A user of my app reported that when my app copies files from a QNAP NAS to a folder on their Mac, they get the error "Result too large". When copying the same files from the Desktop, it works. I asked them to reproduce the issue with the sample code below and they confirmed that it reproduces. They contacted QNAP for support who in turn contacted me saying that they are not sure they can do anything about it, and asking if Apple can help. Both the app user and QNAP are willing to help, but at this point I'm also unsure how to proceed. Can someone at Apple say anything about this? Is this something QNAP should solve, or is this a bug in macOS? P.S.: I've had users in the past who reported the same issue with other brands, mostly Synology. import Cocoa @main class AppDelegate: NSObject, NSApplicationDelegate { func applicationDidFinishLaunching(_ aNotification: Notification) { let openPanel = NSOpenPanel() openPanel.canChooseDirectories = true openPanel.runModal() let source = openPanel.urls[0] openPanel.canChooseFiles = false openPanel.runModal() let destination = openPanel.urls[0] do { try copyFile(from: source, to: destination.appendingPathComponent(source.lastPathComponent, isDirectory: false)) } catch { NSAlert(error: error).runModal() } NSApp.terminate(nil) } private func copyFile(from source: URL, to destination: URL) throws { if try source.resourceValues(forKeys: [.isDirectoryKey]).isDirectory == true { try FileManager.default.createDirectory(at: destination, withIntermediateDirectories: false) for source in try FileManager.default.contentsOfDirectory(at: source, includingPropertiesForKeys: nil) { try copyFile(from: source, to: destination.appendingPathComponent(source.lastPathComponent, isDirectory: false)) } } else { try copyRegularFile(from: source, to: destination) } } private func copyRegularFile(from source: URL, to destination: URL) throws { let state = copyfile_state_alloc() defer { copyfile_state_free(state) } var bsize = UInt32(16_777_216) if copyfile_state_set(state, UInt32(COPYFILE_STATE_BSIZE), &bsize) != 0 { throw NSError(domain: NSPOSIXErrorDomain, code: Int(errno)) } else if copyfile_state_set(state, UInt32(COPYFILE_STATE_STATUS_CB), unsafeBitCast(copyfileCallback, to: UnsafeRawPointer.self)) != 0 { throw NSError(domain: NSPOSIXErrorDomain, code: Int(errno)) } else if copyfile(source.path, destination.path, state, copyfile_flags_t(COPYFILE_DATA | COPYFILE_SECURITY | COPYFILE_NOFOLLOW | COPYFILE_EXCL | COPYFILE_XATTR)) != 0 { throw NSError(domain: NSPOSIXErrorDomain, code: Int(errno)) } } private let copyfileCallback: copyfile_callback_t = { what, stage, state, src, dst, ctx in if what == COPYFILE_COPY_DATA { if stage == COPYFILE_ERR { return COPYFILE_QUIT } } return COPYFILE_CONTINUE } }

