I want to track down which part of an app contacts a given domain listed in its App Privacy Report. Following the instructions given here I am able to capture a packet trace, but traffic to the domain in question is encrypted using QUIC. Is there a way to insert e.g. mitmproxy into the capture process in order to get hold of the SSLKEYLOGFILE so that I can decrypt the traffic?

Excited for AlarmKit! I have found two concerns that I cannot find answers for though. The volume of my alarms seems to be very quite relative to the full volume capability of the device. For example, if I turn the volume all the way up and play the audio file, the sound is very loud. However then, if I set the alarm using alarm kit with the same audio, the track played during the alerting phase is not that loud. I am afraid that it will not be loud enough in real life. Will there be future support to set the volume level of the alarm to maximum settings? When I press the volume buttons (with the app open) during an active alarm, the audio stops, but the alarm manager does not clear these events. The alarm manager does clear the alarm event if the alarm is stopped through a live activity.

Hi, I’m looking for clarification on Apple Pay merchant domain verification behavior. Our production domain’s verification expiry was extended without any action from our team. Previous expiry: May 21, 2026 Current expiry: October 6, 2026 The Verify button is greyed out, and we can’t download a new .txt file. We did not re‑verify the domain during this time. A few weeks prior, we did renew our Apple Pay Merchant Identity certificate for Apple Pay on the web. Could someone clarify: Does updating the Merchant Identity certificate trigger automatic domain revalidation or expiry extension? If so, why was the extension only 4 months? Does Apple automatically revalidate or extend merchant domain verification? Is this expected behavior, or should domains always be manually re‑verified?

I have Family Controls (Distribution) and (Development) on my main app. The shield overlay, shield actions, and ManagedSettingsStore all work correctly. My app concept: the user selects a specific time (e.g. 7:00 AM) at which their selected apps (Instagram, TikTok, Snapchat, etc.) should be blocked until they complete an action. The blocking should happen everyday automatically at the chosen time without the user needing to open my app. What actually happens: at 7:00 AM nothing happens. The selected apps remain accessible. The blocking only activates when the user manually opens my app and then closes it. Has anyone found a reliable way to make intervalDidStart fire every day at the scheduled time in the background? Is there a known workaround? I have seen similar reports from other developers but no confirmed solution. Any guidance from Apple engineers would be greatly appreciated.

We are integrating the App Intents framework into our iOS app to enable Siri functionality, including intents that display user data (e.g., showing upcoming schedule information) and intents that perform actions on behalf of users (e.g., submitting a time-off request). Our Legal team has asked us to provide any developer-specific integration terms or agreements that govern the engineering use of Siri and the App Intents framework — separate from the user-facing Siri, Dictation & Privacy terms. So far, the only reference we've found to App Intents or Siri in Apple's developer agreements is Section J of the Apple Developer Program License Agreement. We've also reviewed the App Store Review Guidelines, the Privacy HIG, and the Siri HIG. As a point of comparison, Apple Maps has its own specific set of developer integration terms (MapKit / Apple Maps Server API terms). Does anything equivalent exist for Siri and/or the App Intents framework? If Section J of the License Agreement and the relevant HIG sections are the complete set of terms governing developer use of App Intents and Siri, confirmation of that would also be very helpful. Thank you.

Feedback ID: FB22759977 After clicking add to apple wallet in our app, I launch the PKAddPaymentPassViewController and click next. It loads for a few seconds and then I get: [] ProvisioningOperationComposer: Step '' failed with error Error Domain=PKProvisioningErrorDomain Code=5 UserInfo={PKErrorHTTPResponseStatusCodeKey=500}

We are implementing Apple Pay In-App Provisioning (EV_ECC_v2) for our EU app. The same codebase and encryption logic works successfully for our main app (different bundle ID and Adam ID), but the EU app consistently fails with HTTP 500. Environment: Entitlement: Granted (Case-ID: 18772317) Encryption scheme: EV_ECC_v2 Issue: During In-App Provisioning, the iOS app successfully obtains certificates, generates cryptographic material (encryptedCardData, activationData, ephemeralPublicKey), and POSTs to Apple's broker endpoint. The request fails at: Endpoint: POST /broker/v4/devices/{SEID}/cards Response: HTTP 500 with an HTML error page (not a JSON business error) <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> Key observations: Our main app (different bundle ID/Adam ID) uses identical encryption code, private keys, and key alias — and works correctly in production. Manual card provisioning through Apple Wallet on the same device succeeds. The entitlement com.apple.developer.payment-pass-provisioning is confirmed present in the provisioning profile (verified via codesign). The 500 response is HTML rather than JSON, suggesting the request is rejected at the gateway level before reaching Apple Pay business logic. What we've verified: Entitlement correctly configured in provisioning profile ephemeralPublicKey is in uncompressed format (65 bytes, starts with 0x04) encryptionVersion is EV_ECC_v2 No double Base64 encoding Question: Could you please check whether Adam ID 6745866031 has been correctly added to the server-side allow list for In-App Provisioning in the production environment? Given the HTML 500 (not JSON) and that the identical code works for our other app, we suspect this may be an allow list or account configuration issue rather than a cryptography error. I will follow up with a Feedback Assistant ID including sysdiagnose logs shortly, per the steps outlined in https://developer.apple.com/forums/thread/762893

