Hi, Please take a response to me about my Notification Service Entitlement Request. I have requested 5 times but i didn't get any repsonses. The application cannot be released because authorization is not granted. Please check my case and leave a response as soon as. Thanks,

I am seeking clarification on the possibility of notarizing apps without an active Apple Developer Program membership, as I currently possess a 10-year installer signing certificate. However, when attempting to store credentials for notarization, I encounter the following error message: Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired.

Hello I jump on my mac every 3-4 months to release new version of my apps. Process usually is "ok" some cmake/compile issues as 99% of dev is done on windows but other than that its all good. But now I'm stuck. My app can run locally/start etc just fine, but clients are panicking because they can't run them. They have undefined developer warning. I don't understand this. Its notarised and been working for 2 years. What am I doing wrong ?! How can I test it ? I tried creating new user-profile on my mac, but there is no issue, app starts. Do I need to buy ANOTHER mac to test my apps before release ?! Can any1 help how to debug this issue? I'm lost, I used finder-compress myapp.app & send it via slack to client to get him quickly going but that does not help either. - I though it was zip stripping down data or something. Anyway, very frustrated here, and lost. Can any1 help? hint? Is this good resource to check against? https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html I've run spctl --assess --type execute myApp and I'm getting rejected (bundle format is ambiguous (could be app or framework)) But then why does it notarize/sign/etc with no errors ?! I'm so lost :- (((( Any help would be greatly appreciated I've attached app content > Ok I've tested my older releases, they all have the same issue but they all work on client system. I'm so lost :- (((

Hi, I have upgraded my Mac to Sonoma and for some reason I get lost now when backup up a certificate. As I wasn't able to import my old certificate (exported as p12, but this is another issue) I started from scratch. I have created from KeyChain a new CertificateSigningRequest. Then I've uploaded it to the Apple Developer Portal and created a new certificate, that I have successfully downloaded as cer file. Now, I would like to save the certificate, including the private key. From KeyChain, I don't get a Reveal option to be able to export the private key of my certificate. Was it available in old versions of KeyChain, and now not anymore? Or my certificate doesn't have the private key? (imo this doesn't make sense at all) So I right click on the certificate but I can't export as p12 file, with the private key: Can please anyone refer me to the official documentation about this? (I have searched for it, but unable to find anything)

I am trying to register my iPad as a device on the developer portal but it keeps declaring it as an iMac. Do you know if this is a typical problem?

I have a strange problem and I don't know what's causing it A year ago, I purchased this account and created a certificate and it was working successfully, but its time expired on 1/8/2024, and I want to create a new one in order to update my applications. So I went to create a new certificate of type (iOS Distribution) and it was downloaded successfully, and when I called it in the (Keychain access) program in order to convert it to (.P12) instead of (.cer). But the program refuses to recall it, and I choose the (Local Item) section. thus : But when the file is dragged or double-clicked while I am standing in the (Login) section, the certificate is summoned successfully, and here the real problem begins. It is assumed that in order for me to convert the certificate from (cer) to (p12), there must be an arrow next to the certificate so that the key appears so that it can be pressed. Right-click, then we choose Export, and then we choose (p12). This happens because there is no arrow next to the certificate, and also when I By clicking on the certificate to export it, I am not allowed to choose (p12). How can I convert the file successfully because I want to update my applications, which is very important.

When I try to submit the app, I get the following error. Is there a way to solve this? Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UIRequiresFullScreen' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'CFBundleDisplayName' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UIMainStoryboardFile' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'MinimumOSVersion' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'NSCameraUsageDescription' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'NSPhotoLibraryUsageDescription' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'XSAppIconAssets' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UILaunchStoryboardName' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UIStatusBarHidden' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'CFBundleIdentifier' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UIDeviceFamily' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'CFBundleShortVersionString' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'CFBundleName' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UISupportedInterfaceOrientations' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'CFBundleVersion' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'NSPhotoLibraryAddUsageDescription' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported

Hi team We are facing following message "A timestamp was expected but was not found" during codesign for following .pkg file and it cause Jenkins NB process failed. We are facing this issue for last 3 days as it was working on last 18th January. Kindly let us know how to fix this problem. Rgds