This is my first driver and I have had the devil of a time trying to find any information to help me with this. I beg help with this, since I cannot find any tutorials that will get me over this problem. I am attempting to write a bridging driver for an older UPS that only communicates via RPC-over-USB rather than the HID Power Device class the OS requires. I have written the basic framework for the driver (details below) and am calling OSSystemExtensionRequest.submitRequest with a request object created by OSSystemExtensionRequest.activationRequest, but the didFailWithError callback is called with OSSystemExtensionErrorDomain of a value of 9, which appears to be a general failure to activate the driver. I can find no other information on how to address this issue, but I presume the issue is one of entitlements in either the entitlements file or Info.plist. I will have more code-based details below. For testing context, I am testing this on a 2021 iMac (M1) running Sequoia 15.7, and this iMac is on MDM, specifically Jamf. I have disabled SIP and set systemextensionsctl developer on, per the instructions here, and I have compiled and am attempting to debug the app using xcode 26.2. The driver itself targets DriverKit 25, as 26 does not appear to be available in xcode despite hints on google that it's out. For the software, I have a two-target structure in my xcode project, the main Manager app, which is a swift-ui app that both handles installation/activation of the driver and (if that finally manages to work) handles communication from the driver via its UserClient, and the driver which compiles as a dext. Both apps compile and use automated signing attached to our Apple Development team. I won't delve into the Manager app much, as it runs even though activation fails, except to include its entitlements file in case it proves relevant <dict> <key>com.apple.developer.driverkit.communicates-with-drivers</key> <true/> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-only</key> <true/> </dict> and the relevant activation code: func request(_ request: OSSystemExtensionRequest, didFailWithError error: any Error) { // handling the error, which is always code value 9 } func activateDriver() { let request = OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: "com.mycompany.driver.bundle.identifier", queue: .main) request.delegate = self OSSystemExtensionManager.shared.submitRequest(request) //... } And finally the Manager app has the following capabilities requested for its matching identifier in our Apple Developer Account: DriverKit Communicates with Drivers System Extension On the Driver side, I have two major pieces, the main driver class MyDriver, and UserClient class, StatusUserClient. MyDriver derives from IDriverKit/IOService.iig but (in case this is somehow important) does not have the same name as the project/target name MyBatteryDriver. StatusUserClient derives from DriverKit/IOUserClient.iig. I have os_log(OS_LOG_DEFAULT, "trace messages") code in every method of both classes, including the initializers and Start implementations, and the log entries never seem to show up in Console, so I presume that means the OS never tried to load the driver. Unless I'm looking in the wrong place? Because I don't think the driver code is the current issue, I won't go into it unless it becomes necessary. As I mentioned above, I think this is a code signing / entitlements issue, but I don't know how to resolve it. In our Apple Developer account, the Driver's matching identifier has the following capabilities requested: DriverKit (development) DriverKit Allow Any UserClient (development) DriverKit Family HID Device (development) -- NOTE: this is planned for future use, but not yet implemented by my driver code. Could that be part of the problem? DriverKit Transport HID (development) DriverKit USB Transport (development) DriverKit USB Transport - VendorID -- submitted, no response from Apple yet HID Virtual Device -- submitted, no response from Apple. yet. This is vestigial from an early plan to build the bridge via shared memory funneling to a virtual HID device. I think I've found a way to do it with one Service, but... not sure yet. Still, that's a problem for tomorrow. Apparently I've gone over the 7000 character maximum so I will add my entitlements and info.plist contents in a reply.

Hello Apple Developer Community, I'm working on implementing App Clips for a restaurant platform and need guidance on configuring custom App Clip experiences using URL redirects. Context: We have multiple restaurant locations, each needing branded App Clip cards (custom image, title, subtitle). With hundreds of tables across many venues, creating individual App Clip experiences for each table in App Store Connect isn't scalable. Currently: Using a single, generic App Clip experience for all locations => https://example.com Desired Flow: Customer scans QR code at restaurant table ↓ https://example.com/123 ↓ iOS fetches URL ↓ Server responds with 302 redirect ↓ https://example.com/brands/le-pain-quotidien?venue=abc123 ↓ iOS displays App Clip card with "Le Pain Quotidien" branding ↓ User taps "Open" → App Clip launches with correct context What I've Tried: Configured multiple App Clip experiences in App Store Connect Implemented 302 redirects from short URLs to branded URLs Tested various redirect configurations without success Questions: Does iOS fetch and follow redirects before displaying the App Clip card, or does it only use the originally scanned URL? What App Clip experience URLs should be configured in App Store Connect for this redirect scenario? Are there specific HTTP headers or redirect requirements for iOS to properly recognize the final destination? Should the App Clip experience be registered for example.com/123 or example.com/brands/le-pain-quotidien? Reference: Apple's documentation suggests this is possible: https://developer.apple.com/documentation/AppClip/configuring-the-launch-experience-of-your-app-clip#Use-short-URLs-or-redirects Has anyone successfully implemented custom App Clip cards using URL redirects? Any guidance on the correct configuration approach would be greatly appreciated. Thank you!

**Environment Platform:** iOS Distribution: TestFlight Product type: Consumable In-App Purchase Account used for testing: Real Apple ID (not Sandbox) StoreKit: StoreKit 1 iOS version: iOS 17+ (also reproduced on earlier versions) Issue Description We are encountering an issue when testing consumable in-app purchases in a TestFlight build using a real Apple ID. Under normal circumstances, consumable products should be purchasable repeatedly. However, in TestFlight, after a successful purchase flow, the same product may become unavailable for repurchase, and the transaction appears to be stuck, even though: • finishTransaction: is correctly called • The transaction state is .purchased • No pending transactions are left in the payment queue Once this happens, subsequent purchase attempts result in behavior similar to a non-consumable product (e.g. “already purchased” or no purchase UI shown).

