What does Invalid Code Signature or ITMS-90035 mean?

It means the seal on your app does not match its contents. Xcode records a hash of every file in the bundle when it signs, so the system can verify nothing changed. If a resource is added, removed, or modified afterward, the seal fails and the build is rejected, often with the message that a sealed resource is missing or has been modified. The cause is in the packaging, not usually the certificate.

Why does an embedded framework cause an invalid signature?

Because a framework is a signed object nested inside your app and must be signed correctly too. If it is set to Do Not Embed, or shipped with an outdated signature version, validating the nested code fails the seal on your whole app. Set the framework to Embed and Sign so Xcode signs it during your build, and update third-party frameworks whose signatures are no longer accepted.

I didn't change anything, so why is my signature invalid?

Something in the build likely modified the bundle after signing. A custom build phase that copies a file, an edit to Info.plist, or a stray .DS_Store left in a resource folder all change the sealed contents and invalidate the signature even when your code is untouched. Stale DerivedData or signing with a development certificate instead of a distribution one can also produce it.

Can I re-sign the .app manually with codesign to fix it?

It is risky and usually the wrong move. Hand re-signing tends to hide the real cause and can create new mismatches between the app and its nested frameworks. The reliable path is to fix the step that modified the bundle, set frameworks to Embed and Sign, clean the build, and export through Xcode's Organizer so Xcode signs the archive consistently from a clean state.

Did Xcode 16 change code signing?

The fundamentals are the same: sign with a distribution certificate, embed and sign frameworks, and do not modify the bundle afterward. The notable case in recent Xcode versions is third-party frameworks carrying an outdated signature version that is no longer accepted, which surfaces as an invalid signature until you update the framework. Clean rebuilds and current frameworks resolve most Xcode 16 reports.

How do I fix 'Invalid Code Signature' in Xcode 16?

An Invalid Code Signature error means the seal Xcode put on your app no longer matches what is inside it. Something changed the bundle after it was signed, or an embedded framework was not signed the way Apple expects. It reads like a certificate problem, but it is usually a packaging problem. Here is what breaks the seal and how to put it back.

Short answer

An Invalid Code Signature, often reported as ITMS-90035 "a sealed resource is missing or has been modified", means the app's signature no longer matches its contents. The usual causes are a bundle changed after signing, such as a build script or a stray file, or an embedded framework that is not signed correctly. Per Apple's guidance on the Invalid Signature rejection, the fix is to clean the build, set embedded frameworks to Embed and Sign, sign with a distribution certificate and a valid App Store profile, and never alter the .app after Xcode signs it. Updating an outdated third-party framework signature resolves a common Xcode 16 case.

What you should know

The signature seals the whole bundle: any change after signing invalidates it.
A modified bundle is the top cause: a build script or a stray file editing the .app breaks the seal.
Embedded frameworks must be signed: set them to Embed and Sign in the target.
Old framework signatures fail: a framework signed with an outdated version is rejected and must be updated.
Use a distribution certificate: a development or ad-hoc certificate produces an invalid App Store signature.

What does "Invalid Code Signature" actually mean?

It means the cryptographic seal on your app does not match the files it covers. When Xcode signs your app, it records a hash of every resource in the bundle, so the system can verify nothing changed. If a file is added, removed, or modified after that step, the seal no longer matches and the build is rejected, often with the message that a sealed resource is missing or has been modified. This is why the error points at packaging rather than at your certificate: the certificate may be perfectly valid while the contents it signed were altered underneath it. That is the most useful thing to internalize under pressure, because it means the work is to find what touched the bundle, or which nested object is signed wrong, not to reissue a certificate that was never the problem.

What are the common causes?

A handful of issues account for most of these rejections. The table pairs each cause with its fix.

Cause	Fix
Bundle modified after signing (build script, stray file, .DS_Store)	Remove the post-sign change and let Xcode sign last
Embedded framework not signed	Set the framework to Embed and Sign in the target
Outdated framework signature	Update the third-party framework to a current version
Signed with a development or ad-hoc certificate	Use a distribution certificate and an App Store profile
Built from a Simulator target	Build and archive a Release target for a device
Stale build artifacts	Clean the build folder and delete DerivedData

How do you fix it, step by step?

Rebuild cleanly and let Xcode handle the signing:

Clean the build folder and delete DerivedData, then rebuild the Release target, since stale artifacts carry old signatures.
Set every embedded framework to Embed and Sign in the target's General settings, so each one is signed during the build.
Confirm signing identity: use Automatically manage signing, or a distribution certificate with a valid App Store provisioning profile, not a development or ad-hoc identity.
Remove anything that modifies the bundle after signing, including custom build phases that copy files in and stray files like .DS_Store inside copied resource folders.
Export through Xcode's Organizer with Distribute App, so Xcode re-signs the archive consistently rather than you editing it by hand.

Why do third-party frameworks trigger it?

Because a framework is its own signed object inside your app, and it has to be signed correctly too. If an embedded framework is set to Do Not Embed, or shipped pre-signed with an outdated signature version, the seal on your app fails when Apple validates the nested code. Setting the framework to Embed and Sign tells Xcode to sign it during your build, and updating a third-party framework to a current release replaces an old signature that is no longer accepted. Frameworks pulled in through CocoaPods or Swift Package Manager are usually handled for you, but a manually dragged-in framework is the one to check first. A quick way to narrow it down is to inspect the .app or .ipa contents and confirm each item under the Frameworks folder is present and signed, since a missing or duplicated framework there is a frequent source of the sealed-resource message.

What to watch out for

The quiet culprit is a build script that touches the .app after the signing phase. Anything that copies a file in, rewrites Info.plist, or leaves a .DS_Store inside a resource folder changes the sealed contents and invalidates the signature, even though your code and certificate are fine. Resist the urge to re-sign the bundle by hand with codesign to paper over it, because that usually hides the real cause and creates new mismatches; fix the step that modified the bundle instead. Code signing is part of build integrity, so a pre-submission scan such as PTKD.com (https://ptkd.com) reads the compiled IPA against OWASP MASVS to confirm the binary is properly signed, alongside the other binary checks it runs. The limit is that a scan reports the state; Xcode is still where you correct the signing.

What to take away

Invalid Code Signature means the app's seal no longer matches its contents, usually because the bundle was modified after signing.
Set embedded frameworks to Embed and Sign, sign with a distribution certificate and a valid App Store profile, and clean stale build artifacts.
Remove any build step or stray file that alters the .app after signing, and export through Xcode's Organizer so Xcode re-signs consistently.
Update outdated third-party frameworks, since an old signature version is a common Xcode 16 cause, and confirm the signed build with a pre-submission scan such as PTKD.com.