Overview

Hi all, Submitted first ever app for review to app store and got rejected. My app isn't live and I have demo accounts too which they seemed to use. For context my app is free on launch, no in app transactions, and it is a marriage app. What I did not account for is them going through apple sign in and right now I have no way to catch that so that account doesn't mix with real users. I've thought about adding a tap feature and disclosing it, so they tap something x times and it is marked as reviewer account, but that violates guideline 2.3.1. Also thought about adding just visible text for reviewers, but then real users would see that too so its a no go. Asked Claude and it says to try Sandbox Receipt Detection, which should work for a free app, but I'm not sure and would rather ask then implement, submit and find out it doesn't work. Appreciate any help y'all can give me! Thanks!

I'm working on securing communication between an Authorization Plugin and an XPC daemon, and I’d appreciate some guidance on best practices and troubleshooting. The current design which, I’ve implemented a custom Authorization Plugin for step-up authentication, which is loaded by Authorization Services at the loginwindow (inside SecurityAgent). This plugin acts as an XPC client and connects to a custom XPC daemon. Setup Details 1. XPC Daemon Runs as root (LaunchDaemon) Not sandboxed (my understanding is that root daemons typically don’t run sandboxed—please correct me if this is wrong) Mach service: com.roboInc.AuthXpcDaemon Bundle identifier: com.roboInc.OfflineAuthXpcDaemon 2. Authorization Plugin Bundle identifier: com.roboInc.AuthPlugin Loaded by SecurityAgent during login 3. Code Signing Both plugin and daemon are signed using a development certificate What I’m Trying to Achieve I want to secure the XPC communication so that: The daemon only accepts connections from trusted clients The plugin only connects to the legitimate daemon Communication is protected against unauthorized access The Issue I'm facing I attempted to validate code signatures using: SecRequirementCreateWithString SecCodeCopyGuestWithAttributes SecCodeCheckValidity However, validation consistently fails with: -67050 (errSecCSReqFailed) Could you please help here What is the recommended way to securely authenticate an Authorization Plugin (running inside SecurityAgent) to a privileged XPC daemon? Since the plugin runs inside SecurityAgent, how can the daemon reliably distinguish my plugin from other plugins? What is the correct approach to building a SecRequirement in this scenario? Any guidance, examples, or pointers would be greatly appreciated. Thanks in advance!

Hello, I’m honestly trying to understand what’s going on with the Family Controls API review process. I submitted my entitlement request on March 5, and as of today (March 19), there has been zero response. I also opened a support ticket on March 16, and that hasn’t received any response either. What’s confusing is that updates to another app on the same developer account were approved within days so clearly the account is in good standing and active. At this point, it feels like there’s no visibility into what’s happening: Is the request under review? Is it waiting for additional information? Or is it just sitting in a queue indefinitely? I understand that Family Controls is a sensitive API, but a two-week silence with no status or communication makes it very difficult to plan or ship features. For those who’ve gone through this: How long did your approval actually take? Did you receive any communication during the process? Is there any reliable way to get visibility or speed this up? Right now, this is blocking a feature we’ve invested significant time building, and the lack of feedback is the most frustrating part. Would really appreciate any insights.

Hi I’m working on an app Called Wiux ( already on Android ) but one of my clients has a company with all iPhones so I need to develop the app for iOS, but I’m facing A huge wall, it’s an proactive wifi user experience monitor for distributed networks and the idea is that the app its sending every minute info about connectivity RSSI, which network , if is 2,4ghz or 5ghz channel used and device usage cpu ram etc but I find that is no getRSSI ( and I really need that data ) but some aps like iWifi or WiFi probe has that data and it works I check the reads with a phisical probe and my app on android and values match. i think maybe with NEHotspotHelper I could get the data but I don’t know how to ask to use it or if exist a dependency for quality monitoring that allows me to access that thow o info. ( And probably in the near future I face the same problem with LTE ( that I’m also monitoring with the app on Android and I think is going to be a problem on iOS )

I've already submitted multiple cases about this issue. My Family Controls Distribution request was apparently approved (or I was told via Developer Support) for my Device Activity extension, but the Distribution option still does not appear in the identifier. This is blocking my ability to distribute via TestFlight. I need someone who can update the identifier capabilities or explain why the approved capability is not showing.

