Hi, I am developing a Screen Time App and I am having issues with the ShieldConfigurationExtension (ShieldConfigurationDataSource). I know this extensions is sandboxed but I should be able to read data from the main app. I am using SwiftData as my database, but I am unable to initialize it in the extensions with an error indicating insufficient file permissions. I have App Group set up and I am able to share data using UserDefaults but that is just inconvenient. Is there any way I could just open the SwiftData in read only mode so that I could display the user some info on the shield? SwiftData Init: private func setupContainer() throws { let schema = Schema([ DogEntity.self, HouseEntity.self ]) // Use app group container if available let config: ModelConfiguration if let containerURL = FileManager.default.containerURL( forSecurityApplicationGroupIdentifier: "group.\(Bundle.app.bundleIdentifier ?? "")" ) { config = ModelConfiguration(schema: schema, url: containerURL.appendingPathComponent("default.sqlite")) } else { config = ModelConfiguration(schema: schema) } self.container = try ModelContainer(for: schema, configurations: [config]) } Error in extension: fault: Attempt to add read-only file at path file:///private/var/mobile/Containers/Shared/AppGroup/51431199-5919-4AE6-940C-6FE3C53EEB46/default.sqlite read/write. Adding it read-only instead. This will be a hard error in the future; you must specify the NSReadOnlyPersistentStoreOption. error: (3) access permission denied error: Encountered exception error during prepareSQL for SQL string 'SELECT TBL_NAME FROM SQLITE_MASTER WHERE TBL_NAME = 'Z_METADATA'' : access permission denied with userInfo { NSFilePath = "/private/var/mobile/Containers/Shared/AppGroup/51431199-5919-4AE6-940C-6FE3C53EEB46/default.sqlite"; NSSQLiteErrorDomain = 3; } while checking table name from store: <NSSQLiteConnection: 0x154100300> error: Store failed to load. <NSPersistentStoreDescription: 0x15402d590> (type: SQLite, url: file:///private/var/mobile/Containers/Shared/AppGroup/51431199-5919-4AE6-940C-6FE3C53EEB46/default.sqlite) with error = Error Domain=NSCocoaErrorDomain Code=256 "The file “default.sqlite” couldn’t be opened." UserInfo={NSFilePath=/private/var/mobile/Containers/Shared/AppGroup/51431199-5919-4AE6-940C-6FE3C53EEB46/default.sqlite, NSSQLiteErrorDomain=3} with userInfo { NSFilePath = "/private/var/mobile/Containers/Shared/AppGroup/51431199-5919-4AE6-940C-6FE3C53EEB46/default.sqlite"; NSSQLiteErrorDomain = 3; } Any help appreciated 🙂

sending the following POST request: ---- HTTP REQUEST ---- POST https://appleid.apple.com/auth/token Headers: Content-Type: application/x-www-form-urlencoded Body: client_id=au.com.thejlrguy.businesschat&client_secret=eyJhbGciOiJFUzI1NiIsImtpZCI6IktLUDc4MkhGVTcifQ.eyJ...QeDn7ug&grant_type=client_credentials&scope=https%3A%2F%2Fappleid.apple.com Getting the below error: {"error":"invalid_client"} The private key used to sign the JWT was created 24 hours ago.

Our mobile app uses a specific platform for subscription management. At this time,, it's integration with Apple notifications is built around the Server-to-Server Notifications v1 and the traditional verifyReceipt endpoint. At this time, it does not support Server-to-Server Notifications v2, nor has any published documentation or resources on a custom integration path using v2. Our app is built using Flutter and we handle purchases with the in_app_purchase plugin. However, due to the limitation on the system for subscription side, we need to connect to Apple’s legacy server-to-server subscription endpoints (StoreKit v1) to receive real-time notifications and validate receipts. Could you please provide information how to do it?

I wrote a simple program to hide the build-in camera by entitlement restriction as DTS suggested in the post: https://developer.apple.com/forums//thread/784511?answerId=839753022#839753022 But the program failed as the error message: Fail to open service: 0xe00002e6: Caller is not entitled to connect to EndpointSecurity. How can I apply for the entitlement to run the program? Is there any other solution to resolve hide build-in camera?

We are experimenting with FileProvider on MacOS, we want to set ACL policy restriction on a folder and the same policy needs to be applied down to its children. To achieve this currently we are setting corresponding NSFileProviderItemCapabilities on parent folder and recursively iterate over all of its children and set the capability on each individual child items. GOAL: We expect the root's ACL policy to be implicitly percolated down to its children without explicitly being iterated over them and setting it individually. From our research, we couldn't find any policy that can help us achieve the above goal. If there are any such provisions in FileProvider, please guide us to them.

