Overview

I am implementing a custom SMS filter using the IdentityLookup framework. My goal is to authenticate the network requests made via context.deferQueryRequestToNetwork using a user-specific JWT token generated in the containing (main) app after a successful login.

Hello, I’m working on an authorization plugin which allows users to login and unlock their computer with various methods like a FIDO key. I need to add smart cards support to it. If I understand correctly, I need to construct a URLCredential object with the identity from the smart card and pass it to the completion handler of URLSessionDelegate.urlSession(_:didReceive:completionHandler:) method. I’ve read the documentation at Using Cryptographic Assets Stored on a Smart Card, TN3137: On Mac keychain APIs and implementations, and SecItem: Pitfalls and Best Practices and created a simple code that reads the identities from the keychain: CFArrayRef identities = nil; OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)@{ (id)kSecClass: (id)kSecClassIdentity, (id)kSecMatchLimit: (id)kSecMatchLimitAll, (id)kSecReturnRef: @YES, }, (CFTypeRef *)&identities); if (status == errSecSuccess && identities) { os_log(OS_LOG_DEFAULT, "Found identities: %{public}ld\n", CFArrayGetCount(identities)); } else { os_log(OS_LOG_DEFAULT, "Error: %{public}ld\n", (long)status); } When I use this code in a simple demo app, it finds my Yubikey identities without problem. When I use it in my authorization plugin, it doesn’t find anything in system.login.console right and finds Yubikey in authenticate right only if I register my plugin as non-,privileged. I tried modifying the query in various ways, in particular by using SecKeychainCopyDomainSearchList with the domain kSecPreferencesDomainDynamic and adding it to the query as kSecMatchSearchList and trying other SecKeychain* methods, but ended up with nothing. I concluded that the identities from a smart card are being added to the data protection keychain rather than to a file based keychain and since I’m working in a privileged context, I won’t be able to get them. If this is indeed the case, could you please advise how to proceed? Thanks in advance.

I've tried to notarize my app recently and got the error:{ "logFormatVersion": 1, "jobId": "...", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization", "statusCode": 7000, "archiveFilename": "myapp.dmg", "uploadDate": "2019-06-20T06:24:53Z", "sha256": "...", "ticketContents": null, "issues": null }I've never heard about "team configuration for notarization" previously. What are the steps to resolve that issue?Thanks in advance.

We have a very strange issue that I am trying to solve or find the best practice for. We have a SwiftUI View that uses the Camera to preview. So as suggested in Apples Docs we check authorisation status and then if it's not determined we request authorisation. We also have the privacy entry in the info.plist case .notDetermined: AVCaptureDevice.requestAccess(for: .video) { accessStatusAuthorised in if !accessStatusAuthorised { self.cameraStatus = .notAuthorised } else { self.isAuthorized = true self.cameraStatus = .authorised self.startCameraSession(cameraPosition: cameraPosition) } } case .restricted: cameraStatus = .notAuthorised isAuthorized = false case .denied: cameraStatus = .notAuthorised isAuthorized = false case .authorized: cameraStatus = .authorised isAuthorized = true startCameraSession(cameraPosition: cameraPosition) break @unknown default: isAuthorized = true cameraStatus = .notAuthorised } However when we call this code it freezes the Camera feed, even when allow has been tapped. However and this is the confusing part. If we do not call the code above, we still get the permission for camera access pop up and the camera works fine after allowing. What im concerned about is changing the code to do this and its a possible apple bug that gets fixed and hey then none of the Apps allow the camera function. I cannot see any where that the process has changed for iOS 26 / Xcode 26. Can anyone shed any light on this or had similar experience ?