While attempting to read a user’s daily step history spanning backward to the last 7 days, a small but consistent subset of users encounter Error Code 3 with the underlying error description: Error Code 3 "Unable to invalidate interval: no data source available." When this error occurs, we are entirely unable to read their step history. We have received ~10 direct user reports of this within the last couple of weeks.

Hi, We are able to successfully perform in-app provisioning and add cards to the native wallet. However, we are unable to retrieve the existing card status from the wallet. Even when the card is already added to the device or Apple Watch, the status is always returning as false for both. Could you please let us know if there are any additional configurations, entitlements, or issuer onboarding steps required to retrieve the existing card status from Apple Wallet?

Hello, I am working on a network security and DLP (Data Loss Prevention) solution. A core requirement of our architecture is the ability to modify network traffic payloads in-flight (e.g., stripping sensitive data or altering packets). So, the only way to implement this is via the NETransparentProxyProvider which allows us to handle, evaluate, and modify network flows (NEAppProxyFlow). However, because this is such a powerful mechanism, my primary goal is to ensure the absolute stability of the operating system. I want to minimize the risk of interfering with core Apple services. When evaluating a flow, I have access to NEFlowMetaData, specifically properties like sourceAppUniqueIdentifier and sourceAppAuditToken. Could you please assist me with the following questions: Is there a recommended list of Apple system Application IDs (Bundle IDs) or executable names that should be strictly bypassed (ignored) by the Network Extension to maintain system integrity? Since system daemons can change between OS releases, are there any programmatic best practices or specific rules to dynamically identify core OS traffic that must not be intercepted? Are there any specific network ports or protocols that Apple strongly recommends excluding from NENetworkRule matches at the proxy provider configuration level to ensure daemons like apsd or mDNSResponder function correctly? Thank you in advance.

Hello, I'm evaluating possibility to use virtualization to setup on-permise parallel testing system for a product I work on. My compatibility range is wide, i.e. it would cover macOS 12 - 26, so any testcase needs to be executed on at least 5 different OS versions (and introducing any parallization to the test execution would mean I deal with higher number of VMs). As far as I understand, there is a constraint in Apple Software License, that limits number of OS VM installations per one physical system to 2 (section 2.B.(iii)) in case of OS downloaded from the Internet or through App Store. Clearly these days a single high-end Mac hardware could sustain more than 2 VMs running in parallel. The license also mentions it is also possible to be in a volume or maintenance license program and then the terms of this program apply instead. So I wonder how do people normally deal with the above limitation? What is the path I need to follow if I want to be able to run more than "2 additional copies or instances of" macOS on my VMs?

Hello, with macOS' and iOS' recent updates (26.4.x), Handoff in my app appears to have become dysfunctional, as I receive the following message in the logs: getContinuationStreamsWithCompletionHandler(), inputStream=(null) outputStream=(null) error=Error Domain=NSPOSIXErrorDomain Code=94 "Bad message" UserInfo={NSLocalizedDescription=Could not set up internal streams} It ONLY works: From a Mac with 15.x to other Macs or iOS devices (on 26.4.x). All other combinations (see below) do NOT work: iOS (26.4.x) > iOS (26.4.x) iOS (26.4.x) > Mac (26.4.x) iOS (26.4.x) > Mac (15.x) Mac (26.4.x) > iOS (26.4.x) The Handoff prompt is shown in the Dock on Mac, in the app switcher on iOS, and in the Dock on iPadOS, but once I click/press it, I get the continuationStreams error. Now, is it my app, or the OS? Thank you kindly, – Matthias

