ITMS-91109: com.apple.quarantine found in bundle

App Store Distribution & Marketing App Store Connect
MyMattes
MyMattes OP
Created May ’25
Replies 2
Boosts 0
Views 74
Participants 2

Hi all,

I have repeatedly the issue that a certain .strings file in my app's bundle has the extended files attribute com.apple.quarantine set. Consequently the submission fails with the following mail notification:

We noticed one or more issues with a recent delivery for the following app: [...] ITMS-91109: Invalid package contents - The package contains one or more files with the com.apple.quarantine extended file attribute, such as “abcdef.strings”. This attribute isn’t permitted in macOS apps distributed on TestFlight or the App Store. Please remove the attribute from all files within your app and upload again.

I'm able to resubmit the bundle after cleaning the file attribute via xattr -d -r com.apple.quarantine..., but the funny thing is it happens again and again - on a .strings file which hasn't been downloaded (but manually created), shouldn't be under Gatekeeper's quarantine, and wasn't edited in the meantime.

Is anybody else observing the same issue with macOS 15.4.1, Xcode 16.3?

Greetings, Matthias

Answered by DTS Engineer in 840865022

Generally Xcode doesn’t quarantine stuff itself. That is, if a file is quarantined in your app bundle then that’s because the file was quarantined in your source code. So in this situation that’s the first thing to check.

IMPORTANT Make sure you check your source control system. I’ve had folks fix this and then see it come back the next time they check out their project.

The other situation where I’ve seen weird things like this is when the project, source code, or build products directory is in a ‘weird’ place, like on the desktop, or somewhere iCloud Drive, or an external drive, or a disk image. Any chance that applies here?

Finally, the ultimate debugging step here is to work through your build log to figure out how the file got created. That’ll let you determine the inputs, outputs, and creation process, which should be enough for you to at least reproduce the problem.

For advice on how to explore the build log, see Command [something] failed with a nonzero exit code.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  2
Boosts  0
Views  74
Participants  2
MyMattes
MyMattes OP
May ’25

I just realized that the attribute "com.apple.provenance" was set for the file in question, too. According to some blog article at eclecticlight.co it might cause the quarantine to be reestablished (only an assumption). Still no idea why a newly created localization file requires quarantine...

I've removed this attribute as well - wait and see.

0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
May ’25
Accepted Answer
Recommended

Generally Xcode doesn’t quarantine stuff itself. That is, if a file is quarantined in your app bundle then that’s because the file was quarantined in your source code. So in this situation that’s the first thing to check.

IMPORTANT Make sure you check your source control system. I’ve had folks fix this and then see it come back the next time they check out their project.

The other situation where I’ve seen weird things like this is when the project, source code, or build products directory is in a ‘weird’ place, like on the desktop, or somewhere iCloud Drive, or an external drive, or a disk image. Any chance that applies here?

Finally, the ultimate debugging step here is to work through your build log to figure out how the file got created. That’ll let you determine the inputs, outputs, and creation process, which should be enough for you to at least reproduce the problem.

For advice on how to explore the build log, see Command [something] failed with a nonzero exit code.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1
ITMS-91109: com.apple.quarantine found in bundle
First post date Last post date
 
 
Q