When I have to pull in hundreds of commits from upstream, I like to try to make sure things still compile - frequently, to try to limit how far I need to go to back fix things. One issue is missing symbols in the kext, since you won't know until you try to load the kext. And loading the kext each commit is not realistic. So I went and made up a call to something that does not exist, in my case, strqcmp(). I could not get the various tools like kmutil libraries --all-symbols to print out that this function was going to fail, so I wrote a little script (thanks ChatGPT); ./scripts/kpi_check.py --arch arm64e -k module/os/macos/zfs.kext/ First missing symbols: _crfree _crhold _strqcmp Hurrah. But sadly, my brain was then curious as to why crhold() and crfree() work. Worked for years. Only dtrace calls them in XNU sources but otherwise not mentioned there, not listed in my frameworks, nm is not seeing it. Somewhat of a rabbit hole. I don't even need to know, it does work after all. I should just let it go right? and yet... how does it work? My best guess is a symbols.alias pointing it to kauth_cred_ref() somewhere? Maybe? Anyway, pretty low priority but it's an itch...

My app is configured with the App Clip experiences, and a Clip App card pops up when an NFC tag is scanned—whether the host app is not launched, running in the background, or active in the foreground. I want to prevent the App Clip card from popping up when the host app is in the foreground; how can this be achieved?

We recently migrated our entire product to Apple Unified Logging due to the various benefits it provides. However we immediately started hitting the "log quarantine" problem ("QUARANTINED DUE TO HIGH LOGGING VOLUME"). This is partly because we are indeed over logging in a few cases (which we have to work on fixing), but also partly because it's a complicated product with potentially hundreds of libraries, and some of the code can legitimately be very busy. For example we have a system extension that's implemented both as a NetworkExtension client and an EndpointSecurity client, if we were to log decent information about each network or file system event so we can troubleshoot something, they are bound to be high volume logs. Now when our app is running in a normal user environment, this is not a problem. We can disable certain heavy log levels, or at least disable persisting for certain logs (one of the benefits of Apple Unified Logging we really like is that it allows very flexible controls, log config command, OSLogPreferences, configuration profile, we can employ whatever that suits a specific case). But ultimately, the question is what if we end up with a troubleshooting case we don't know exactly where a problem is so we just need the full logs at debug level? And not only just enabled, but because we might not know when the issue can happen either we also need to persist the full set of logs for as long as possible? We will start hitting log quarantine again. Granted this is a very extreme case, but if worst comes to worst, how can we even do that with Apple Unified Logging? Is there an option that allows us to override the quarantine, if but temporarily? I've searched a few relevant forum posts, some of which described log quarantine but no one had mentioned any solution for it (besides having to stop logging so much from the app but as I explained we do have legitimate cases where log volume can still be huge). I've also read The Eskimo's "Your Friend the System Log" and browsed some of the troubleshooting config profiles provided by Apple hoping to discover some hidden payloads but found none so far. There is an OSLogRateLimit environment variable that I noticed if I run a launchctl print system/<a-launch-daemon-lable> and it's usually 64. Is this something relevant? And knowing Apple it's probably something that can't be tampered with?

TL;DR: How does one use DNSServiceReconfirmRecord() to invalidate mDNS state of a device that's gone offline? I'm using the DNSServiceDiscovery API (dns_sd.h) for a local P2P service. The problem I'm trying to solve is how to deal with a peer that abruptly loses connectivity, i.e. by turning off WiFi or simply by moving out of range or otherwise losing connectivity. In this situation there is of course no notification that the peer device has gone offline; it simply stops sending any packets. After my own timeout mechanism determines the peer is not responding, I mark it as offline in my own data structures. The problem is how to discover when/if it comes back online later. My DNSServiceBrowse callback won't be invoked because mDNS doesn't know the device went offline in the first place. I am trying to use DNSServiceReconfirmRecord, which appears to be for exactly this use case -- "Instruct the daemon to verify the validity of a resource record that appears to be out of date (e.g. because TCP connection to a service's target failed.)" However my attempts always return a BadReference error (-65541). The function requires me to pass a DNS record, and the only one I know is the TXT record; perhaps it needs a different one? Which, and how would I get it? Thanks!

