General: Forums topic: Code Signing Forums subtopics: Code Signing > General, Code Signing > Certificates, Identifiers & Profiles, Code Signing > Notarization, Code Signing > Entitlements Forums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Bundle Resources > Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to the other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained forums post --deep Considered Harmful forums post Don’t Run App Store Distribution-Signed Code forums post Resolving errSecInternalComponent errors during code signing forums post Finding a Capability’s Distribution Restrictions forums post Signing code with a hardware-based code-signing identity forums post New Capabilities Request Tab in Certificates, Identifiers & Profiles forums post Isolating Code Signing Problems from Build Problems forums post Investigating Third-Party IDE Code-Signing Problems forums post Determining if an entitlement is real forums post Code Signing Identifiers Explained forums post Mac code signing: Forums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding nonstandard code structures in a bundle documentation Embedding a command-line tool in a sandboxed app documentation Signing a daemon with a restricted entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example forums post The Care and Feeding of Developer ID forums post TestFlight, Provisioning Profiles, and the Mac App Store forums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

You can now easily request access to managed capabilities for your App IDs directly from the new Capability Requests tab in Certificates, Identifiers & Profiles > Identifiers. With this update, view available capabilities in one convenient location, check the status of your requested capabilities, and see any notes from Apple related to your requests. Learn more about capability requests.

In the last few weeks 5 users have reported my workout watch app being unable to read health data despite the permissions being enabled in the iPhone Settings app. This has been a common complaint over the years and is usually fixed by disabling the permissions; rebooting both devices; and then enabling them again. This usually nudges iOS into sending the permissions to watchOS. However that procedure doesn't work for these users, all of whom are using watchOS 10.6.2. They are using various versions of iOS 18 or 26 so it seems to be a problem with that version of watchOS, which users are usually limited to because their hardware won't support anything more up to date. It seems that unpairing and re-pairing the watch can fix the problem but not always. I looked around and it seems that other apps are having the same problem: https://www.reddit.com/r/runna/comments/1rhhs2n/runna_wont_start_an_outdoor_run_on_apple_watch/ Does anyone know a way to fix this? My current advice is to repeatedly unpair / re-pair until it works, which isn't really practical! Thanks in advance.

