I submitted a mac app for Notarization. For the first few tries the Notarization failed with an error "Team is not yet configured for Notarization" but few days after my account started to show "ENROLL" option again even though my membership was set to expire on 2026. I am doubting my account has been suspended. I have not received any emails from apple regarding the suspension. I have contacted support but no help yet ! This was the second year, i was paying for the membership. Could you please help me to - Help me get the account unsuspended (if it is, as there is no notification or information regarding this) If the account is suspended due to my app being submitted for Notarization then help me identify the reason so that i can fix them. Mac App is Time Tracking application that runs in background and capture periodic screenshot backlsh.com (NOTE - I am doing this after taking user consent)

General: Forums topic: Code Signing Forums subtopic: Code Signing > Notarization Forums tag: Notarization WWDC 2018 Session 702 Your Apps and the Future of macOS Security WWDC 2019 Session 703 All About Notarization WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps WWDC 2022 Session 10109 What’s new in notarization for Mac apps — Amongst other things, this introduced the Notary REST API Notarizing macOS Software Before Distribution documentation Customizing the Notarization Workflow documentation Resolving Common Notarization Issues documentation Notary REST API documentation TN3147 Migrating to the latest notarization tool technote Fetching the Notary Log forums post Q&A with the Mac notary service team Developer > News post Apple notary service update Developer > News post Notarisation and the macOS 10.9 SDK forums post Testing a Notarised Product forums post Notarisation Fundamentals forums post The Pros and Cons of Stapling forums post Resolving Error 65 When Stapling forums post Many notarisation issues are actually code signing or trusted execution issue. For more on those topics, see Code Signing Resources and Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi guys, I am new to publishing apps on Apple Store. I used python, pyside6, torch, pyinstaller to build an app for Apple Store. For codesigning, I used the correct "Developer ID Application" to sign the code. When I validate the .app file (codesign -vv --strict ), I got the following my_app.app: valid on disk my_app.app: satisfies its Designated Requirement Next, I used ditto to "ditto -c -k --sequesterRsrc --keepParent my_app.app my_app.zip" to zip it. Then, I submitted this my_app.zip file for notarization with "xcrun notarytool submit ..." and got the following "accepted" message. Received new status: Accepted Current status: Accepted............... [20:08:54.530Z] Info [API] Submission in terminal status: Accepted Processing complete After that, I want to staple it with "xcrun stapler staple my_app.app", but I got the following Could not validate ticket for my_app.app The staple and validate action failed! Error 65. To further investigate it, I ran "spctl -a -vvv my_app.app" and got my_app.app: rejected source=Unnotarized Developer ID origin=Developer ID Application... I don't know why this would happen after notarization accepted. Could someone help me understand this issue? Thanks!

My notarization submission been "In Progress" status for over 30 minutes now. I thought this process should be much faster.

I'm building a custom macOS installer for my software, primarily using the builtin tools of codesign, pkgbuild, productbuild and xcrun. My product consist of a list of plugins and a CEP extension for the Adobe After Effect app. All of my bundles and binaries are properly signed using a trusted Apple Developer certificate I've generated, of type Developer ID Application. My installer is a "distribution" pkg, and has this structure(expanding it using pkgutil --expand): SceneTools-3.4.4-osx-installer ├── Distribution ├── miscellaneous.pkg ├── plugins.aftereffects2022.pkg ├── plugins.aftereffects2023.pkg ├── plugins.aftereffects2024.pkg ├── plugins.aftereffects2025.pkg ├── preinstall.pkg ├── Resources ├── scenebuilder.pkg └── uninstaller.pkg Each "child" pkg would install parts of my product in different locations in the target macOS disk(this is why I'm using that kind of style of building the custom installer). Signing each and every bundle or binary of my product, signing the "child" pkg's, then notarizing them works well with no issues, in addition signing the "final" "distribution" using productbuild --sign option also works well, but when trying to notarize the "final" pkg, the notary service fails with this error: { "logFormatVersion": 1, "jobId": "5fb38df9-ef97-4bd3-955e-7783c37ac4a8", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "SceneTools-3.4.4-osx-installer.pkg", "uploadDate": "2025-06-26T14:14:41.507Z", "sha256": "621de5d887b06ad11214255c6e91ebd9eeffb18ad8f940365f4539bd1902fe9a", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "SceneTools-3.4.4-osx-installer.pkg", "message": "Package SceneTools-3.4.4-osx-installer.pkg has no signed executables or bundles. No tickets can be generated.", "docUrl": null, "architecture": null }, { "severity": "warning", "code": null, "path": "SceneTools-3.4.4-osx-installer.pkg", "message": "The contents of the package at SceneTools-3.4.4-osx-installer.pkg could not be extracted.", "docUrl": null, "architecture": null } ] } My final pkg indeed doesn't contain any bundles or binaries directly, but that's how it should be - a container of "child" pkg. I tried various ways of working-around this issue, like: Notarizing the dmg that contains this final pkg - worked, but when opening the pkg, GateKeeper blocks the users from opening it. Wrapping the pkg inside an .app and notarizing the .app - same as above. What am I doing wrong? Does those kind of pkg like my "final" pkg aren't meant to be notarized? if so - how can I solve this GateKeeper blocks? Should I build my final pkg in a different way?