I have implemented CKSyncEngine synchronization, and it works well. I can update data on one device and see the changes propagate to another device quickly. However, the initial sync when a user downloads the app on a new device is a significant issue for both me and my users. One problem is that the sync engine fetches deletion events from the server. On a new device, the local database is empty, so these deletions are essentially no-ops. This would not be a big problem if there were only a few records or if it was fast. I measured the initial sync and found that there are 150 modified records and 62,168 deletions. Counting these alone takes over five minutes, even without processing them. The deletions do nothing because the local database has nothing to delete, yet they still add a significant delay. I understand that the sync engine ensures consistency across all devices, but five minutes of waiting with the app open just to insert a small number of records is excessive. The problem would be worse if there were tens of thousands of new records to insert, since downloading and saving the data would take even longer. This leads to a poor user experience. Users open the app and see data being populated for several minutes, or they are stuck on a screen that says the data is being synchronized with iCloud. I am wondering if there is a way to make the sync engine ignore deletion events when the state serialization is nil. Alternatively, is there a recommended method for handling initial synchronization more efficiently? One idea I considered is storing all the data as a backup in iCloud Documents, along with the state serialization at that point in time. When a user opens the app for the first time, I could download the file, extract the data, and set the state serialization to the saved value. I am not sure if this would work. I do not know if state serialization is tied to the device or if it only represents the point where the sync engine left off. My guess is that it might reference some local device storage. I am not sure what else to try. I could fetch all data using CloudKit, create the sync engine with an empty state serialization, and let it fetch everything again, but that would still take a long time. My records are very small, mostly a date when something happened and an ID referencing the parent. Since the app tracks watched episodes, I only store the date the user watched the episode and the ID of that episode.

