With macOS 15, and DSPlugin support removal we searched for an alternative method to be able to inject users/groups into the system dynamically. We tried to write an OpenDirectory XPC based module based on the documentation and XCode template which can be found here: https://developer.apple.com/library/archive/releasenotes/NetworkingInternetWeb/RN_OpenDirectory/chapters/chapter-1.xhtml.html It is more or less working, until I restart the computer: then macOS kernel panics 90% of the time. When the panic occurs, our code does not seem to get run at all, I only see my logs in the beginning of main() when the machine successfully starts. I have verified this also by logging to file. Also tried replacing the binary with eg a shell script, or a return 0 empty main function, that also triggers the panic. But, if I remove my executable (from /Library/OpenDirectory/Modules/com.quest.vas.xpc/Contents/MacOS/com.quest.vas), that saves the day always, macOS boots just fine. Do you have an idea what can cause thi
Search results for
A Summary of the WWDC25 Group Lab
10,109 results found
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Activity
[quote='846712022, dcccdsds, /thread/790296?answerId=846712022#846712022, /profile/dcccdsds'] That also included changing the Developer ID certificates, Team ID, Bundle ID, App Groups, provisioning profiles, and entitlements to match the updated IDs. [/quote] Changing all of that correctly is quite challenging. My recommendation is that start by create a small test app with which to bring up the tool (well, script, right?) you’ve built to make this change. You can start simple and then add additional bits, testing as you go. For example, you could start with a simple app — just the app, no extensions — that claims no restricted entitlements. Then extend that to claim a single restricted entitlement, like com.apple.developer.system-extension.install. Then keep extending it until it looks like your real app. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com
Topic:
Code Signing
SubTopic:
Entitlements
Tags:
This is a continuation of my own old post that became inactive to regain traction. I am trying to resolve issues that arise when distributing a macOS app with a SysExt Network Extension (Packet Tunnel) outside the App Store using a Developer ID Certificate. To directly distribute the app, I start with exporting the .app via Archive in Xcode. After that, I create a new Developer ID provisioning profile for both the app and sysext and replace the embedded ones in the .app package. After I have replaced the provisioning profiles and the have the entitlements files ready, I start signing the frameworks, sysext and parent app. codesign --force --options runtime --timestamp --sign Developer ID Application: .app/Contents/Library/SystemExtensions/.systemextension/Contents/Frameworks/.framework/Versions/A/ codesign --force --options runtime --timestamp --sign Developer ID Application: .app/Contents/Frameworks/.framework/ codesign --force --options runtime --entitlements dist-vpn.entitlements --timestamp --sign Develo
Topic:
Code Signing
SubTopic:
Entitlements
Tags:
Network Extension
Gatekeeper
Code Signing
Developer ID
Thank you for your reply and insight. To clarify the setup: I’ve defined a custom right custom.test as follows: rule rule custom.test.plugin custom.test.authenticate Where: custom.test.plugin is defined as: evaluate-mechanisms mechanisms AuthorizationPlugin:elevate-privileges,privileged custom.test.authenticate is defined as: authenticate-user allow-root class user group admin My Authorization Plug-in is loaded correctly, and the mechanism elevate-privileges is invoked as expected. My question is: When the system evaluates the right custom.test, is it possible for my plug-in (inside the elevate-privileges mechanism) to programmatically satisfy the custom.test.authenticate rule — for example, by validating the credentials of another admin user? Or more directly: Can a plug-in participating in a rule chain short-circuit or fulfill an authenticate-user condition on behalf of the system? Appreciate your help and any guidance you can provide.