This is a bit complicated to explain so bare with me. I am working on building an app that allows you to send real time video/camera captures from one Apple device to another. I am using a custom UDP protocol built on top of NWListener, NWBrowser, and NWConnection APIs. It works fine, but there are a few issues that seems to all be related to awdl: When transmitting via WiFi over the router (not using peer-to-peer), there are periodic interruptions when the wireless card on the device changes channels for awdl polling. This is resolved by changing the 5GHz WiFi channel on the router to channel 149 (or disabling AWDL altogether which is not really feasible). In order to work around number 1, I decided to build in an option to toggle/prefer peer-to-peer transmission in the app thinking that if everything goes over a peer-to-peer connection the jitter caused from the channel switching should go away. This also works, but with an important caveat. The default transmission is extremely choppy until you take an OS action that “elevates” the AWDL connection into “realtime” mode. I am using includePeerToPeer on the listener, browser, and connection as well as serviceClass interactiveVideo. For number 1, you can understand that asking users to change the channel on their router is not a great user experience, but the problem is the peer-to-peer connection workaround is also not great by default. For number 2, as an example of the behavior, I can send a stream from my Mac to my iPad over a peer-to-peer connection and it works but the video is very choppy until I move my cursor from my Mac to my iPad to trigger Universal Control. I captured the OS logs while doing this and can confirm that something happens to trigger “realtime” mode on the AWDL connection. After that, the streaming is totally smooth with zero latency. Some log samples: 2026-03-19 12:42:01.277968-0400 0x1ae294c Default 0x0 495 3 rapportd: (CoreUtils) [com.apple.rapport:CLinkD] Update client from UniversalControl:697 2026-03-19 12:42:01.278031-0400 0x1ae294c Default 0x0 495 0 rapportd: (CoreUtils) [com.apple.CoreUtils:AsyncCnx] CLinkCnx-6089: Connect start: 'CLink-ed3b9618b4e0._companion-link._tcp.local.%13' 2026-03-19 12:42:01.278149-0400 0x1ae294c Default 0x0 495 0 rapportd: (CoreUtils) [com.apple.CoreUtils:AsyncCnx] CLinkCnx-6089: Querying SRV CLink-ed3b9618b4e0._companion-link._tcp.local.%13 2026-03-19 12:42:01.279454-0400 0x1ae253a Info 0x0 382 0 wifip2pd: [com.apple.awdl:datapathInitiator] Created AWDLDatapathInitiator clink-ed3b9618b4e0._companion-link._tcp.local <To: 2e:f2:5a:15:76:52> 2026-03-19 12:42:01.279498-0400 0x1ae294c Default 0x0 495 0 rapportd: (CoreUtils) [com.apple.CoreUtils:AsyncCnx] CLinkCnx-6089: Resolving DNS f970afcc-1f1c-47af-a3f3-0236c9f9bbb0.local.%13 2026-03-19 12:42:01.279588-0400 0x1ae253a Default 0x0 382 0 wifip2pd: [com.apple.awdl:datapathInitiator] AWDLDatapathInitiator clink-ed3b9618b4e0._companion-link._tcp.local <To: 2e:f2:5a:15:76:52> was started 2026-03-19 12:42:01.282537-0400 0x1ae294c Default 0x0 495 0 rapportd: (Network) [com.apple.network:path] nw_path_evaluator_start [5C54D967-624D-4269-B080-6C7AE63218C7 IPv6#1e905043%awdl0.49154 generic, attribution: developer] path: satisfied (Path is satisfied), interface: awdl0[802.11], dns, uses wifi 2026-03-19 12:42:01.596450-0400 0x1ae253a Debug 0x0 382 0 wifip2pd: [com.apple.awdl:driver] Received event realtimeMode 2026-03-19 12:42:01.596589-0400 0x1ae253a Default 0x0 382 0 wifip2pd: [com.apple.awdl:interface] Realtime mode updated true I noticed that on iOS 26 and iPadOS 26 a realtime mode was added specifically to the Wi-Fi Aware API which I assume does what I want: https://developer.apple.com/documentation/wifiaware/waperformancemode/realtime, but I am looking for a solution that works with the existing network API and also on previous OS versions. I have already tried a lot of things, but is there any way to programmatically trigger “realtime” mode? For additional context, the goal here is to have extremely low latency that also works for gaming. The actual latency introduced in 1 is approximately 30-50ms around once a second… adding a buffer to the stream makes the video completely smooth, but the extra delay on the receiver end is not acceptable for this use case. Any help or ideas would be appreciated. I can’t easily share a reproduce case right now, and even if I could, getting multiple devices into the exact state along with the router configuration in order to reproduce is going to be pretty difficult anyway.

