we have organization account I'm the admin of team. and i have additional resources: Additional Resources Access to Reports Access to Certificates, Identifiers & Profiles. Access to Cloud Managed Distribution Certificate Create Apps Generate Individual API Keys Issues: i can't find my team certificate in Xcode I don't have access to https://developer.apple.com/account/resources/

I haven't been able to notarize my macOS app for the past two days. Now, I believe this is an issue with the notarization process because I've tried notarizing the default app that's provided whenever you open a new Swift application, but that completely failed as well. And I've been waiting for the past two days and it's been stuck on in progress. This is the second time this has happened to me in the past two months and oftentimes I have to wait more than a day or two for the notarization to occur. I just, I don't understand why it's deadlocked like this. I've done nothing. I haven't changed my certificates. I haven't done any different configurations within my Mac. The last time that this happened, the issue went away after two days, but my biggest concern right now is that if this happens whenever we need to urgently push updates, we can't. I have absolutely no idea what to do and I'm just extremely frustrated because this is happening right before our launch day. I've been stuck on notarizing again for the past two days and I've seen no progress, I've seen no responses from support emails and the ones that do aren't even applicable to my current scenario. ⁠

I am making an iOS step counting app and I have included a widget in the design. I would like to get the widget to pull data from the main app to display step count etc so I created a bundle id for the widget and have been trying to use a group id to link them together. The group capabilities for both seem to be set up/enabled properly with the same App Groups id, but I've been getting an error in xcode which says, " 'Provisioning Profile: "BUNDLE_ID" doesn't include the com.apple.developer.security.application-groups entitlement.' Try Again But the identifiers do have the App Group id enabled. I have tried automatic signing, manual signing with generated profiles, unchecking and rechecking auto-signing, removing and re-adding the group capability. Creating a new bundle id from scratch, creating a new group id from scratch. Always I get the error. I've really pulled my hair out troubleshooting this and would appreciate support. I'm happy to answer and questions or share details. Thank you.

Xcode is prompting I enter a codesign login password when I am archiving my project. My password seems incorrect since there is no action after I enter my password and tap allow. what could be the problem?

Validation failed (409) Missing Code Signing Entitlements. No entitlements found in bundle 'com.seeyon.yiboyun.child' for executable 'Payload/M3.app/PlugIns/CMPSharePublish.appex/CMPSharePublish'." (ID: 6e5429ed-b896-45a0-ab23-bb8fcb472072)

Hi, We've created a new version of our macOS version of our app, but when I now try to upload the generated .pkg to App Store Connect via Xcode or Transporter we get this error message: ITMS-90286: Invalid code signing entitlements - Your application bundle’s signature contains code signing entitlements that aren’t supported on macOS. Specifically, the “AppIDPrefix.my.bundle.name” value for the com.apple.application-identifier key in “my.bundlename.pkg/Payload/appname.app/Contents/MacOS/appname” isn’t supported. This value should be a string that starts with your Team ID, followed by a dot (“.”), followed by the bundle ID. Setting the code signing to automatic or does not make a difference. Our app has a different App ID Prefix as our Team ID and when I try to upload the app to App Store Connect I get this error message, does anyone know how we can fix this issue? We used to be able to upload the apps without issues.

I have recently enrolled in the Apple Developer to get my app notarized, and submitted an Archive for notarization, but it is taking forever. It has almost been a whole day, but the status is still in progress, whereas I have seen other developers say that the same takes 10-15 mins to an hour for them. Am I doing anything wrong? Please guide me through this.

I want to help contribute a feature in a virtual-machine app in macOS that supports PCIe device passthrough over thunderbolt. I have a question about the entitlements. Since I do not represent the GPU vendors, would I be allowed to get a driver signed that matches GPU vendor IDs? Is there such a thing as wildcard entitlement for PCIDriverKit? I don't want end-users to have to disable SIP to be able to use this. Any suggestions/leads? Thank you.

Hi, This is my first time developing for iPhone, and I believe I have encountered an unusual edge case related to user management. Background: I work at a very small company currently in the proof-of-concept stage of building an iOS app. We created an Apple account under the company name: Green Vibe, using our corporate email. Initially, I developed the app under the free account on my local iPhone, and everything worked smoothly. When NFC functionality became necessary, we upgraded to a paid Apple Developer account. At that point, I enrolled as a developer under my personal name (Or Itach) while logged in with the Green Vibe Apple account. I want to emphasize that only one Apple account was created — the Green Vibe account. The Issue: When attempting to add NFC, I was able to create the required certificate under the name Or Itach. However, when compiling the project, Xcode prompts me to enter the login password for the user Or Itach. This is problematic because there is no Apple ID associated with that name — only the Apple Developer enrollment under Green Vibe exists. Request: Could you please advise on the proper way to resolve this situation? Specifically: Should the developer enrollment be tied directly to the Green Vibe account rather than to an individual name? How can I correctly configure the account so that Xcode no longer requires a nonexistent Apple ID password? Thank you very much for your support and clarification.

