit.transport.usb" => [ 0 => { "idVendor" => "*" } ] And there appears to be no mechanism to add these entitlement:

I accidentally mis-copy-pasted when creating a new app identifier, and I can't create the correct one. I missed the leading "c" and I created An App ID with om.automaticduck.MyApp I deleted it, but now I can't create the correct one. The error says An attribute in the provided entity has invalid value An App ID with Identifier 'com.automaticduck.MyApp' is not available. Please enter a different string. Thank you for helping with what I need to do.

Hi, I'm trying to notarize a macOS app using xcrun notarytool, but the submission has been stuck in "In Progress" for over 24 hours. Submission ID: a3e0914a-c45f-4614-bd7c-cbae4c7b0b55 Created: 2026-03-08T01:55:29.272Z Team ID: 69YV6P6AKZ It looks like the signature is valid and the only missing step is notarization. I tried submitting twice, but the second submission is also stuck in In Progress. Is this likely a backlog in the notarization service, or is there something that could cause submissions to stay "in progress" for so long? Thanks!

My team is distributing a cross-platform app outside the Mac App Store via ZIP file. The app works perfectly on Windows, but on macOS, while the ZIP downloads and extracts without issue, the app refuses to open. Users see either the app appear in the dock then immediately disappear or a Gatekeeper prompt saying the developer cannot be verified. We suspect the root cause is related to code signing and/or notarization, but we're not entirely sure where the breakdown is occurring. We have a few questions as we work through this. For ZIP-based distribution outside the Mac App Store, is both a Developer ID certificate and Apple notarization required on current macOS versions? We've also seen references to using ditto instead of Finder's built-in Compress option when packaging the ZIP. Is that necessary to properly preserve the app bundle structure and extended attributes? Any guidance on where this process might be going wrong would be hugely appreciated. Thanks!

Hi, I'm a new Developer ID account holder submitting my first app for notarization. All submissions have been stuck "In Progress" for 72+ hours. Apple System Status has shown all services operational throughout. Team ID: 4L9YA7S99L $ xcrun notarytool history --keychain-profile "blackbox" Successfully received submission history. history -------------------------------------------------- createdDate: 2026-03-09T11:19:41.697Z id: 2c0cdf3d-a3ac-4d86-8eb0-2f601b2d09c5 name: Blackbox-0.2.0.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-07T18:11:37.660Z id: 5ab09d84-b2e2-4738-9b63-100a7dd46882 name: Blackbox-0.1.0.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-06T22:47:21.410Z id: 1c90fa3e-c52a-4468-8056-06ff5d7d3752 name: Blackbox-0.1.0.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-06T22:34:55.803Z id: 4bbd6f77-7ff6-445f-817c-21f9909dfe7a name: Blackbox-0.1.0.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-06T21:28:26.904Z id: 3c63ed16-be5d-4900-b82d-5df9557a47b4 name: Blackbox-0.1.0.dmg status: In Progress -------------------------------------------------- createdDate: 2026-03-06T21:24:14.558Z id: 76df3f18-57a1-49b7-87e2-3f2bf0e4e6d5 name: Blackbox-0.1.0.dmg status: Invalid The Invalid submission (76df3f18) was error 4000 due to unsigned binaries in a bundled framework. That's been fixed in all subsequent submissions. The app is a small macOS menu bar utility (~2 MB DMG), signed with Developer ID Application certificate, hardened runtime enabled, no restricted entitlements. codesign --verify --deep --strict and spctl --assess --type execute both pass locally. Is there a known processing delay for first-time Developer ID accounts, or could something be stuck on the backend? Thanks for any guidance.

I am trying to notarize my first macOS app for direct distribution outside the Mac App Store using Developer ID Application signing. Team ID: 32S6XVAQPY Environment: macOS app distributed via Developer ID notarytool with a saved keychain profile archive exported locally, app zipped with ditto What I already verified locally: The archived app is signed with: Developer ID Application: (32S6XVAQPY) codesign --verify --deep --strict passes spctl shows: source=Unnotarized Developer ID syspolicy_check distribution only reports the expected missing notary ticket Hardened runtime is enabled The app bundle and nested Sparkle executables were re-signed and now have valid Developer ID signatures with secure timestamps Important note: I previously had a real signing issue in nested Sparkle binaries, and Apple rejected that submission quickly as Invalid. I fixed those signatures, and now new submissions no longer fail quickly but remain stuck In Progress. Submission IDs currently stuck: bea6c4b3-b107-4c81-8042-6c58b1cf5087 5489e29c-d583-4779-a125-ca0fbd9cad0b Earlier invalid submission with a concrete Sparkle signing error: 10df648b-eca8-428f-98d6-4cb4096153ad Apple reported invalid Developer ID / missing secure timestamp on: Sparkle.framework/Versions/B/Updater.app/Contents/MacOS/Updater Sparkle.framework/Versions/B/Autoupdate Sparkle.framework/Versions/B/XPCServices/Downloader.xpc/Contents/MacOS/Downloader Sparkle.framework/Versions/B/XPCServices/Installer.xpc/Contents/MacOS/Installer That Sparkle issue has since been fixed locally and re-verified. Question: Is there currently a notarization backlog or any known issue affecting first-time macOS notarizations or Developer ID submissions? At this point the remaining submissions appear valid locally but sit In Progress for a very long time.

