Hello, I am following up on several notarization requests in order to understand the process better. I submitted my first notary request yesterday and it took several hours to complete (where I submitted two other requests along the way thinking they may be stuck). They were all accepted after ~3 hours had passed since the first request was made. In that time I discovered a bug and had to rebuild/codesign, and submitted to notarize again. I've now had two requests with the new build (.zip file) "in progress" for ~18 hours. The bug fix I made between builds was innocuous and I'm wondering if my jobs are getting flagged due to recent account lockouts when I was first setting up my organizations' developer account. I've seen several replies here in the forum from DTS Engineers - hi Quinn :), so I'm aware of the possibility of 'rare' in-depth analysis, however I've experienced it in 100% of my requests. What is causing my requests to always require in-depth analysis and is there anything I can do to prevent it? My notarytool history is below for reference. Thank you in advance. createdDate: 2026-03-15T22:59:23.053Z id: 9c7ecc81-daf4-4cae-afe9-7f8186067f79 status: In Progress -------------------------------------------------- createdDate: 2026-03-15T21:10:04.576Z id: a1df8b50-c897-49f5-ad0d-f2264a03f145 status: In Progress -------------------------------------------------- createdDate: 2026-03-15T20:41:24.946Z id: 640e7cd6-035f-437b-9eab-9a3db415911a status: Accepted -------------------------------------------------- createdDate: 2026-03-15T18:40:26.944Z id: 00b9e907-04eb-4561-8353-dae7520202e0 status: Accepted -------------------------------------------------- createdDate: 2026-03-15T17:16:48.426Z id: 3163ba2b-e3c8-4216-ae8a-bac351b82f8a status: Accepted

I have an app for iOS already on the AppStore and I'm trying to add a macOS version of it. The AppID prefix for this app is different than my Team ID. This mismatch was always fine for submitting my iOS app. However for some reason, the macOS version gets rejected when I upload it. It tells me the AppID prefix must match my Team ID. I do not control my TeamID and I do not control my AppID prefix, they are both given to me by Apple. Yet the error message tells me they must match. How do I get past this? Here is the error message: Validation failed Invalid code signing entitlements. Your application bundle's signature contains code signing entitlements that aren't supported on macOS. Specifically, the "APPID_PREFIX.MY_BUNDLE_ID" value for the com.apple.application-identifier key in "MY_PACKAGE" isn't supported. This value should be a string that starts with your Team ID, followed by a dot ('"), followed by the bundle ID. (ID: 930b77ae-099f-4798-a14a-2803f2a9be9e) Thanks in advance for any pointer.

Hi Apple Developer Support, We are reaching out to request guidance on a testing constraint we have encountered related to iOS Universal Links and Associated Domains entitlements. As part of aligning with updated recommendations from our authentication provider, we have transitioned our mobile apps to use HTTPS redirect callbacks (Universal Links) instead of custom URI schemes. This works as expected in production and on real physical devices. However, we are encountering a significant issue in our cloud-based device testing environment. When our testing platform re-signs the app to run it on their infrastructure, the re-signing process strips the Associated Domains entitlement from the app bundle. As a result, iOS no longer honors our Universal Links, which breaks the authentication redirect flow — the callback cannot route back into the app after the user authenticates. We have identified a potential workaround that would involve disabling app re-signing in the testing platform, but this requires provisioning under an Apple Enterprise Developer account. This introduces considerable operational complexity, as it would require us to maintain separate signing and distribution paths alongside our existing Apple Developer Program membership. Before pursuing that path, we wanted to understand Apple's perspective on the following: Is there a supported or recommended approach for preserving Associated Domains entitlements when an app is re-signed by a third party (e.g., a cloud testing platform)? Are there any provisioning or entitlement configurations that would allow Universal Links to function correctly in re-signed builds without requiring an Enterprise Developer account? Does Apple have documented best practices for validating Universal Link–based flows in automated or cloud-based testing environments? Are there any alternative deep linking patterns that would be more resilient to re-signing while still meeting App Store and platform security requirements? Any guidance or recommendations from Apple on how to handle this within the bounds of the standard Apple Developer Program would be greatly appreciated. Thank you for your time.