Hello, We're developing endpoint security software using the Endpoint Security framework, and we've encountered challenges with the behavior change in macOS 15 regarding provisioning UDIDs in cloned VMs. The Change Prior to macOS 15, cloning a VM preserved its UDID (format: 0000FE00-9C4ED9F68BBDC72D). Starting with macOS 15, cloned VMs receive a new UDID generated from the host's Secure Enclave (format: b043d27202c7ac37ca3c6b82673302225485cae9), making each clone effectively a new device. Our Workflow We maintain a clean base VM image and clone it for each test run. We add the base VM's UDID to our provisioning profile once, then create clones which (previously) retained that same UDID, allowing us to start new testing cycles without re-registering devices. This is essential because our product involves low-level system integration through the Endpoint Security framework, and if something goes wrong during development, it has the potential to affect system stability. To prevent any cascading issues between test runs or different product versions, we need each test to start from a known clean state rather than reusing the same VM. The Challenge With each VM clone generating a new UDID, we're hitting Apple's device registration limits quickly. This particularly impacts: New team members who spin up VMs for the first time and can't run signed builds Our CI/CD pipeline where multiple test environments need provisioning profiles Developers testing different branches who need separate clean environments Current Workaround We've found that VMs created on macOS 14 and upgraded to macOS 15+ retain their original UDID format. However, we're concerned this workaround may stop working in future macOS versions, which would leave us without a viable path forward. If the workaround stops working, our fallback would be signing each CI build with a Developer ID signature to allow running on any device. However, we'd prefer to avoid this as it would significantly increase load on Apple's signing infrastructure for what are essentially internal test builds. We completely understand the security reasoning behind tying UDIDs to the host's Secure Enclave for Apple Account support. However, for development workflows that don't require Apple Account features in VMs but do require clean, isolated test environments, the previous behavior was quite valuable. Question Is there a recommended approach for teams in our situation? We're happy to explore alternative workflows if there's a pattern we're missing, or we'd be glad to provide more context if this is a use case Apple is considering for future updates. Thanks for any guidance you can provide! Feedback case: FB21389730

The new .searchToolbarBehavior(.minimized) modifier leads to a choppy animation both on device and SwiftUI canvas (iOS 26.2): I assume this is not the intended behaviour (reported under FB21572657), but since I almost never receive any feedback to my reports, I wanted to see also here, whether you experience the same, or perhaps I use the modifier incorrectly? struct SwiftUIView: View { @State var isSearchPresented: Bool = false @State var searchQuery: String = "" var body: some View { TabView { Tab { NavigationStack { ScrollView { Text(isSearchPresented.description) } .navigationTitle("Test") } .searchable(text: $searchQuery, isPresented: $isSearchPresented) .searchToolbarBehavior(.minimize) // **Choppy animation comes from here?** } label: { Label("Test", systemImage: "calendar") } Tab { Text("123") } label: { Label("123", systemImage: "globe") } } } } #Preview { if #available(iOS 26, *) { SwiftUIView() } else { // Fallback on earlier versions } }

I have two Macs, desktop and laptop. Since they both belong to me, they both sign in with the same Apple account. I find that if I sign and notarize an app on one, the other must be powered off. Otherwise, notarization will fail. Is this intentional? If so, what is the rationale? Is there a way to fix or avoid it? Both systems run macOS Tahoe with the latest updates. Both are set up the same way for signing using the same certificates. The build process is identical on each.

My iOS app uses CloudKit key-value storage. I have not updated the app in a few years but it works fine. Since it was last updated, I transferred the app from an old organization to my personal developer account. Now that I'm working on the app again I get an error: Provisioning profile "iOS Team Provisioning Profile: com.company.app" doesn't match the entitlements file's value for the com.apple.developer.ubiquity-kvstore-identifier entitlement. In the entitlement file, it has $(TeamIdentifierPrefix)$(CFBundleIdentifier) as the value for iCloud Key-Value Store. I've verified the variables resolve as expected. When I parse the provisioning profile there is no entitlement value for key-value storage. What am I getting wrong?

The process has been stuck "In Progress" for 8 days now. We had a scheduled New Year Offer for our software that would run based around this important new update, and obviously we missed it because of this crazy issue. Notarization used to take a few seconds. Now it does not work, neither on my newly set up Mac, nor in my old (completely unchanged) one. My company and finances are totally frozen at this point due to this issue. PLEASE help, look into my actual account and do what is needed!