Tags NetworkExtension, NEFilterManager, Content-Filter, TestFlight, iOS, Swift, Entitlements, App-Groups Problem Summary I'm experiencing a critical issue with a Network Extension Content Filter that works perfectly in debug mode but fails in TestFlight with: ``` -[NEFilterManager saveToPreferencesWithCompletionHandler:]_block_invoke_3: failed to save the new configuration: Error Domain=NEFilterErrorDomain Code=5 "permission denied" UserInfo={NSLocalizedDescription=permission denied} ``` This is blocking completion of a client project and requires urgent assistance. Environment • Platform: iOS • Minimum Deployment: iOS 16.0 • Development: Xcode with Flutter integration • Testing Method: TestFlight (production build) • Works in: Debug mode (direct device deployment) • Fails in: TestFlight builds What Works vs. What Fails WORKS IN DEBUG MODE (✓): • Network extension installs successfully • System permission dialog appears correctly • Filter starts and blocks content as expected • All domain management functions work FAILS IN TESTFLIGHT (✗): • System permission dialog never appears • NEFilterManager.saveToPreferences fails immediately • Error Code 5: "permission denied" • Cannot set up the filter at all Implementation Details ARCHITECTURE: The implementation consists of: Main App (Flutter) - handles UI and configuration Network Extension Plugin (Swift) - bridges Flutter to NetworkExtension framework FilterDataProvider (Swift) - implements content filtering logic App Group - shared storage for configuration (group.app.v1.dev0) PERMISSION REQUEST CODE: ```swift func requestPermissions(completion: @escaping (Result<Bool, Error>) -> Void) { NEFilterManager.shared().loadFromPreferences { error in if let error = error { DispatchQueue.main.async { completion(.failure(error)) } return } let config = NEFilterProviderConfiguration() config.organization = "Testing config.filterBrowsers = true config.filterSockets = true let manager = NEFilterManager.shared() manager.providerConfiguration = config manager.localizedDescription = " Screen Shield" manager.isEnabled = true manager.saveToPreferences { saveError in DispatchQueue.main.async { completion(saveError == nil ? .success(true) : .failure(saveError!)) } } } } ``` EXTENSION INFO.PLIST: ```xml ENTITLEMENTS: ```xml What I've Already Tried VERIFIED ENTITLEMENTS (✓) • Both main app and extension have matching entitlements • App Group identifier is identical in both targets • content-filter-provider capability is set CHECKED PROVISIONING PROFILES (✓) • Created distribution provisioning profiles with Network Extension capability • App Group is included in all profiles • All capabilities are enabled in App Store Connect VERIFIED APP GROUP CONFIGURATION (✓) • App Group exists in Apple Developer portal • Added to both App ID and Extension App ID • Regenerated provisioning profiles after adding CODE SIGNING (✓) • Both targets build and sign successfully • No code signing errors during archive • Extension is embedded in main app bundle TESTFLIGHT REQUIREMENTS (✓) • Using distribution certificate for archive • Archive validation passes without warnings • Upload to TestFlight successful BUILD CONFIGURATION (✓) • Minimum deployment target is iOS 16.0 for both targets • Extension deployment target matches main app • All required frameworks are properly linked Specific Questions Permission Dialog: In debug mode, the system permission dialog appears. In TestFlight, it never shows. Is there a TestFlight-specific permission issue with Network Extensions? Entitlements Propagation: Are there known issues with entitlements not being properly included in TestFlight builds despite being present in the archive? Distribution vs Development: Are there any differences in how Network Extensions are authorized between development builds and distribution builds? Additional Context • The extension works flawlessly when deployed directly from Xcode • No console errors or warnings in TestFlight build • UserDefaults(suiteName:) successfully accesses the App Group in both modes • Filter logic itself is tested and working (confirmed in debug mode) • This is urgent as it's blocking client project completion I tested this with both adult acc and also with child app What I Need Specific steps to diagnose why NEFilterManager.saveToPreferences returns Code 5 in TestFlight Confirmation of whether Network Extension entitlements require special handling for TestFlight Any known issues or workarounds for this specific error in production builds Debugging techniques that work in TestFlight environment (since console logs are limited) System Information • Xcode Version: Latest stable • iOS Target: 16.0+ • Swift Version: 5.0 • Framework: Flutter with native iOS plugin • Build Type: Distribution (Ad Hoc via TestFlight) Thank you for any assistance. This is blocking critical client work and I need to resolve it urgently.