am seeing a persistent WeatherKit JWT generation failure with: WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 I already reviewed the related forum discussion where DTS noted that the WeatherKit App Service must be enabled separately from the WeatherKit capability on the App ID. I have confirmed that both are enabled. Confirmed configuration Team ID: FYGW4LHN42 Diagnostic app bundle ID: com.elilindenDinematch.AppleServiceDiagnostics Device: physical iPhone iOS version: 26.5 App version: 1.0 (1) I created a fresh diagnostic app specifically to isolate this from my main app. The issue reproduces in the clean diagnostic app. I have confirmed: WeatherKit is checked under the App ID capabilities. WeatherKit is enabled under Certificates, Identifiers & Profiles → Services. The Services page shows WeatherKit with “Manage your WeatherKit usage,” a “View” button, and “100% of calls available.” A fresh provisioning profile was generated. The embedded provisioning profile is present in the app. The embedded provisioning profile includes WeatherKit. The app is running on a physical iPhone, not only the simulator. Location services are enabled and authorized. The diagnostic app logs show the provisioning profile is found and includes WeatherKit: profile=FOUND appID=FYGW4LHN42.com.elilindenDinematch.AppleServiceDiagnostics team=FYGW4LHN42 WeatherKit=YES Location authorization also looks valid: servicesEnabled=true authorization=authorizedWhenInUse accuracy=fullAccuracy Failure When the app calls WeatherKit, JWT generation fails: Failed to generate jwt token for: com.apple.weatherkit.authservice with error: Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" Then WeatherKit fails with: WeatherKit error[0] domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors code=2 description=The operation couldn’t be completed. (WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors error 2.) Relevant excerpt: AppleDiag 2026-06-08T20:20:17.448Z App bundle=com.elilindenDinematch.AppleServiceDiagnostics version=1.0(1) AppleDiag 2026-06-08T20:20:17.448Z Device iOS=26.5 model=iPhone name=iPhone AppleDiag 2026-06-08T20:20:17.455Z PROFILE profile=FOUND name=iOS Team Provisioning Profile: com.elilindenDinematch.AppleServiceDiagnostics uuid=f42899e3-029a-4e85-b6ac-0aa515fc0028 appID=FYGW4LHN42.com.elilindenDinematch.AppleServiceDiagnostics team=FYGW4LHN42 WeatherKit=YES AppleDiag 2026-06-08T20:20:31.882Z BEGIN WeatherKit AppleDiag 2026-06-08T20:20:31.884Z WEATHERKIT start lat=40.7128 lon=-74.006 Failed to generate jwt token for: com.apple.weatherkit.authservice with error: Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" AppleDiag 2026-06-08T20:20:34.652Z WEATHERKIT failed elapsedMs=2764 AppleDiag 2026-06-08T20:20:34.655Z WeatherKit error[0] domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors code=2 description=The operation couldn’t be completed. (WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors error 2.) AppleDiag 2026-06-08T20:20:34.655Z WeatherKit error[0] userInfo=empty Because this happens in a clean diagnostic app, with WeatherKit enabled both on the App ID and under Services, and with the embedded provisioning profile confirming WeatherKit=YES, this does not appear to be an app-specific code issue or a missing App ID capability issue. Has anyone else seen WDSJWTAuthenticatorServiceListener.Errors Code=2 after confirming both the WeatherKit App ID capability and the separate WeatherKit App Service are enabled? Could someone from Apple/DTS check whether WeatherKit JWT minting is correctly enabled on the backend for Team ID FYGW4LHN42 and bundle ID com.elilindenDinematch.AppleServiceDiagnostics?

I'm posting this here after reading Quinn's post here: https://developer.apple.com/forums/thread/799000 The above entitlement is mentioned in IOUSBHostControllerInterface.h. It isn't an entitlement one can add using the + button on the Capabilities panel in Xcode. If I try to add it by hand, Xcode complains that it isn't in my profile. Is this a managed entitlement? We'd like to create a local USB "device" to represent a real device reachable over a network.

NSE Filtering Entitlement — No Response After 4+ Weeks (Request ID: 7NPNCB7Q9P) We submitted a request for the Notification Service Extension Filtering Entitlement (com.apple.developer.usernotifications.filtering) over two weeks ago and have received no response. App: NoLink Bundle ID: io.nolink.ios NSE Bundle ID: io.nolink.ios.nse Team ID: V2E3A94DC9 Request ID: 7NPNCB7Q9P Support Case ID: 102886799629 NoLink is an end-to-end encrypted messaging app built on the Matrix protocol with voice and video calling. All push notifications arrive encrypted — the NSE decrypts them to determine if the event is a message or an incoming call. Without this entitlement, incoming VoIP calls cannot ring properly. Users receive a silent text notification instead of the native CallKit incoming call screen. The duplicate APNS notification for call events cannot be suppressed. Element X iOS (io.element.elementx) has been granted this exact entitlement for the identical use case — same Matrix protocol, same Matrix Rust SDK, same NSE architecture. NoLink is built on the same codebase. We also opened Support Case 102886799629 but received only a generic response directing us to the Developer Forums. Could someone from the Entitlements team please review our request? We are happy to provide any additional technical details or a demo. Thank you.