I am a developer with the following roles: Apple Developer Team = admin Using expo & EAS to build & sign = developer We are running a new project so credentials need to be sync'd up. With EAS i can either upload a p12 or use the automatic app signing credentials. I have successfully run this in other projects including another where I am the account owner/holder. For this new project, however, I am not the owner. When I try to "register bundle identifier" it results in: Error: Apple 403 detected - Access forbidden. This request is forbidden for security reasons - You currently don't have access to this membership resource. > eas credentials ✔ Select platform › iOS ✔ Which build profile do you want to configure? › preview ✔ Using build profile: preview If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them. This is optional, but without Apple account access you will need to provide all the missing values manually and we can only run minimal validation on them. ✔ Do you want to log in to your Apple account? … yes › Log in to your Apple Developer account to continue ✔ Apple ID: … myemail@gmail.com › Restoring session /Users/me/.app-store/auth/myemail@gmail.com/cookie ✔ Select a Team › My Project Team - Company/Organization (XXXXX) › Provider My Project Team LLC (XXXXX) ✔ Logged in Local session iOS Credentials Project @team/my-app Bundle Identifier com.teambundle.dev No credentials set up yet! ✔ What do you want to do? › Build Credentials: Manage everything needed to build your project iOS Credentials Project @team/my-app Bundle Identifier com.teambundle.dev No credentials set up yet! ✔ What do you want to do? › All: Set up all the required credentials to build your project ✖ Failed to register bundle identifier com.teambundle.dev Error: Apple 403 detected - Access forbidden. This request is forbidden for security reasons - You currently don't have access to this membership resource. Contact your team's Account Holder, MY MANAGER, or an Admin. Cryptic error? [Learn ](https://github.com/expo/fyi/blob/main/cryptic-error-eas.md) Why am I getting a 403?

It would be helpful to have an option for filtering searches on the Developer Forums by date created or date of last activity. FB21588346 https://github.com/feedback-assistant/reports/issues/742

I added a Content Filter to my app, and when running it in Xcode (Debug/Release), I get the expected permission prompt: "Would like to filter network content (Allow / Don't Allow)". However, when I install the app via TestFlight, this prompt doesn’t appear at all, and the feature doesn’t work. Is there a special configuration required for TestFlight? I already set the minimum deployment to be 17 for the extension and the app. Thanks!

Hi all, I'm working on a Call Directory Extension using CXCallDirectoryExtensionContext. I want to add a list of numbers to be blocked. Here's the function I use: override func beginRequest(with context: CXCallDirectoryExtensionContext) { context.delegate = self let blockedNumbers = loadNumberEntries(forKey: blockedKey) let identifiedNumbers = loadNumberEntries(forKey: identifiedKey) addAllBlocking(blockedNumbers, to: context) addAllIdentification(identifiedNumbers, to: context) context.completeRequest() } private func addAllBlocking(_ entries: [NumberEntry], to context: CXCallDirectoryExtensionContext) { let numbers: [Int64] = entries.compactMap { Int64($0.countryCode + $0.phone) }.sorted() for number in numbers { context.addBlockingEntry(withNextSequentialPhoneNumber: number) print("# Added blocking entry: \(number)") } } When I run this, I see in the console: # Added blocking entry: (*my number with country code*) So it seems the number is added correctly. However, in practice, the number is not blocked on the device. I’ve made sure that: The number is stored with the country code prefix. The extension is enabled in Settings → Phone → Call Blocking & Identification. The extension is reloaded after adding numbers. The array of numbers is sorted in ascending order before calling addBlockingEntry. Despite all this, the number still isn’t blocked. Does anyone know why the print shows the number added, but it doesn’t actually block the call? Am I missing something in the way CXCallDirectoryExtensionContext works? Thanks for any advice!

