A Summary of the WWDC25 Group Lab

@Enzagi thanks for filing FB19889436. I checked on the status of your bug repot and it is in the process of being routed to the engineering team. I added some notes in there asking for it to be routed to a specific group.

We are working on a general USB device management solution on macOS for enterprise security. Our goal is to enforce policy-based restrictions on USB devices, such as: For USB storage devices: block mount, read, or write access. For other peripherals (e.g., USB headsets or microphones, Raspberry Pi, etc.): block usage entirely. We know in the past, kernel extensions would be the way to go, but as kext has been deprecated. And DriverKit is the new advertised framework. At first, DriverKit looked like the right direction. However, after reviewing the documentation more closely, we noticed that using DriverKit for USB requires specific entitlements: DriverKit USB Transport – VendorID DriverKit USB Transport – VendorID and ProductID This raises a challenge: if our solution is meant to cover all types of USB devices, we would theoretically need entitlements for every VendorID/ProductID in existence. My questions are: Is DriverKit actually the right framework for this kind of general-purpose USB device control? No.

Correct as you said for the first one I can get around, post which I am able to move app owned by user sagarpurohit to trash. But for the ones owned by root is where I get permission issue even though I am member of admin. sagarpurohit@Sagars-MacBook-Pro ~ % dscl . -read /Groups/admin GroupMembership GroupMembership: root sagarpurohit _mbsetupuser sagarpurohit@Sagars-MacBook-Pro ~ % ls -la /Applications drwxrwxr-x@ 5 root wheel 160 30 Aug 11:03 Adobe Acrobat DC drwxrwxr-x@ 3 root wheel 96 15 Jul 12:01 BBEdit.app drwxr-xr-x@ 3 sagarpurohit admin 96 14 Sep 13:03 Brave Browser.app drwxr-xr-x@ 3 sagarpurohit staff 96 10 Jul 18:02 Cursor.app drwxrwxr-x@ 3 sagarpurohit admin 96 18 Sep 11:03 Firefox.app drwxr-xr-x@ 3 root wheel 96 15 Jul 12:03 Speedtest.app drwxr-xr-x@ 3 root wheel 96 28 Aug 22:49 zoom.us.app I went through the links you shared but doesn't seem to be any solution there as I have access to directory for both read and write but this is more of who owns the app. I was trying to change the user

I have very similar issue, but also would like to group by campaign's in the detailed data.

Thank you for taking the time to reply 🙏 I have already submitted a bug report via Feedback Assistant (FB20267035), but so far I haven’t received any follow-up. I also wanted to mention that on both Reddit and the GameSir Discord, many other users have confirmed experiencing the exact same issue with wired Switch Pro controllers (and GameSir X5 Lite). So it definitely seems to be affecting a larger group of users, not just me. Hopefully this additional context can help prioritize the fix. Thanks again!

OK. Lemme start you out with a couple of links: On File System Permissions explains the different subsystems that all contribute to file system permissions on macOS. BSD Privilege Escalation on macOS describes the various ways to escalate privileges on macOS. In this case you’re dealing with two types of file system permissions: App Sandbox BSD You can get around the first with the coöperation of the user, that is, by having them select the relevant directory in an open or save panel. The issue you’re bumping into in the second. Consider the permissions on the Applications folder: % ls -ld /Applications drwxrwxr-x 89 root admin 2848 Sep 17 14:06 /Applications To remove application you need to be able to write to this directory. But you can only do that if you’re running as a user in the admin group. The directory is read-only for standard users. To get around this you need to escalate privileges. However, the App Review Guidelines specifically proscribe that (clause 2.4.5(v)) I’m only aware of one ex

Hello - When offering in-app purchase subscriptions, it is common to offer different subscription periods for the same level of access - where the only differences are price and duration of subscriptions (e.g. monthly, quarterly, and annual.) If the access entitled by various subscriptions is the same (that is, a monthly subscriber has access to all of the same content, features, etc. as an annual subscriber), it is best practice to assign all of those subscription products to the same subscription group in App Store Connect, as documented here - including the assignment of subscription levels. This will ensure correct handling of upgrades, crossgrades, and downgrades, as documented here, and prevent customers from having more than one active subscription at a time. While developers can control how and when to merchandise subscription products in their app, it is not possible to restrict customers from switching between available products in the same subscription group from their Manage Subs

The Advanced Commerce API utilizes two generic product identifiers that you configure within App Store Connect. A Consumable Product Type, which can be utilized for all one-time purchase products. An Auto-Renewable Subscription, which represents all your products in your catalog (also known as SKU). The reporting through App Store Connect provides the SKU. The SKU are available in Summary Sales Report & Financial Report. Note: A SKU can represent the in-app purchase product that you offer in the app. Therefore, ensure that you provide the identifier of the product that you offer customers to purchase.

Hello - First, to answer the question you asked in the video: how is it possible for subscribers to change from one plan to another? We can see that you have set up one subscription group with ten different products - eight of which are currently Ready for Sale (active.) When a customer subscribes to any product, they can at any time switch to a different product in the same group as documented here. See attached screenshot specific to your app and its available products. If your app is not presenting upgrade/downgrade/crossgrade options, then customers are switching from their Manage Subscriptions page. Any changes from one subscription to another can only be completed by the customer. Developers must ensure that the ordering and grouping of individual subscription products within a subscription group is addressed to meet their business needs, as documented here, under the section titled Assign subscription levels. This setup is completed in App Store Connect. Please let u

Thank you. Setting preferredPlacement to fixed was the missing piece. I already had allowsHiding set to false and I’m not using any tab groups. The Edit button no longer appears in the sidebar. But I have discovered an iOS 26 (and iOS 18) bug in the process. I need to file a bug report but here’s the issue. I present the tab bar controller as a modal view controller on an iPad. If I resize the app window from full screen to a size that is horizontally compact while the tab bar controller is in view, the tab bar controller of course changes from showing a sidebar to showing an old style tab bar on the bottom with a More tab. Selecting the More tab now shows an Edit button. But only in this case. If the tab bar controller is presented after the app window is made horizontally compact, then the More tab does not show the Edit button.

The 'Edit' button will show up in the sidebar as long as editing is supported in UITabBarController for the current set of tabs. Editing is supported if any of the following are true: Any tab has a customizable preferredPlacement (i.e. not .fixed or .pinned) If a tab can be hidden: allowsHiding = true If a tab group can be reordered: allowsReordering = true By default , the preferredPlacement is automatic which does support editing. Set it to .fixed to disable customization for them.