see: xcrun notarytool history --apple-id "devxxfishpond.sh" --team-id "XMXG6C4xxx" --password "hedi-xzkt-xxxxxxxx" Successfully received submission history. history -------------------------------------------------- createdDate: 2025-07-22T05:32:06.213Z id: ac32c72d-c799-4936-a090-aca4f8d3c3c3 name: Fishpond.zip status: In Progress -------------------------------------------------- createdDate: 2025-07-20T10:20:22.228Z id: 38bb9dfb-a8e2-4174-b330-f79c985f3a93 name: Fishpond.zip status: In Progress -------------------------------------------------- createdDate: 2025-07-20T09:05:26.709Z id: bba156d0-7ecd-4c24-863f-834da08a8916 name: Fishpond.zip status: In Progress -------------------------------------------------- createdDate: 2025-07-20T08:56:47.509Z id: 3d5c97ac-fd76-4cc3-85ee-bac8a92ea412 name: Fishpond.zip status: Invalid

Its just stuck in progress. $ xcrun notarytool history --keychain-profile X Successfully received submission history. history -------------------------------------------------- createdDate: 2025-07-21T16:46:13.233Z id: X name: X.dmg status: In Progress -------------------------------------------------- createdDate: 2025-07-20T18:44:35.683Z id: X name: X.dmg status: In Progress -------------------------------------------------- createdDate: 2025-07-20T11:24:20.319Z id: X name: X.dmg status: In Progress Its a go app; not simple but not very complicated. It is my first time notarising but even then should it take this long?? 3 days is ridiculous!

Tried notarizing my app yesterday afternoon via Mac terminal, and when I came back to work this morning it was still "In Process...". I closed terminal, and checked appleid.apple.com, and it was asking me to reset my password- maybe because the notarization timed out? Either way, I reset my password, generated a new app-specific password and tried notarizing the app again, but it's now been 3 hours and it's still "In Process..." again. When I check the status via terminal, nothing seems off- and the status is In Progress. How can I determine if there's a bigger issue I need to fix before notarizing? UUID: e7ae29c8-2478-41a3-93b4-3f274de643d0