Topic:
Privacy & Security
SubTopic:
General
Tags:
At WWDC25 we launched a new type of Lab event for the developer community - Group Labs. A Group Lab is a panel Q&A designed for a large audience of developers. Group Labs are a unique opportunity for the community to submit questions directly to a panel of Apple engineers and designers. Here are the highlights from the WWDC25 Group Lab for Machine Learning and AI Frameworks. What are you most excited about in the Foundation Models framework? The Foundation Models framework provides access to an on-device Large Language Model (LLM), enabling entirely on-device processing for intelligent features. This allows you to build features such as personalized search suggestions and dynamic NPC generation in games. The combination of guided generation and streaming capabilities is particularly exciting for creating delightful animations and features with reliable output. The seamless integration with SwiftUI and the ne
Topic:
Machine Learning & AI
SubTopic:
General
Question, if I am writing async code in the notification service extension, I understand it terminates after 30 seconds. Correct, though I always recommend that anyone setting up things like timeouts use a shorter value just in case. So I'd probably build around ~25s, not 30s. If I want to wait until these async methods finish before calling the content handler, I believe an option I have is to use dispatch groups. However, I am open to other solutions if there are better options. What are you actually waiting on? In general, I've become very nervous anytime I see code that uses dispatch groups because they seem to be used as a slightly awkward band-aid trying to make something work that doesn't really want to work. Case in point here, the main reason an NSE would be waiting is network activity, in which case the simpler solution would be to simply set the right timeout on that network activity. Having said that.... My question is, if I use dispatch groups, is there any issue in usi
Topic:
App & System Services
SubTopic:
Notifications
Tags:
At WWDC25 we launched a new type of Lab event for the developer community - Group Labs. A Group Lab is a panel Q&A designed for a large audience of developers. Group Labs are a unique opportunity for the community to submit questions directly to a panel of Apple engineers and designers. Here are the highlights from the WWDC25 Group Lab for SwiftUI. What's your favorite new feature introduced to SwiftUI this year? The new rich text editor, a collaborative effort across multiple Apple teams. The safe area bar, simplifying the management of scroll view insets, safe areas, and overlays. NavigationLink indicator visibility control, a highly requested feature now available and back-deployed. Performance improvements to existing components (lists, scroll views, etc.) that come for free without requiring API adoption. Regarding performance profiling, it's recommended to use the new SwiftUI Instruments tool when you
Topic:
UI Frameworks
SubTopic:
SwiftUI
(Continued) Instance singleton vs EnvironmentObject for ViewModels? While instance singletons (public static let shared) are common, especially from UIKit/AppKit development, @EnvironmentObject is preferred in SwiftUI. Singletons can make your code more difficult to test. The @EnvironmentObject property wrapper solves the problem of accessing a shared object by offering a convenient mechanism for sharing model data across your app, guaranteeing that views remain synchronized with the latest data. While singletons aren't actively harmful, they can make refactoring more difficult. @EnvironmentObject also allows you to inject different contexts to see different previews, too. What’s the best way in SwiftUI for a View to communicate values back to its parent that cannot be overridden by the parent? Binding is not really suitable because it enables the parent to modify the values. If you need a child View to communicate values back to its parent without allowing the parent to modify them, Binding is not suitable.
Topic:
UI Frameworks
SubTopic:
SwiftUI
Summary In iOS 18, the UICollectionViewDelegate method collectionView(_:targetIndexPathForMoveOfItemFromOriginalIndexPath:atCurrentIndexPath:toProposedIndexPath:) is not being called when moving items in a UICollectionView. This method works as expected in iOS 17.5 and earlier versions. Steps to Reproduce Create a UICollectionView with drag and drop enabled. Implement the UICollectionViewDelegate method: func collectionView(_ collectionView: UICollectionView, targetIndexPathForMoveOfItemFromOriginalIndexPath originalIndexPath: IndexPath, atCurrentIndexPath currentIndexPath: IndexPath, toProposedIndexPath proposedIndexPath: IndexPath) -> IndexPath { print(🐸 Move) return proposedIndexPath } Run the app on iOS 18. Attempt to drag and drop items within the collection view. Expected Behavior The method should be called during the drag and drop operation, and 🐸 Move should be printed to the console. Actual Behavior The method is not called, and nothing is printed to the console. The drag and drop oper
A summary for folks who are hitting this issue: The first time you submit a new app for notarization, the existence of certain code in your submission (perhaps Electron, or accessibility APIs, or something else Apple deems sensitive from a security perspective) can flag your account for additional analysis. Once you've been flagged for additional analysis, your notarytool submissions will just spin on In Progress for roughly 2-10 days, waiting for human review by Apple. There does not appear to be a way to be notified when this human review completes and you can resubmit. The least-bad option is to just retry from time to time, vibrating with anticipation about when you can share your new product with testers. There does not seem to be a way to tell the difference between a notarization that is actually in progress (wait until it completes) vs. one that is still blocked on human review (you should just cancel the submission and try another day). Given this, setting a timeout of 10 or 20 minutes on yo