Hi All, I am building my own MDM server. It seems that in order for the MDM commands to function an MDM Push Certificate for the APNS framework. And in order to get the MDM Push Certificate from the Apple Push Certificates Portal (https://identity.apple.com/pushcert/) you need to upload your CSR usually provided and sign by the MDM Vendor of your choosing. I am familiar with this process. But now that I am the MDM Vendor, I am not sure where to get this MDM Vendor CSR Signing Certificate. I've already submitted a formal request via the "contact us" form. Apple's response pointed me to the documentation on Setting Up Push Notifications and the MDM Vendor CSR Signing Certificate help page (which I had already reviewed): https://developer.apple.com/documentation/devicemanagement/setting-up-push-notifications-for-your-mdm-customers https://developer.apple.com/help/account/certificates/mdm-vendor-csr-signing-certificate/ The issue is that these documents describe using the signing certificate, but not the process for obtaining it as a new, independent vendor. So does anyone know of a portal or method of generating this “MDM Vendor Certificate”? or maybe I'm going about this all wrong and there is a simpler way… the again, its apple, so I’m probably on the right path just beed a little direction please. (I am not sure where to get this MDM Vendor CSR Signing Certificate.)

When I try to archive an app in order to submit it to the App Store I receive the following errors I do not know how to fix: error: Framework /Users/fbartolom/Library/Developer/Xcode/DerivedData/Virtual_Tags-apzduassdiglhcapscsllvzbfgid/Build/Intermediates.noindex/ArchiveIntermediates/Virtual Tags/InstallationBuildProductsLocation/Applications/VirtualTags.app/Frameworks/StoreKit.framework did not contain an Info.plist (in target 'VirtualTags' from project 'Virtual Tags') error: Framework /Users/fbartolom/Library/Developer/Xcode/DerivedData/Virtual_Tags-apzduassdiglhcapscsllvzbfgid/Build/Intermediates.noindex/ArchiveIntermediates/Virtual Tags/InstallationBuildProductsLocation/Applications/VirtualTags.app/Frameworks/Security.framework did not contain an Info.plist (in target 'VirtualTags' from project 'Virtual Tags') error: Framework /Users/fbartolom/Library/Developer/Xcode/DerivedData/Virtual_Tags-apzduassdiglhcapscsllvzbfgid/Build/Intermediates.noindex/ArchiveIntermediates/Virtual Tags/InstallationBuildProductsLocation/Applications/VirtualTags.app/Frameworks/CloudKit.framework did not contain an Info.plist (in target 'VirtualTags' from project 'Virtual Tags') MacBook Pro M5, Tahoe 26.1, Xcode 26.1.1