I can't access the CloudKit Console. It started to be unresponsive for hours today. It looks like sync'ing is still working, but I would like to reset the environment during my development! Is it possible to control CloudKit Console using the command line?

I try to use CoreBluetooth api on my cus app on vision os. I could connect to two devices on my app, but couldn’t with 3 or more device. Despite connecting the third device using this api, the function does not return anything. When two devices are connected on bluetooth setting, I see the same situation on my custom app. However, I could connect 3 or more devices on the default blu setting. Is there anyone who has similar problem?

I am using CLLocationUpdate.liveUpdates() to build a location sharing app. Most of the time it works fine, including in the background, giving acceptably frequent updates. However, soon after the user puts their phone away for the night, the updates stop coming. I've checked all the instance properties (.stationary, .locationUnavailable, etc.) but none of them are ever set to true, even for the last update before updates end. Is there some way to keep the updates coming through the night? I've included some relevant parts of my code here: func startLocationUpdates() { if self.manager.authorizationStatus == .notDetermined { self.manager.requestWhenInUseAuthorization() } Task { do { self.background = CLBackgroundActivitySession() self.session = CLServiceSession(authorization: CLServiceSession.AuthorizationRequirement.always) let updates = CLLocationUpdate.liveUpdates() for try await update in updates { if let loc = update.location { BackgroundServiceKt.onLocationUpdate(arg: loc) } // check all the instance properties } } catch { // error } return } } class AppDelegate: NSObject, UIApplicationDelegate { func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey : Any]? = nil) -> Bool { LocationsHandler.shared.startLocationUpdates() return true } }

Hello, thank you Apple for supporting custom store with SwiftData and the Schema type is superb to work with. I have successfully set one up with SQL and have some feedback and issues regarding its APIs. There’s a highlighted message in the documentation about not using internal restricted symbols directly, but they contradict with the given protocols and I am concerned about breaking any App Store rules. Are we allowed to use these? If not, they should be opened up as they’re useful. BackingData is required to set up custom snapshots, initialization, and getting/setting values. And I want to use it with createBackingData() to directly initialize instances from snapshots when transferring them between server and client or concurrency. RelationshipCollection for casting to-many relationships from backing data or checking if an array contains a PersistentModel. SchemaProperty for type erasure in a collection. Schema.Relationship has KeyPath properties, but it is missing for Schema.Attribute and Schema.CompositeAttribute. Which means you can’t purely depend on the schema to map data. I am unable to access the properties of a custom struct type in a predicate unless I use Mirror with schemaMetadata() or CustomStringConvertible on the KeyPath directly to extract it. Trivial, but… the KeyPath property name is inconsistent (it’s all lowercase). It would be nice to retrieve property names from custom struct types, since you are unable access CodingKeys that are auto synthesized by Codable for structs. But I recently realized they’re a part Schema.CompositeAttribute, however I don’t know how to match these without the KeyPath… I currently map my entities using CodingKeys to their PredicateCodableKeyPathProviding.… but I wish for a simpler alternative! It’s unclear how to provide the schema to the snapshot before new models are created. I currently use a static property, but I want to make it flexible if more schemas and configurations are added later on. I considered saving and loading the schema in a temporary location, but doubtful that the KeyPath values will be available as they are not Codable. I suspect schemaMetadata() has the information I need to map the backing data without a schema for snapshots, but as mentioned previously, properties are inaccessible… Allow access to entity metatypes, like value types from SchemaProperty. They’re useful for getting data out of snapshots and casting them to CodingKeys and PredicateCodableKeyPathProviding. They do not carry over when you provide them in the Schema. I am unable to retrieve the primary key from PersistentIdentifier. It seems like once you create one, you can’t get it out, like the DataStoreConfiguration in ModelContainer is not the one you used to set it up. I cannot cast it, it is an entirely different struct? I have to use JSONSerialization to extract it, but I want to get it directly since it is not a column in my database. It is transformed when it goes to/from my tables. It’s unknown how to support some schema options, such as Spotlight and CloudKit. Allow for extending macro options, such as adding options to set as primary key, whether to auto increment, etc… You can create a schema for super and sub entities, but it doesn’t appear you can actually set them up from the @Model macro or use inheritance on these models… SwiftData history tracking seems incomplete for HistoryDelete, because that protocol requires HistoryTombstone, but this type cannot be instantiated, nor does it contain anything useful to infer from. As an aside, I want to create my own custom ModelActor that is a global actor. However, I’m unable to replicate the executor that Apple provides where the executor has a ModelContext, because this type does not conform to Sendable. So how did Apple do this? The documentation doesn’t mention unchecked Sendable, but I figure if the protocol is available then we would be able to set up our own. And please add concurrency features! Anyway, I hope for more continued support in the future and I am looking forward to what’s new this WWDC! 😊