Hello, I'm currently trying to upload a new version of an existing application. But each time I try to validate the archive of the application, I got the following error in Xcode (v16.2) : Invalid code signing entitlements. Your application bundle’s signature contains code signing entitlements that aren’t supported on macOS. Specifically, the “37CG5MY799.com.example.app” value for the com.apple.application-identifier key in “com.example.app.pkg/Payload/app.app/Contents/MacOS/app” isn’t supported. This value should be a string that starts with your Team ID, followed by a dot (“.”), followed by the bundle ID. I suspect that there is a problem with the App ID Prefix (that is 37CG5MY799 for the app) when our team ID is E4R7RJ7LA3 but I cannot find a solution. I asked the Apple Developer Support for help and I have read the documentation they sent but it couldn't solve this problem so they redirected me to the forums. https://developer.apple.com/library/archive/qa/qa1879/_index.html https://developer.apple.com/library/archive/technotes/tn2318/_index.html#//apple_ref/doc/uid/DTS40013777-CH1-OVERVIEW https://developer.apple.com/library/archive/technotes/tn2318/_index.html#//apple_ref/doc/uid/DTS40013777-CH1-TNTAG33 There isn't any obvious App ID Prefix mismatch in the entitlement between the Application's signature entitlement and the Embedded provisioning profile entitlement . Application's signature entitlement : <dict> <key>com.apple.application-identifier</key> <string>37CG5MY799.com.example.app</string> <key>com.apple.developer.team-identifier</key> <string>E4R7RJ7LA3</string> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>group.com.example.app</string> </array> <key>com.apple.security.files.user-selected.read-only</key> <true/> </dict> Embedded provisioning profile entitlement : <dict> <key>com.apple.security.application-groups</key> <array> <string>group.com.example.app</string> <string>E4R7RJ7LA3.*</string> </array> <key>com.apple.application-identifier</key> <string>37CG5MY799.com.example.app</string> <key>keychain-access-groups</key> <array> <string>37CG5MY799.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>E4R7RJ7LA3</string> </dict> The app also have a browser extension that correctly use the Team ID. How to solve this problem ? Thanks for your time, Qeg

I am building an electron app bundled with python. My code signing was fast, but when it came to notarization, it has already taken over 6+ hours. How can I speed things up?

Hey, when I try to launch my app it prompts me with a "Apple could not verify" popup. The thing is the app has been signed and stapled. xcrun stapler validate .app for my app returns "The validate action worked!" If I also run syspolicy_check distribution .app it returns: "App passed all pre-distribution checks and is ready for distribution" Any idea?

Whilst waiting for the company developer account I successfully notarised an app/pkg On switching to the company account the app/pkg has been stuck in progress for over 2 days (see below) The initial submission was via Xcode and later via command line. The last one was when I updated bundle ids etc and built with Github Actions. The initial submission did coincide with a service outage, however that is marked as resolved. I would like to cancel all of them now that I have switched the signing account and the bundle ID but there seems no way to do this? Thoughts and comments welcome. Thanks Paul -------------------------------------------------- createdDate: 2025-08-14T11:03:24.837Z id: edf215d0-4d15-4075-aa6f-4755a35b3d45 name: ZenityEndpointAgent.pkg status: In Progress -------------------------------------------------- createdDate: 2025-08-12T21:36:36.345Z id: 9c98de09-d3aa-449b-ad47-7e721b0342c5 name: AIEdgeDeviceAgent.pkg status: In Progress -------------------------------------------------- createdDate: 2025-08-12T16:58:50.891Z id: 9206f9be-0fc4-4c6c-aa66-8fcbe3332155 name: AIEdgeDeviceAgent.pkg status: In Progress -------------------------------------------------- createdDate: 2025-08-12T10:37:35.624Z id: b20d1dd0-084e-441c-87a6-641fb088819e name: AIEdge Device Agent.zip status: In Progress

我是一名开发人员。除了App Store，我们公司的官方网站也是软件下载的一种方式。DMG签名提交后，通过网站下载安装软件时，仍然有提示说来自身份不明的开发者。您能告诉我如何解决这个问题吗？如果你能用中文回复就最好了。

I have an application that I have been signing, notarizing and distributing to beta testers for a year with no issues, note: I have never got stapling to work I always get a error 65 in the process. But up until yesterday that hasn't been an issue and online verification has always worked. Yesterday morning around 9am online gatekeeper verification has been failing with: APP not opened, apple cannot verify app is free of malware. etc this keeps happening, with every build I try. redownloading previously successful builds show the same behavior I know I can allow in privacy and security, but heading towards launch I dont want to have to tell users to do that. has there been a change in how gatekeeper works or issues with the service? any help with this or getting stapling working would be very appreciated!

I started a notarization run a few hours ago. (and used --wait) Conducting pre-submission checks for Metrix Installer.dmg and initiating connection to the Apple notary service... Submission ID received   id: dd77be4c-0cb6-4913-a846-d4025ede37fd Successfully uploaded file   id: dd77be4c-0cb6-4913-a846-d4025ede37fd   path: /Users/johnluss/Work/Metrix Installer.dmg Waiting for processing to complete. Current status: In Progress................................................................................................................................. I finally ctrl-c out of it (PAGES of ....) and tried getting the log Submission log is not yet available or submissionId does not exist   id: dd77be4c-0cb6-4913-a846-d4025ede37fd The Apple System Status page shows all servers up and running. Any suggestions on what might be going wrong?

