I have an app that needs to seize USB devices, in particular it needs the USBInterfaceOpenSeize call to succeed. I've got a provisioning profile with this entitlement, I've added this plus this entitlement to my app but the USBInterfaceOpenSeize still fails. Am I correct in thinking this is the correct/only entitlement I need for this? If so how do I check if I'm using the profile/entitlements correctly? The call succeeds if I run the application as root which makes me think it's a permissions issue. Thanks.

I’m encountering an issue when trying to start a macOS VM using Apple’s Virtualization framework in a sandboxed environment. When I create a standalone Xcode project, the VM launches successfully. However, when I integrate the same code into my existing project—where the VM is launched by a service started via launchd and running in a sandbox—it fails with the following error: Internal Virtualization Error: Failed to issue USB HCI sandbox extension To resolve this, I tried adding the com.apple.security.device.usb entitlement. But after doing that, the app started crashing with the following trace : Application Specific Signatures: SYSCALL_SET_USERLAND_PROFILE Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_secinit.dylib 0x19a7141bc _libsecinit_appsandbox.cold.9 + 84 1 libsystem_secinit.dylib 0x19a713324 _libsecinit_appsandbox + 2080 2 libsystem_trace.dylib 0x18c2326cc _os_activity_initiate_impl + 64 3 libsystem_secinit.dylib 0x19a712ab0 _libsecinit_initializer + 80 4 libSystem.B.dylib 0x19a72a32c libSystem_initializer + 280 5 dyld 0x18c162efc invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 444 6 dyld 0x18c19f864 invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 324 7 dyld 0x18c1bf58c invocation function for block in mach_o::Header::forEachSection(void (mach_o::Header::SectionInfo const&, bool&) block_pointer) const + 240 8 dyld 0x18c1bc318 mach_o::Header::forEachLoadCommand(void (load_command const*, bool&) block_pointer) const + 208 9 dyld 0x18c1bda58 mach_o::Header::forEachSection(void (mach_o::Header::SectionInfo const&, bool&) block_pointer) const + 124 10 dyld 0x18c19f334 dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 516 11 dyld 0x18c162cb4 dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 176 12 dyld 0x18c16e530 dyld4::PrebuiltLoader::runInitializers(dyld4::RuntimeState&) const + 44 13 dyld 0x18c1848b0 dyld4::APIs::runAllInitializersForMain() + 88 14 dyld 0x18c147e00 dyld4::prepare(dyld4::APIs&, mach_o::Header const*) + 3092 15 dyld 0x18c1471d8 dyld4::start(dyld4::KernelArgs*, void*, void*)::$_0::operator()() const + 236 16 dyld 0x18c146b4c start + 6000 I suspect this might be due to the provisioning profile, which doesn’t seem to include the required entitlement. However, I haven’t found a way to explicitly add this entitlement to the provisioning profile. My questions are: How can I add com.apple.security.device.usb to the provisioning profile? Is there a way to confirm that adding this entitlement would resolve the issue? Are there recommended steps to debug and test Virtualization framework usage in a sandboxed environment (especially when launched as a service)? I also tried disabling SIP and AMFI, but the crash still occurs. Is there a better way to work around or test this in development? Any insights or suggestions would be greatly appreciated!

Hi all, I’m running into an issue with provisioning profiles not including the com.apple.developer.push-notifications entitlement — even though everything seems to be configured correctly. Here's what I’ve done: Checked the App ID has Push Notifications enabled. I’ve clicked “Configure” and created a Production APNs certificate under the App ID. I’ve regenerated the provisioning profiles (Ad Hoc and App Store). I can see within the profiles within App Store Connect that the push notifications capability is listed I’ve downloaded and decoded the profiles using: security cms -D -i profile.mobileprovision > decoded.plist But com.apple.developer.push-notifications is still missing under the <key>Entitlements</key> block. This is causing issues because: When I submit the build to eas I receive this error from XCode: - Provisioning profile "*** Adhoc" doesn't include the com.apple.developer.push-notifications entitlement. Profile qualification is using entitlement definitions that may be out of date. Connect to network to update. (in target '***' from project '***') Refer to "Xcode Logs" below for additional, more detailed logs. To isolate the issue further I: Created a completely new App ID, enabling Push Notifications from the start. Created new APNs certificate. Generated new provisioning profiles with a valid distribution certificate. Still no push entitlement embedded in the profile. Question: Has anyone else encountered this issue where Push Notifications are enabled and configured, but the entitlement still fails to embed in the profile? Thanks in advance.

Hello all, Does anyone know how long it will take Apple to approve multicast entitlement approval after the Apple form is submitted? Any input would be appreciated. Thank you Allyson

Hi, I had a few questions regarding the multicast networking entitlement. What are the criteria for approval? Do ad-hoc multicast protocols fall under the approval criteria? How long do approvals for multicasting generally take?

Hello! I do know apple does not support electron, but I do not think this is an electron related issue, rather something I am doing wrong. I'd be curious to find out why the keychain login is happenning after my app has been signed with the bundleid, entitlements, and provision profile. Before using the provision profile I did not have this issue, but it is needed for assessments feature. I'm trying to ship an Electron / macOS desktop app that must run inside Automatic Assessment Configuration. The build signs and notarizes successfully, and assessment mode itself starts on Apple-arm64 machines, but every single launch shows the system dialog that asks to allow access to the "login" keychain. The dialog appears on totally fresh user accounts, so it's not tied to anything I store there. It has happened ever since I have added the provision profile to the electron builder to finally test assessment out. entitlements.inherit.plist keys <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> entitlements.plist keys: <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.developer.automatic-assessment-configuration</key> <true/> I'm honestly not sure whether the keychain is expected, but I have tried a lot of entitlement combinations to get rid of It. Electron builder is doing the signing, and we manually use the notary tool to notarize but probably irrelevant. mac: { notarize: false, target: 'dir', entitlements: 'buildResources/entitlements.mac.plist', provisioningProfile: 'buildResources/xyu.provisionprofile', entitlementsInherit: 'buildResources/entitlements.mac.inherit.plist', Any lead is welcome!

Subject: Assistance Needed with Enabling Speech Recognition Entitlement for iOS App Hi everyone, I’m seeking guidance regarding the Speech Recognition entitlement for my iOS app using Capacitor. Our App and we submitted a request to Apple Developer Support four days ago, but have not yet received a response. 🧩 Summary of the issue: Our app uses the Capacitor speech recognition plugin (@capacitor-community/speech-recognition) to listen for native voice input on iOS. We have added both of the required keys in Info.plist: NSSpeechRecognitionUsageDescription NSMicrophoneUsageDescription We previously had a duplicate microphone key, which caused the system to silently skip the permission request. After removing the duplicate, we did briefly see the microphone permission prompt appear. However, in our most recent builds, the app launches without any prompts, even on a fresh install. The plugin reports: available = true permissionStatus = granted Despite this, no speech input is ever received, and the listener returns nothing. We believe the app is functioning correctly at a code level (plugin loads, no errors, correct Info.plist), but suspect the missing Speech Recognition entitlement is blocking actual access to the speech system. 🔎 What we need help with: How can we confirm whether the Speech Recognition entitlement is enabled for our App ID? If it’s not enabled, is there a way to escalate or re-submit the request? Our app is currently stuck until this entitlement is granted. Thank you for your time and any guidance you can offer!

I am building an iOS app with the App ID: com.echo.eyes.app I have a paid Apple Developer membership and have followed all correct procedures, including: Adding com.apple.developer.speech-recognition manually to the App.entitlements file Setting Info.plist keys for microphone and speech permissions Assigning my Apple Developer Team to the project Setting App/App.entitlements under Code Signing Entitlements Despite all this, Xcode automatic signing fails, and I receive the error: vbnet Copy Edit Provisioning profile 'iOS Team Provisioning Profile: com.echo.eyes.app' doesn't include the com.apple.developer.speech-recognition entitlement. I am unable to add the entitlement via the Capabilities section, and no method I try will allow provisioning to succeed. Please update this App ID to include the required entitlement in the provisioning profile. This issue is preventing all voice recognition functionality. Thank you.

How to add speech recognition in + capability in Xcode there is no "Speech Recognition" in the list.

Hello, I recently enrolled in the Apple Developer Program and created an App ID with the bundle ID com.echo.eyes.voice. I am trying to enable Speech Recognition in the App ID capabilities list, but the option does not appear — even after waiting over a week since my membership was activated. I’ve already: Confirmed my Apple Developer account is active Checked the Identifiers section in the Developer portal Tried editing the App ID, but Speech Recognition is not listed Contacted both Developer Support and Developer Technical Support (Case #102594089120), but was told to post here for help My app uses Capacitor + the @capacitor-community/speech-recognition plugin. I need the com.apple.developer.speech-recognition entitlement to appear so I can use native voice input in iOS. I would really appreciate help from an Apple engineer or anyone who has faced this issue. Thank you, — Daniel Colyer

I have filled the form to request for this access, but it has been 15 days now and I haven’t gotten any feedback. Apple Support said the appropriate team will be in contact with me once it has been approved. It’s been 15 days and still nothing. I just want to know how long it would take, and Apple’s WWDC 2025 is around the corner, I was really looking forward to get this done before then.

Hi Apple engineering team, I contacted Developer Support regarding the status of our entitlements request, and they recommended that I post here for visibility. It’s been just over two weeks since we submitted the request, and we haven’t received any updates yet. We understand these requests can take time, but it’s unclear what the typical timeline looks like or if there’s any way to check on the progress. Is there a way to get an update or better understand where we are in the process? We’re trying to plan our release and would really appreciate any guidance on what to expect. Thanks in advance for your help.

To learn how to develop/distribute a DriverKit driver (DEXT) and a UserClient app correctly, I am trying to run the following sample dext and app. https://developer.apple.com/documentation/driverkit/communicating-between-a-driverkit-extension-and-a-client-app?language=objc I walked throught steps in README.md included in the project and faced issues. First, I referred the "Configure the Sample Code Project" section in the README.md and configured the sample code project to build with automatic signing. I could run the app and activate the dext successfully and made sure the app could communicate with the dext. Next, I tried the manual signing. I followed steps described in the "Configure the Sample Code Project" section carefully. The following entitlements has already been assigned to my team account. DriverKit Allow Any UserClient Access DriverKit USB Transport - VendorID DriverKit I could build both app and dext and could run the app. However, when I clicked the "Install Dext" button to activate the dext, I got the following error: sysex didFailWithError: extension category returned error Am I missing something? I would also like to know detailed steps to publicly distribute my dext and app using our Developer ID Application Certificate, as README.md only shows how to configure the project for development. Xcode version: 16.3 (16E140) Development OS: macOS 15.5 (24F74) Target OS: macOS 15.5 (24F74)

Certain entitlements require special permission from Apple like DriverKit or Screentime API/Family controls. Those entitlements are tied to the bundle IDs of the app. If those entitlements have been granted for an app from developer A (personal account) and we transfer that app to developer B (organization account), including the bundle IDs, will those bundle IDs keep the entitlement? Or will we need to re-request from the developer account B? Any insights or experiences regarding this process would be greatly appreciated.

I download SampleEndpointApp, and config signing&capabilities->team as my developer Id. Xcode created a profile of bundle identifier automatically. However the project build still failed for sign. What's the reason for that? How can I resolve it?

I have a macOS app that captures screen images. The first time I run this application, a dialog is shown directing the user to give my app Screen Recording permission. Is there a way I can trigger this dialog earlier and detect whether the permission was granted?

I have the CarPlay Entitlement "Driving Task" and two of my apps use it. Now, in both apps, I have implemented Navigation. I requested the Navigation CarPlay Entitlement when the feature was mature and builds were available in Test Flight, since I wanted to release the new versions of the apps with navigation available both on the iPhone and in CarPlay. I got no answer to my request, so I decided to release the apps with only navigation in the iPhone and the Driving Task functionality in CarPlay, thinking that maybe being live with navigation in the App Store was a requirement. I have asked permission again, and so far, the request is being ignored again. What are the requirements to get the Navigation CarPlay Entitlement? If the app is approved for navigation, is there something else the app must do to get the entitlement? Requirements for CarPlay Entitlements seem quite obscure, are they listed anywhere? Is there a technical problem to move from an existing CarPlay Entitlement to another? Can that be the reason the entitlement has not been granted? Some of my competitors have the CarPlay Navigation entitlement. My use case is the same (in a better app in my opinion, of course). But I am only getting bad reviews because "the app does not include the map in CarPlay" after the big investment in implementing navigation in the apps. Any help or insight would be appreciated.

I’m working on carrier services that require ICCID. Is there a special entitlement to be able to access this info? What’s the process to request authorization if available?

I wrote a simple program to hide the build-in camera by entitlement restriction as DTS suggested in the post: https://developer.apple.com/forums//thread/784511?answerId=839753022#839753022 But the program failed as the error message: Fail to open service: 0xe00002e6: Caller is not entitled to connect to EndpointSecurity. How can I apply for the entitlement to run the program? Is there any other solution to resolve hide build-in camera?

I am creating an app that uses critical messages, I have been granted this entitlement and I am adding the certificate and in the info.plist. In the app I request authorization to send messages to specific numbers. When I try the app in production from Xcode this works fine and I can send the critical messages. However, when I am using the app in the test flight the authorization does not seem to be remembered on the background. Moreover, I go to security/privacy settings and I grant permission to the selected number (I see that it only shows one number even when I have to granted, its like it removes the previous one) however when I exit the setting page the permission is reset (and therefore denied), I think this is a bug. Can you look into that. Both this removing granted permission (HIGH PRIORITY, this message can only be sent in the background, therefore the user can not grant it and why the maximum telephone number to be granted to send messages is reset also to a single one LOWER PRIORITY). Thanks