Hello there, I have a problem reaching the CloudKit dashboard. Every time I login, the login successes but then I get the error: An error has caused this web page to stop working correctly. This also happens when I click on the Button CloudKit dashboard. Then I can reload the page, but the same errors occurs again and again. Can someone help me with this problem? Thank you very much

Hello. I am building a BLE device that is Activity Fitness based and would like a "System Level" BLE connection on WatchOS using an ESP32 (I have built a test of this on the firmware side). Meaning I do not want my iOS app to pass the BLE connection to the WatchOS app. It seems like these App Level connections do not get as many background updates as a System Level connection, and also requires the WatchOS app to be launched to connect to the BLE device The System Level BLE connection (WatchOS Settings > BLE > Health Devices) allows for auto connection in the background, and gets more reliable background communication between the BLE device and the Apple Watch On the Apple MFi Page it only mentions iOS: From Apple MFi Page: :: Who does NOT need to join - Developers and manufacturers of accessories that connect to an Apple device using only Bluetooth Low Energy, Core Bluetooth, or standard Bluetooth profiles supported by iOS Does this apply to WatchOS as well? So, if I am making an BLE device that is Activity Based, and has one of the allowable Health Device UUIDs, is the BLE System Connection allowed using any BLE chip? Including say an ESP32 I have built a test BLE firmware that is a Health Device UUID, and the WatchOS sees it as a health device Is this fine then? No need for MFi application and also no need to worry about which BLE chip is used? thanks

send a request and it returns with timeout Integration Team are Using Fortigate as a firewall and NGINX for some reasons so we use VPN TO Access , requests always succeed but at once it failed with timeout in randomize request not specific one we are using URLSession as a network layer when I retry the same failed request again, it success the request cannot connect apigee Sec Team concern { app session hits the security gateway with lots of SYN step to try to initiate a new session and doesn’t wait for (SYN-ACK / ACK) steps to happen to make sure the connection initiated correctly and gateway consider it flooding attack }

I am currently developing an auto-renewal subscription in-app purchase for my app. Currently, the subscription items have already been approved in appStoreConnect, and the .store file is synced with appStoreConnect, so the subscription items are displayed well and the test is also progressing well. However, when I build without using the .store file to perform sandbox testing, the subscription items do not appear and response.invalidProductIdentifiers appears. Is there anything I need to do additionally so that the subscription items can appear in response.products? ps. The bank account item in the contract is in 'processing' status, and the paid app contract status is 'waiting for user information'.

Hi I am implement my app with Core NFC , I found the module have their own UI , can I implement without the UI? we want the NFC scanning in background , not blocking the UI.

Recently, we have observed that after upgrading to OS 15.4.1, some devices are experiencing network issues. We are using a Network Extension with a transparent app proxy in our product. The user encounters this issue while using our client, but the issue persists even after stopping the client app. This appears to be an OS issue. Below is the sytem logs. In the system logs, it says [C669.1 Hostname#546597df:443 failed transform (unsatisfied (No network route), flow divert agg: 2)] event: transform:children_failed @0.001s In scutil --dns, it says not reachble. DNS configuration resolver #1 flags : reach : 0x00000000 (Not Reachable) resolver #2 domain : local options : mdns timeout : 5 flags : reach : 0x00000000 (Not Reachable) order : 300000 resolver #3 domain : 254.169.in-addr.arpa options : mdns timeout : 5 flags : reach : 0x00000000 (Not Reachable) order : 300200 resolver #4 domain : 8.e.f.ip6.arpa options : mdns timeout : 5 flags : reach : 0x00000000 (Not Reachable) order : 300400 resolver #5 domain : 9.e.f.ip6.arpa options : mdns timeout : 5 flags : reach : 0x00000000 (Not Reachable) order : 300600 resolver #6 domain : a.e.f.ip6.arpa options : mdns timeout : 5 flags : reach : 0x00000000 (Not Reachable) order : 300800 resolver #7 domain : b.e.f.ip6.arpa options : mdns timeout : 5 flags : reach : 0x00000000 (Not Reachable) order : 301000 We need to restart the system to recover from the issue.

