Does Replit Agent actually sign my iOS build?

No. Replit Agent generates the project source but does not run codesign locally. The signing happens on Expo Application Services, which runs the Mac build inside its own infrastructure using the Apple distribution certificate you provided through the eas credentials flow. The IPA you download from EAS is what App Store Connect validates on upload, not anything produced inside the Replit workspace.

Why does Transporter show ITMS-90035 right after a Replit Agent build?

Transporter runs the same validation as the App Store Connect upload endpoint. If ITMS-90035 appears immediately, the IPA itself carries the problem, not Transporter. The most common cause on a fresh Replit Agent IPA is an EAS profile set to preview or development instead of production, which signs with a non-distribution certificate that the validator refuses.

Can a delayed Apple Developer Program enrollment cause ITMS-90035?

Yes, indirectly. Replit's documentation notes that Apple Developer Program activation can take 16 to 24 hours. During that window, EAS Build may complete with a placeholder ad hoc profile, and the resulting IPA fails the App Store Connect signature check with ITMS-90035. Waiting for activation, then rebuilding with the production profile, resolves it cleanly.

Should I re-sign the IPA locally instead of rebuilding on EAS?

Most of the time, no. Manual re-signing with codesign on a Mac requires re-sealing every embedded framework and the top-level bundle in the right order. Skipping any file breaks the seal again. Rebuilding through EAS is faster and handles the dependency tree automatically. Manual re-signing is a last resort for builds you cannot reproduce, not a default approach.

Is ITMS-90035 the same as ITMS-90161 or ITMS-91056?

No. ITMS-90035 is the Invalid Signature error, focused on codesign output and sealed resources inside the bundle. ITMS-90161 is Invalid Provisioning Profile, which fires when the profile itself is malformed. ITMS-91056 is the Invalid Privacy Manifest path error introduced in 2024. The three can appear together on the same upload, but each has its own root cause and fix path.

Why does Replit Agent trigger ITMS-90035 Invalid Signature?

You shipped an iOS build through Replit Agent, dragged the IPA into Transporter, and saw ITMS-90035: Invalid Signature. The error blocks the upload entirely, and the file path Apple prints is usually a dot-file or an embedded framework with a cryptic name. This article walks through where the signature breaks in a Replit Agent pipeline and how to fix it without rewriting your project.

Short answer

ITMS-90035 means App Store Connect could not validate the code signature on at least one file inside your IPA. On a Replit Agent build, the cause is almost always one of three things: the build was signed with a development or ad hoc profile instead of a distribution profile, an embedded framework lost its sealed resource because of a dot-file artifact, or the bundle identifier contains a non-ASCII character. The fix is usually a clean EAS Build on the production profile, not a manual re-sign.

What you should know

Replit Agent does not sign the IPA on Replit's servers. The signing runs on EAS Build inside Expo Application Services, using your Apple distribution certificate.
ITMS-90035 is a validator error, not an App Review rejection. It blocks the upload itself, so the build never reaches a human reviewer.
Apple's TN2318 documents the verification command. Running codesign --verify -vvvv against the unpacked IPA usually surfaces the exact failing file.
Dot-files and ._ resource forks are a common trigger. They appear when an iOS folder is zipped or copied on macOS without dot_clean.
EAS Build can re-sign without changing your source. Most Replit Agent failures resolve with eas build --platform ios --clear-cache --profile production.

How does Replit Agent fit into the iOS signing pipeline?

Replit Agent generates a React Native or Expo project inside the Replit workspace. The actual iOS build does not run on Replit's infrastructure. According to Replit's Expo on Replit tutorial, once your project is ready, you run eas init and eas build --platform ios, which dispatches the build to Expo Application Services (EAS). EAS Build owns the Mac runner that compiles your project, embeds the React Native runtime, signs the bundle with your Apple distribution certificate, and produces the final IPA.

That separation matters for ITMS-90035. Replit Agent only writes source code and configuration. EAS Build handles certificates, provisioning profiles, and the final codesign pass. When the validator inside App Store Connect refuses the upload, the broken piece is almost always something EAS Build received from the Replit-generated project, such as a non-ASCII bundle identifier in app.json, a framework version mismatch in ios/Podfile.lock, or a preview profile chosen during the credentials flow.

For builders who want an external read of the compiled IPA before opening Transporter, PTKD.com (https://ptkd.com) is one of the platforms focused on pre-submission analysis aligned with OWASP MASVS for no-code and vibe-coded apps. It does not re-sign the binary, but it surfaces structural issues that App Review and the App Store Connect validator are likely to flag, including missing entitlements and incorrect Info.plist keys.

What does ITMS-90035 actually mean inside an IPA?

The literal text varies by Xcode version, but the core message is either "Invalid Signature. Code object is not signed at all" or "A sealed resource is missing or invalid." App Store Connect runs Apple's codesign and pkgutil checks on the bundle on upload, and any failure short-circuits the rest of the validation.

In practice, ITMS-90035 means one of these conditions is true inside the IPA:

One file in the bundle has no signature. This is common when a build script copies a file in after the codesign step has already run.
One file's signature does not match its sealed hash. This happens when a file was edited after signing, including dot-file metadata created by macOS Finder.
The certificate used is not an Apple distribution certificate. Development and ad hoc profiles will not pass validation for App Store distribution.
The certificate is valid, but the Apple Worldwide Developer Relations (WWDR) intermediate that signed it is missing or expired in the build environment.