Hi, I’m building an iOS app that uses FamilyControls to let users block distracting apps during study sessions. Everything works fine in Debug on a real device: the authorization request succeeds and app blocking works correctly. The problem is when I try to create an Archive for App Store Connect. Xcode gives me this error: “Provisioning profile ‘iOS Team Store Provisioning Profile: com.(ID)’ doesn’t include the com.apple.developer.family-controls entitlement.” I also get a warning saying that my bundle identifier is using the development-only version of the Family Controls capability and that I should request access to the distribution version. I’ve already added the Family Controls capability, enabled the required entitlements, and I’m using automatic signing. I also tried enabling the capability for my App ID in the Apple Developer portal, but it either doesn’t save or the distribution profile still doesn’t include the entitlement. Does the Family Controls distribution entitlement require approval from Apple before it can be used in an App Store build? If so, where do I request it? Has anyone successfully published an app using FamilyControls and run into this issue? Thanks.

Hello, I am the developer of Kiddowall, a B2C parental control app for iOS. I submitted a request for the com.apple.developer.family-controls entitlement on June 2, 2026 (support case #102905280650), and also followed up via an existing case #102905007339. Apple support indicated a 48-hour (2 business days) response time when the case was created. We are now past that window with no update on entitlement status. Request details: Team ID: 5499VUQ6PC Bundle ID: com.kiddowall.child App Bundle ID (parent): com.kiddowall.parent — Kiddowall — Parental Control (BDC, France) Entitlement requested: com.apple.developer.family-controls Support case: #102905280650 Current status: Submitted (no update in 4 days) Context: Kiddowall is a B2C parental control application for French families. Without the FamilyControls entitlement, we cannot implement proper on-device content filtering or screen time management without requiring MDM supervision — which is not viable for a consumer app (it requires factory reset via Apple Configurator 2 or ABM/DEP enrollment). FamilyControls is the only Apple-approved path to build a real parental control app for B2C without supervision. We are committed to full compliance with Screen Time API guidelines. Can anyone from Apple staff confirm the status of case #102905280650, or advise on next steps to expedite this request? Thank you. — Franck MAUDET (Kiddowall)

We have a macOS app (io.formhealth.SideCore) that acts as a browser-style wrapper, embedding multiple web applications in WKWebView panes. We need the com.apple.developer.web-browser.public-key-credential entitlement so that WebAuthn/passkey flows (e.g. Google OAuth) work within the embedded webviews. The capability doesn't appear on macOS App IDs in the developer portal, and the entitlement request form at developer.apple.com/contact/request/system-extension returns "Your account can't access this page." What's the correct process to request this entitlement for a non-App-Store macOS app?

Requesting com.apple.managed-keychain Entitlement for Enterprise S/MIME Cert Visibility Platform: iOS | Distribution: MDM (Microsoft Intune) | Not App Store We are developing an internal enterprise iOS app (EMS Assist, com.company.supportcompanion) for Company deployed exclusively to Intune-managed devices. Our requirement: Read S/MIME certificates pushed to the device via Intune SCEP profiles to: Confirm cert presence in the MDM-managed keychain Read expiry date (kSecAttrNotValidAfter) to warn users before expiry Distinguish between missing, expired, and valid cert states What we have tried: Standard SecItemCopyMatching query — returns only app-installed certs, not MDM-pushed certs Graph API (deviceConfigurationStates) — confirms profile compliance but does not expose actual cert expiry or keychain presence Our understanding: com.apple.managed-keychain is required for an app to access MDM-managed keychain items on supervised devices, combined with a matching keychain-access-groups entitlement and the cert profile configured as "always available" in MDM. Questions: Is com.apple.managed-keychain the correct entitlement for this use case? Does it apply to SCEP/PKCS-issued certificates specifically, or only other MDM keychain items? Has anyone successfully accessed Intune-pushed S/MIME certs from an iOS app using this entitlement? Any guidance from the community or Apple engineers would be appreciated.