Hi Apple team, I have a recently created dev account and submitted two different 20-30 mb .apps for notary through the notary tool. I have read that this should only take minutes at this size of an app but both have been stuck in progress for almost 24+ hours. Below are the UUIDs of the notary submissions. Also I tried re-submitting but these are also stuck in progress. Successfully received submission history. history -------------------------------------------------- createdDate: 2025-09-26T11:46:32.643Z id: 9714758e-e216-496d-80f8-422f77011ebe name: <>.zip status: In Progress -------------------------------------------------- createdDate: 2025-09-25T21:48:46.161Z id: c2a81300-c903-4277-8ef3-70205a690c76 name: <>.zip status: In Progress -------------------------------------------------- createdDate: 2025-09-25T18:24:36.205Z id: 42742be1-c7e5-4483-a2c5-95e89086d070 name: <>.zip status: In Progress -------------------------------------------------- createdDate: 2025-09-25T16:35:09.059Z id: a404256e-40c2-4dca-97fc-983e70ea4b7b name: <>.zip status: In Progress

I believe that this is related to the post https://developer.apple.com/forums/thread/790880. I essentially have the same problem that they did. I submit my Distribution PKG for notarization but the notarization fails and when I attempt to install the PKG user the UI I get a "External component packages (3) trustLevel=0 (trust evaluation failed; treating as invalid due to higher trust level for parent product archive)" However if I install using "sudo installer -verboseR -pkg ConcealDistribution.pkg -target /" everything works as expected. The difference between me and the other post is that when I expand my PKG using pkgutil --expand I do not have a Resources folder within my top level distribution. Instead my structure looks like ConcealDistribution ├── Distribution ├── ConcealConnect.pkg ├── ConcealBrowse.pkg └── ConcealUpdate.pkg The specific notary service errors I receive are as follows { "logFormatVersion": 1, "jobId": "7e30e3fd-1739-497c-a02e-64fbe357221d", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "ConcealDistribution.pkg", "uploadDate": "2025-10-08T19:41:33.491Z", "sha256": "40aacfacf25c6da0be8fe31ae9c145a25ddf9ed1f38be714687c74d95b26619d", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "ConcealDistribution.pkg", "message": "Package ConcealDistribution.pkg has no signed executables or bundles. No tickets can be generated.", "docUrl": null, "architecture": null }, { "severity": "warning", "code": null, "path": "ConcealDistribution.pkg", "message": "The contents of the package at ConcealDistribution.pkg could not be extracted.", "docUrl": null, "architecture": null } ] } For what its worth all the inner PKGs have their executables signed, the PKGs are signed themselves and they are all notarized and stapled without issue. Then I am attempting to sign and notarize the outer PKG and that is where the problems pop up. Additionally I'm not sure when this stopped working as I expected but just a few months ago I was able to do this exact same process and install with the UI and have it work.

I've tried to notarize my app recently and got the error:{ "logFormatVersion": 1, "jobId": "...", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization", "statusCode": 7000, "archiveFilename": "myapp.dmg", "uploadDate": "2019-06-20T06:24:53Z", "sha256": "...", "ticketContents": null, "issues": null }I've never heard about "team configuration for notarization" previously. What are the steps to resolve that issue?Thanks in advance.

I am facing an issue while trying to staple a notarization ticket to my signed macOS installer package. Details of my setup: The .pkg file is signed using my Developer ID Installer certificate. The app inside the package is signed using my Developer ID Application certificate. Notarization via xcrun notarytool completes successfully with status: Accepted. However, the stapler command fails with the following error: xcrun stapler staple -v /Users/mac-test/Desktop/IPMPlus_Arm_Installer_signed.pkg Processing: /Users/mac-test/Desktop/IPMPlus_Arm_Installer_signed.pkg Could not validate ticket for /Users/mac-test/Desktop/IPMPlus_Arm_Installer_signed.pkg The staple and validate action failed! Error 65. I verified that all other Apple notarization-related servers (api.apple-cloudkit.com, gs.apple.com, ocsp.apple.com, ocsp2.apple.com, crl.apple.com, developer.apple.com) are reachable. However, the domain cdn-apple-cloudkit.apple.com cannot be resolved from any network, including mobile or public Wi-Fi. Both dig and nslookup return “No answer” even when using external DNS servers like 8.8.8.8 or 1.1.1.1. It appears that cdn-apple-cloudkit.apple.com might be required during the stapler validation process, but the DNS for this domain is not resolving. Could you please confirm whether this CDN endpoint is required for stapling, and if there is currently an outage or configuration issue with cdn-apple-cloudkit.apple.com?