Apple's Technical Note TN2318: Troubleshooting Failed Signature Verification covers each of these and gives a single codesign --verify -vvvv command that prints the failing file path and reason.

What causes Invalid Signature on Replit Agent builds?

Replit Agent runs on top of Expo, so the failure modes are a subset of every Expo iOS export. Five recur often enough to call out:

Wrong build profile. A preview or development EAS profile signs with a development certificate that App Store Connect rejects. Only the production profile, or a custom profile with distribution: "store", signs for the App Store.
Missing distribution credentials. First-time builders sometimes accept an ad hoc credential during the EAS prompt. Re-running eas credentials --platform ios and selecting "Set up a new distribution certificate" rebuilds the keychain.
Embedded framework not re-signed after a prebuild. If expo prebuild runs mid-pipeline, a precompiled framework copied from node_modules can keep its old signature, and the sealed-resource hash fails on upload.
Non-ASCII characters in the bundle identifier or display name. Replit Agent occasionally proposes a name with an accented character. App Store Connect treats accented letters in CFBundleIdentifier as a signature break.
Stale WWDR intermediate certificate. If the build runner has not refreshed the Apple WWDR root, recent distribution certificates fail to chain. The Apple Developer Forums thread on ITMS-90035 covers this case and the keychain cleanup that fixes it.

A sixth, rarer cause is a dot-file artifact (._Frameworks, ._Info.plist) introduced by zipping the iOS folder on macOS. Apple's dot_clean command removes these, and Technical Note TN2407: iOS Code Signing Troubleshooting Index points back to TN2318 for the verification step that confirms the fix.

How do you fix ITMS-90035 on a Replit Agent build?

The fast path depends on which of the causes above is actually triggering. A diagnostic helps: unzip the IPA, then run codesign --verify -vvvv MyApp.app on the resulting bundle and read the first failing file. If it is a framework under Frameworks/, the issue is embedded resources. If it is the top-level executable, the issue is the certificate chain itself.

The table below maps the most common Replit Agent failure to the fix.

Symptom in validator	Likely cause	Fix
"Code object is not signed at all" on a framework	Embedded framework copied after the codesign step	Run `eas build --platform ios --clear-cache --profile production`
"A sealed resource is missing or invalid" pointing at `._Info.plist`	Dot-file artifact from a macOS zip	Run `dot_clean ios/` locally, commit, then rebuild via EAS
"Not signed using an Apple submission certificate"	Wrong EAS profile or ad hoc credential	`eas credentials --platform ios`, then rebuild with the production profile
Non-ASCII glyph in the printed file path	Accented bundle identifier or display name	Edit `app.json` `ios.bundleIdentifier` to ASCII only, rebuild
Certificate chain fails to validate	Stale WWDR intermediate on the runner	Trigger a fresh EAS Build, or rotate the certificate in App Store Connect

For most Replit Agent users, the single command sequence that resolves the bundled cases is eas build --platform ios --clear-cache --profile production, followed by eas submit --platform ios --latest. Expo's iOS submission documentation covers the ascAppId, ascApiKeyPath, and ascApiKeyIssuerId fields that need to live in eas.json for a clean handoff, plus the EXPO_APPLE_APP_SPECIFIC_PASSWORD environment variable when an App Store Connect API key is not available.

What to watch out for

A few traps catch Replit Agent users specifically:

Re-signing locally is rarely the right call. It is technically possible to extract the IPA, run codesign -s "Apple Distribution: ..." --force on the inner bundle, and re-zip. This usually breaks a different sealed hash, because the order of signing matters for embedded frameworks. Rebuilding on EAS is faster and cleaner.
Transporter caches your last upload attempt. If the first attempt failed with ITMS-90035, restart Transporter before re-uploading. A stuck cache occasionally re-submits the broken IPA and reproduces the same error.
Apple Developer Program enrollment delay is real. Replit's documentation notes that a new account can take 16 to 24 hours to propagate. ITMS-90035 sometimes masquerades as a credentials problem when the underlying issue is that enrollment has not yet activated.
Eye-catching percentages on iOS signing failures are folklore. Numbers like "89% of developers see certificate problems" or "75% of failures come from expired certificates" circulate without a verifiable Apple-published source. Apple does not publish per-error rejection rates.
Privacy Manifest errors look similar. ITMS-91056 and ITMS-91065 reference signature-adjacent files but are not the same error class as ITMS-90035. Read the exact error code in the validator output before applying a fix.

Key takeaways

ITMS-90035 is a validator error, not an App Review rejection. It blocks upload to App Store Connect and never reaches a human reviewer.
On Replit Agent builds, EAS Build owns the signing step, so most failures resolve with a clean rebuild on the production profile rather than any change to the project source.
Run codesign --verify -vvvv on the unpacked IPA to identify the failing file before changing anything; the first failing path is usually the whole story.
Some teams outsource the pre-submission scan to platforms like PTKD.com (https://ptkd.com) so they can confirm IPA structure and Info.plist keys before paying for another EAS Build attempt.
When in doubt, re-run eas credentials --platform ios and rebuild on the production profile rather than patching the IPA manually with codesign.