Yestoday， I got problem createdDate: 2026-03-17T09:06:38.486Z id: d1c679af-5f41-437b-9ca1-4c96047a58fb name: easyclaw.app.zip status: In Progress -------------------------------------------------- createdDate: 2026-03-17T03:30:38.278Z id: fe1bb550-7f42-41c8-8d38-40ac7f9e7c91 name: easyclaw.app.zip status: Accepted And retry today monring，waiting again： Successfully received submission history. history -------------------------------------------------- createdDate: 2026-03-18T02:17:44.322Z id: 141b0dcb-d0fe-464e-9167-3a15e59aec87 name: easyclaw.app.zip status: In Progress

Hello, We are experiencing repeated notarization delays for our macOS app distributed outside the Mac App Store. Current submission ID: 45d7cac0-bd8a-4d48-b886-1cad7649adf4 Previous affected submission ID: ff61de1e-15f5-4bbe-8b34-a91a6f73b978 Issue description: xcrun notarytool submit succeeds and returns a submission ID. xcrun notarytool info keeps returning In Progress for a very long time. In the current case, the submission has remained In Progress for more than 45 minutes. This issue has happened repeatedly across multiple submissions. What we have already checked: We are not using a local proxy for notarization requests. We separated submit and polling in our build script to verify the exact stage. We retried multiple times. We reduced package contents to rule out newly introduced app content. Could someone from Apple please help check whether these submission IDs are stuck in the notarization pipeline, or advise what additional diagnostics we should provide? Thank you.

Hi there, We've discovered a problem with our iOS app. We've been attempting to add a Driverkit driver to it, but any time we run the app through Testflight, the driver installs fine, but when we go to enable the driver toggle in the app's settings, the toggle stays on, but in the device logs I can see: could not insert bundle at <private> into manager: <private> As you would expect - this means the driver is not actually enabled and does not respond to a device being connected to the iPad. This does not happen when building & running the app locally, nor does it happen when installing an Ad Hoc build. We also have a different app, not yet shipped. We are able to add the driver to that app without issue. It works after going through Testflight. What we have discovered now is that everything works fine even if we just create an entirely new app with it's own bundle IDs. I should point out that in all cases, we're keeping the capabilities the same for each of these apps/IDs - including the managed capabilities. The bundle IDs that have this problem are older (5 years old or more). It seems like any newer ID will work, but trying to add the driver (and the associated managed capabilities) to an older app/ID results in this vague error message, with no further details. If we inspect the resulting dexts, we can also see that the "Internal requirements code size" is different on the ones that fail. The failing ones have a size of 204 bytes, whereas the working ones all have a size of 220 bytes. Not sure if that's related but it's strikingly consistent. Does this mean there is an issue with older app IDs, and we need Apple to manually refresh them in some way before the driverkit capabilities will work after going through Testflight? We have two apps in this state, both are of the same vintage (~5 years+). We've been battling this issue for months on and off, so would appreciate some help.

I've been successfully notarizing my apps for a year or so now, with intermittent releases every so often, usually succeeding with notarization in a couple of minutes. These apps are all written in Python, but I worked through all the jank required to get them to notarize cleanly a while ago and have no issues since. Today I submitted a couple of builds which have been stuck for hours. They're just "in progress", so no logs I can look at, no emails or anything on my developer account page. How can I begin to debug this? Successfully received submission info createdDate: 2025-06-24T18:43:37.140Z id: 8d1a1ca9-f0ad-426f-a714-89aaf9e01a07 name: pinpal-2025.6.25.for-notarizing.app.zip status: In Progress I should note that in addition to the comment added within 10 minutes of creation of this issue, within the last day, we also have: https://developer.apple.com/forums/thread/789389 https://developer.apple.com/forums/thread/789599 https://developer.apple.com/forums/thread/789995 So it seems pretty likely something is going on on the backend.

the iOS app store package's entitlements file has an issue. After updating to a new version to fix the entitlements file, the app still crashes upon opening but can function normally after a restart. What methods can the app side use to resolve this entitlements file issue without requiring a restart to open and use the app properly?