This issue keeps cropping up on the forums and so I decided to write up a single post with all the details. If you have questions or comments: If you were referred here from an existing thread, reply on that thread. If not, feel free to start a new thread. Use whatever topic and subtopic is appropriate for your question, but also add the Entitlements tag so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Determining if an entitlement is real In recent months there’s been a spate of forums threads involving ‘hallucinated’ entitlements. This typically pans out as follows: The developer, or an agent working on behalf of the developer, changes their .entitlements file to claim an entitlement that’s not real. That is, the entitlement key is a value that is not, and never has been, supported in any way. Xcode’s code signing machinery tries to find or create a provisioning profile to authorise this claim. That’s impossible, because the entitlement isn’t a real entitlement. Xcode reports this as a code signing error. The developer misinterprets that error [1] in one of two ways: As a generic Xcode code signing failure, and so they start a forums thread asking about how to fix that problem. As an indication that the entitlement is managed — that is, requires authorisation from Apple to use — and so they start a forums thread asking how to request such authorisation. The fundamental problem is step 1. Once you start claiming entitlements that aren’t real, you’re on a path to confusion. Note If you’re curious about how provisioning profiles authorise entitlement claims, read TN3125 Inside Code Signing: Provisioning Profiles. There are a couple of ways to check whether an entitlement is real. My preferred option is to create a new test project and use Xcode’s Signing & Capabilities editor to add the corresponding capability to it. Then look at what Xcode did. You might find that Xcode claimed a different entitlement, or added an Info.plist key, or did nothing at all. IMPORTANT If you can’t find the correct capability in the Signing & Capabilities editor, it’s likely that this feature is available to all apps, that is, it’s not gated by an entitlement or anything else. Another thing you can do is search the documentation. The vast majority of real entitlements are documented in Bundle Resources > Entitlements. IMPORTANT When you search for documentation, focus on the Apple documentation. If, for example, you search the Apple Developer Forums, you might be mislead by other folks who are similarly confused. If you find that you’re mistakenly trying to claim a hallucinated entitlement, the fix is trivial: Remove it from your .entitlements file so that your app starts to build again. Then add the capability using Xcode’s Signing & Capabilities editor. This will do the right thing. If you continue to have problems, feel free to ask for help here on the forums. See the top of this post for advice on how to do that. [1] Xcode 26.2, currently being seeded as Release Candidate, is much better about this (r. 155327166). Give it a whirl! Commonly Hallucinated Entitlements This section lists some of the more commonly hallucinated entitlements: com.apple.developer.push-notifications — The correct entitlement is aps-environment (com.apple.developer.aps-environment on macOS), documented here. There’s also the remote-notification value in the UIBackgroundModes property. com.apple.developer.in-app-purchase — There’s no entitlement for in-app purchase. Rather, in-app purchase is available to all apps with an explicit App ID (as opposed to a wildcard App ID). com.apple.InAppPurchase — Likewise. com.apple.developer.storekit — Likewise. com.apple.developer.in-app-purchase.non-consumable — Likewise. com.apple.developer.in-app-purchase.subscription — Likewise. com.apple.developer.app-groups — The correct entitlement is com.apple.security.application-groups, documented here. And if you’re working on the Mac, see App Groups: macOS vs iOS: Working Towards