User Profile

Hi All,I have followed these steps stil app is showing malware pop up.1) Signing the dmg with certificate.codesign --force -o runtime -s "Developer ID Application: XXXX" "path to dmg"2) Sent for notarisation:-xcrun altool --notarize-app -f "path to dmg" --primary-bundle-id "bundle identifier" -u "apple id " —p "app specific pwd" --output-format xml3) After getting notization mail, able to staple the dmg.xcrun stapler staple "path to dmg"4) After staple and notraised if i check the dmg and .app after extraction both are notaried and accepted:-a) .dmg:-spctl --assess --verbose --type open --context "context:primary-signature" "path to dmg"output is :-check.dmg: accepted source=Notarized Developer IDb) .app :-spctl --assess --type execute --verbose --ignore-cache --no-cache "path to app"output is :-check.app: accepted source=Notarized Developer IDi have uploaded dmg to website and then download then extractedto appplication folder but if i double click the app in application folder.can you tell where i get wrong with these steps and .app and .dmg both are accepted and notarised.