I have a macOS app that captures screen images. The first time I run this application, a dialog is shown directing the user to give my app Screen Recording permission. Is there a way I can trigger this dialog earlier and detect whether the permission was granted?

I'm submitting a native macOS app (Swift/SwiftUI, arm64) that includes Sparkle.framework for auto-updates. All binaries are signed with a Developer ID Application certificate using --options runtime and --timestamp. I've submitted 12+ times over the past two days, both from local notarytool submit and from GitHub Actions CI. Every submission uploads successfully and returns a valid submission ID, but then stays at "In Progress" indefinitely — none have resolved to Accepted or Invalid. Two early submissions did eventually come back "Invalid" — Apple's rejection log showed the Sparkle nested binaries had ad-hoc signatures (they were being signed as individual Mach-O files instead of bundle directories). I fixed this with proper inside-out bundle signing. Since the fix, local codesign --verify --deep --strict passes cleanly, but all ~10 subsequent submissions remain stuck at "In Progress". 9UT54V24XG Would appreciate any guidance, or if someone from the notary team could check our queue. Happy to provide specific submission IDs.

Hi guys, I am new to the Apple Developer Program (enrolled a few days ago) and this is my first app notarization attempt. I've been experiencing significant delays - all submissions have been stuck at "In Progress" for over 24 hours. Details: macOS app signed with Developer ID Application certificate Using xcrun notarytool with app-specific password Hardened runtime enabled codesign --verify --deep --strict passes Team ID: QVHM976XC5 Submission IDs (all stuck "In Progress"): 5f494a89-0db0-4cc6-944f-ca2fe399e870 (latest - 8+ hours) 938f6b8d-0d00-45f5-861d-68fe470df6c2 d0edcbfe-8464-455f-b077-bebaa5b9aab7 I understand new developers may experience longer initial processing, but 24+ hours seems excessive. Is there anything I should check or any additional steps required for new accounts? Any guidance appreciated.

Hello everyone, I’ve been stuck for weeks on an issue with Family Controls + Device Activity entitlements in my iOS app, and Apple Developer Support has not provided a solution so far. I’m hoping someone here who has successfully implemented Family Controls + Device Activity can point me in the right direction. About the App • The app is a Digital Wellbeing app called Breakloop. • It lets users select apps they want to block, requires them to complete a positive affirmation before opening those apps, and can re-block apps after a set time (e.g., 10 minutes). • This functionality exactly matches the purpose of Family Controls and Device Activity APIs. What Works So Far • Family Controls capability is enabled in the main app target in Xcode. • We have valid Apple Developer certificates (Apple Development) and a team account. • The main app builds and runs fine when using Family Controls alone. • We have App IDs for: • bl.Breakloop (main app) • bl.Breakloop.BreakloopMonitorExtension • bl.Breakloop.BreakloopShieldConfigurationExtension The Problem The provisioning profiles for the extension targets (BreakloopMonitorExtension and BreakloopShieldConfigurationExtension) do not include the com.apple.developer.device-activity entitlement even though: • The App IDs in the Developer Portal have Family Controls (Development) enabled. • The extensions have the correct entitlements file with both: com.apple.developer.family-controls com.apple.developer.device-activity • Xcode Signing & Capabilities points to the correct provisioning profile + certificate. Because the provisioning profiles don’t include the entitlement, the build fails with: Provisioning profile doesn't include the com.apple.developer.device-activity entitlement. What Apple Support Said Apple Support told me: • “Family Controls grants access to Device Activity.” • They cannot enable it manually or guarantee that profiles will include the entitlement. • They sent links to the documentation but no further assistance. What I Need Help With 1. Has anyone successfully built extensions using Family Controls + Device Activity? 2. Do I need to request any additional approval for Device Activity, or should it appear automatically once Family Controls is enabled? 3. Is there a known Xcode or Apple Developer Portal configuration issue that causes the entitlement to be missing in provisioning profiles? 4. Any working example of a project setup that uses Family Controls + Device Activity in extensions would be extremely helpful. Extra Info • We use the latest Xcode + iOS SDK. • Tried recreating certificates, profiles, and App IDs multiple times. • Followed Apple’s docs for Family Controls + Device Activity exactly. I would greatly appreciate any guidance, especially from someone who has this working with iOS app extensions. Thank you!