Hi, I’ve been struggling for a while with an issue around an auto-renewable subscription using StoreKit 2 and I’d like to double-check here whether I’m missing something, or if anyone has seen similar behavior. Context • iOS / iPadOS app, first release • 1 auto-renewable subscription (only product in the app) • Using StoreKit 2 only (Product, Transaction, AppStore) • Review device according to the message: iPad Air 11” (M3), iPadOS 26.2 • I keep failing on Guideline 2.1 – App Completeness • The App Review message is always the same: “The In-App Purchase products in the app exhibited one or more bugs which create a poor user experience. Specifically, no action occurred when we tapped on the Continue to Purchase button.” In App Store Connect, the subscription is properly configured, is in the state Ready for Review, and is correctly associated with this app version. What I see (locally + TestFlight) In TestFlight and local builds, the behavior looks correct: • Product.products(for: […]) returns the product, the price and currency are displayed correctly on the paywall / subscription card. • The user taps “Get PRO” → my overlay is shown (“Preparing purchase…” → then a screen with confirmation and price). • After tapping the “Continue to Purchase” button in that overlay, I call await product.purchase(). • On my devices, the system StoreKit purchase sheet always appears. • In the sandbox logs I can see: • a successful result from purchase() • a verified transaction via VerificationResult • the “user has PRO” flag being set correctly after refreshing entitlements (Transaction.currentEntitlements + fallback Transaction.latest(for:)). I’ve tested this on multiple real devices and with several sandbox Apple IDs – I cannot reproduce the “nothing happens after tapping” problem. What App Review reports App Review repeatedly claims that “no action occurred when we tapped on the Continue to Purchase button.” From their screenshots and description, the flow is: 1. They open Settings → subscription card. 2. They see the loaded price, so the product has clearly been fetched successfully from the App Store. 3. They tap my “Get SalonFlow PRO” button. 4. My overlay appears with the subscription name and price. 5. They tap “Continue to Purchase” (in my UI this is “Pokračovat k nákupu”). 6. According to them, nothing happens – no system StoreKit confirmation, no error message, no visible action. Important: this overlay did not appear as an extra complication, but as a reaction to their earlier feedback: • Originally, I had a simple flow: button in the card → directly calling purchase(). • App Review at that time said that after tapping the button “nothing happens”. • I added the overlay specifically to make it obvious that the button does react and that the app is preparing the system purchase: I show the product, the price, and a text explaining that a system App Store confirmation will appear next. • Only from that overlay do I call purchase(). So: in their environment they obviously do reach the overlay (meaning the button definitely does “something”), but the actual StoreKit purchase sheet never shows up. Additional changes and “safety belts” From the App Review video it was clear they were tapping the purchase button roughly 3 seconds after launching the app. So I tightened the flow even more: • The “Get SalonFlow PRO” button is now: • disabled until the product has been loaded from the App Store, • visually dimmed, with a spinner and a short text like “Loading subscription information, please wait…”. • The button only becomes active once the product is actually loaded and ready. • After that, the user goes through a two-step process: 1. tap “Get SalonFlow PRO” → overlay with details, 2. tap “Continue to Purchase” → this is where I call purchase(). On my devices, after that step the system purchase confirmation always appears. But App Review still says that after tapping “Continue to Purchase” nothing happens. What I’d like to ask 1. Has anyone seen a situation where Product.purchase() with StoreKit 2 works fine in TestFlight and sandbox testing, but in the App Review environment the system purchase sheet never appears (no error, just “nothing”)? 2. Are there any known edge cases on iPad (iPadOS 26.2, iPad Air M3) where the StoreKit purchase sheet might fail to show even if: • AppStore.canMakePayments == true, • the product is valid and loaded, • and no error is thrown from purchase()? 3. Could App Review consider my two-step flow (button → overlay → confirm button calling purchase()) problematic in itself, even though the overlay is there precisely because of their initial complaint that “nothing happens” after tapping the button? 4. Is there anything concrete you’d recommend: • adding to the logs, • changing in the timing/order of the purchase() call, • or adjusting in the UI, to make it absolutely clear what is happening in their environment if the system sheet never appears? From my point of view, the implementation follows the StoreKit 2 documentation, everything works correctly in real tests and TestFlight, but the App Review environment behaves differently and I keep getting stuck on Guideline 2.1. I’d really appreciate any experience, tips (“we had exactly this and fixed it by X”), or even a recommendation to radically simplify the flow back to a minimal “button → directly purchase()” without any intermediate overlay. Thanks a lot for any help – this review loop has been going on for weeks and I’d really like to finally resolve it.

We are using a java program as an installer for a software suite. This program is bundled inside a signed and notarized Mac app, but it uses the system installed Java (from env). For installing software, it requires the App Management permission (currently under System Settings › Privacy & Security › App Management). Since the program runs via the system provided Java executable, that one is the executable, that needs said permission. In the past, it was possible to add java to said permissions list. With macOS 26.2 it is no longer possible. I think, this change happened with 26.2. It was definitely still working with macOS 15 (I can reproduce it there), and I am confident, that it also still worked under 26.1. In Console.app I can see errors like this one /AppleInternal/Library/BuildRoots/4~CCKzugBjdyGA3WHu9ip90KmiFMk4I5oJfOTbSBk/Library/Caches/com.apple.xbs/Sources/SecurityPref/Extension/Privacy/TCC+PrivacyServicesProvider.swift:227 add(record:to:) No bundle or no bundle ID found for record TCCRecord(identifier: "/opt/homebrew/Cellar/sdkman-cli/5.19.0/libexec/candidates/java/11.0.29-tem/bin/rmic", identifierType: SecurityPrivacyExtension.TCCIdentifierType.path, access: SecurityPrivacyExtension.TCCAccess.full, managed: false, allowStandardUserToSetSystemService: false, subjectIdentityBundleIdentifier: nil, indirectObjectIdentityBundleIdentifier: nil, indirectObjectIdentityFileProviderIdentifier: nil, tccAuthorization: <OS_tcc_authorization_record: 0xa97d0ba80>) This is reproducible for various different Java installations. I can also not add Java to the other permissions that I tried. Since Java is not installed in a bundled app but instead as a UNIX executable in a bin-folder, the error No bundle or no bundle ID found for record makes sense. I expect this to also affect other use cases where programs are provided as UNIX executables such as Python or C-Compilers like g++. While it is possible to bundle an entire JRE inside each app, we intentionally chose not to as this massively increases app size. If this issue is not resolved or a workaround can be found, this is the only option that remains for us. I am however worried that there are other use cases where this is not an option.

