Problem summary I have a macOS helper app that is launched from a sandboxed main app. The helper: has com.apple.security.app-sandbox = true and com.apple.security.inherit = true in its entitlements, is signed and embedded inside the main app bundle (placed next to the main executable in Contents/MacOS), reports entitlement_check = 1 (code signature contains sandbox entitlement, implemented via SecStaticCode… check), sandbox_check(getpid(), NULL, 0) returns 1 (runtime sandbox enforcement present), APP_SANDBOX_CONTAINER_ID environment variable is not present (0). Despite that, Cocoa APIs return non-container home paths: NSHomeDirectory() returns /Users/<me>/ (the real home). [[NSFileManager defaultManager] URLsForDirectory:inDomains:] and URLForDirectory:inDomain:appropriateForURL:create:error: return paths rooted at /Users/<me>/ (not under ~/Library/Containers/<app_id>/Data/...) — i.e. they look like non-sandboxed locations. However, one important exception: URLForDirectory:... for N
Search results for
A Summary of the WWDC25 Group Lab
10,092 results found
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Activity
I'm running into an issue where my application will hang when switching tabs. The issue only seems to occur when I include a Swift Chart in a navigation label. The application does not hang If I replace the chart with a text field. This appears to only hang when running on macOS 26. When running on iOS (simulator) or visionOS (simulator, on-device) I do not observe a hang. The same code does not hang on macOS 15. Has any one seen this behavior? The use case is that my root view is a TabView where the first tab is a summary of events that have occurred. This summary is embedded in a NavigationStack and has a graph of events over the last week. I want the user to be able to click that graph to get additional information regarding the events (ie: a detail page or break down of events). Initially, the summary view loads fine and displays appropriately. However, when I switch to a different tab, the application will hang when I switch back to the summary view tab. In Xcode I see
It sounds like a large number of directories have been blocked - i.e. all of them. Or are these blocked target file prefixes rather than directories? Looking at my previous post, our editor mangled things a bit. Phrasing things a bit more plainly, document-scoped bookmarks can't track files in /Library (either the system or user level), /private/, or .ssh. None of those are directories I'd expect the user to be saving their data in. I could see /Library being a potential problem, however, that doesn't seem to have been much of an issue in practice since this is the first time I've ever noticed the limitation (and that was simply from looking at code). That's better than the error message it throws now. But I'm a bit confused about your object/target nomenclature. Sorry about that, I flipped my terminology mid-post. Restating things: target” -> the file you’re actually creating a bookmark to. anchor” -> the file you're attaching the document scope onto. So your anchor can be wherever you want, but the ta
Topic:
App & System Services
SubTopic:
Core OS
Tags:
I took what you said in the first response and built a simple generic queue which integrates with BGContinuedProcessingTask. I'm attaching the code in case it helps others and because it illustrates some of my lingering questions/suggestions/difficulties. In terms of the code flow/logic issues, please get your thoughts into a bug and post the bug number back here. The team is certainly interested in this kind of feedback and wants to capture it, but most API changes are going to be tied to a major release, not a software update. So, the quick summary here is that: This displays some more serious issues: The system UI often shows the indeterminate progress view... The system is very aggressive about killing background jobs... ...are quite concerning and not what the team expects. I will say that Safari can be a tricky case here as it's very easy for it to be creating much heavier load than it might seem, both because individual page load is highly variable and because it's SO easy to accumulate very h
Topic:
App & System Services
SubTopic:
Processes & Concurrency
Tags:
Here's a summary of what was going on and how I fixed the issue (Logs are clean now!). The issue was not with the Universal Link configuration itself (the AASA file and Associated Domains were correct), but with a race condition in the SwiftUI app's lifecycle. The Problem: A Timing Issue When the Universal Link is tapped, iOS launches the app and immediately passes the URL via the .onContinueUserActivity modifier. In my original code, this modifier was on the root view in Strike_ForceApp.swift. It would parse the link and post a Notification for the UI to handle. However, at this early stage of the app launch, the destination view (FriendsAndChallengesView) that was supposed to be listening for this notification had not been initialized yet, especially if the user needed to go through a loading or login screen first. As a result, the notification was being posted before any part of the UI was ready to listen for it. The link would open the app, but the message to navigate or show an alert was lost. T