I think that it would be helpful to have better interoperability between Swift and JavaScript. There are a lot of useful packages on NPM that don't have equivalents for Swift. It would be helpful if Apple provided easier ways to use NPM packages in a Swift project. Currently, the JavaScriptCore framework is missing many standard things used in many packages, like the fetch API. It would be helpful to be able to run sandboxed JavaScript code inside of a Swift app but allow access to specific domains, folders, etc., using a permissions system similar to Deno.

I am struggling to change the tint of the back button in an UINavigationItem. In iOS 18.6 it looks like this while on iOS 26 the same looks like this I can live without the Dictionary but I'd like to get the blue color back. In viewDidLoad() I have tried navigationItem.backBarButtonItem?.tintColor = .link but this did not work since navigationItem.backBarButtonItem is nil. My second attempt was navigationController?.navigationBar.tintColor = .link but this didn't work either. I have even set the Global Tint to Link Color but this had no effect either. Does anyone have an idea how to change the tint of the back button in an UINavigationItem on iOS 26?

Hello, I have an app that is using iOS 26 Network Framework APIs. It is using QUIC, TLS 1.3 and Bonjour. For TLS I am using a PKCS#12 identity. All works well and as expected if the devices (iPhone with no cellular, iPhone with cellular, and iPad no cellular) are all on the same wifi network. If I turn off my router (ie no more wifi network) and leave on the wifi toggle on the iOS devices - only the non cellular iPhone and iPad are able to discovery and connect to each other. My iPhone with cellular is not able to. By sharing my logs with Cursor AI it was determined that the connection between the two problematic peers (iPad with no cellular and iPhone with cellular) never even makes it to the TLS step because I never see the logs where I print out the certs I compare. I tried doing "builder.requiredInterfaceType(.wifi)" but doing that blocked the two non cellular devices from working. I also tried "builder.prohibitedInterfaceTypes([.cellular])" but that also did not work. Is AWDL on it's way out? Should I focus my energy on Wi-Fi Aware? Regards, Captadoh

Hello everyone, I am unable to enroll in the Apple Developer Program. The payment (credit card) is accepted by my bank but systematically declined by Apple. Note: I am located in France. I have tried multiple times. The support team, via email, suggested I use the Apple Developer app. However, it is "not available in my region," so I have to go through the website. No other payment method is available: Apple Pay is greyed out, and there is nothing else. Support has not responded for weeks, despite my follow-ups. I am very frustrated as I need to launch my app quickly, and everything is ready on the Google side... Would you have any suggestions or solutions? Thank you so much, your responses are greatly appreciated! Mélissa

I kindly request your assistance! The review process for the developer account I applied for on behalf of my organization has been stalled for a full 10 weeks, with no progress to date! How can I resolve this? My registration ID is FN5ZS6B562. On October 27, 2025, I received an email from the Apple Developer Support team requesting that I submit registration materials via https://developer.apple.com/contact/file-upload/. I completed the submission as required and received a confirmation email from the Apple Developer Relations team on October 30, acknowledging receipt of my documents and stating that they would proceed with the review as soon as possible. However, since then, the status of my organization's developer account has remained "Under Review," with no updates to this day. I have contacted Apple Support multiple times via phone and email but have yet to receive effective feedback or see any progress on the issue. Now, 73 days have passed—that's 10 full workweeks—far exceeding the normal review cycle. I sincerely hope the engineers of the Apple Developer team can see my plea for help and assist me! Thank you all so much in advance!

I've been trying to enroll as a developer but keep running into an "unknown error". I've even tried having the dev team call me and sending an email through the support portal but keep getting the message that my request cannot be processed. Even calling apple support didn't work as they were unable to connect me with the dev team. Any idea on how to get this sorted? Thank you!!

When I try to create a post in Apple Support Community, it forces me to create a new account (for some supersmart reason because my apple account is apparently not enough). In this process, I am required to pick a new username and choose my communications preferences. The next screen? 403 Forbidden Error page.