Hi all, We deploy custom iOS/ipadOS apps to our iPads via jamf cloud. The apps are add-hoc releases using our distribution profile that includes all the iPads UUID. We then upload the apps to jamf and from there send it to our iPads. When we deploy new versions of existing apps, we ran into issues where jamf would not update the app. After checking the iPad logs on the console, we found the follow errors that occurs every time jamf tries to push the new app: default 12:47:03.239756-0700 dmd container_acquire_sandbox_extension: success default 12:47:03.239780-0700 dmd container_acquire_sandbox_extension com.myCompany.myApp succeeded for path '/private/var/mobile/Containers/Data/Application/93DBC421-803E-48B5-B704-429908066041' error 12:47:03.240395-0700 cfprefsd rejecting read of { com.myCompany.myApp, mobile, kCFPreferencesCurrentHost, /Library/Managed Preferences/mobile/com.myCompany.myApp.plist, managed: 1 } from process 122 (dmd) because accessing these preferences requires user-preference-read or file-read-data sandbox access fault 12:47:03.240600-0700 dmd Couldn't read values in CFPrefsManagedSource<0xda8a2c9a0> (Domain: com.myCompany.myApp, User: kCFPreferencesCurrentUser, ByHost: Yes, Container: (null), Contents Need Refresh: Yes): accessing these preferences requires user-preference-read or file-read-data sandbox access default 12:47:03.240695-0700 dmd Revoking sandbox extension; key = 43 It seems as if the MDM process cannot update the app because of missing entitlements? Weird enough, this does not happen on all our iPads, only on a subset and we have not found the pattern yet to narrow down what the issue is. We reached out to jamf but they claim the issue is with our app. But we can't really figure out what we would have to do to our app to let the MDM process update it. When searching for this on google we found some related issues for macOS apps but nothing for iOS/ipadOS. Any hints or pointers what the issue with our app could be? Thanks!

Profile doesn't include the com.apple.security.app-sandbox entitlement.

I tried building and running our application with the new Xcode 15.0 beta (15A5160n) The build fails with the following message: Provisioning profile "REDACTED" doesn't support the Access Wi-Fi Information, Hotspot Configuration, and Push Notifications capability. However none of those capabilities are new, they are part of the profile and I was just able to build the project with Xcode 14 before. I already tried reloading the profiles but that does not help. Automatic Signing is disabled for our project.

Whenever I fresh install my app onto my device, it is not showing up in the Settings app. Even after trying to search it, nothing appears. I use location services and local network within my application so I need to be able to change those authorizations as it does not reliably prompt for those authorizations (I need always for location and that was removed, local network never prompts correctly). I have however seen my app appear in the settings app under privacy -> Location Services but not local network. Is this an issue with Apple or with my application? Should also be known that it does appear in settings on some devices.

I have a target that is intended to support both iPad and Mac Catalyst. I have the hardened runtime configuration for camera and photo library enabled in Xcode capabilities and get the following error when attempting to upload the Mac Catalyst build to TestFlight. I have been using it locally for a long time, but mostly sending the iPad version to TestFlight. Documentation on the entitlement indicates it is appropriate for macOS from what I can tell. Invalid Code Signing Entitlements. Your application bundle's signature contains code signing entitlements that are not supported on macOS. Specifically, key 'com.apple.security.personal-information.photo-library' in 'com.technomage.Data-Boards.pkg/Payload/DataBoards.app/Contents/MacOS/DataBoards' is not supported. (ID: 6af5bcd1-ba53-40ca-9185-c409c5647b61

To check whether our SDK still works on iOS 17 I installed Xcode 15 (Beta 1) and iOS 17 (Beta 1), but I'm unable to run our SDK demo/test App on the iPhone running iOS 17. Xcode complains about the provisioning profile not supporting the "Access Wi-Fi Information and Hotspot Configuration capability", but com.apple.developer.networking.wifi-info is already set to true in the (development) provisioning profile. This profile worked fine with Xcode 14.3.1 and iOS 16.5. What changed? Or is this a bug in Xcode 15 Beta 1?

In iOS 16, UIDevice.name has changed to only return the model of the device, not the user specified name. There is an entitlement, com.apple.developer.device-information.user-assigned-device-name that can be requested to keep the old behaviour, but I can't find any info on how to request that entitlement. Anyone able to help?