Both the codesign tool and Xcode allow you to sign code with a hardware-based code-signing identity. However, setting that up can be a bit of a challenge. Recently a developer open a DTS tech support incident requesting help with this, and so I thought I’d post my instructions here for the benefit of all. If you have any questions or comments about this, please start a new thread, tagging it with Code Signing so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Signing code with a hardware-based code-signing identity Both the codesign tool and Xcode allow you to sign code with a hardware-based code-signing identity. This post explains how to set that up. I used macOS 14.2.1 with Xcode 15.2. For my hardware-based key I used a YubiKey 5 NFC that I reset to its defaults. I installed YubiKey Manager 1.2.5. IMPORTANT While I used a YubiKey, the code signing parts of this process should work with any token that has a functioning CryptoTokenKit driver. In the case of the YubiKey, it presents a PIV interface and thus it’s supported by macOS’s built-in PIV CryptoTokenKit driver. In this example I created an Apple Development certificate because those are dime a dozen. This process should work with any other type of code-signing certificate. Indeed, it make sense to store your most precious keys in a hardware token, including your Developer ID keys. For more on that topic, see The Care and Feeding of Developer ID. Generate a certificate signing request To generate a certificate signing request (CSR): Connect the YubiKey via USB. Dismiss any system alerts: If the “Allow this accessory to connect?” alert comes up, click Allow. If the Keyboard Setup Assistant comes up, quit that. If the ctkbind notification comes up, dismiss that. Coded signing does not require that you bind your login account to your hardware token. Launch YubiKey Manager. Choose Applications > PIV. Click Configure Certificates. Select Digital Signature (slot 9c). In the past I’ve run into situations where signing fails if you don’t use this slot, although I haven’t tested that in this particular case. Click Generate. Select Certificate Signing Request (CSR) and click Next. Select the RSA2048 algorithm and click Next. Enter a subject and click Next. The value you use here doesn’t matter because Apple ignores pretty much everything in the CSR except the public key. Click Generate. Choose a save location and name. Don’t include a file name extension. When prompted for the management key, enter that and click OK. When prompted for the PIN, enter that and click OK. The app will generate a .csr file at your chosen location. Quit YubiKey Manager. Note Apple typically uses the .certSigningRequest extension for CSRs, but this process works just fine with the .csr extension used by YubiKey Manager. Generate a certificate from your CSR To generate a certificate from that CSR: In Safari, go to Developer > Account and log in. If you’re a member of multiple teams, make sure you have the correct one selected at the top right. Click Certificates. Click the add (+) button to create a new certificate. Select Apple Development and click Continue. Click Choose File, select your CSR file, and click Upload. Click Continue to generate your certificate. That takes you to the Download Your Certificate page. Click Download. In Terminal, calculate a SHA-1 hash of your .cer file. % shasum "development.cer" 840f40ef6b10bedfb2315ac49e07f7e6508a1680 development.cer Import the certificate to form a code-signing identity To import this certificate into your YubiKey: Convert the certificate to PEM form: % openssl x509 -in "development.cer" -inform der -out "development.pem" Launch YubiKey Manager. Choose Applications > PIV. Click Configure Certificates. Select Digital Signature (slot 9c). Click Import. In the file dialog, select the PEM and click Import. When prompted for the management key, enter that and click OK. The UI updates to show the certificate issuer (Apple Worldwide Developer Relations Certificate Authority) and subject (Apple Development: UUU, where UUU identifies you). Quit YubiKey Manager. Unplug the YubiKey and then plug it back in. Sign a test program Before digging into Xcode, check that you can sign code with the codesign tool: Create a small program to test with. In my case I decided to re-sign the built-in true command-line tool: % cp "/usr/bin/true" "MyTool" % codesign -s - -f "MyTool" Run codesign to sign your program, passing in the SHA-1 hash of the certificate you imported into the YubiKey: % codesign -s 840f40ef6b10bedfb2315ac49e07f7e6508a1680 -f "MyTool" When prompted for the PIN, enter that and click OK. The codesign invocation completes like so: % codesign -s 840f40ef6b10bedfb2315ac49e07f7e6508a1680 -f "MyTool" MyTool: replacing existing signature Sign from Xcode To sign from Xcode: Open your project in Xcode. In my case I created a new project by choosing File > New then selecting macOS > Command Line tool. In Signing & Capabilities for the tool target, turn off “Automatically manage signing”. In Build Settings, find the Code Signing Identity build setting, choose Other, and then enter the SHA-1 hash of your certificate. Choose Product > Build. When prompted for the PIN, enter that and click OK. The build then completes. IMPORTANT This requires Xcode 13 or later. Earlier versions of Xcode only work with file-based code-signing identities.