Hi everyone, I’m having trouble getting remote push notifications working on iOS for a production Flutter app, and it looks like it’s related to the provisioning profile / entitlements used during signing. Context Platform: Flutter Push provider: OneSignal (backend is Supabase; Android push works fine) CI: Codemagic Target: iOS TestFlight / App Store builds I’m on Windows, so I cannot open Xcode locally. All iOS builds happen via Codemagic. Capabilities / entitlements In the Apple Developer portal, my App ID for com.zachspizza.app has: Push Notifications capability enabled A separate Broadcast capability is listed but currently not checked. In my repo, ios/Runner/Runner.entitlements contains: xml aps-environment production So the project is clearly requesting the push entitlement. Codemagic signing setup For my App Store workflow (ios_appstore_release in codemagic.yaml ): I use a combination of manual and automatic signing: Environment variables can provide: P12_BASE64 + P12_PASSWORD (distribution certificate) MOBILEPROVISION_BASE64 (a .mobileprovision file) A script in the workflow: Creates a temporary keychain. Imports the .p12 and installs the .mobileprovision into ~/Library/MobileDevice/Provisioning Profiles. For the final export, I generate an exportOptions.plist that does: If a profile name/UUID is provided via env (PROV_PROFILE_SPEC, PROV_PROFILE_UUID, PROVISIONING_PROFILE_SPECIFIER, PROVISIONING_PROFILE): xml signingStylemanual provisioningProfiles com.zachspizza.app[profile name or UUID] Otherwise, it falls back to: xml signingStyleautomatic After archiving and exporting, my script runs: bash codesign -d --entitlements :- "$ARCHIVE_PATH/Products/Applications/Runner.app" ... and again on the signed Runner.app inside the exported IPA codesign -d --entitlements :- "$SIGNED_APP" In both cases, the effective entitlements output does not show aps-environment, even though: The App ID has push enabled. Runner.entitlements includes aps-environment = production. Observed behavior iOS devices (TestFlight build) do not receive remote push notifications at all. Android devices receive notifications as expected with the same backend payloads. OneSignal configuration and backend are verified; this appears to be an APNs / signing / entitlements problem. The Codemagic logs strongly suggest that the provisioning profile being used for signing does not carry aps-environment. Questions Under what conditions would a distribution provisioning profile (for an App ID with Push Notifications enabled) result in a signed app without aps-environment, even when: The entitlements file in the project includes aps-environment, and The App ID in the Developer portal has Push Notifications enabled? Does using a CI flow like the above (custom .p12 + .mobileprovision installed via script, exportOptions with signingStyle=manual) increase the chances of: Xcode ignoring the requested entitlements, or Selecting a provisioning profile variant that does not include the push entitlement? Is there a recommended way, from the Apple side, to verify that a given .mobileprovision (the one I’m base64-encoding and installing in CI) definitely includes the aps-environment entitlement for my bundle ID? i.e., a canonical method to inspect the profile and confirm that APNs is included before using it in CI? Are there any known edge cases where: The project entitlements include aps-environment, The App ID has Push Notifications enabled, But the final signed app still has no aps-environment, due to profile mismatch or signing configuration? Given that I’m on Windows and can’t open Xcode to manage signing directly, I’d really appreciate guidance on how to ensure that the correct push-enabled provisioning profile is being used in this CI/manual-signing setup, and how to debug why aps-environment is being stripped or not applied. CodeMagic Signing/Export Step: Signing / entitlements output from Codemagic Dumping effective entitlements for Runner.app in archive... /Users/builder/clone/build/ios/archive/Runner.xcarchive/Products/Applications/Runner.app: code object is not signed at all Failed to dump entitlements Exporting IPA with exportOptions.plist... 2025-11-20 22:25:00.111 xcodebuild[4627:42054] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/w2/rrf5p87d1bbfyphxc7jdnyvh0000gn/T/Runner_2025-11-20_22-25-00.110.xcdistributionlogs". 2025-11-20 22:25:00.222 xcodebuild[4627:42054] [MT] IDEDistribution: Command line name "app-store" is deprecated. Use "app-store-connect" instead. ▸ Export Succeeded Dumping entitlements from signed Runner.app inside exported IPA... Executable=/private/var/folders/w2/rrf5p87d1bbfyphxc7jdnyvh0000gn/T/tmp.LHkTK7Zar0/Payload/Runner.app/Runner warning: Specifying ':' in the path is deprecated and will not work in a future release application-identifier.com.zachspizza.app beta-reports-active com.apple.developer.team-identifier get-task-allow As you can see, the signed app’s entitlements do not contain aps-environment at all, even though Runner.entitlements in the project has aps-environmentproduction and the App ID has Push Notifications enabled. Thanks in advance for any help and pointers.

Hi there, I am trying to build the Apple SimpleAudioDriver example but fail with codesign and/or provisioning. I would be ok for now with the local option, but XCode 16.4 doesn't show the option "build to run locally" (SIP is disabled). When using "Automatically manage signing" it ends in a "Please file a bug report". I found that having two different development teams tripped it up, so I deleted all certificates and keys and made sure to be only signed into one account in Xcode. Can anyone give advice? Thanks a ton! Here is the URL to the sample: https://developer.apple.com/documentation/coreaudio/building-an-audio-server-plug-in-and-driver-extension macOS: 15.6.1 XCode: 16.4 Hardware: MacBook Pro M2 Max SIP: disabled

Hi Team, i'm running into same issue with notarization time. I create new, small app for a customer but however the notarization is running since this morning, so almost a few hours. This isn't normal or ? Is there anything what i can do ? Best regard, Lars

Hi, I'm currently at 19 hours waiting for notarization. My dev account is new and this is the first time I'm submitting anything to be notarized. I've gathered from my research that this is normal (unfortunately). I figure the only thing I can do is wait, but is there any way for me to know if I'm waiting for a human to manually review it? I was going to file a support request, but I saw that they won't be responding to any support requests until after their Thanksgiving break, and I assume nobody is manually reviewing notary submissions for the next week+. I attached the submission below, thanks! createdDate: 2025-11-21T21:17:10.082Z id: c9746d42-1dc7-4641-aec1-62c6cedff1a2 name: ***********.zip status: In Progress