General: DevForums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained DevForums post --deep Considered Harmful DevForums post Don’t Run App Store Distribution-Signed Code DevForums post Resolving errSecInternalComponent errors during code signing DevForums post Mac code signing: DevForums tag: Developer ID Placing Content in a Bundle documentation Embedding Nonstandard Code Structures in a Bundle documentation Embedding a Command-Line Tool in a Sandboxed App documentation Signing a Daemon with a Restricted Entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Creating Distribution-Signed Code for Mac DevForums post Packaging Mac Software for Distribution DevForums post Manual Code Signing Example DevForums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi all, I've been trying for over a year to get a review for our app to become a default mail app request. I've sent emails to our devrel contact, the app review contact, and tried to find other places to look. How can we get this processed?

I am trying to sign a DriverKit extension for distribution using a Developer ID provisioning profile, but when I try to import the profile to sign the dext I get the error "Platform: MacOS doesn't match platform DriverKit". We requested the entitlement from Apple a few months ago and according to Apple Support it was approved (though we did not get any email directly from the DriverKit approval process). The App ID we are using appears to have the DriverKit capabilities that we need under "Additional Capabillities". Our process right now is this: Go to Certificates, Identifiers, and Profiles Create a new Provisioning Profile and select Developer ID Distribution Select the correct App ID After creating and downloading the profile, import it into Xcode Receive the error "Platform: MacOS does not match DriverKit" According to https://developer.apple.com/documentation/driverkit/requesting_entitlements_for_driverkit_development#3557213, there should perhaps be a prompt adding DriverKit to the provisioning profile and not just the identifier, but we do not see this. Has anybody else run into a similar issue and resolved it? I see a similar thread at https://developer.apple.com/forums/thread/710713, but that one is eight months old and doesn't appear to have a solution.

We started the processing of getting 'Default Browser' entitlement earlier this year, reached out to the email address Apple provided, and sent all the necessary resources they asked back in February 23rd, 2023. It's already 3 months passed we never heard back from them. Also, the build they wanted to test from us, it seems like never even installed from their side. My question is: Is it always like that and happens to everybody whoever wants it, like how long usually have to wait to get it? Or how does it actually works? If anyone knows, please write back. It's been a blocker for us. Thanks.

Lets say I have App A with App Group G. Is it possible to build and distribute a compiled binary framework F that lives within App Group G that can be used by 3rd party developers (not the same team)? My use case: A provides some local on-device data collection service (read & write). F provides an API to write to As data collection (write only). 3rd party developer should be apple to write data through F but not be able to read such data. I do not want to use a web server.

I have been trying for about two weeks to get Universal links to work in my app VineCrawl. For some reason it always tells me that it cannot parse the association file. However, other tools for testing the association file have no problem. I didn’t sign it since I am targeting iOS 11 and later. A long time ago, I read somewhere that it could be the https cipher that I use, but now I can’t find anything on that. My file is vinecrawl.com/.well-known/apple-app-site-association

I want test on my device iPhone XR with my free personal team in Xcode, but Xcode show that personal team just have 2 keychain capabilities, how to add NFC capabilities in my personal team ?

Assume I have screen recording and accessibility permissions for my native macOS application! I am trying to create a tool that allows people to go back in time to previous websites they have been on!

Export entitlements.plist from the app using the codesign utility codesign -d --entitlements :entitlements.plist /path/to/.app/ Using above mentioned command doing signing of iOS application but during command run getting warning as below Warning: Specifying ':' in the path is deprecated and will not work in a future release Instead using ":" which argument to use to not see above mentioned warning XCode version used : 13.2

Trying to validate an app for upload to mac app store. Using Big Sur, and Xcode 12.2 App will not validate. This is for an existing app I'm trying to update. It updated peffectly week just 2 weeks ago with Xocode 11.xx and Catalina. It was rejected a week ago for metadata concerns. I've corrected metadata concerns, and am trying to submit a new binary. I've tried validating the same bundle with a diffreent app id, and everything goes prefectly and is validated. Here is what the non-validation looks like: SUMMARY Team: XXXXXXX Certificate: Apple Distribution (Expires 10/31/21) Profile: Mac Team Store Provisioning Profile: com.XXXX.XXXX Symbols: Included Architectures: Intel 64-bit ENTITLEMENTS com.apple.security.files.user-selected.read-write true com.apple.application-identifier XXXX.com.XXXX.XXXX com.apple.developer.team-identifier XXXXXXXX com.apple.security.app-sandbox true ****** The result = Not Validated * Error message Xcode displayed. Unable to process application at this time due to the following error: Invalid Provisioning Profile. The provisioning profile included in the bundle com.XXXX.XXXX [com.XXXX.XXXX.pkg/Payload/XXXXYYYY.app] is invalid. [Invalid 'com.apple.application-identifier' entitlement value.] For more information, visit the macOS Developer Portal.. * end error message******** Any thoughts or suggestions??? Thanks in advance.