I have added 2 command line tools in my swiftUI app for macOS, it was working fine locally, but it gives error when i try to make archive of it. I am not sure about the reason, but it was related to sandboxing the command line tools, after this i have tried multiple solutions but i am unable to resolve this issue, how should i handle the helper command line tools

I use shared UserDefaults in my Swift FileProvider extension app suite. I share data between the containing app and the extension via User Defaults initialized with init(suiteName:). Everything was working fine before macOS 15 (Sequoia). I know that Sequoia changed the way the app group should be configured. My app group is know set to "$(TeamIdentifierPrefix)com.my-company.my-app". But the containing (UI) app and the Extension read and write from and to different plist locations although the same app-group is specified for both targets in XCode. The containing app reads and writes to "~/Library/Preferences/$(TeamIdentifierPrefix)com.my-company.my-app.plist" The Extension reads and writes to "~/Library/Containers/com.my-company.my-app.provider/Data/Library/Preferences$(TeamIdentifierPrefix)com.my-company.my-app.plist" Both of these locations seem completely illogical for shared UserDefaults. I checked the value returned by FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: "$(TeamIdentifierPrefix)com.my-company.my-app" in both the containing app and the Extension and the value in both of them is the same but has nothing to do with the actual paths where the data is stored as provided above. (The value is as expected - "~/Library/Group Containers/$(TeamIdentifierPrefix)com.my-company.my-app/" P.S. Of course, $(TeamIdentifierPrefix), my-company and my-app here are placeholders for my actual values.

My app is a Safari extension. When trying to validate the app, I get the following error: App sandbox not enabled. The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean value of true in the entitlements property list: [( "app.rango.Rango.pkg/Payload/Rango for Safari.app/Contents/MacOS/Rango for Safari" )] Refer to App Sandbox page at https://developer.apple.com/documentation/security/app_sandbox for more information on sandboxing your app. I don't know why this is happening. I have app sandbox enabled in both the app and the extension target. I have both entitlement files. When executing codesign -d --entitlements :- /path/to/binary I get the following: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.files.user-selected.read-only</key><true/><key>com.apple.security.get-task-allow</key><true/><key>com.apple.security.network.client</key><true/></dict></plist> If I check on Activity Monitor, on the sandbox column it shows true. I have no idea why I keep getting this error when all indicates that the app is actually sandboxed.

I noticed the time sensitive entitlement says it's only for iOS and macOS. But without the entitlement, the time sensitive toggle doesn't show in my app's notification settings on visionOS. When I archive my visionOS app for App Store Connect, the entitlement seems to be taken out as it doesn't show in my entitlement list for the build in App Store Connect. I'm confused at this point if the entitlement is really necessary, since it seems to be needed to debug on the simulator at least. I don't have a physical device to test it on unfortunately.

In an expo managed project which utilizes custom expo plugins, we're having trouble getting the keychain-access-groups entitlement inserted to our provisioningprofile for signing. The provisioning profile we download from apple dev portal contains: <key>keychain-access-groups</key> <array> <string>56APMZ7FZY.*</string> <string>com.apple.token</string> </array> and this is not recognized by xcode for signing; an error is thrown: Provisioning profile "ccpp" doesn't include the com.apple.developer.keychain-access-groups entitlement. A matching error is thrown during EAS build. So we need to find a way to modify the ccpp.mobileprovision locally and then sign the build using the modified ccpp.mobileprovision. Or, we need guidance on the proper way to resolve this situation. Questions: why does the downloaded mobileprovision file have the keychain-access-groups key, and not com.apple.developer.keychain-access-groups? Both Xcode and EAS appear to demand the latter keyname. when I use expo prebuild, I am able to see the following in the .entitlements file: <key>com.apple.developer.keychain-access-groups</key> <array> <string>$(AppIdentifierPrefix)com.myapp</string> </array> I am adding this entitlement using a custom expo plugin. However, the mobileprovision file downloaded from apple developer portal has no knowledge of this setting which is only applied through expo prebuild. So what I am left with at the end is an entitlements file generated by my expo prebuild which has the correct setting, and a provisioningprofile downloaded from dev portal with an incorrect setting, and I don't know how to mend the downloaded provisioningprofile (incorrect setting) with my local entitlements file (correct setting).