Hi everyone, I recently submitted the Family Controls request form and received the following request IDs: 429MKWT5VX
 KNL6T2DC7A
 N62KV78DKC However, I haven’t received any updates yet and I’m not sure how these requests are tracked or when we’ll know if they’re approved. Our app is almost ready to launch and this capability is critical for us. Both the main app and an extension depend on Family Controls, so we’re currently blocked from moving forward. I also raised a support ticket with Apple Developer Support (Case ID: 102838723073), but I haven’t received any response there either. To be honest, this is becoming really stressful. Months of work are stuck at the final step and we’re unable to move forward without this approval. This isn’t just a small personal project and we’re building a production app and were hoping to launch very soon. If anyone has been through this process or has any guidance on the approval timeline, or if someone from Apple could help look into these request IDs, it would genuinely mean a lot to us.

 Thank you

Any plans to be able to allow to store Uric Acid (UA) and Ketones readings in Apple Health with HealthKit? There are now many blood test strips in the market that allow to read Glucose, UA and Ketones and currently only Glucose seems to be supported by HealthKit. Thank you

Hi Everyone, We are currently migrating a mature legacy KEXT to DriverKit for our PCIe SCSI storage controller (connected via Thunderbolt 3). During the DEXT load sequence, we have observed that the system automatically triggers a power state transition from State 0 (Off) to State 2 (On). However, this process results in a Kernel Panic due to a timeout after approximately 21 seconds. We have verified that our implementation of Start_Impl, UserInitializeController_Impl, and SetPowerState_Impl executes extremely fast, with a total execution time of less than one second. Specifically, SetPowerState_Impl returns kIOReturnSuccess immediately upon being called. Furthermore, our current Info.plist does not contain any IOPowerManagement dictionary or related keys. Despite the fast execution and the absence of explicit power management declarations in the plist, the kernel power management state machine (IOServicePM) still generates a 21-second timeout, leading to the following panic: Panic Log: panic(cpu 7 caller 0xfffffe0020be8fec): MySCSIDriver::setPowerState(0xfffffe2fb1a65c00 : 0xfffffe0020bfed88, 0 -> 2) timed out after 21257 ms @IOServicePM.cpp:5609 com.example.driver.dext: ( id: com.example.driver.dext; path: /Library/SystemExtensions/[UUID]/com.example.driver.dext; state: loaded ) Note on Previous Discussion: I would like to express my gratitude to Kevin from Apple DTS for the helpful discussion regarding the implementation of BundleParallelTask on the forums. Since then, we have shifted our development focus toward completing the overall management ecosystem, delivering a comprehensive operational interface for users, and handling specific user environments and behaviors. Our current priority is ensuring system stability—specifically resolving these Thunderbolt-related power management issues (sleep/wake)—to prepare the product for upcoming testing. I remain very grateful for the guidance provided on batch task optimization and intend to resume those optimizations once this critical stability baseline is secured. Technical Guidance Needed for PM Migration In our legacy KEXT, we utilized PMinit(), registerPowerDriver(), and joinPMtree() to precisely control the timing of power management registration. In transitioning to the DriverKit SDK, we have not found clear guidance on several key points: Standardized Migration Path: What is the recommended way to implement equivalent power management initialization (formerly PMinit) within a DriverKit subclass? In DriverKit, how should we replicate the behavior of manually calling registerPowerDriver and joinPMtree to ensure the driver is only monitored once the hardware is ready? Implicit Power Registration: Why does the system enforce a setPowerState(0 -> 2) transition on a subclass of IOUserSCSIParallelInterfaceController even when no IOPowerManagement dictionary is defined in the Info.plist? Is this a default behavior of the SCSI or PCI transport framework? Thunderbolt Specifics: Are there specific power proxying requirements or configurations for PCIe devices over Thunderbolt to avoid conflicts with the default IOPCIFamily power policies? Best Regards, Charles

Environment OS: iOS 26.2 ~ 26.3 SDK: Xcode 16.4 (Target: iOS 17.6) Framework: StoreKit 2 Environment: Production (Cannot reproduce in Sandbox or Xcode Configuration) Issue Description We are encountering a critical purchase failure that occurs exclusively in the Production environment. When a user who has a "Pending Downgrade" (scheduled for the next renewal date) attempts to re-purchase their current higher-tier product to cancel the downgrade, StoreKit 2 returns an error. Steps to Reproduce User is currently on "Product A" (Higher Tier). User schedules a downgrade to "Product B" (Lower Tier). The status changes to "Pending Downgrade". User attempts to purchase "Product A" again via Product.purchase(). The system purchase sheet appears, and the user confirms the purchase. Immediately after authentication, a system alert from StoreKit appears saying: "Cannot process request at this time. Please try again later." (現在リクエストを一時的に処理できません。しばらくしてからもう一度お試しください。) After dismissing the alert, the app receives StoreKitError code 2 (unknown) with the localized message: "Request could not be completed" (リクエストを完了できません). Technical Observations Transaction.currentEntitlements: Does not change. App Store Server Notifications (V2): No notifications are sent to our server. Sandbox Behavior: Works perfectly. Re-purchasing Product A successfully cancels the downgrade and the subscription remains at the Higher Tier. AppStore.sync(): Running a manual sync does not resolve the pending state after the error. Question Since we cannot debug production-level logs, we are stuck. Is this a known regression in the StoreKit 2 commerce engine regarding state synchronization for downgrades? Has anyone found a workaround for this specific scenario? Any insights would be greatly appreciated.