I'm working on a macOS app that uses a JSContext and I want to debug it with the Safari Web Inspector. According to Session 402 at WWDC 2016 the following entitlement is required: <key>com.apple.webinspector.allow</key> <true/> This is easy enough to add, but it causes the app to crash at launch with a code signing issue. The console shows that taskgated-helper is reporting just before the crash: Unsatisfied entitlements: com.apple.webinspector.allow For anyone who finds this, here's what you need to know: https://webkit.org/blog/13936/enabling-the-inspection-of-web-content-in-apps/ Basically, there's now a inspectable property on both the WKWebView and JSContext. Unfortunately, there's no mention of the old entitlement in the WebKit blog post, so it's impossible for folks using the old technique to find. Hopefully this post will bridge this gap. It also might be something for @eskimo to add to his (always helpful) code signing documentation. -ch

Share Extension can access files from the Photos app but not the Files app. In case of the Photos app the file url is something like file:///var/mobile/... In case of the Files app the url stars with file:///private/var/mobile/... The following error is thrown in case of the Files app Error Domain=NSCocoaErrorDomain Code=260 "The file “file.pdf” couldn’t be opened because there is no such file." However the file is there, it was selected via the Files app and the share button was used to launch the Share Extension. Also the access to the file is within the following block url.startAccessingSecurityScopedResource() ... url.stopAccessingSecurityScopedResource() Another issue is that the Share Extension does not appear in the Settings / Privacy / Files and Folders. Here are the apps which have the "Applications that have requested access to files and folders will appear here". What is the solution to allow the Share extension access the files from the Files app ?

I've developed a Java application for ad hoc distribution, not intended for the Apple Store. Using the jpackage utility and the parameters... --mac-sign --mac-signing-keychain --mac-signing-key-user-name ...I'm able to point the software to a signing certificate. My problem is that jpackage requires a certificate with a "Developer ID Application" type/prefix, and I'm not authorized to create a certificate of this type, as "This operation can only be performed by the account holder." I thought it might be sufficient to create a "Distribution" certificate, since this allows a developer to "Sign your iOS, iPadOS, macOS, tvOS, watchOS, and visionOS apps for release testing using Ad Hoc distribution or for submission to the App Store." However, there doesn't appear to be any way to get jpackage to accept anything other than a "Developer ID Application" -prefixed certificate. I gather from this, and the fact that the Developer ID Application certificate is described as "This certificate is used to code sign your app for distribution outside of the Mac App Store," that this is the only type of "legitimate" security certificate Apple will accept when launching out-of-store apps. I'm not certain of this, however, and I'd like to be certain before pestering my client about it. My questions are: Is a "Developer ID Application" certificate specifically required, or can I sign the app using, e.g., a "Distribution" certificate without issues? If a "Developer ID Application" certificate is required, is it possible for my client (the "Account Holder") to grant me access to download it and use it? If a "Developer ID Application" certificate is required, what exactly is a "Distribution" certificate good for? Why isn't it sufficient to distribute software? If I can sign the app using a Distribution certificate, is there a way to force jpackage to do this, or do I have to it manually using, e.g., codesign ex post facto? Note that this issue has cropped up before on this thread, but the developer there ultimately found his developer ID certificate and the discussion was abandoned before any answers were forthcoming.

Our app uses Family Control and have 2 extensions for monitoring and shielding. We got Family controls Distribution entitlement for main app bundle and we have applied to get for extensions too, but its like 2 months we didn't get the Distribution entitlements for extensions. We need to upload the app to TestFlight, but without Distribution entitlements for extensions we can't do it. Bundle id exp: com.example.example -- Distribution entitlement provided com.example.example.MonitorExtension -- only development entitlement com.example.example.ShieldConfiguratoionExtension -- only development entitlement Is there nay workaround?