Hey everyone, I was granted access to Family Controls (Distribution) for my main App ID The entitlement is visible and enabled in the App ID configuration. I’ve successfully created and used a provisioning profile that injects com.apple.developer.family-controls for the main app. ✅ However, the issue is with an extension target under the same parent App ID and all others Despite enabling the Family Controls (Development) capability in this extension’s App ID config, every new provisioning profile I generate for the extension fails to include the entitlement. I’ve confirmed this by: • Dumping the .mobileprovision with security cms -D → no sign of com.apple.developer.family-controls • Recreating the profile multiple times (Development and Distribution) • Ensuring the entitlement is toggled on in the portal • Validating the parent app profile does include it ⸻ ❗Question: Is there a known issue where Family Controls doesn’t get injected into extension App IDs even after team approval? Or is there an extra step I need to take to get this entitlement injected properly into provisioning profiles for app extensions?

Hello, I'm currently developing an iOS app that uses SensorKit. Everything works fine in development and testing — the app correctly requests and receives SensorKit permissions on test devices. In my App ID configuration, the SensorKit Reader Access entitlement (com.apple.developer.sensorkit.reader.allow) is included and visible in Xcode under the project’s entitlements list. However, when I try to archive and distribute the app, I get the following errors in Xcode: Provisioning profile failed qualification Profile doesn't support SensorKit Reader Access. Provisioning profile failed qualification Profile doesn't include the com.apple.developer.sensorkit.reader.allow entitlement. Even though my provisioning profile includes this entitlement, Xcode still refuses to distribute the app. Here’s what I’ve confirmed so far: The provisioning profile lists com.apple.developer.sensorkit.reader.allow in its entitlements. SensorKit works perfectly in debug and development builds. The issue only occurs when attempting to distribute (Archive → Distribute App). Could this be because my account has only development entitlement for SensorKit and not the distribution entitlement? If so, how can I verify or request the proper distribution entitlement for SensorKit Reader Access? Thank you for any guidance or confirmation from Apple regarding this entitlement behavior.

Hello Colleagues, We have been seeing a delay in our Apple notarization submission that hangs for hours "in progress" without completing: This issue has been occurring since Friday, October 17th. We have also checked the Apple System Status page and there is no indication of any outage for Apple notarization.

Hi, I am developing a iOS app with Packet Tunnel Provider Network Extension. I manage signing manually. I created a distribution provisioning profile. Then when I archive and click "validate" I get this error: Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, value 'url-filter-provider' for key 'com.apple.developer.networking.networkextension' So I run security cms -D -i profiles/vpn_distribution.mobileprovision and I see there <key>Entitlements</key> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>packet-tunnel-provider</string> <string>dns-proxy</string> <string>dns-settings</string> <string>relay</string> <string>url-filter-provider</string> <string>hotspot-provider</string> </array> Where are those coming from. My entitlement file has <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.my-app-group</string> </array> </dict> </plist> What is happening here. How can I get a provisioning profile that only has the entitlements that I actually need?

The problem is the following: We create a keychain item called NotaryTool (There are multiple accounts that use Notary tool and we created it for all of them ) This is created in the following way: $ xcrun notarytool store-credentials This process stores your credentials securely in the Keychain. You reference these credentials later using a profile name. Profile name: NotaryTool We recommend using App Store Connect API keys for authentication. If you'd like to authenticate with an Apple ID and app-specific password instead, leave this unspecified. Path to App Store Connect API private key: //AuthKey_ABCDEFGH.p8 App Store Connect API Key ID: <ABCDEFGH> App Store Connect API Issuer ID: ABCDEF-ABCD-1234-1234-1234567 Validating your credentials... Success. Credentials validated. Credentials saved to Keychain. To use them, specify `--keychain-profile "NotaryTool"` The key is downloaded from Apple and some other IDs are provided alongside. These should remain in the keychain for as long as the user process is running (just like any other process) A few runs are successful when we run with the profile that was created. After a few runs we start seeing a failure. Now we are seeing the following issue where the keychain item just vanishes: Error: No Keychain password item found for profile: NotaryTool\n\nRun 'notarytool store-credentials' to create another credential profile.\nError during the not process\nTue Aug 26 06:02:09 2025 Notarization failed with notarytool with exit code 17664: \nTue Aug 26 06:02:09 2025 could not upload for notarization!!!