Topic:
Code Signing
SubTopic:
Notarization
Tags:
@DTS Engineer Thank you for your reply. Regarding: [quote='790296021, dcccdsds, /thread/790296, /profile/dcccdsds'] The weird part is that when I try the same steps on different developer account, I am able to get the app running. [/quote] That also included changing the Developer ID certificates, Team ID, Bundle ID, App Groups, provisioning profiles, and entitlements to match the updated IDs. I used the same format for App Groups and did not add any new entitlements. As for the com.apple.application-identifier entitlement: When I export the .app, the entitlements and provisioning profiles built into the package contain the App ID entitlement. The provisioning profiles used to replace the existing profiles also include this entitlement, as do the updated entitlements with the -systemextension suffix. When I check the entitlements of the signed app from the generated .dmg bundle, it also contains the com.apple.application-identifier entitlement. Is there another place where this entitlement m
Topic:
Code Signing
SubTopic:
Entitlements
Tags:
Hi all, I’m not a developer, but I’m hoping someone with iOS system or network experience can help me understand some very persistent and unusual behavior on my iPhone. I’ve gathered system logs and app-level diagnostics and would really appreciate insight from anyone familiar with daemons, VPN tunnels, or MDM behavior on Apple platforms. Summary of Issues Over Time March 2025: Most apps begin logging out automatically when closed April 2025: Passwords across apps and browsers begin failing May–June 2025: Gmail password reset emails stop arriving (even though other email works) These symptoms suggest something affecting secure sessions, DNS routing, or background data handling. I began running diagnostics and found unexpected system and network behaviors: Examples: com.apple.mobile.lockdown.remote.trusted file_relay.shim.remote pcapd.shim.remote webinspector.shim.remote bluetooth.BTPacketLogger.shim.remote On a normal, non-jailbroken device, I wouldn't expect so many .shim.remote or .diagnostic servi
Topic:
Community
SubTopic:
Apple Developers
O v er the past few months, I’ve been experiencing persistent, abnormal behavior on my iPhone. Here's a short timeline: March 2025: Most apps log me out every time I close them. April 2025: Stored passwords suddenly begin failing across apps and websites. May–June 2025: Password recovery emails from Gmail accounts no longer arrive — suggesting that Gmail itself may be compromised or blocked/intercepted. Given the escalation, I ran several diagnostics and extracted system-level logs. Below is a structured summary of findings that point toward potential remote access, network traffic rerouting, and possibly hidden use of Bluetooth or debugging interfaces. ##1 Source: remotectl_dumpstate.txt More than 50 remote lockdown and diagnostic services are listed as active. Notable entries: com.apple.mobile.lockdown.remote.trusted and .untrusted com.apple.mobile.file_relay.shim.remote com.apple.webinspector.shim.remote com.apple.pcapd.shim.remote com.apple.bluetooth.BTPacketLogger.shim.remote com.apple.mobile.in
Topic:
Community
SubTopic:
Apple Developers
Over the past few months, I’ve been experiencing persistent, abnormal behavior on my iPhone. Here's a short timeline: March 2025: Most apps log me out every time I close them. April 2025: Stored passwords suddenly begin failing across apps and websites. May–June 2025: Password recovery emails from Gmail accounts no longer arrive — suggesting that Gmail itself may be compromised or blocked/intercepted. Given the escalation, I ran several diagnostics and extracted system-level logs. Below is a structured summary of findings that point toward potential remote access, network traffic rerouting, and possibly hidden use of Bluetooth or debugging interfaces. ##1 Source: remotectl_dumpstate.txt Notable entries: com.apple.mobile.lockdown.remote.trusted and .untrusted com.apple.mobile.file_relay.shim.remote com.apple.webinspector.shim.remote com.apple.pcapd.shim.remote com.apple.bluetooth.BTPacketLogger.shim.remote com.apple.mobile.insecure_notification_proxy.remote This volume of .shim.remote and diagnostic s
Topic:
Community
SubTopic:
Apple Developers
Summary When using .tabViewBottomAccessory in SwiftUI and conditionally rendering it based on the selected tab, the app crashes with a NSInternalInconsistencyException related to _bottomAccessory.displayStyle. Steps to Reproduce Create a SwiftUI TabView using a @SceneStorage selectedTab binding. Render a .tabViewBottomAccessory with conditional visibility tied to selectedTab == .storage. Switch between tabs. Return to the tab that conditionally shows the accessory (e.g., “Storage”). Expected Behavior SwiftUI should correctly add, remove, or show/hide the bottom accessory view without crashing. Actual Behavior The app crashes with the following error: Environment iOS version: iOS 26 seed 2 (23A5276f) Xcode: 26 Swift: 6.2 Device: iPhone 12 Pro I have opened a bug report with the FB number: FB18479195 Code Sample import SwiftUI struct ContentView: View { enum TabContent: String { case storage case recipe case profile case addItem } @SceneStorage(selectedTab) private var selectedTab: TabContent = .storag