macOS app not starting

Hello,

Recently we had more feedback from customers regarding the app working fine but after some times, when starting the app, the app does not start, its “jumping” in the dock and close silently

The app is built with the latest Xojo version and is signed/notarized using DMGCanvas.

I could find in some os logs these lines
2025-12-29 13:49:56.364019+0100 0x2f410 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 21385, /Applications/App/Contents/MacOS/App

We also have things regarding malware rejection

2025-12-29 13:51:43.377217+0100 0x2ff1c Error 0x0 511 0 syspolicyd: [com.apple.syspolicy.exec:default] Terminating process due to Malware rejection: 21587, <private>

Running the spctl command show

$ spctl -a -vvv -t install /Applications/App
/Applications/App: accepted
source=Notarized Developer ID
override=security disabled
origin=Developer ID Application: XXXX

The strange thing is that it’s happening after some times but the app is always working fine. The issue is also quite random as some customers never had this.

Regards.

You need to make a ticket with Apple, write on the developer forum and maybe do a DTS.

Can you pinpoint when the behaviour started happening? I currently have a problem with AppleScript which started after the last XProtect update.

This message means your system has Gatekeeper disabled, which means anything that works for you may be a false success.

Can you provide a download link either privately or in the thread?

My understanding is that DMGCanvas only signs the DMG, not the app bundle. Do you handle that separately? For my part, I use it along with AppWrapper, which has provisions for DMGCanvas integration.

Which is great.

I will create a ticket, it appeared a few months back but did nnot pay too much attention as it was one user then more and more users are getting it

It’s a customer that got that disabled but we have on our mac the gatekeeper not disabled and it happens to us too.

I could give you a link to download it but I need to create you an account to pass the login window. Also there is the randomness of the issue that I never had on my mac but some colleagues did then it never happened for few weeks

I first use some command lines on the built app then use dmgcanvas to codesign and notarize the app.
The app seems to be recognized by Apple correctly, we distribute it through download links (not the app store)

I figured that. The App Store process is different and does not involve notarization per se.

So you sign the bundle through the command line. Do you also do hardened runtime, etc?

I do it in my command line

codesign --force --options runtime --deep --timestamp --sign  ...

But DMGCanvas do it after without the runtime option so not sure if it override it or not.

Well, if I remember correctly (and I’m a grownup about being corrected ) , DMGCanvas only signs the DMG itself and, as I’d said, does not really mess with the bundle. In my workflow, AppWrapper passes the wrapped app (with all the signing, hardened runtime, entitlements, etc.) to DMGCanvas, and AppWrapper itself handles all the signing/notarization. I have the option switched off in DMGCanvas, because it is redundant.

I was only going to check on the signature and notarization status just to be sure. If the app is launching normally on most occasions, I’m barking up the wrong tree.

If the issue is that randomly the app would launch extremely slowly, when the Apple servers are struggling it can cause pre-launch verifications to take longer than normal. I feel like there were at least one of these noticable events in the last month.

These days a ticket is not enough. Really, you will never ever get any feedback on a ticket. Do the developer forum AND a support incident (or code level support as it is now called). See Code-level Support - Support - Apple Developer

I have a similar problem.

The behaviour is the same: the app starts, bounces twice in the dock and then closes again.

The console says:

ASP: Security policy would not allow process: 58593, /Applications/Micado Tourism.app/Contents/MacOS/Micado Tourism

I’ve spent hours trying to find the cause but haven’t had any success, even with various ChatGPTs etc.

Gatekeeper and notarisation are OK:

spctl --assess --verbose=4 “/Applications/Micado Tourism.app”

/Applications/Micado Tourism.app: accepted

source=Notarized Developer ID

Everything is notarised, code signed, etc.

This happens on which macOS version or on any?

Well it happened on the 2 last major versions of macOS

Xojo signs the app if you configure it.

If you do it manually you need to first sign the stuff in the /Frameworks folder inside the app and then app itself.

Next you make a dmg via Script or DMGCanvas (or similar) and sign that, too.

Then notarize it with the Apple service via app or script.

If you are not comfortable with scripts and Terminal, check an app like App Wrapper.

Is there something we can help to test and reproduce? Then we would need a (Test)app to download.

For example i found and downloaded “Micado Tourism” here:

This did start correctly on my mac with Sequoia 15.7.2

That’s a lot of Hell grounds that Apple introduced to the devs walk on. Seems like a social experiment where someone at Apple laughs after a release, then introduce another level of difficulty in the next release and laughs again.

I know that Tahoe has some “AI security features” being build up, maybe random behaviors are due the AI humor in that specific day.

I was reading r/MacOS, not sure if a macOS release was so hated as Tahoe is. Many people are doing anything to downgrade. Looks like it is a Tim Cook revenge for being released from the CEO position.

That is not new. Has been there for years.

Google also requires you to sign your app for delivery on Android.

On Windows we also need to buy expensive certificates to sign the apps.