The Numbers.app reopens the last edited document when the app launches. If the document was moved to another folder in the Files.app while the app was not running, Numbers.app correctly tracks the file and reopens it. However, if the document was deleted in the Files.app and moved to Recently Deleted, Numbers.app does not reopen the document when the app launches. Question : How does Numbers.app detect that a document has been moved to Recently Deleted? Can third-party apps implement the same behavior? What I tested : If a file is moved while the app is not running, resolving a bookmark successfully tracks the moved file. Files that are deleted via the Files.app appear in Recently Deleted, but those files are actually moved to the following directories: iCloud Drive /var/mobile/Library/Mobile Documents/.Trash/ On My iPad /var/mobile/Containers/Shared/AppGroup/{UUID}/File Provider Storage/.Trash/ App sandbox Documents directory ([On My iPad]/[Any App]) /var/mobile/Containers/Data/Application/{UUID}/Documents/.Trash/ When resolving the bookmark after deletion, the bookmark still resolves successfully and returns the new file URL inside the .Trash directory. I tried the following checks on the resolved URL: Checking file existence Checking read/write accessibility Inspecting bookmark resolution results Using APIs related to NSTrashDirectory See https://developer.apple.com/forums/thread/813329#813329021 All of these behaved the same as when the file was moved to a normal directory. None of these checks allowed me to detect that the file had been deleted. Additional experiment: I suspected that the app might simply check whether the path contains ".Trash", so I performed the following experiment. If a .numbers file is moved to /var/mobile/Containers/Data/Application/{UUID}/Documents/.Trash/ then The file appears in Recently Deleted in Files.app Numbers.app does not reopen the document when the app launches However, if the same file is moved to Documents/Trash Documents/.Trashed Documents/Any Folder/.Trash then The file does not appear in Recently Deleted in Files Numbers does reopen the document when launched This suggests that Numbers.app is not simply checking whether the path contains ".Trash".

Hi Guys, Hope you're well! I am consistently encountering a build warning in Xcode 26 that prevents proper symbolication of crash logs. The warning states: "warning: (arm64) /Users/mickey/Library/Developer/Xcode/DerivedData/CalendarSync-bjuvwxojzofqzzcmzzpdozbujrge/Build/Products/Debug-iphoneos/CalendarSync.app/CalendarSync empty dSYM file detected, dSYM was created with an executable with no debug info." Steps to Reproduce: Open the project in Xcode 26. Build the project for a physical iOS device (arm64) or Archive the project. The warning appears during the "Generate dSYM" phase of the build process. Troubleshooting Steps Already Taken (Issue Persists): Set 'Enable Debug Dylib Support' to No. Verified 'Debug Information Format' is set to 'DWARF with dSYM File'. Verified 'Generate Debug Symbols' is set to Yes. Set 'Strip Debug Symbols During Copy' and 'Strip Linked Product' to No. Performed 'Clean Build Folder' and manually deleted the DerivedData folder. The issue persists regardless of these standard configuration fixes. Expected Result: Xcode should generate a populated dSYM file containing the debug symbols from the executable. Actual Result: An empty dSYM file is generated, making it impossible to symbolicate crash reports.