Harmony. com.apple.developer.background-modes — Background modes are controlled by the UIBackgroundModes key in your Info.plist, documented here. UIBackgroundModes — See the previous point. com.apple.developer.voip-push-notification — There’s no entitlement for this. VoIP is gated by the voip value in the UIBackgroundModes property. com.apple.developer.family-controls.user-authorization — The correct entitlement is com.apple.developer.family-controls, documented here. IMPORTANT As explained in the docs, this entitlement is available to all developers during development but you must request authorisation for distribution. com.apple.developer.device-activity — The DeviceActivity framework has the same restrictions as Family Controls. com.apple.developer.managed-settings — If you’re trying to use the ManagedSettings framework, that has the same restrictions as Family Controls. If you’re trying to use the ManagedApp framework, that’s not gated by an entitlement. com.apple.developer.callkit.call-directory — There’s no entitlement for the Call Directory app extension feature. com.apple.developer.nearby-interaction — There’s no entitlement for the Nearby interaction framework. com.apple.developer.secure-enclave — On iOS and its child platforms, there’s no entitlement required to use the Secure Enclave. For macOS specifically, any program that has access to the data protection keychain also has access to the Secure Enclave [1]. See TN3137 On Mac keychain APIs and implementations for more about the data protection keychain. com.apple.developer.networking.configuration — If you’re trying to configure the Wi-Fi network on iOS, the correct entitlement is com.apple.developer.networking.HotspotConfiguration, documented here. com.apple.developer.musickit — There is no MusicKit capability. Rather, enable MusicKit via the App Services column in the App ID editor, accessible from Developer > Certificates, Identifiers, and Profiles > Identifiers. These app services are tied to your App ID on the server side, meaning that they have no presence in your code signature. com.apple.developer.shazamkit — There is no ShazamKit capability. Like MusicKit, this is an app service. com.apple.mail.extension — Creating an app extension based on the MailKit framework does not require any specific entitlement. com.apple.security.accessibility — There’s no entitlement that gates access to the Accessibility APIs on macOS. Rather, this is controlled by the user in System Settings > Privacy & Security. Note that sandboxed apps can’t use these APIs. See the Review functionality that is incompatible with App Sandbox section of Protecting user data with App Sandbox. com.apple.developer.adservices — Using the AdServices framework does not require any specific entitlement. com.apple.security.device.audio-input-monitoring — The com.apple.security.device.microphone entitlement is what restricts microphone access on macOS. [1] While technically these are different features, they are closely associated and it turns out that, if you have access to the data protection keychain, you also have access to the SE. Revision History 2026-05-28 Added com.apple.security.device.audio-input-monitoring to the common hallucinations list (Kevin) 2026-04-23 Added com.apple.developer.shazamkit to the common hallucinations list. Added a little more info about app services. 2025-12-09 Updated the Xcode footnote to mention the improvements in Xcode 26.2rc. 2025-11-03 Added com.apple.developer.adservices to the common hallucinations list. 2025-10-30 Added com.apple.security.accessibility to the common hallucinations list. 2025-10-22 Added com.apple.mail.extension to the common hallucinations list. Also added two new in-app purchase hallucinations. 2025-09-26 Added com.apple.developer.musickit to the common hallucinations list. 2025-09-22 Added com.apple.developer.storekit to the common hallucinations list. 2025-09-05 Added com.apple.developer.device-activity to the common hallucinations list. 2025-09-02 First posted.

