The steps followed were: Signed the .app Notarized the .app inside a .zip Unpacked the .zip Stapled the .app Created a package using Packages Sign the package Notarize the package (both as .pkg and .zip) The result of the final step always comes out to: { 	"logFormatVersion": 1, 	"status": "Invalid", 	"statusSummary": "Archive contains critical validation errors", 	"statusCode": 4000, 	"issues": [ 		{ 			"severity": "error", 			"code": null, 			"path": "App_Signed.pkg.zip/App Signed.pkg/App.pkg Contents/Payload/Applications/App.app/Contents/MacOS/App", 			"message": "The signature of the binary is invalid.", 			"docUrl": null, 			"architecture": "x86_64" 		} 	] } I read a number of forum posts and guides and this seems to take a hold of all the requirements. Did I miss something?