A Summary of the WWDC25 Group Lab

[quote='847825022, michael_aiphone, /thread/791563?answerId=847825022#847825022, /profile/michael_aiphone'] For now, the user would need to install manually. [/quote] OK. Just to be clear, this is not a great approach. Historically iOS made it hard for site admins to provision credentials to specific apps. However, that changed in iOS 18.4 with the advent of the ManagedApp framework. That would be a great path forward for you. However, if you want to do this manually then things get tricky. If the site admin sends a certificate to a user and the user installs it, the system puts that certificate in one of two places: If it’s a root certificate, the system adds it to the per-device trust store. If not, the system adds it to an Apple keychain access group. Neither of these is ideal. In the first case, the user has to explicitly trust the root, with lots of scary warnings. And those scary warnings are justified. Installing a root is a massive extension of trust. In the second case, your app can’t access

Thanks for providing more info. Error code 2 indicates a guardrail violation, meaning that the system determined your prompt might contain sensitive or unsafe content, and triggered the safety guardrails. To avoid the violation, consider rephrasing your prompt by removing words that are potentially sensitive or unsafe, if any. If your prompt is short, adding more details may help as well. For more information about prompt safety, watch the WWDC25 video: Explore prompt design & safety for on-device foundation models. If your input doesn't really contain any sensitive or unsafe content, I’d suggest that you follow this post to file an actionable feedback report using LanguageModelFeedbackAttachment, and then share your report ID here. Thanks. Best, —— Ziqiao Chen  Worldwide Developer Relations.

Even I force set the invalid value to the CAMetalLayer's frame ( zero width and height)or bounds (zero width and height) or drawableSize ( zero or extreme large number ) 3 property, I can not local repro any crash in the my org's lab on dozens of various iPhone

Hi @DTS Engineer Quinn. I am new to swift development, and it's possible that I'm missing something fundamental/obvious. If so, I apologize in advance. I also realize that this post is a couple of years old - and perhaps outdated. However, I'm trying to accomplish something similar to what the original inquirer is asking for here, and thus far I haven't found anything recent that is as relevant as this post. The only difference is that I'm trying to use a PIV smart card to achieve authentication to a server rather than digitally signing a document. Unfortunately, I'm getting stuck when attempting to run the list() function you posted in the accepted answer above to simply list the certificates from the smart card. When attempting to call SecItemCopyMatching(), I'm getting a -34018 missing entitlement error. I've attempted to add the com.apple.token to my app's keychain-access-groups entitlements, but this does not resolve the issue. I have checked the entitlements in my built app, per your recommen

Hi @DTS Engineer ! As we've taken some time to deep-dive into this, we're running into a dead-end here and are hoping to seek further guidance. To clarify, when our test iPhones (iPhone 15 on iOS 18.5, and iPhone 16 Pro on iOS 18.4) are locked and the app is backgrounded, the app extension will stop receiving the keep-alive messages over the SSE connection. Given our solution supports first responders, it is critical that the connection is stable to allow critical notifications to arrive as quick as possible. If the app does not receive the keep-alives from our local server within 5s, it tears down the connection and establishes a new one. While testing at home on an Eero router and TP Link Deco XE75 Pro, I have been unable to reproduce any issues with it. I will leave the phone, unplugged, with the app running in the background and it works as expected. Given this, we determined our issue was likely with the vendor who supplies our customer routers, which are Cradlepoint IBR900s. We have been working with th

In SwiftData, there are local changes and remote changes. Local changes are made from the same model container (ModelContainer); remote changes are made from a different model container. This is covered in the WWDC25 session: SwiftData: Dive into inheritance and schema migration (starting at 13:54). Your main app and its widget use different model containers (because they run in a different process). For your main app, a change made from your widget is remote, and isn't observable. If a view in your main app observes a SwiftData model, or a result set that you fetch from a SwiftData store, it won't get updated for any remote change. If you use @Query, however, the query controller under the hood observes the remote changes, and so a query-back SwiftUI view is supposed to get updated for a remote change. This is clearly described in the mentioned WWDC25 session. If you see otherwise, I’d suggest that you file a feedback report with a reproducible case, and share your report ID here. Best, ——

In addition to the main app's entitlements and provisioning profile described above, here are the entitlements and provisioning profile details for our DriverKit extension: Driver Entitlements com.apple.developer.driverkit com.apple.developer.driverkit.transport.usb com.apple.security.app-sandbox Entitlements section in the Driver's Provisioning Profile Entitlements beta-reports-active com.apple.developer.driverkit application-identifier ABC123456.abc.def.ABCDriver com.apple.developer.driverkit.transport.usb idVendor 1234 com.apple.developer.driverkit.allow-third-party-userclients keychain-access-groups ABC123456.* com.apple.token get-task-allow com.apple.developer.team-identifier ABC123456

You can probably start with profiling your app with Instruments.app, as discussed in the WWDC25 code along session (starting at 24:32). How to set up the Foundation Models instrument is detailed here. The Foundation Models instrument provides the token numbers the models generate. From there, you can calculate how many tokens per second. The number can vary a lot, but if it is consistently much worse than 20~30/s, I'd suggest that you file a feedback report and share your report ID here. The WWDC25 session also discusses how to use prewarm and includesSchemaInInstructions to improve performance in cases that are appropriate. You can check if that can be applied to your app. Best, —— Ziqiao Chen  Worldwide Developer Relations.

The blur effect you see is actually the scroll edge effect from UIScrollView. By default, UITabBarController will configure scroll views in its descendant hierarchy with scroll edge effects. If you are using a custom tab bar, you can configure one yourself using UIScrollEdgeContainerInteraction. To learn more, you can also watch Build a UIKit app with the new design from WWDC25.

Just so we’re clear about terminology: A bundle ID is how the system uniquely identifies your app. It’s typically in reverse DNS format, for example, com.apple.iWork.Pages. An App ID is composed of an App ID prefix and a bundle ID. For example, 74J34U3R6X.com.apple.iWork.Pages. The App ID prefix is typically your Team ID, but iOS used to encourage unique App ID prefixes, where you allocate a prefix that’s different from your Team ID. Unique App ID prefixes are a legacy feature. We generally recommend that folks move to using their Team ID as the App ID prefix. This enables important features, for example, shared keychain access groups. Unique App ID prefixes were a legacy feature before the App Store landed on the Mac. Given that, they’ve never been supported on the Mac. And, while I can’t predict The Future™, it seems unlikely that we’d add support for this legacy feature to the Mac. My general advice for folks in your situation is to convert your iOS app to using its Team ID as its App ID prefix. I