I'm trying to update the iCloud data handling in our app, and I'm running into an issue with a particular file on one particular device. This file never downloads & I haven't been able to pinpoint what's off about it. Right now we just have 2 iCloud accounts & a handful of devices, so I haven't been able to narrow it down yet, but in most cases, all the cloud files download as expected. However, whether or not the file eventually downloads, the NSURLUbiquitousItemDownloadRequestedKey key seems to be completely useless. For the following code: NSError *error = nil; BOOL success = [[NSFileManager defaultManager] startDownloadingUbiquitousItemAtURL:self.fileURL error:&error]; if (!success) { NSLog(@"error downloading %@ : %@", self.fileURL, error); } else { NSDictionary *resourceValues = [self.fileURL resourceValuesForKeys:@[NSURLUbiquitousItemDownloadRequestedKey, NSURLUbiquitousItemIsDownloadingKey, NSURLUbiquitousItemDownloadingErrorKey, NSURLUbiquitousItemDownloadingStatusKey] error:&error]; if (!error) { NSString *downloadStatus = resourceValues[NSURLUbiquitousItemDownloadingStatusKey]; bool downloadRequested = [resourceValues[NSURLUbiquitousItemDownloadRequestedKey] boolValue]; NSLog(@"download requested: %d", downloadRequested); } // ... } downloadRequested is always false, regardless of whether or not the cloud file eventually downloads. I have 2 questions: is there a way to actually check if a download has been requested for a file? what could be preventing this file from downloading? -startDownloadingUbiquitousItemAtURL:error: doesn't report an error, NSURLUbiquitousItemDownloadingErrorKey is always nil, and no error is reported in the NSMetadataQuery observer.

Hello, I have followed the instructions in https://developer.apple.com/documentation/backgroundassets to setup background asset to work on the iPhone. I am able to confirm successfully test the asset packs locally on the iPhone. However, when I try to run the my test code on the Mac (Designed for iPad), I get this error. BackgroundAssets/AssetPackManager.swift:206: Fatal error: The app couldn’t be validated: The bundle’s info dictionary lacks a string value for the key “BAAppGroupID”. Is this feature not supported on the Mac?

I’m investigating Core Data lightweight migration behavior with SQLite and ran into a performance issue. Scenario: Model V1: EntityA has one fetchIndex Model V2: EntityA adds a new optional attribute timestamp (Integer 64), with no changes to existing attributes or fetchIndex definitions From a SQLite perspective, this change should be handled by a simple: ALTER TABLE ZENTITYA ADD COLUMN ZTIMESTAMP INTEGER But I observe that Core Data rebuilds the existing index, which becomes a significant performance issue for large databases. CoreData: sql: DROP INDEX IF EXISTS Z_EntityA_id CoreData: sql: ALTER TABLE ZENTITYA ADD COLUMN ZTIMESTAMP INTEGER CoreData: sql: CREATE INDEX IF NOT EXISTS Z_EntityA_byID ON ZENTITYA Question: Is there any way to avoid or bypass index rebuilding for this kind of schema changes?

Hello Everyone, Like probably several other Enterprise customers and more, we have been bitten by a bug with regards to VPN and Endpoint Security and the new M5 / M5 Pro SoCs shipping in the latest MacBook devices. I have raised the following feedback IDFB22753954 (which itself references an internal issue I believe, if we need to mark it as a dupe: 172793638 ). The technical sequence leading to the crash is as follows I believe: The macOS system process neagent successfully initializes the GlobalProtect network extension. The GP Network extension transitions from an 'inactive' state to a 'running' state. As network traffic begins flowing through the extension, a critical flaw in the macOS kernel's memory allocation (specifically related to the Apple Network Extension framework) is triggered. This memory management failure at the kernel level results in a kernel panic at an unpredictable point during packet processing. Because this is a core operating system vulnerability, any third-party application or security solution that leverages Apple's Network Extension framework is susceptible to these crashes. This has been confirmed across multiple vendors within the cybersecurity industry from what I understand. Crashes_M5Pro_1.txt Thank you in advance for your help! Kind Regards, Goffredo

CloudKit CKRecordZone Deletion Issue Problem: CloudKit record zones deleted via CKDatabase.modifyRecordZones(deleting:) or CKModifyRecordZonesOperation are successfully removed but then reappear. I suspect they are automatically reinstated by CloudKit sync, despite successful deletion confirmation. Environment: SwiftData with CloudKit integration Custom CloudKit zones created for legacy zone-based sharing Observed Behavior: Create custom zone (e.g., "TestZone1") via CKDatabase.modifyRecordZones(saving:) Copy records to zone for sharing purposes Delete zone using any CloudKit deletion API - returns success, no errors Immediate verification: Zone is gone from database.allRecordZones() After SwiftData/CloudKit sync or app restart: Zone reappears Reproduction: Tested with three different deletion methods - all exhibit same behaviour: modifyRecordZones(deleting:) async API CKModifyRecordZonesOperation (fire-and-forget) CKModifyRecordZonesOperation with result callbacks Zone deletion succeeds, change tokens (used to track updates to shared records) cleaned up But zones are restored presumably by CloudKit background sync Expected: Deleted zones should remain deleted Actual: Zones are reinstated, creating orphaned zones

