Hi Quinn! Always a pleasure to hear from you. One thing to check is that the symlinks in the .framework bundles survived the zip and unzip process. I regularly see folks run into weird problems when tooling replaces these symlinks by copies. Wow, this was a great shout, it does look like the symlinks are being replaced by copies! e.g. $ ls -la ~/Temp/CodeSigningTest/GoodApp.app/Contents/Frameworks/Lua.framework total 0 drwxr-xr-x 6 ruairi staff 192 25 Feb 16:44 . drwxr-xr-x 12 ruairi staff 384 25 Feb 16:44 .. lrwxr-xr-x 1 ruairi staff 24 25 Feb 16:45 Headers -> Versions/Current/Headers lrwxr-xr-x 1 ruairi staff 20 25 Feb 16:45 Lua -> Versions/Current/Lua lrwxr-xr-x 1 ruairi staff 26 25 Feb 16:45 Resources -> Versions/Current/Resources drwxr-xr-x 4 ruairi staff 128 25 Feb 16:44 Versions $ ls -la ~/Temp/CodeSigningTest/BadApp.app/Contents/Frameworks/Lua.framework total 24 drwxr-xr-x 6 ruairi staff 192 25 Feb 16:53 . drwxr-xr-x 12 ruairi staff 384 25 Feb 16:52 .. -rwxr-xr-x 1 ruairi staff 24 25 Feb 16:53 Headers -rwxr-xr-x 1 ruairi staff 20 25 Feb 16:52 Lua -rwxr-xr-x 1 ruairi staff 26 25 Feb 16:53 Resources drwxr-xr-x 4 ruairi staff 128 25 Feb 16:53 Versions If I 'fix' BadApp.app by copying the original symlinks from GoodApp.app, it passes all the code signing checks, so I feel pretty confident this is the issue now. I also managed to find 4 year old Steam and Reddit threads from the same user who had the same issue with symlinks being replaced in their app; their solution was using Steam's command line interface to upload instead. https://www.reddit.com/r/gamedev/comments/egsw7v/steamworks_trouble_with_symlinks_when_uploading/ https://steamcommunity.com/discussions/forum/2/1747892438661514782/ I'll resort to this if it's the only way to make the app work, but just to exhaust other options first: is it possible to modify my app's build process in Xcode so the symlinks are replaced with copies before signing and notarisation? Are there good reasons not to do that? Thank you!