Hi, After the release of macOS Tahoe 26.2. We are seeing memory leaks if our Network Protection Extension is used alongside the Apple Built In Firewall, a second Security Solution that does Network Protection and a VPN. Our NEXT, socketfilterfw and the other security solution consume instead of a few MB of Memory now multiple Gigabytes of Memory. This issue started with the public release of macOS Tahoe 26.2, this issue was not present in earlier versions of macOS and the same set of Software. Just testing our solution by itself will not show this behavior. I unfortunately can't try to reproduce the issue on my test device that runs the latest 26.3 beta as I do not have the third party software installed there and I can't get it. Our Network extension implements depending on the license and enabled features: NEFilterDataProvider NEDNSProxyProvider NETransparentProxyProvider For all man in the middle Use Cases we are using Network Framework, to communicate with the peers. And leaks suggest that the there is a memory leak within internals of the Network Framework. Here is a shortened sample of the leaks output of our Network extension. However, the third party NEXT does show the same leaks. More details can be found on the Feedback with the ID FB21649104 snippet is blocking post? sensitive language Does anyone see similar issues or has an idea what could cause this issue, except a regression of the Network.framework introduced with macOS Tahoe 26.2? Best Regards, Timo

I'm using SwiftData with CloudKit private database. I was able to identify the error on my device by debugging in Xcode with com.apple.CoreData.SQLDebug flag. However, in Production, I couldn't find a way to get the cause of errors. I tried inspecting the error coming from eventChangedNotification. The NSPersistentCloudKitContainer.Event error does not contain any underlying error (neither CKError.userInfo nor in NSError.underlyingError). It only reports a partial failure with CKErrorDomain code 2. If a user encounter an error, there seems to be no way to retrieve the error details. Is there any way to access the error details or logs in Production?

FB21772424 On any iPhone or iPad running 26.3 beta 3 with UIFileSharingEnabled enabled via Xcode, a file cannot be manually copied to/from macOS or manually deleted from Finder but 26.3 beta 2 works fine running on any iPhone or iPad. The version of macOS is irrelevant as both macOS 26.2.1 and macOS 26.3 beta 3 are unable to affect file changes via macOS Finder on iPhone or iPad running 26.3 beta 3 but can affect file changes via macOS Finder on iPhone or iPad running 26.2.1 Thank you.

Hi, i programmed an app the uses MultipeerConnectivity to connect iOS-Devices to exchange Video-Files from the camera (https://pellepepper.my.canva.site/jumpcontrol). In general the solution works fine but I have some challenges: The connection is pretty stable when there are only few other devices around. It seems to become more fragile when there are more other iOS-Devices in the area Testing of the App worked with several meters of distance (up to 10). In real environments of athletics venues the solution is only stable in a region of about 2 meters It seems that newer iOS-Releases make the connection more unstable. Last weekend we used it with iOS 18-Devices on older hardware, what worked fine. Integrating an iOS 26 device made trouble. Working on iPhone 13 with iOS 26 is hardly not usable. What can I do to improve stability of the connection and therefore the App. What are the metrics to look for? Is there something I can do on the code base to make to connection more stable? Many thx Rainer