My sandboxed macOS app requires the user to grant permission under Privacy & Security / Accessibility in order to support extra functionality. If no permission is granted the app can still be used albeit with very basic functionality. In order to allow the user NOT to have to immediately decide whether to grant this permission when first launching the app, a dialog allows them to say “I’ll do it later”. As such, the app uses a timer with a one second interval to ask the system if permission has been granted and if so, implements the extra functionality. By the way, I would rather have used a notification instead of a timer, but there does not seem to be one. // Schedule a timer to periodically check accessibility status accessibilityTimer = Timer.scheduledTimer(timeInterval: 1.0, target: self, selector: #selector(checkAccessibilityStatus), userInfo: nil, repeats: true) func isAccessibilityEnabled() -> Bool { let accessibilityEnabled = AXIsProcessTrusted() return accessibilityEnabled } @objc func checkAccessibilityStatus() { if isAccessibilityEnabled() { print("Accessibility is enabled.") accessibilityTimer?.invalidate() if gEventTap == nil { tapper()//as003 gTypeIt4MeMenu?.item(at: kPauseResumeItem)?.title = "Pause" gStatusItem?.button!.image = NSImage(named: "menubar_icon_16x16") NotificationCenter.default.post(name: NSNotification.Name(rawValue: "showGreenTick"), object: nil) } } else { print("Accessibility is disabled.") } } My problem is that when I build the app with my development certificate, it runs as expected. However, when I upload it to TextFlight and download from there, it no longer “notices” when I grant it permission.

We are using an iPhone app distributed as an AdHoc app, but an error message saying "App cannot be verified" was displayed. The error screen says, "Internet connection is required to verify the credibility of developer "Apple Distribution:●●●● CO.,LTD.(QQQ29B8GG2)"." When using this app, We are connected to the LAN, but not connected to the Internet. If you temporarily connect to the Internet and start the app when the error screen appears, the error screen will disappear. After that, when I switched from connecting to the Internet to connecting to LAN, it worked normally for a while, but after about 2 months, the same error screen appears again. Please tell me how to resolve this error.

When I try to submit the app, I get the following error. Is there a way to solve this? Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UIRequiresFullScreen' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'CFBundleDisplayName' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UIMainStoryboardFile' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'MinimumOSVersion' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'NSCameraUsageDescription' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'NSPhotoLibraryUsageDescription' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'XSAppIconAssets' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UILaunchStoryboardName' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UIStatusBarHidden' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'CFBundleIdentifier' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UIDeviceFamily' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'CFBundleShortVersionString' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'CFBundleName' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'UISupportedInterfaceOrientations' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'CFBundleVersion' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported. Asset validation failed (90045) Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, key 'NSPhotoLibraryAddUsageDescription' in 'Payload/MyApp.iOS.app/MyApp.iOS' is not supported my Info.plist is And my Entitlements.plist is

I would like the ability to add to the menu. I can add to the share sheet, but is there something special Chrome gets? Maybe there is an entitlement to add? Thanks, Rob

I am developing a carkey application. I have applied to MFi and have obtained a com.apple.developer.carkey.session entitlement. By setting session in Entitlement.plist, the program I created can call CarKeyRemoteControl.start and obtain the session. However, even if VehicleReport() is called, information cannot be obtained and the return value is always empty. In the iPhone standard Wallet, a button is displayed below CarKey, and you can lock and unlock it. My question is, com.apple.developer.carkey.session is set in Entitlement.plist, but do I need to set anything else, such as manufacturerIdentifier? . Also, if I need it, what format should I use? for example, What should I do if I want to specify "TEST" for manufacturerIdentifier?

Hi, Need information on the Esim entitlement, we are planning to get the Esim Entitlement for our App, as part of the same when we try to submit there is field "Carrier Partner Team ID" while trying to submit request, we have reached out to our carrier on the same, meanwhile would like to understand what the field is refers for. Regards, Sunil Reddy.

I want to update the provisioning profile from the developer account. There were errors in the data supplied. Please correct and re-submit. No value was provided for the parameter 'appIdId'. No value was provided for the parameter 'provisioningProfileName'. Does anyone know how to fix this error?