Hi, Please review my app I’m reaching out regarding an issue with my app review process. I was expecting a call last week but unfortunately didn’t receive any contact. I would really appreciate it if someone from the team could either review the app as soon as possible or contact me directly. I’m available anytime for a call. thanks

I enrolled in the Apple Developer Program as an Individual on March 16, 2026 (Team ID: CAZ8X23YWW). I've been trying to notarize a macOS Electron desktop app ever since. Every submission is immediately rejected with: Status code: 7000 Message: "Team is not yet configured for notarization" What I've done: Accepted all agreements on developer.apple.com Accepted all agreements on App Store Connect Created a Developer ID Application certificate (G2 Sub-CA) App is properly signed with hardened runtime Submitted a support ticket under "Distribution > Other Distribution Questions" on March 18 — no response after 4 days

(! status in pluginkit, FinderSyncExtensionHost process missing) macOS Version: 26.3.1 Beta (25D771280a) Xcode Version: 16.3 (17C529) Steps to reproduce: Create a Finder Sync Extension project Build and install to /Applications Enable in System Settings → Extensions → Finder Extensions Extension shows ! in pluginkit output FinderSyncExtensionHost process never starts Context menu never appears in Finder Expected: Extension loads and context menu appears Actual: Extension marked with ! in pluginkit, no process launched pluginkit output: ! com.github.astronautJack.EasyNewFile.EasyNewFileExtension(1.0)

I have a question regarding Platform SSO and the use of Secure Enclave–backed keys with biometric policies. If we configure userSecureEnclaveKeyBiometricPolicy with userSecureEnclaveKey, my understanding is that the Secure Enclave key is protected by biometric authentication (e.g., Face ID / Touch ID). In this setup, during a login request that also refreshes the id_token and refresh_token, the assertion is signed using the userSecureEnclaveKey. My question is: Will this signing operation trigger a biometric prompt every time the assertion is generated (i.e., during login/token refresh) ?

My iOS app currently holds a 3.5★ rating with limited reviews, and I’d like to raise it by motivating happy users to share feedback. I’m looking for ethical ways to do this without being pushy. What are the best strategies and timing for review prompts to boost ratings while keeping users satisfied?

When iterating over a CMSensorDataList (which conforms to NSFastEnumeration) returned by CoreMotion's CMSensorRecorder's accelerometerData(from:to:) method, we sometimes see the crash below, with the frame above pointing to the close brace of the for loop iterating over the list. 0 CoreMotion 0x000000019fcf01dc CLInternalGetPinnedLocationAuthorizationState + 423316 1 CoreMotion 0x000000019fcf036b CLInternalGetPinnedLocationAuthorizationState + 423715 2 CoreMotion 0x000000019fcf02cb CLInternalGetPinnedLocationAuthorizationState + 423555 3 CoreMotion 0x000000019fbb8553 CLMotionActivity::isStatic() const + 1751823 It has been incredibly difficult to reproduce. We managed to reproduce a similar crash stack twice in a separate app that misused accelerometerData(from:to:) by providing a from and to Date that were more than 12 hours apart and iterating over the returned data, but it only occurred twice in many hours of testing. We hope to know if this could be a bug in Core Motion or it is definitely in our SDK, or if there is any way to fail gracefully in this scenario.

Hello, I am currently developing an MDM solution, including both the sever-side(.NET) and the client app. I have recently been granted the "MDM CSR" signing permission in the Certificates, Identifier & Profiles of my developer account. I am following the official Apple documentation, "Setting up Push Notifications for your MDM Customers," to generate the required MDM Push Certificate. However, I keep encountering the "Invalid Certificate Signing Request" error when uploading the encoded .plist file to the Apple Push Certificates Portal(identity.apple.com/pushcert). The steps I have taken so far: Generated .csr file via Keychain Access Used the MDM SCR certificate to sign the request. Created a .plist file for th final upload containing : Customer CSR: Base64 encoded Signature : Signed using the SHA256withRSA algorithm and Base64 encoded. Certificate Chain : Including my MDM Vendor Signing Certificate, the Apple WWDR intermediate certificate, and the Apple Root CA. Issues/Questions: Is there a specific requirement for the order of the certificates in the chain? Are there common pitfalls regarding the .plist structure or the encoding of the signature that might cause the "Invalid CSR" error? Is there a tool or a specific validation step I can use to verify the integrity of the generated .plist before uploading? I have double-checked the encoding and the signing process, but the portal continues to reject the request. Any insights or guidance from community would be greatly appreciated. Thank you in advance for your help!

Hi everyone, I'm new to visionOS development. I'm trying to create a physics-based scene (with gravity) where users can pick up and move objects on a workbench. I am struggling with physics interactions during the drag gesture: Kinematic Mode: If I switch to .kinematic during the drag, the object moves smoothly but clips through other objects (no collisions). Dynamic Mode: I tried keeping it .dynamic and applying linear velocity toward the hand position, but the movement feels laggy and unresponsive. Hybrid Approach: I tried switching to .kinematic during DragGesture.onChange and back to .dynamic on collision, but this causes the entity to jitter/shake violently when touching other objects. Has anyone found a clean way to drag objects while maintaining solid collisions. Thanks for your help!