1.Provisioning profile "xxx" doesn't include signing certificate "Developer ID Application: xxxxx". 2.Provisioning profile "xxx" doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement. I decoded the profile, <dict> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> <string>dns-settings</string> <string>relay</string> <string>url-filter-provider</string> <string>hotspot-provider</string> </array> <key>com.apple.security.application-groups</key> <array> <string>xxxxx</string> <string>xxxxx</string> </array> <key>com.apple.developer.networking.vpn.api</key> <array> <string>allow-vpn</string> </array> <key>com.apple.application-identifier</key> <string>xxxxx</string> <key>keychain-access-groups</key> <array> <string>xxxxx</string> </array> <key>com.apple.developer.team-identifier</key> <string>xxxxx</string> </dict> Kindly help me to resolve this.

The process has been stuck "In Progress" for 8 days now. We had a scheduled New Year Offer for our software that would run based around this important new update, and obviously we missed it because of this crazy issue. Notarization used to take a few seconds. Now it does not work, neither on my newly set up Mac, nor in my old (completely unchanged) one. My company and finances are totally frozen at this point due to this issue. PLEASE help, look into my actual account and do what is needed!

Is it possible to directly distribute a macOS app with a Developer ID Certificate that belongs to a different team? I am trying to resolve issues that arise when distributing a macOS app with a Network Extension (Packet Tunnel) outside the App Store using a Developer ID Certificate from a different team than the app’s provisioning profiles and entitlements. I started by attempting Direct Distribution in Xcode with automatic signing. However, it fails with the following message: Provisioning profile "Mac Team Direct Provisioning Profile: ” failed qualification checks: Profile doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement. I suspect the issue is that the provisioning profile allows "packet-tunnel-provider-systemextension", whereas the entitlements generated by Xcode contain "packet-tunnel-provider". When I manually modify the .entitlements file to include the -systemextension suffix, the project fails to build because Xcode does not recognize the modified entitlement. If there is a workaround for this issue, please let me know. Due to these issues, I resorted to manually creating a signed and notarized app. My process is as follows: Export the .app from the Xcode archive. Since the exported .app does not contain the necessary entitlements or provisioning profile for direct distribution, I replace Contents/embedded.provisioningprofile in both the .app and the .appex network extension. Sign the app and its components in the following order: codesign --force --options runtime --timestamp --sign "Developer ID Application: <name>" <app>.app/Contents/Frameworks/<fw>.framework/ codesign --force --options runtime --timestamp --sign "Developer ID Application: <name>"<app>.app/Contents/PlugIns/<netext>.appex/Contents/Frameworks/<fw>.framework/Versions/A/<fw> codesign --force --options runtime --entitlements dist-vpn.entitlements --timestamp --sign "Developer ID Application: <name>" <app>.app/Contents/PlugIns/<netext>.appex/ codesign --force --options runtime --entitlements dist.entitlements --timestamp --sign "Developer ID Application: <name>" <app>.app Verify the code signature: codesign --verify --deep --strict --verbose=4 <app>.app - <app>.app: valid on disk - <app>.app: satisfies its Designated Requirement Create a ZIP archive using: ditto -c -k --sequesterRsrc --keepParent <app>.app <app>.zip Notarize the app with notarytool and staple it. The notarization completes successfully with errors: nil. Package the notarized app into a DMG, notarize, and staple the DMG. The app runs successfully on the development machine. However, when moved to another machine and placed in /Applications, it fails to open. Inspecting Console.app reveals Gatekeeper is blocking the launch:
 taskgated-helper <bundleid>: Unsatisfied entitlements: com.apple.developer.networking.networkextension, com.apple.developer.team-identifier taskgated-helper entitlements: { "com.apple.developer.networking.networkextension" = ("packet-tunnel-provider-systemextension"); "com.apple.developer.team-identifier" = <teamid>; } As mentioned earlier, the Developer ID Certificate used for signing belongs to a different team. We are a third-party developer and do not have access to the Developer ID Certificate of the team assigned as the team-identifier. When I changed the bundle identifier (app ID), team, entitlements, and provisioning profiles to match the team associated with the Developer ID Certificate, the app worked. My question is:
 Is this failure caused by using a Developer ID Certificate from a different team, or should it still work if the provisioning profiles and entitlements are correctly set? Could there be an issue elsewhere in the provisioning profiles or entitlements for the original app ID?