Topic:
Code Signing
SubTopic:
Entitlements
Tags:
Hey, We're crunching to get our products ready for the announcements next week but are being slowed down by Xcode Cloud. Builds are failing and are extremely slow. We're using the latest Xcode beta and latest macOS release so we can upload our builds continuously to TestFlight. We're seeing builds taking up to almost an hour, even though takes around 10-15 minutes when it doesn't fail. The errors we're seeing seem to be timeout, for example: Showing All Errors Only The step invocation hit a user timeout. The xcodebuild build invocation timed out. No activity has been detected on stdout, stderr or the result bundle in 30 minutes. Here are links to some builds which have been restarted multiple times but keep failing for reasons out of our control. Please advice on how to get unblocked. https://appstoreconnect.apple.com/teams/69a6de80-3540-47e3-e053-5b8c7c11a4d1/apps/1102236212/ci/groups/8da12ae3-b454-4810-abe8-829f1af56a54 https://appstoreconnect.apple.com/teams/69a6de80-3540-47e3-e053-5b8c7c11a4d1/ap
Until recently, I was able to upload my app with iTMSTransporter version 4.1.0 with the following command: /usr/local/itms/bin/iTMSTransporter -m upload -jwt {x.y.z} -v eXtreme -assetFile /Users/abc/Downloads/build.ipa -assetDescription /Users/abc/Downloads/AppStoreInfo.plist Starting this week, with iTMSTransporter version 4.1.0, the command fails with the following error: [2025-09-03 11:38:02 GET] <main> ERROR: No value present Package Summary: 1 package(s) were not uploaded because they had problems: /Users/abc/Downloads/build.ipa - Error Messages: No value present The same command still works when using the iTMSTransporter bundled with the Transporter app (version 4.0), so the issue appears to be specific to 4.1. Any guidance or confirmation from others experiencing this would be much appreciated.
You do have to add com.apple.security.files.bookmarks.document-scope to your entitlement file yourself, Already done. The object you're using as the bookmark anchor needs to be a file, not a directory, and must be a file you already have full read/write access to. Already done. The object you're targeting needs to be a file as well. That's an important plot point. My current app looks at folders exclusively. So that's all I tested. Document scoped bookmarks are designed to be used to track groups of user files (for example, like an Xcode project), so a small number of directories have been blocked. It sounds like a large number of directories have been blocked - i.e. all of them. Or are these blocked target file prefixes rather than directories? Ah well, such is life. I'm working an an iOS/macOS GUI version of a command-line GIS tool. I had wanted to allow the user to specify a directory to be used as a library. Power users could then use my sandboxed and Metal-powered version of the command line app
Topic:
App & System Services
SubTopic:
Core OS
Tags:
Yes. Because of that issue, my original design had a fairly convoluted idea for getting those bookmarks to the helper. But in this limited use case, it turned out that none of that (including bookmarks themselves) was necessary. But since you mentioned document-scoped bookmarks, I should reiterate that I tried those too. They're completely non-functional for any URL. I'm not sure what you were testing, but they absolutely do work. The main things to be aware of here are: You do have to add com.apple.security.files.bookmarks.document-scope to your entitlement file yourself, instead of adding it as a capability (r.159787652). The object you're using as the bookmark anchor needs to be a file, not a directory, and must be a file you already have full read/write access to. The object you're targeting needs to be a file as well. Document scoped bookmarks are designed to be used to track groups of user files (for example, like an Xcode project), so a small number of directories have been blocked. For exampl
Topic:
App & System Services
SubTopic:
Core OS
Tags:
Hello - at this phase of your testing and finalization of app submission for App Store Review, you probably want to focus on TestFlight testing as documented here: https://developer.apple.com/help/app-store-connect/test-a-beta-version/testflight-overview. Be sure your testers are setup as Users in App Store Connect (the People tab under Users and Access, as separate from Sandbox) and then add them for access to your TestFlight build as part of an Internal Testing group under Apps > TestFlight in App Store Connect. Added users should get an email notification to access the build through the TestFlight app. Once you are using the app through TestFlight, then you can do further Sandbox testing as documented here: https://developer.apple.com/help/app-store-connect/test-a-beta-version/testing-subscriptions-and-in-app-purchases-in-testflight. If you are still having issues, please reply again to this thread with more details, step-by-step actions, etc. If possible, please capture a screen recording to s