Hi all, I'm developing fitness app and I use healthkit to track user's "STEPS" count and "Heart Rate" from their iphone devices. I have been receiving this rejection and can't seem to get past this: Guideline 2.5.1 - Performance - Software Requirements The app uses the HealthKit or CareKit APIs but does not clearly identify the HealthKit and CareKit functionality in the app's user interface. Apps using these APIs should be clearly indicated to provide transparency and valuable information to users. Next Steps To resolve this issue, it would appropriate to clearly identify the HealthKit and CareKit functionality in the app's user interface. Resources Learn more about software requirements in guideline 2.5.1. How I tried to Resolve the Issue I have modified my app: adding user permission prompt, adding healthkit notification, adding healthkit indicator in the UI **1. Added a "Permission Primer" Screen (Pre-Alert) ** When a user taps "Connect Apple Health," they are now shown a dedicated explanation screen before the system permission prompt appears. This screen clearly states: "[App] integrates with HealthKit to read your Heart Rate and Steps... to calculate physical exertion." (Please see the "Connect" flow in the Session Detail view). **2. Added Explicit Source Attribution ** I have added a permanent text label reading "Health data sourced from Apple Health" directly below the heart rate and steps statistics on the Session Detail dashboard. This ensures that users always identify the source of the displayed metrics. 3. Deployment Target Correction I identified a configuration error where the Deployment Target was set to a future OS version. I have corrected this to the currently shipping iOS 18 to ensure full compliance with software requirements. 4. App Description Update I have updated the App Store description to explicitly mention the HealthKit integration and its specific purpose (tracking match intensity). However doing the above, I still continue to receive the same review message. When I asked the reviewer what else could be done to satisfy the requirement, I only get boiler plate message above. Anyone know what they really looking for? Any insights is appreciated. Thanks!

1. 环境描述 (Environment) OS: macOS 26.2 Hardware: Apple Silicon (M1/M2/M3) DriverKit SDK: DriverKit 19.0 / 20.0 Arch: Universal (x86_64, arm64, arm64e) SIP Status: Enabled (Works perfectly when Disabled) 2. 问题现象 (Problem Description) 在开启 SIP 的环境下，USB 驱动扩展（Dext）能安装，但插入设备时无法连接设备（驱动的Start方法未被调用）。 驱动状态： MacBook-Pro ~ % systemextensionsctl list 1 extension(s) --- com.apple.system_extension.driver_extension (Go to 'System Settings > General > Login Items & Extensions > Driver Extensions' to modify these system extension(s)) enabled active teamID bundleID (version) name [state] * * JK9U78YRLU com.ronganchina.usbapp.MyUserUSBInterfaceDriver (1.3/4) com.ronganchina.usbapp.MyUserUSBInterfaceDriver [activated enabled] 关键日志证据 (Key Logs) KernelManagerd: Error Domain=NSPOSIXErrorDomain Code=8 "Exec format error" Syspolicyd: failed to fetch ... /_CodeSignature/CodeRequirements-1 error=-10 AppleSystemPolicy: ASP: Security policy would not allow process DriverKit Kernel: DK: MyUserUSBInterfaceDriver user server timeout dext的 embedded.provisionprofile 已包含： com.apple.developer.driverkit com.apple.developer.driverkit.transport.usb (idVendor: 11977)

Hello, We are using a Message Filter Extension (ILMessageFilterExtension) to classify SMS/iMessage content (junk vs allow) in our app. After testing on iOS 26.1, we want to confirm whether there are any behavioral, performance, or API-level changes that impact message filtering, such as: Changes in how often the filter extension is invoked Differences in classification accuracy or system overrides New privacy, entitlement, or permission-related restrictions Execution time limits or memory constraints Any changes specific to iMessage vs SMS filtering We did not find any explicit mention of Message Filter Extensions in the iOS 26.1 release notes and would like to confirm whether the existing behavior from previous iOS versions remains unchanged. Has Apple introduced any known or undocumented changes in iOS 26.1 that developers should be aware of when supporting Message Filter Extensions? Sometime I also found unpredictable behaviour on iOS version 18.5 or below, like sometime it works but sometimes starts working. Thanks in advance for any guidance.

I’m trying to determine the actual Wi-Fi band (e.g. 2.4GHz, 5GHz, or 6GHz) of the network that is currently connected on macOS. I’m not looking for a heuristic based on the Wi-Fi name (SSID), such as checking whether it contains “5G” or “6G”. Instead, I want a reliable and accurate method that reflects the real connection parameters reported by the system. Specifically, I’m interested in: Whether macOS exposes the current Wi-Fi band or channel information through public APIs (e.g. CoreWLAN) Or if there is any supported system-level way to retrieve this information programmatically If this information is not directly accessible, I’d also like to understand: Why macOS does not expose it And whether there is a recommended alternative approach Any insights or examples would be greatly appreciated.