I'm hitting a kernel-side rejection on IOServiceOpen from a host app against my DEXT's IOUserService, before any code in my DEXT's NewUserClient runs. DEXT activation and USB matching succeed; only the user-client connection fails. What works DEXT activates and shows as [activated enabled] in systemextensionsctl list. DEXT matches IOUSBHostInterface for the target device and Start() runs to completion. Inside Start(), CopyInterface() returns successfully and CopyPipe() for the expected endpoints all succeed. Host app receives the matching notification for the DEXT's IOUserService and calls IOServiceOpen(service, mach_task_self(), 0, &connect). What fails IOServiceOpen returns kIOReturnError (0xE00002BC). My DEXT's NewUserClient override is never reached — verified by the absence of any breadcrumb log and by stepping through under lldb (no entry on the DEXT side). This reproduces both with: The original com.apple.developer.driverkit.userclient-access entitlement listing the host bundle ID. The dev fallback com.apple.developer.driverkit.allow-any-userclient-access = true on host + DEXT. (Background: the App ID portal has the bundle-ID list for userclient-access stored as a single newline-joined string instead of separate array entries — see Support Thread 822652 — so I've been using allow-any-userclient-access = true for now. The IOServiceOpen failure persists either way.) Diagnostics I can't get I'd like to confirm the kernel-side rejection reason, but DEXT os_log output is suppressed in Console and: sudo log config --process <dext-pid> --mode "level:debug" log: Unable to set mode for pid <dext-pid> I've tried by PID and by subsystem; both refuse. SIP is in its default state. Any pointer to the correct invocation (or a Configuration Profile to enable DriverKit verbose logging) would unblock me. Environment macOS 26.3.1 (build 25D2128) Xcode 26.3 (build 17C529) Host app: AppKit, sandboxed, Mac App Store distribution DEXT: matches IOUSBHostInterface on idVendor: 0x1452 (DNP) and (pending capability approval) 0x1343 (Citizen) Entitlements on host: com.apple.developer.driverkit, com.apple.developer.driverkit.userclient-access (or allow-any-userclient-access = true for dev) Entitlements on DEXT: com.apple.developer.driverkit, com.apple.developer.driverkit.transport.usb, com.apple.developer.driverkit.allow-any-userclient-access for dev Questions Is IOServiceOpen → kIOReturnError before NewUserClient always an entitlement/sandbox check failure, or are there other kernel-side reasons (matching score, IOService class hierarchy mismatch) that produce the same generic code? What's the correct way to enable DEXT os_log capture so I can see the rejection reason? Is there a known interaction between a malformed userclient-access array on the App ID (Forums Thread 822652) and the kernel's user-client authorization path that would persist even after switching to allow-any-userclient-access = true? Sample profiles, codesign output, and the exact matching dictionary available on request. Thanks.

Hello everyone, I am migrating a legacy KEXT to a DriverKit (DEXT) architecture. While the DEXT itself is working correctly, I am completely blocked by a code signing issue when trying to establish the UserClient connection from our SwiftUI management app. Project Goal & Status: Our DEXT (com.accusys.Acxxx.driver) activates successfully (systemextensionsctl list confirms [activated enabled]). The core functionality is working (diskutil list shows the corresponding disk device node). The Core Problem: The userclient-access Signing Error To allow the app to connect to the DEXT, the com.apple.developer.driverkit.userclient-access entitlement is required in the app's .entitlements file. However, as soon as this entitlement is added, the build fails. Both automatic and manual signing fail with the same error: `Provisioning profile ... doesn't match the entitlements file's value for the ... userclient-access entitlement.` This build failure prevents the generation of an .app bundle, making it impossible to inspect the final entitlements with codesign. What We've Confirmed: The necessary capabilities (like DriverKit Communicates with Drivers) are visible and enabled for our App ID on the developer portal. The issue persists on a clean system state and on the latest macOS Sequoia 15.7.1. Our Research and Hypothesis: We have reviewed the official documentation "Diagnosing issues with entitlements" (TN3125). According to the documentation, a "doesn't match" error implies a discrepancy between the entitlements file and the provisioning profile. Given that we have tried both automatic and manual profiles (after enabling the capability online), our hypothesis is that the provisioning profile generation process on Apple's backend is not correctly including the approved userclient-access entitlement into the profile file itself. The build fails because Xcode correctly detects this discrepancy. Our Questions: Did we misunderstand a step in the process, or is the issue not with the entitlement request at all? Alternatively, are there any other modifications we can make to successfully connect our App to the DEXT and trigger NewUserClient? Thank you for any guidance.

Hey . So i'm building a screentime app whereby users can add an accountability partner who will be able to see their total screentime.(no app breakdowns included) . This will require me to send the data to firebase realtime database and retrieve for the accountability partner to see. Problem is , I've literally tried everything but the screentime still shows 0m on the accountabiliy partner's end. I need the data to be displayed rounded down to the nearest 0.5 e.g 1hr43mins ->1.5hrs+ ,2.0hrs+ ,3.5hrs+ , meaning it only moves when a threshold is crossed by the user. (this is to save database costs). Anyway i'd really appreciate if someone could help me out here. Thanks