Hi, I am experience bad customer service from Apple not answering, or updating anything about my request for family controls. Is there a way we can speed up things?

Just curious if there is anyway to expedite the FamilyControl entitlement. I have seen few people stuck in this step for few days. I submit mine on the 4/18, and my Case ID: 102874096254 Just want to see if I can see any estimate time for my request. Thanks, Jing

Hi Apple DTS, FivePrayer is a live App Store app and we are blocked by Family Controls (Distribution) after an app transfer. Bundle ID: com.fiveprayer.app Current team: FivePrayer LLC Previous team: Gansoft Inc. App Store: https://apps.apple.com/us/app/fiveprayer/id6755536905 This same app previously had Family Controls (Distribution) approved under Gansoft Inc. After the transfer to FivePrayer LLC, the capability did not carry over, so we had to request it again. It has now been pending for almost one month, and we cannot ship critical updates because Family Controls is a core dependency of the app. Is there a way to re-associate the previously approved entitlement with the transferred App ID, or route this to the correct Managed Capabilities / Entitlements team? Thank you.

Hi everyone, I'm hoping to hear from developers who have submitted Live Caller ID Lookup entitlement requests, especially anyone successfully onboarded after the PIR architecture became required. My own request (ID 2C4HJDWYJ6, submitted March 23, 2026) has been under review for 85 days. Apple Developer Support confirmed on May 8 that it's "in the pipeline to be onboarded" but I haven't received a concrete timeline. Infrastructure is fully deployed and verified per Apple's PIR documentation: OHTTP Gateway: https://gateway.zinfo.ge PIR Service: https://service.zinfo.ge (Apple's Swift PIR Service) Token Issuer: https://issuer.zinfo.ge DNS TXT record correctly configured HTTP/2, TLS, Protocol Buffers wire format Production database loaded Questions for the community: For developers already onboarded, how long did your review take from final submission to approval? Did the Live Caller ID Lookup capability appear automatically in Certificates, Identifiers & Profiles after approval, or was there an additional step? Is there an Apple engineering contact who handles PIR onboarding questions directly, separate from Developer Support? Any guidance from those who have been through this process, or from Apple DevRel, would be appreciated. Thanks, Levan

Hello, I am hoping someone from Apple or the community can help escalate or advise on my situation. I submitted a Live Caller ID Lookup entitlement request for my app Zinfo (com.parastashvili.Mobile), Team ID: CNH4KYRW44. A support case was opened on February 17, 2026 (Case ID: 102823550184). Apple's documentation states entitlement review takes up to 2 weeks. It has now been over 3 weeks with no substantive response despite multiple follow-ups. Timeline: Feb 17: Case opened Feb 26: I provided all requested technical details in full — OHTTP endpoints, Privacy Pass token system, DNS TXT record, Apple test number (+1 408 555 1212 returning "Johnny Appleseed"), all fully deployed and ready for validation Feb 27: Apple replied with a generic "appropriate team will be in contact" message Feb 28, Mar 6, Mar 10: Follow-up emails sent — no meaningful response All technical requirements are fully implemented and operational. We are ready for Apple's validation at any time. Has anyone else experienced long delays with Live Caller ID Lookup entitlement reviews? Is there a better escalation path? I have also submitted a new escalation ticket (Case ID: 102840874265) under Development and Technical > Entitlements today. Any advice or visibility from Apple staff would be greatly appreciated. App: Zinfo (com.parastashvili.Mobile) Extension Bundle ID: com.parastashvili.Mobile.LiveCallerID Team ID: CNH4KYRW44

Hello, I submitted a request for Family Controls (Distribution) approval, and it has now been over 12 days without any update on the status. I understand that review times can vary, but I wanted to check if this delay is expected or if there’s anything I might need to do on my end to help move the process forward. Could anyone from the Apple team or the community provide insight into: Typical processing times for Family Controls distribution requests Whether delays beyond a few days are common Any steps I should take to follow up or expedite the review For reference: Status: Submitted Submission time: April 29, 2026 Any guidance would be greatly appreciated. Thank you!

Hi guys, I am building a custom virtualization utility for macOS using the native Virtualization Framework. My goal is to allow local guest virtual machines to run in Bridged Mode (VZBridgedNetworkDeviceAttachment) so they can acquire their own distinct local IP address from my router and expose service ports directly to the local network. When attempting to compile and run my app with the com.apple.vm.networking entitlement, Xcode throws the following error:"Entitlement com.apple.vm.networking not found and could not be included in profile. This likely is not a valid entitlement and should be removed from your entitlements file" I understand that this is a restricted capability that is hidden from the standard Apple Developer Portal by default. I have already reached out via email to Apple Developer Support to request it, but I have not received a definitive answer on the process or exact entitlement string name. For those who have successfully shipped or tested a virtualization app with bridged networking, Is com.apple.vm.networking the correct string name for modern macOS versions, or is there a newer, specific identifier required? What is the actual entitlement that i should see in my developer account? I can't seem to find it in the docs as well. Would it be called "VM Networking" Thanks,

I submitted my Family Controls entitlement request on April 21 for my iOS app and still haven't heard anything back. We have had no approval or status update. It's been close to a month now. This is blocking me from testing and moving forward with the app since it relies on the Screen Time / Family Controls APIs. Has anyone run into delays this long recently? Thanks