Hello, I am new to the apple developer program. I, and my team, are working on porting some medical software that we have written from Windows to MacOS. We obviously want to notarize our app to make it easy for professionals and colleagues to use. The software is entirely written in python and includes ffmpeg for one of the features to export the medical data to video and compiled to a single file with pyinstaller, like so: pyinstaller app_name.py --noconfirm --onefile --add-data "ffmpeg:ffmpeg" chmod +x dist/app_name* We are currently adding the signing and notarization of the app to our github workflow. The workflow build a successful app with the correct structure and is able to be run if we allow it past the MacOS firewall. We are signing the app like so: run: | BINARY_PATH="dist/app_name" IDENTITY=$(security find-identity -p codesigning -v | grep -E 'Developer ID Application|Mac Developer' | head -n1 | awk -F\" '{print $2}') echo "Using identity: $IDENTITY" security unlock-keychain -p "" build.keychain codesign --verbose=4 --force --options runtime --timestamp --entitlements .github/mac_build_tools/entitlements.plist --sign "$IDENTITY" "$BINARY_PATH" codesign --verify --verbose=4 "$BINARY_PATH" We then also move the binary around into an app structure and sign that as well like so echo "Moving contents to SedPlot.app" mkdir -p dist/app_name.app/Contents/MacOS mv "$BINARY_PATH" dist/app_name.app/Contents/MacOS cp .github/mac_build_tools/Info.plist dist/app_name.app/Contents echo -n "APPL????" > dist/app_name.app/Contents/PkgInfo echo "Signing App" codesign --verbose=4 --force --options runtime --timestamp --entitlements .github/mac_build_tools/entitlements.plist --sign "$IDENTITY" dist/app_name.app codesign --verify --verbose=4 dist/app_name.app codesign --display --entitlements :- dist/app_name.app If I upload the artifact and check its properties, everything looks good. It has the correct ID associated with it and shows as valid when I use codesign --verify on it. I start having issues when I move onto notarization, like so: cd dist echo "Zipping and checking the zip" ditto -c -k --keepParent app_name.app app_name.zip zipinfo -1 app_name.zip | head echo "$AC_API_KEY" > AuthKey.p8 SUBMISSION_ID=$(xcrun notarytool submit app_name.zip \ --key AuthKey.p8 \ --key-id "$AC_KEY_ID" \ --issuer "$AC_ISSUER_ID" \ --team-id "TEAM_ID" \ --output-format json | jq -r '.id') echo "Submitted notarization with ID: $SUBMISSION_ID" All of the print statements for errors look good at this point, and the submission ID shows up in my history when I query it. However, all 7 attempts that I have made to notarize this app hang for indefinite amounts of time. We are hoping to submit our tool for publication soon, and it would be helpful to know if there is an issue causing the hang on our end or if this is an issue with new developers. I have been reading around the forums and see some notes about this taking about a week until the system start to "learn" about our development team and our attempts to notarize. I also know that there is limited amounts that can be said about the backend of the notarizations step. What would be helpful is a few things: I would like feedback about if there is a fundamental flaw in our approach for signing and notarizing our application, so that we can identify it. I would appreciate some guidelines about how long to expect this notarization step to take until we can get notarization to finish within 10s of minutes, as we have a hard-coded 30 min wait time for the completion of the notarization in our workflow right now. It would be helpful to know how to check our logs, as requesting the logs for any of our attempts results in being told that the logs are not available yet. In case someone from apple is interested in this and wants to check, the most-recent submission ID (the one that I believe should be most-likely correct and valid) is 9ef24966-42a5-47db-a7e0-c6baf0310ac4 Thank you in advance!