I'm at my wit's end here with an iOS app I'm developing. I've applied for the Family Controls entitlement, and while my extensions (like Device Monitor) have been accepted, the main target entitlement for my app still hasn't been approved. Here's the timeline: Extensions (Device Monitor etc.): Accepted about a month ago. Main App Entitlement: Still pending - it's been over 6 weeks now. I'm looking for: Anyone who has gone through this process and can share how long it took for their main app entitlement to get approved after the extensions were. Any tips on what might speed up the process or what I might be doing wrong. Experiences with contacting Apple Developer Support regarding this issue. If you've been through a similar ordeal or have any advice, I'd really appreciate it. Thanks for any help or insight you can offer!

Hi there, I am planning an app that requires use of the Family Controls Entitlement to access data on the user's screen time. I understand that this has to be requested from Apple before it can be used in production. I have found the following form to request approval, but it requires an App and bundle ID, which suggests that approval can only be requested after the app has been developed. https://developer.apple.com/contact/request/family-controls-distribution I'd like to avoid the situation where I spend a lot of time on developing the app, only to find out that the Family Controls Entitlement will not be granted for my use case. Is there any way that I can request provisional pre-approval for my app? Perhaps based on an app description and some mockups? Or, at least some idea of whether my particular use case is likely to be approved? Thanks.

Hello, why is apple won’t adding Just-In-Time compiler to ”Emulators” in the app store. And/or hypervisor for newer devices. i feel like UTM (which is a PC Emulator) or other Apps that emulate need JIT to work properly, and will consume significantly less battery to emulate/virtualize, And will have a noticeably better performance than just not enabling JIT, and by the way jit is already being used on iPadOS/iOS 18.3/18.3.1 and newer/older version of that so being enabled by the choice of the developer of the App is more convenient than doing it with tools. and by the why apple wont let emulators on iPads and newer iPhones do hypervisor, it’s better than JIT but requires a good cpu, like making it available to people with newer/powerful devices, hypervisor is better than JIT by a lot and removing it in iPadOS/iOS 18.4 was an unnecessary choice?, becuase it had a better potential in virtualization instead of emulating, and I feel like enabling it In M1-M2 iPads and A14-18pro and newer devices is just better from having it disabled, to unlock the fullest potential of the iPad it needs to have a app or something to do instead of just running high graphics games/or Apps.

I've successfully obtained Distribution entitlements for Family Controls. However, this seems to only apply to the main target/identifier and not the extensions, like DeviceActivityMonitor, ShieldConfigurationDataSource, or ShieldActionExtension. Did I perhaps fill out the form with the wrong bundle ID? If I go to "Certificates, Identifiers & Profiles", my main identifier for the app has the Distribution entitlement. But the extensions and the wildcard don't. This means that trying to create an archive results in the following two errors, each repeated twice: Provisioning profile failed qualification (Profile doesn't support Family Controls (Development)) Provisioning profile failed qualification (Profile doesn't include the com.apple.developer.family-controls entitlement) Note that my entitlement files are set up correctly. Do I need to fill out the form with a wildcard instead? Or am I doing something wrong? Thank you.

on a span of 4 months we sent 2 for nfc entitlement requests and refused , no reason nothing . i mean all we want is the ability to use nfc on passes nothing else , no idea why this is so complex . with google you don’t even need a developer account and it’s for free , here we pay and we can’t even get the full functionality the passes offer , we got the hardware and the solution but we find out we need an nfc entitlement to allow passes to have nfc ? i mean our use case is very simple instead of having barcode on the passes we want them to be via nfc and we already got the nfc hardware but we find out we need nfc entitlement which we tried requesting but getting refused with no reason at all. at least tell u what is the problem what how to fix it not outright refuse without any reason at all. if anyone got any solution please provide.

Hello, I have an application which uses a helper[1] to download[2] files. When files download is a DMG and user mounts the image to run the application from this DMG it doesn't pass Gatekeeper. It presents the "Application XYZ.app can't be opened.". Same file downloaded via Safari shows a different dialog, the "XYZ.app is an app downloaded from the internet. Are you sure you want to open it?" In the system log I see this line: exec of /Volumes/SampleApp/SampleApp.app/Contents/MacOS/SampleApp denied since it was quarantined by Download\x20Helper and created without user consent, qtn-flags was 0x00000187 The application is running sandboxed and hardened, the main application has com.apple.security.files.downloads.read-write entitlement. Everything is signed by DeveloperID and passes all checks[3]. I tried to check the responsible process[4] of the helper. Then trivial stuff like download folder access in System Settings/Privacy & Security/Files & Folders. Everything seems to be fine. For what it worths the value of quarantine attribute is following: com.apple.quarantine: 0087;6723b80e;My App; The Safari downloaded one posses: com.apple.quarantine: 0083;6723b9fa;Safari;02162070-2561-42BE-B30B-19A0E94FE7CA Also tried a few more ways and got to 0081 with Edge and 0082 with a sample app with similar setup. Not sure if that has any meaning. What could I be doing wrong that Gatekeeper right away refuses to run the application from DMG instead of showing the dialog like in other cases? [1] The executable is in application bundle located in Contents/Helpers/DownloadHelper.app in the main application bundle. [2] Nothing fancy, curl + regular POSIX file operations [3] codesign, syspolicy_check, spctl [4] launchctl procinfo pid

Hey everyone, I wanted to check if anyone else has faced extreme delays when requesting access to Apple Pay Wallet APIs. It was Oct 11 2024 a year ago since we first applied to enable in-app provisioning for virtual cards in our app and we made 1% progress. For context, we already got access from Google for Google Wallet—it was smooth, professional, and timely. But with Apple… it’s been nothing but an endless cycle of waiting. We followed every step, submitted everything correctly, and even called Apple Developer Support multiple times. Their response? "We've escalated it." Again and again. But there’s no real progress. We’re rerouted, ignored, and left in limbo. At this point, I don’t even know if anyone is actually reviewing these requests. If a business like ours—fully compliant and ready to integrate—can’t even get a response in 150 day, how is this process supposed to work? I’m posting this here because I can’t be the only one. Has anyone else faced this? If you finally got access, how did you do it? Because right now, it feels like Apple Pay in-app provisioning is an impossible goal. Hoping someone from Apple sees this and realizes how broken this process is. We’re just trying to innovate and offer Apple users a great experience—why is it so difficult? Looking forward to hearing from anyone in the community who can help, Thanks! 🙏

I keep getting this error when trying to install Audio app extension. Everything is reviewed from certificates to profiles, for some reason CreatingCustomAudioEffects sample is deployed correctly but when Creating new Project (Audio Extension App) from new project Option, it doesn't work at all. If I remove Extension from Frameworks and deploy app, then no problem but then App crashes as extension is missing. Something wrong with Xcode? I am pretty sure it used to build new projects but not anymore. Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.0k1RXy/extracted/AudioUnitsAppExtensionTest.app : 0xe8008015 (A valid provisioning profile for this executable was not found.) Please ensure sure that your app is signed by a valid provisioning profile. If this issue persists, please attach the following when sending a report to Apple: A sysdiagnose from this Mac A sysdiagnose from the device failing installation An IPA of the app failing installation

Environment: Xcode v. 16.2; Swift version 6+ Scenario: I have an .xcodeproj within an .xcsworkingspace that must follow the 'command-line' paradigm outside the sandbox. My UnitTest (using the newer 'Swift Test' vs 'XCTest') is hitting runtime fatal errors due to sandbox violations. Here's a typical error line from the compiler: 1 duplicate report for Sandbox: chmod(41377) deny(1) file-read-data /Users/Ric/Library/.. I've set the .entitlement to ignore sandbox: &amp;lt;key&amp;gt;com.apple.security.app-sandbox&amp;lt;/key&amp;gt; &amp;lt;false/&amp;gt; I also created a shell script in the project build phase to access my TestData which was copied via a Build Phase: #!/bin/bash BUILD_DIR="${BUILT_PRODUCTS_DIR}" TEST_DATA="${SRCROOT}/SwiftModelTest/TestData" mkdir -p "${BUILD_DIR}/TestData" cp -R "${TEST_DATA}/" "${BUILD_DIR}/TestData/" What do I need to allow real-time Testing of my code without worrying about the Sandbox?

I want to use the com.apple.vm.networking entitlement which has a note: This entitlement is restricted to developers of virtualization software. To request this entitlement, contact your Apple representative. https://developer.apple.com/support/technical/ says: « Request entitlements using entitlement forms and ask for status updates in the resulting email thread. » but I haven't been able to find these "entitlement forms". Does anyone know what the right process is to request an entitlement?