A message filter extension is only forwarded SMSs by the OS for filtering, iMessages aren't. But what is the situation with RCS messages? Will they be filterable by a message filtering extension?

I asked a question similar to this earlier, but I think this is probably the better question. I have a food-ordering app. When the user wants to pick up food, I'd like for Apple Maps to automatically display the location of the restaurant that the user is driving to. Calendar does something similar. If there is an event that is soon, the location in the calendar-event shows up in Apple Maps. I'd like to do the same thing. So, when the user makes an order, they'll need to drive to the location fairly quickly. So, I'd like to launch Apple Maps, see the location of the restaurant where I'm picking up food, and then get directions to it. Bonus points if this also works when I have CarPlay.

We submitted a request a couple years ago to Apple through the feedback system to add 1 custom vid/pid to the com.apple.DriverKit-AppleUSBFTDI driver. They added it to Monterey and it appears in all macOS versions since Monterey. Not long after submitting this request, we sent a follow-up request to add 2 more pids (same vid, and same personality). Apple eventually added these as well. They appear as an array of pids under the same personality. We are 2 weeks from releasing one of those products (added in the second request) and are just now realizing that the second request was only honored on Sequoia (this fact was masked by us using a temporary ftdi vid/pid during development while waiting for Microsoft to resolve an issue related to adding custom vid/pids to FTDI's Windows driver). All other versions that we are supposed to support (Monterey thru Sonoma) only have the first device. None of the devices from the second request are listed, and consequently this device doesn't match and doesn't expose as a serial port as it should. Our application that works with these devices supports Monterey and up, and we desperately need all devices that we have submitted so far to be available on Monterey and up (thru system updates). I tried starting a code-level support ticket, but they don't have a category for this problem. The feedback mechanism is a black box. You submit the request and get no response. You just wait for weeks/months and then it just appears one day. That was fine then, but we're now in an emergency situation. (FTDI's own dext driver, last time we tried it at least, was unable to be installed after being customized, and they admitted to us during email support that there was some issue on the Apple side that was preventing it from being customized. They haven't updated the dext driver since then, so I assume the situation is still the same) What can we do?

Hello I'm working on Live Caller ID Lookup implementation on my own pet-project, as I understood I need to create app and extension for this app. I also created test PIR-service. I did configure serviceURL, tokenIssuerURL and userTierToken. In My app I implemented following code Task { if LiveCallerIDLookupManager.shared.status(forExtensionWithIdentifier: "some-extension") == .disabled { `//` Show an alert. print("LiveCallerIDLookupManager is disabled") } do { // Open Settings. try await LiveCallerIDLookupManager.shared.openSettings() } catch { } It does open Call settings, but I don't understand what should I do next.

For this code: let status = try await container.accountStatus() Seeing this error: 2025-05-08 15:32:00.945731-0500 localhost myAgent[2661]: (myDaemon.debug.dylib) [com.myDaemon.cli:networking] Error Domain=CKErrorDomain Code=6 "Error connecting to CloudKit daemon. This could happen for many reasons, for example a daemon exit, a device reboot, a race with the connection inactivity monitor, invalid entitlements, and more. Check the logs around this time to investigate the cause of this error." UserInfo={NSLocalizedDescription=Error connecting to CloudKit daemon. This could happen for many reasons, for example a daemon exit, a device reboot, a race with the connection inactivity monitor, invalid entitlements, and more. Check the logs around this time to investigate the cause of this error., CKRetryAfter=5, CKErrorDescription=Error connecting to CloudKit daemon. This could happen for many reasons, for example a daemon exit, a device reboot, a race with the connection inactivity monitor, invalid entitlements, and more. Check the logs around this time to investigate the cause of this error., NSUnderlyingError=0x600001bfc270 {Error Domain=NSCocoaErrorDomain Code=4099 UserInfo={NSDebugDescription= I initially started the this process as System Daemon to see what would happen (which obviously does not have CloudKit features). Then moved it back to /Library/LaunchAgents/ and can't get rid of that error. I see also following message from CloudKit daemon: Ignoring failed attempt to get container proxy for &lt;private&gt;: Error Domain=NSCocoaErrorDomain Code=4099 UserInfo={NSDebugDescription=&lt;private&gt;} Automatically retrying getting container proxy due to error for &lt;private&gt;: Error Domain=NSCocoaErrorDomain Code=4099 UserInfo={NSDebugDescription=&lt;private&gt;} XPC connection interrupted for &lt;private&gt; And this error for xpc service: [0x130e074b0] failed to do a bootstrap look-up: xpc_error=[3: No such process] If I start the same cli process directly from XCode, then it works just fine.