All my notarization submissions are rejected with statusCode 7000 ("Team is not yet configured for notarization"), even though my Apple Developer Program membership has been active since February 26, 2026. Error log: status: Rejected statusCode: 7000 statusSummary: "Team is not yet configured for notarization" My setup: Team ID: 9NL8W3646T Membership: Individual, ACTIVE (confirmed by Apple Support on Feb 26) Certificate: Developer ID Application — valid, signing works Hardened runtime: enabled Latest failed submission: ce6a4ca9-ccc2-4838-b96a-d9ed16557237 (March 6) I have support case 102832266798 open since March 4. Apple responded on March 6, but the email never arrived in my inbox and the portal doesn't let me view the response. Could DTS help enable notarization for my team? This is blocking distribution of my macOS app. Thank you.

Apple has introduced the Wireless Insights Service Predictions capability in iOS 26. After prior alignment with Apple engineers, we are working to integrate this capability into the Douyin App, and intend to provide a TestFlight build for Apple engineers to validate and debug the integration. We have encountered a blocking issue with entitlement configuration: We use our Apple Developer Enterprise Program account to build and submit TestFlight builds. When we manually create and configure provisioning profiles via the Apple Developer Portal, the required entitlement key com.apple.developer.wireless-insights.service-predictions is not available for selection or inclusion in the profile's Entitlements. This completely blocks us from enabling, using, and validating the Wireless Insights Service Predictions capability. For comparison, when we use our Apple Developer Program individual account, the entitlement com.apple.developer.wireless-insights.service-predictions is fully available. It is automatically included in provisioning profiles generated for local debugging, and can also be manually added to custom provisioning profiles via the Apple Developer Portal without issues. We request assistance to resolve this entitlement access discrepancy for our Enterprise Program account, so that we can complete the integration and provide the TestFlight build for validation as planned.

Hi, I have two notarization submissions that have been stuck in "In Progress" status for several hours with no resolution. Submission IDs: 2158329b-8beb-400b-aa80-f8c2a5f30106 (submitted ~9 hours ago) 73174908-3ed9-4a85-afe0-a3c3b0722a61 (submitted ~3 hours ago) Both submissions show "In Progress" indefinitely and no log is available for either. The notarytool --wait --timeout 30m timed out on the second submission with exit code 124. The app is signed with a valid Developer ID Application certificate, all binaries including frameworks and dylibs are individually signed with --options runtime and --timestamp. A previous submission returned valid on disk / satisfies its Designated Requirement via spctl --assess. Could you please investigate whether these submissions are stuck on your end, and advise on next steps? Thank you.

I'm distributing a macOS .pkg installer signed with Developer ID Installer and notarized via notarytool. On macOS 26.3 (Tahoe, Build 25D125), the package is rejected by Gatekeeper when downloaded from the internet. What works: pkgutil --check-signature → signed, Developer ID Installer, full chain (G2 intermediate + Apple Root CA) xcrun stapler validate → "The validate action worked!" xcrun notarytool info <id> → status: Accepted The .app inside the .pkg passes spctl -a -vvv → "accepted, source=Notarized Developer ID" What fails: spctl -a -vvv --type install mypackage.pkg → rejected, origin=Developer ID Installer Raw assessment: assessment:remote = true, assessment:verdict = false Double-clicking the downloaded .pkg shows only "Move to Trash" / "Done" (no "Open" option) syspolicyd log: meetsDeveloperIDLegacyAllowedPolicy = 0 (expected, since the cert is new), but no "notarized" match is logged Certificate details: Developer ID Installer, issued Feb 28, 2026, valid until 2031 OID 1.2.840.113635.100.6.1.14 (Developer ID Installer) — critical OID 1.2.840.113635.100.6.1.33 — timestamp 20260215000000Z Intermediate: Developer ID Certification Authority G2 (OID 1.2.840.113635.100.6.2.6) security verify-cert → certificate verification successful Build process: productbuild --distribution ... --sign <SHA1> (also tried productsign) Both produce: Warning: unable to build chain to self-signed root xcrun notarytool submit → Accepted xcrun stapler staple → worked Workaround: xattr -d com.apple.quarantine ~/Downloads/mypackage.pkg allows opening the installer. Question: Is spctl --type install assessment expected to work differently on macOS 26 Tahoe? The same signing and notarization workflow produces .app bundles that pass Gatekeeper, but .pkg installers are rejected. Is there a new requirement for .pkg distribution on macOS 26? Environment: macOS 26.3 (25D125), Xcode CLT 26.3

Hello We have a pkg installer whose signing certificate is expiring next month. It has a trusted timestamp on it. As per https://developer.apple.com/support/certificates/ it states Developer ID Installer Certificate (Mac applications) If your certificate expires, users can still install packages that were signed with this certificate as long as the package includes a trusted timestamp. Previously installed apps will continue to run. However, new installations won’t be possible until you have re-signed your installer package with a valid Developer ID Installer certificate. If your certificate is revoked, users will no longer be able to install applications that have been signed with this certificate. Wanted to check on behavior for new installations post expiration date. Since the installer has a trusted timestamp we would not need to release a new installer with new cert ?? Any guidance here would be much appreciated.