It's been over 24h and it's still in progress. Is there a timeout for a failed notarization? or do we just wait for days.. weeks.. moths? Successfully received submission info createdDate: 2025-06-25T09:52:03.153Z id: 2ae713a5-c2e3-432f-84ee-e5d3d4aed621 name: slideshow-city-1.1.0-arm64.dmg status: In Progress

How do you renew a "Developer ID Application" certificate? Should there be a "renew" button on the expiration date? Or can you renew it sooner? Or are you required to create a new certificate? Does this count against your limit of five Developer ID Application certificates? I thought there was a way to renew it, but I don't see that option. I also couldn't find any Apple documentation about how to renew, only how to create and how there's a limit to how many you can create.

In Xcode, under Signing & Capabilities (Release) for our bundle ID the selected provisioning profile does include the entitlement: com.apple.developer.payment-pass-provisioning However, when we upload a new build to TestFlight, the Build Metadata → Entitlements section for the same bundle ID does not include com.apple.developer.payment-pass-provisioning. Because of this, PKAddPaymentPassViewController does not open in TestFlight builds. This suggests that while the entitlement is enabled for the App ID and visible in Xcode, it may not yet be propagated to App Store Connect’s signing service for TestFlight/App Store builds. Please Note: The Wallet Entitlements team had confirmed that they had granted entitlements for our team and the apple IDs Xcode : 26.0.1 Profile being used: Distribution Profile

Hi, My understanding from this information: " https://developer.apple.com/support/certificates/ iOS Distribution Certificate (in-house, internal-use apps) Users will no longer be able to run apps that have been signed with this certificate. You must distribute a new version of your app that is signed with a new certificate. " is that even if I re-sign the app with a new Provisioning Profile based on a new Distribution Certificate the apps will stop working. I need to re-build my apps with a new Distribution certificate+Provisioning profile, when distributing in-house, right? I can see that the apps continue to function when I re-sign them with a new Provisioning Profile, but according to the information above they will stop working the day (day after) the Distribution certificate they were built with expires. /Rikard

Hi Apple Developer Relations / Notary Service Team, CRITICAL: All notarization submissions stuck "In Progress" since Feb 1, 2026 (5+ days). Blocking product release. Latest (PRIORITY): 9bf1e3ca-33ed-4185-816c-2e06ff539f25 Stuck submissions: a9f1abf6-04a1-462c-b7d1-91e834b44c1a 94a172f8-4aa6-475c-a7ec-fd83c8cfc49a e2c033da-a1d0-480c-a3b5-5401a8dd3d03 eecefd87-8bf9-496c-86c8-c6f0d6a550e0 b1d27d30-7111-4cc7-9f0e-3f44aac43a97 Details: Team ID: JA8C8B5W34 App: 323MB DMG (codesign verified) notarytool log: "not available" (In Progress) Status page: Green Requests: Process 9bf1e3ca-33ed-4185-816c-2e06ff539f25 Queue status / ETA? @Quinn or Notary team - production blocker!