We had push notifications and associated domains capabilities to our app but something happened either with my certificates or Xcode and they disappeared and can't add any capabilities anymore. https://imgur.com/peRXNO6 Our App ID, certificate and provisioning profile are all correct and contain the correct capabilities.

Received entitlement access from Apple yesterday, but I'm getting this error when trying to check app authorization: FinanceKit/FinanceStore+FinancialDataAuthorization.swift:27: Fatal error: Process is not entitled Code of interest: import Foundation import FinanceKit @MainActor class FinanceService: ObservableObject { private let store = FinanceStore.shared @Published private(set) var authorizationStatus: AuthorizationStatus = .notDetermined @Published private(set) var accounts: [Account] = [] @Published private(set) var transactions: [Transaction] = [] @Published private(set) var balances: [AccountBalance] = [] @Published private(set) var wallet: Wallet = Wallet() // Authorization func requestAuthorization() async { do { authorizationStatus = try await store.requestAuthorization() } catch { // If there's an error requesting authorization, set to denied authorizationStatus = .denied print("Error requesting authorization: \(error)") } } func checkAuthorizationStatus() async { do { print("Checking authorization status") authorizationStatus = try await store.authorizationStatus() print("Authorization status: \(authorizationStatus)") } catch { // If there's an error checking status, assume not determined authorizationStatus = .notDetermined print("Error checking authorization status: \(error)") } } } What I've done/checked: Info.plist is set properly, with NSFinancialDataDescription AND NSFinanancialDataUsageDescription both set In my entitlements, key com.apple.developer.financekit is set to financial-data I have am targeting an actual device (min. 17.6) I've followed the instructions here: [https://developer.apple.com/forums/thread/757973] to no avail. Any ideas?

A client asked why we can't detect other apps installed on a device without an MDM profile, we explained this isn't possible due to privacy and security restrictions on iOS. A regular app cannot find other apps that are installed unless part of the same group. The client then told us to download SpyBuster (on the App Store) which somehow is collecting a list of Bundle IDs or names of all installed apps somehow. We were skeptical, but sure enough, the app showed us a list of apps we had installed. How is it doing this?!?! No MDM profile associated with the app. No special permissions requested. No access to anything shown in privacy &amp; security in settings. Is there a special entitlement we're not aware of? Just seems like they must be using a private API call to get this info but that would of course mean it should be pulled from the App Store. We'd love to have this capability in our apps if it's legit and accepted by App Store review. Thanks!

We have recently begun testing in our production environment and have been unable to push provision any cards, receiving a 500 error: default 11:15:59.136742-0300 PassbookUIService Response: https://pr-pod9-smp-device.apple.com:443/broker/v4/devices/SEID_NUMBER/cards 500 Time profile: 0.486102 seconds { x-conversation-id = "52463d9f488e428f829633a1518ea72d" Vary = "accept-language" Content-Type = "application/json" x-pod = "pr-pod9" x-keystone-correlationid = "058F11DE-839F-47AC-A623-741BF32CEA80" Date = "Thu, 16 Jan 2025 14:15:58 GMT" x-apay-service-response-details = "via_upstream" Content-Length = "81" x-envoy-upstream-service-time = "172" x-pod-region = "paymentpass.com.apple" } { statusCode = 500; statusMessage = "Broker Service Response exception"; } In 05/2024 we received an e-mail from applepayentitlementsapple.com confirming the granting of in-app provisioning entitlements for our production apps. We've already sent a feedback on Feedback Assistant. Here is the code to track: FB16344669. Also, we sent another e-mail to applepayentitlementsapple.com, Case-ID: 11317916, but we haven't received a reply yet. Can you help us? We are concerned, since our pre-certification starts on January 27th. Thanks in advance.

I'm building an app that uses the Screen Time API and DeviceActivityMonitoring Framework. It works when I run the simulator build on iPhone 16 but when I try to launch it on my own iPhone, I get these errors. Provisioning profile "iOS Team Provisioning Profile: Kanso- Digital-Wellness.Kanso-v2" doesn't include the com.apple.developer.device-activity.monitoring entitlement. KansoMonitorExtension 1 issue x Provisioning profile "iOS Team Provisioning Profile: Kanso-Digital-Wellness.Kanso-v2.KansoMonitorExtension" doesn't include the com.apple.developer.device-activity.monitoring en... Read something online that said a reboot would fix this, but I tried and no luck. Any ideas? I'm not very technical, so would pay someone to fix this for me :)