Topic:
App Store Distribution & Marketing
SubTopic:
TestFlight
Tags:
[quote='856490022, MasterYourSelf, /thread/798872?answerId=856490022#856490022, /profile/MasterYourSelf'] I am thinking of the following kind of project/folder structure [/quote] The Xcode structure isn’t all that important. What matters is the on-disk structure. And in the second approach the on-disk structure is exactly what you get if you create an app from the macOS > App template and then add a macOS > System Extension > Network Extension target to it, that is: Test798872.app/ Contents/ Library/ SystemExtensions/ com.example.apple-samplecode.Test798872.MyNESysex.systemextension/ … standard sysex stuff … … standard app stuff … From the on-disk structure, the only indication that your sysex hosts multiple providers is: The com.apple.developer.networking.networkextension entitlement, on both the app and the sysex, must list each provider type. The contents of the NEProviderClasses property in the sysex’s Info.plist must list the classes for each provider type. [quote='856490022, MasterYourSelf, /th
Topic:
App & System Services
SubTopic:
Networking
Tags:
Hi @DTS Engineer, Thank you for clarifying. I confirm that I am referring to Network Extensions within the context of System Extensions. Regarding the first approach I mentioned earlier, I am using separate NEMachServiceNames in the Info.plist files for two different extensions, while using the same App Groups name for all extensions in their respective targets. For the Second approach you suggested, I understand that in the configuration, we can place multiple extensions under the NEProviderClasses dictionary in the extension's entitlement file, and maintain a single NEMachServiceName in the Info.plist file of the Extension's target (Xcode Target2). Given that I am new to this framework, I would greatly appreciate it if you could provide more detailed guidance on how to: Utilize multiple NE Providers with a single system extension. Activate these providers one after another. Handle IPC (Inter-Process Communication) connections between the Main App and the single System Extension(apart from Info.plis
Topic:
App & System Services
SubTopic:
Networking
Tags:
if you're building your app with SwiftUI, you're looking for CommandGroup(replacing: .windowList) { } if you remove too many (for example, if the windowList command group contains Close Window), then you'll need to put it back in manually, using CommandMenu. But if you don't have a New Window command, why would you keep Close Window around? What happens when you close the last (or only) window? If you elect to quit the app, all you need it a Quit command, which is another menu.
Topic:
UI Frameworks
SubTopic:
UIKit
This issue keeps cropping up on the forums and so I decided to write up a single post with all the details. If you have questions or comments: If you were referred here from an existing thread, reply on that thread. If not, feel free to start a new thread. Use whatever topic and subtopic is appropriate for your question, but also add the Entitlements tag so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com Determining if an entitlement is real In recent months there’s been a spate of forums threads involving ‘hallucinated’ entitlements. This typically pans out as follows: The developer, or an agent working on behalf of the developer, changes their .entitlements file to claim an entitlement that’s not real. That is, the entitlement key is a value that is not, and never has been, supported in any way. Xcode’s code signing machinery tries to find or create a provisioning profile to authorise this claim. That’s impossible, because t
Oh, wow, someone finally noticed this new API. Cool (-: [quote='798893021, Jasper-Quinn, /thread/798893, /profile/Jasper-Quinn'] attempts to use URLSession or NWTCPConnection in the extension always fail. [/quote] Right. One goal of the new architecture is to improve privacy. That’s why there are two extensions: The hotspot evaluation provider, which implements the NEHotspotEvaluationProvider protocol, is responsible for .filterScanList and .evaluate commands. It runs in a tight sandbox that prevents it from ‘exporting’ the Wi-Fi scan results. The hotspot authentication provider, which implements the NEHotspotAuthenticationProvider protocol, handles the other commands. It runs in a looser sandbox, but only receives information about the network the user has chosen to join. If your evaluation provider needs information about what networks to support, you should have your app (or your authentication provider) put that information in an app group container. The evaluation provider will be able to read t
Topic:
App & System Services
SubTopic:
Networking
Tags: