I'm developing a watchOS nap app that detects when the user falls asleep by monitoring heart rate changes. == Technical Implementation == HKWorkoutSession (.mindAndBody) for background execution HKAnchoredObjectQuery for real-time heart rate data CoreMotion for movement detection == Battery Considerations == Heart rate monitoring ONLY active when user explicitly starts a session Monitoring continues until user is awakened OR 60-minute limit is reached If no sleep detected within 60 minutes, session auto-ends (user may have abandoned or forgotten to stop) App displays clear UI indicating monitoring is active Typical session: 15-30 minutes, keeping battery usage minimal == The Problem == HKWorkoutSession affects Activity Rings during the session. Users receive "Exercise goal reached" notifications while resting — confusing. == What I've Tried == Not using HKLiveWorkoutBuilder → Activity Rings still affected Using builder but not calling finishWorkout() (per https://developer.apple.com/forums/thread/780220) → Activity Rings still affected WKExtendedRuntimeSession (self-care type) (per https://developer.apple.com/forums/thread/721077) → Only ~10 min runtime, need up to 60 min HKObserverQuery + enableBackgroundDelivery (per https://developer.apple.com/forums/thread/779101) → ~4 updates/hour, too slow for real-time detection Audio background session for continuous processing (suggested in https://developer.apple.com/forums/thread/130287) → Concerned about App Store rejection for non-audio app; if official approves this technical route, I can implement in this direction Some online resources mention "Health Monitoring Entitlement" from WWDC 2019 Session 251, but I could not find any official documentation for this entitlement. Apple Developer Support also confirmed they cannot locate it? == My Question == Is there any supported way to: Monitor heart rate in background for up to 60 minutes WITHOUT affecting Activity Rings or creating workout records? If this requires a special entitlement or API access, please advise on the application process. Or allow me to submit a code-level support request. Any guidance would be greatly appreciated. Thank you!

We are using SecItemCopyMatching from LocalAuthentication to access the private key to sign a challenge in our native iOS app twice in a few seconds from user interactions. This was working as expected up until about a week ago where we started getting reports of it hanging on the biometrics screen (see screenshot below). From our investigation we've found the following: It impacts newer iPhones using iOS 26.1 and later. We have replicated on these devices: iPhone 17 Pro max iPhone 16 Pro iPhone 15 Pro max iPhone 15 Only reproducible if the app tries to access the private key twice in quick succession after granting access to face ID. Looks like a race condition between the biometrics permission prompt and Keychain private key access We were able to make it work by waiting 10 seconds between private key actions, but this is terrible UX. We tried adding adding retries over the span of 10 seconds which fixed it on some devices, but not all. We checked the release notes for iOS 26.1, but there is nothing related to this. Screenshot:

Hello, I'm trying to develop a driver that uses PCIe through the mac's thunderbold ports. I requested a PCI entitlement, and it's just an empty array in the entitlements file by default. I was wondering if the vendor ID submitted with my entitlement request is supposed to populate this dictionary? I'm currently getting an entitlement check failed from kernel: DK: IOUserServer and was unsure if the PCI entitlement configuration was incorrect. Default entitlement: <key>com.apple.developer.driverkit.transport.pci</key> <array> </array> I'd be happy to provide more information as needed, but any guidance would be much appreciated. Thanks in advance.

We've got an in-house Swift macOS desktop app with a FileProvider extension, which has been working fine on various machines up through Sonoma (and still does). We've just installed it on a Sequoia machine, and on it the FileProvider extension has lost the ability to access the shared app group. It can neither log to the Group Containers folder under ~/Library, nor access the pipe to the main app. The group name is formatted as group.XXXXXXXXXX.com.orgname.appname in both targets. I'm not sure why it combines the iOS and macOS conventions, with both the group prefix and the teamIdentifier one -- it was first built some time before the point in 2025 when macOS supported iOS-style groups -- but again, it's been working. For the record, The provisioning profile for EMPFileProvider has the App Groups capability enabled, and the App Groups capability is present in both build targets in Xcode. The existing group identifier is registered on the website; I've also manually registered the team-ID-less group name, so I can migrate. The question is, is this actually the right approach? Will such a change break the app on pre-Sequoia machines? And if I proceed, what do I need to do to complete the migration? The app was built back in Xcode 12.5; will I need to update the entire build environment to take advantage of Xcode 16.3's explicit support for iOS-style group names, or can I get away with it since I've manually registered the new group?

Hello, I submitted a Family Controls (Distribution) entitlement request on February 25, 2026 for my prayer/productivity app that uses the Screen Time API to block distracting apps. I also submitted requests for two extensions on March 6, 2026: com.prayfirst.prayFirst.ShieldAction com.prayfirst.prayFirst.ShieldConfiguration All three requests still show "Submitted" status in the Certificates, Identifiers & Profiles portal with no progress. I contacted Apple Developer Support (Case #102839422791), and they mentioned I should have received a "follow-up number" after submission — but I never received one. This entitlement is the only blocker preventing me from building and distributing my app. Could a DTS engineer please assist or escalate this? Team ID: BH752TBX9L Thank you.

Hi everyone, I'm running into what appears to be a stuck Family Controls entitlement request and wanted to see if anyone has experienced something similar. Request ID: 9D7MU547QH The request is still showing a status of "Submitted". Context: • Our main app bundle ID was already approved for the Family Controls entitlement. • Two related extensions (ShieldConfiguration and DeviceActivityMonitor) were also approved within a few days. • The remaining request is for a ShieldAction extension, which handles button taps from the shield UI. This entitlement is currently blocking our business's beta testing, so we’re trying to understand whether this is just normal queue delay or if the request might be stuck. Has anyone seen a case where the main app and other extensions were approved but a ShieldAction request remained in "Submitted" for an extended period? If an Apple engineer happens to see this, I’d greatly appreciate any guidance on whether the request might be stuck in the review queue. Thank you!

Hi everyone, I recently submitted the Family Controls request form and received the following request IDs: 429MKWT5VX
 KNL6T2DC7A
 N62KV78DKC However, I haven’t received any updates yet and I’m not sure how these requests are tracked or when we’ll know if they’re approved. Our app is almost ready to launch and this capability is critical for us. Both the main app and an extension depend on Family Controls, so we’re currently blocked from moving forward. I also raised a support ticket with Apple Developer Support (Case ID: 102838723073), but I haven’t received any response there either. To be honest, this is becoming really stressful. Months of work are stuck at the final step and we’re unable to move forward without this approval. This isn’t just a small personal project and we’re building a production app and were hoping to launch very soon. If anyone has been through this process or has any guidance on the approval timeline, or if someone from Apple could help look into these request IDs, it would genuinely mean a lot to us.

 Thank you

Hello, I am hoping someone from Apple or the community can help escalate or advise on my situation. I submitted a Live Caller ID Lookup entitlement request for my app Zinfo (com.parastashvili.Mobile), Team ID: CNH4KYRW44. A support case was opened on February 17, 2026 (Case ID: 102823550184). Apple's documentation states entitlement review takes up to 2 weeks. It has now been over 3 weeks with no substantive response despite multiple follow-ups. Timeline: Feb 17: Case opened Feb 26: I provided all requested technical details in full — OHTTP endpoints, Privacy Pass token system, DNS TXT record, Apple test number (+1 408 555 1212 returning "Johnny Appleseed"), all fully deployed and ready for validation Feb 27: Apple replied with a generic "appropriate team will be in contact" message Feb 28, Mar 6, Mar 10: Follow-up emails sent — no meaningful response All technical requirements are fully implemented and operational. We are ready for Apple's validation at any time. Has anyone else experienced long delays with Live Caller ID Lookup entitlement reviews? Is there a better escalation path? I have also submitted a new escalation ticket (Case ID: 102840874265) under Development and Technical > Entitlements today. Any advice or visibility from Apple staff would be greatly appreciated. App: Zinfo (com.parastashvili.Mobile) Extension Bundle ID: com.parastashvili.Mobile.LiveCallerID Team ID: CNH4KYRW44

Some capabilities include distribution restriction. For example, you might be able to use the capability for day-to-day development but have to get additional approval to publish an app using that capability to the App Store. To tell if a capability has such a restriction: Go to Developer > Account. At the top right, make sure you’re logged in as the right team. Under Certificates, IDs & Profiles, click Identifiers. Find the App ID you’re working with and click it. IMPORTANT Some managed capabilities are granted on a per-App ID basis, so make sure you choose the right App ID here. This brings up the App ID editor. In the Capabilities tab, locate the capability you’re working with. Click the little info (i) button next to the capability. The resulting popover lists the supported platforms and distribution channels for that capability. For example, the following shows that the standard Family Controls (Development) capability, which authorises use of the com.apple.developer.family-controls entitlement, is only enabled for development on iOS and visionOS. In contrast, if you’ve been granted distribution access to this capability, you’ll see a different Family Controls (Distribution) capability. Its popover shows that you can use the capability for App Store Connect and Ad Hoc distribution, as well as day-to-day development, on both iOS and visionOS. In the Family Controls example the development-only capability is available to all developers. However, restrictions like this can apply to initially managed capabilities, that is, managed capabilities where you have to apply to use the capability just to get started with your development. For example, when you apply for the Endpoint Security capability, which authorises use of the com.apple.developer.endpoint-security.client entitlement, it’s typically granted for development only. If you want to distribute a product using that capability, you must re-apply for another capability that authorises Developer ID distribution [1]. Some folks encounter problems like this because their managed capability was incorrectly granted. For example, you might have applied for a managed capability from an Organization team but it was granted as if you were an Enterprise team. In this case the popover will show In House where you’d expect it to show App Store Connect. If you’ve believe that you were granted a managed capability for the wrong distribution channel, contact the folks who granted you that capability. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] Endpoint Security clients must use independent distribution; they are not accepted in the Mac App Store. Revision History 2026-03-10 Updated to account for changes on the Apple Developer website. 2022-12-09 First posted.

This is my first driver and I have had the devil of a time trying to find any information to help me with this. I beg help with this, since I cannot find any tutorials that will get me over this problem. I am attempting to write a bridging driver for an older UPS that only communicates via RPC-over-USB rather than the HID Power Device class the OS requires. I have written the basic framework for the driver (details below) and am calling OSSystemExtensionRequest.submitRequest with a request object created by OSSystemExtensionRequest.activationRequest, but the didFailWithError callback is called with OSSystemExtensionErrorDomain of a value of 9, which appears to be a general failure to activate the driver. I can find no other information on how to address this issue, but I presume the issue is one of entitlements in either the entitlements file or Info.plist. I will have more code-based details below. For testing context, I am testing this on a 2021 iMac (M1) running Sequoia 15.7, and this iMac is on MDM, specifically Jamf. I have disabled SIP and set systemextensionsctl developer on, per the instructions here, and I have compiled and am attempting to debug the app using xcode 26.2. The driver itself targets DriverKit 25, as 26 does not appear to be available in xcode despite hints on google that it's out. For the software, I have a two-target structure in my xcode project, the main Manager app, which is a swift-ui app that both handles installation/activation of the driver and (if that finally manages to work) handles communication from the driver via its UserClient, and the driver which compiles as a dext. Both apps compile and use automated signing attached to our Apple Development team. I won't delve into the Manager app much, as it runs even though activation fails, except to include its entitlements file in case it proves relevant <dict> <key>com.apple.developer.driverkit.communicates-with-drivers</key> <true/> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-only</key> <true/> </dict> and the relevant activation code: func request(_ request: OSSystemExtensionRequest, didFailWithError error: any Error) { // handling the error, which is always code value 9 } func activateDriver() { let request = OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: "com.mycompany.driver.bundle.identifier", queue: .main) request.delegate = self OSSystemExtensionManager.shared.submitRequest(request) //... } And finally the Manager app has the following capabilities requested for its matching identifier in our Apple Developer Account: DriverKit Communicates with Drivers System Extension On the Driver side, I have two major pieces, the main driver class MyDriver, and UserClient class, StatusUserClient. MyDriver derives from IDriverKit/IOService.iig but (in case this is somehow important) does not have the same name as the project/target name MyBatteryDriver. StatusUserClient derives from DriverKit/IOUserClient.iig. I have os_log(OS_LOG_DEFAULT, "trace messages") code in every method of both classes, including the initializers and Start implementations, and the log entries never seem to show up in Console, so I presume that means the OS never tried to load the driver. Unless I'm looking in the wrong place? Because I don't think the driver code is the current issue, I won't go into it unless it becomes necessary. As I mentioned above, I think this is a code signing / entitlements issue, but I don't know how to resolve it. In our Apple Developer account, the Driver's matching identifier has the following capabilities requested: DriverKit (development) DriverKit Allow Any UserClient (development) DriverKit Family HID Device (development) -- NOTE: this is planned for future use, but not yet implemented by my driver code. Could that be part of the problem? DriverKit Transport HID (development) DriverKit USB Transport (development) DriverKit USB Transport - VendorID -- submitted, no response from Apple yet HID Virtual Device -- submitted, no response from Apple. yet. This is vestigial from an early plan to build the bridge via shared memory funneling to a virtual HID device. I think I've found a way to do it with one Service, but... not sure yet. Still, that's a problem for tomorrow. Apparently I've gone over the 7000 character maximum so I will add my entitlements and info.plist contents in a reply.

I have gotten all necessary entitlements for all my extensions, but screen time still does not work in Testflight. our app blocks social apps for a particular period of time.. This feature works in my Xcode physical device but fails in testflight

Dear Apple Developer Support Team, I am writing to inquire about the process for obtaining approval for the following entitlement in my iOS/macOS app: <key>com.apple.developer.networking.networkextension</key> <array> <string>content-filter-provider</string> </array> Specifically, I would like guidance on: The steps required to submit a request for this entitlement. Any necessary documentation or justification that needs to be provided to Apple. Typical review timelines and approval criteria. Any restrictions or compliance requirements associated with this entitlement. Our app intends to implement a content filtering functionality to enhance network security and user safety. We want to ensure full compliance with Apple’s policies and guidelines. Could you please provide detailed instructions or point us to the relevant resources to initiate this approval process? Thank you for your assistance.

I have gotten all necessary entitlements for all my extensions,

I requested the Family Controls (distribution) capability but am not sure if I did it correct. I applied, answered the questions why i needed it and submitted. Its been about 2 weeks since applying. In the app configurations, it on apple dev site, it shows in the request history that I submitted it on March 17, but I can click the request (+) button and request it again. Just want to make sure I didn't mess anything up--it seems like they would prevent me from sendin another request if I had already requested it. It hasn't taken them this long to get back to me in the past which is why I am confused. If anyone knows how to speed up the process, please let me know! Thanks.

Hello all, I am trying to submit a request for endpoint security entitlement. I keep getting this error for weeks: This page isn’t working developer.apple.com is currently unable to handle this request. HTTP ERROR 500

Hello! I recently submitted a request for the Family Controls (Distribution) entitlement for my app, and I’m trying to understand what kind of timeline to expect. I’ve seen posts suggesting anywhere from a few days to over a month for approval. Is there a typical review window for this entitlement? And is there anything I can do on my end to help the process move more smoothly? Thanks in advance!

Hi, Submitted Family Controls entitlement request a month ago for my main focus app, got approved within a day. Submitted 3 more requests for my extensions, and it has been 16 days without any word. Saw advice to file a code-level support with DTS in this similar forum: https://developer.apple.com/forums/thread/812934 Is there anything else I can do before filing a code-level support? Any extra info to provide? If not, can a DTS engineer please refer me for the code-level support? Thanks!

Hello, Our team submitted a request for Family Controls entitlements for our main app and four related extensions. It has now been a little over two weeks since submission, and the request is still pending review. We wanted to check if there are any recommended steps we can take on our end to help move the process forward. Any guidance or tips from anyone who have recently gone through this process would be greatly appreciated. Thank you.

Greetings fellow devs, After accepting the Alternative Terms Addendum for Apps in the EU and adding the Storekit External Purchases or Offers capability via App Store Connect in our app identifier, the entitlement showing up in xcode is com.apple.developer.storekit.custom-purchase-link.allowed-regions and has the value 'jp'. How can we change the value for that entitlement to 'gr'? We tried changing it in xcode, but we get the error <Provisioning profile "iOS Team Provisioning Profile: [app identifier]" doesn't match the entitlements file's value for the com.apple.developer.storekit.custom-purchase-link.allowed-regions entitlement.>. In Certificates, Identifiers and Profiles in the developer account there is no way to configure that capability. We sent a request to support and they only gave a link to documentation and to the forum here. We have a completed every business agreement requested and we have chosen Greece as the organisation region and the app's availability region wherever possible. We haven't found anywhere that Japan would be chosen to explain the entitlement given. So where can this entitlement about allowed regions be configured? Xcode version is 16.4 and iOS minimum deployments is 18

Has anyone gotten Postgres to run in a sandboxed app? I am compiling Postgres 18 myself from source and have tried to patch it so it doesn't use sysv (shmem) but it apparently has all kinds of invocations of sysv and once it's sandboxed has issues, e.g.: 2026-02-24 18:26:05.014 EST [4384] FATAL: semctl(65596, 16, SETVAL, 536) failed: Operation not permitted Does anyone know of a way to either make the sandbox relax or make Postgres compatible with sandboxing? I have tried passing flags to initdb to use POSIX semaphores but it always wants to use sysv so I'm finding myself super deep in the weeds of the Postgres source code.