Hoping to get visibility on a Family Controls (Distribution) entitlement request pending without status updates after an app transfer. Context: Digital wellbeing app, 500K+ active iOS users Previous team had Family Controls (Distribution) approved and shipping to production App transferred to new team (H2HM68H8PP) ~1 month ago; entitlement re-requested immediately Capability page shows "View Requests (6)" with no approvals, rejections, or updates Developer Support cases opened (102883853173, 20000112879750, 102875975624) — confirmed they cannot check entitlement status Impact: Core app feature depends on Family Controls. Production app for 500K+ users will break once transfer fully propagates at provisioning level. This is a continuity issue, not a new-app launch — entitlement was previously approved on the prior team. Questions: Recommended escalation path for post-transfer entitlement requests? Should I stop resubmitting to avoid queue deprioritization? Could the entitlements team provide a status update? Happy to share bundle ID, previous team ID, and request dates privately with Apple staff.

Subject: Family Controls (Distribution) — 2 pending requests for 9 days, no status update (WA2MPH4572 + HCQXH9P8VM) Tags: family-controls Body: Hello Apple Developer Forums and DTS team, I am requesting visibility on the status of two pending Family Controls (Distribution) entitlement requests submitted 10 days ago with no email confirmation or status update. REQUEST DETAILS App: SHIELD Bundle ID: app.shieldme Team ID: 4452N28RUS Request IDs (both submitted on May 6, 2026): WA2MPH4572 HCQXH9P8VM Status: Both showing "Submitted" in Identifiers → app.shieldme → Family Controls (Distribution) → View Requests USE CASE SHIELD is a Brazilian app focused on personal device usage management. The category covers the scenario the app addresses: device owners who want to apply additional access controls to their own apps in case of phone theft or loss, which are widespread concerns in Brazil. SHIELD is NOT a parental control app and does not facilitate management of devices belonging to other people. The device owner is the sole operator. The owner uses the system-provided picker to select which of their own apps should require additional access controls, configured and controlled exclusively by the owner. The use of FamilyControls + ManagedSettings is the iOS API path that allows a third-party app to offer this access-control layer on user-selected apps for the owner's own protection. Without this entitlement, the iOS version cannot offer parity with the Android version of the same product. ALIGNMENT WITH FAMILY CONTROLS USAGE TERMS Device owner is the sole operator (no third-party monitoring) Owner manages access to their own apps only Use case is personal device usage management No advertising or data broker use of device or usage data No organizational deployment Privacy disclosures complying with Brazilian LGPD law are included in-app at first launch ASK Could a DTS Engineer or the entitlements review team confirm whether the two pending requests are visible in the queue and share an approximate timeline? If additional clarification on the use case would help the review proceed, I will provide it the same day. The Android version of SHIELD is feature-complete and currently in beta testing, approaching public launch. The iOS version is designed to launch alongside Android, since the product relies on a referral mechanism where an existing user can invite a contact who may be on either platform. Releasing only one platform breaks the onboarding flow for invitees on the other. Family Controls (Distribution) is the single remaining blocker on the iOS side. If there is a recommended channel for aligning entitlement timing with a coordinated multi-platform release, please advise. Thank you for your time.

Greetings fellow devs, After accepting the Alternative Terms Addendum for Apps in the EU and adding the Storekit External Purchases or Offers capability via App Store Connect in our app identifier, the entitlement showing up in xcode is com.apple.developer.storekit.custom-purchase-link.allowed-regions and has the value 'jp'. How can we change the value for that entitlement to 'gr'? We tried changing it in xcode, but we get the error <Provisioning profile "iOS Team Provisioning Profile: [app identifier]" doesn't match the entitlements file's value for the com.apple.developer.storekit.custom-purchase-link.allowed-regions entitlement.>. In Certificates, Identifiers and Profiles in the developer account there is no way to configure that capability. We sent a request to support and they only gave a link to documentation and to the forum here. We have a completed every business agreement requested and we have chosen Greece as the organisation region and the app's availability region wherever possible. We haven't found anywhere that Japan would be chosen to explain the entitlement given. So where can this entitlement about allowed regions be configured? Xcode version is 16.4 and iOS minimum deployments is 18