Hi everyone, I’ve been struggling with an issue related to the com.apple.developer.fonts-provided-by-application entitlement in Xcode. Despite configuring everything correctly, I’m still encountering an error stating that the fonts provided by application are missing. Here’s a breakdown of what I’ve done so far: Entitlements File: My entitlements file includes the com.apple.developer.fonts-provided-by-application key set as an array with 28 font items listed (e.g., Lato-Bold.ttf, Montserrat-SemiBold.ttf, etc.). All font names match the actual filenames, including extensions, and are spelled correctly. Info.plist: I’ve listed all the fonts under the UIAppFonts key, and they match the entries in the entitlements file. Font Files in Xcode: All font files are present in my project and included in Build Phases > Copy Bundle Resources. Provisioning Profile: The Fonts capability is enabled in my App Identifier in the Apple Developer Program, and I’ve regenerated my provisioning profile to ensure it reflects this entitlement. What’s Working: Other entitlements in the entitlements file (like keychain access and sandboxing) are functioning correctly, so the entitlements file is linked properly to my app target. The provisioning profile shows everything else is in sync. What’s Not Working: Xcode consistently shows the error "missing fonts provided by application", even though I’ve verified the fonts, file paths, and plist entries multiple times. Questions: Could this issue be related to the placement of the fonts folder within my project structure? Do I need to remove unused fonts or adjust file extensions (like .ttf vs .otf)? Is there another step I might be missing in Xcode or the Apple Developer Program? Any guidance would be greatly appreciated. This has been a challenging problem to resolve, and I’d love to hear from anyone who has encountered something similar.

Hi everyone, I’m developing a multiplayer iOS game that uses Multipeer Connectivity for local peer-to-peer networking. I’d like to display user-assigned device names in the UI to help players identify each other during the connection process. In iOS 16 and later, accessing UIDevice.current.name requires the User-Assigned Device Name Entitlement. The documentation states that the entitlement is granted for functionality involving “interaction between multiple devices that the same user operates”. My game is strictly multiplayer, with devices owned by different users, not a single user managing multiple devices. I have a few questions regarding this: Does the requirement for “devices operated by the same user” definitively exclude multiplayer scenarios where devices belong to different players? Can a Multipeer Connectivity-based game qualify for the entitlement in this case? If the entitlement is not applicable, is prompting users to enter custom names the recommended approach for identifying devices in a multiplayer UI? Has anyone successfully obtained this entitlement for a similar multiplayer use case with Multipeer Connectivity? Thanks in advance.

My iOS app uses a Message Filter extension (via ILMessageFilterQueryHandling) and works only when run directly as the extension target. When installed normally (via TestFlight), the filter does not trigger at all — which I now believe is because iOS enforces the com.apple.developer.identitylookup entitlement at runtime. Anyone know anything about this? I put in a request for the entitlement last week but heard nothing back. Called Apple "technical" support and they had no idea what I was talking about. The documentation around this is EXTREMELY lacking in my opinion...

Hello, we are currently encountering a similar issue. We need to inject our capabilities into a third-party app by re-signing it (not a full re-signing process—just requiring the provisioning profile and certificate to match). However, this seems to affect the functionality of universal links. We've found that this issue only occurs on iOS 18. We noticed that when re-signing the app, the entitlements related to associated domains are changed to a wildcard: [Key] com.apple.developer.associated-domains [Value] [Array] [String] * However, this doesn’t cause any issues on iOS 17. Through further testing, we discovered that in order for universal links to work properly, we need to restore the original value of com.apple.developer.associated-domains and use a provisioning profile that matches the app's bundle ID. This means our previous re-signing approach using a certificate and provisioning profile from another bundle will no longer work. We’d like to ask: is this a new restriction introduced in iOS 18? If we manually restore the original com.apple.developer.associated-domains entitlement and use a provisioning profile that matches the app’s bundle ID, will universal links function correctly going forward?

你好，是这样的，目的我使用的是mac mini进行软件测试，我目前测试的软件会通过本地回环地址127.0.0.1进行数据传输，这种数据传输不是网络请求，所以用网络抓包的手段，没法测试。所以，我目前的想法是修改您macOS的本地回环地址优先级，定向到我自己的代理服务器，进行数据测试和请求检测。我对liunx系统的作比较了解，但是对于macos上面这方面设置的修改不太清楚。 希望您可以解答！

Hi, I am facing an issue with login persistence using firebase, but basically, it seems that I need to ensure I enable the Keychain Sharing within the Identities capabilities, the problem is, it is not even on the list. Thank you much

Hello Apple Developer Community, We're implementing the PushToTalk framework as recommended. According to Apple engineers in previous forum responses : the framework allows your app to continue receiving push notifications even after your app is terminated or the device is rebooted. Implementation: We've properly implemented: Early initialization of PTChannelManager via channelManager(delegate:restorationDelegate:completionHandler:) Channel joining with requestJoinChannel(channelUUID:descriptor:) when foregrounded All required delegate methods Issue After a user force quits our app, PushToTalk functionality works briefly but fails after some time (minutes to hours). The system logs show: AudioSessionServerImpCommon.mm:105 { "action":"cm_session_begin_interruption", "error":"translating CM session error", "session":{"ID":"0x72289","name":"getcha(2958)"}, "details":{ "calling_line":997, "error_code":-12988, "error_string":"Missing entitlement" } } We suspect that entitlement after force-quitting the app, there's a permission cache that temporarily allows functionality, but once this cache is cleared, the features stop working. Without this entitlement, both audio playback and recording fail, completely breaking the PTT functionality. Questions Which specific entitlement is missing according to this error? Is there a permission caching mechanism that expires after force quit? How can we ensure reliable PTT operation after force quit as stated in documentation? This behavior contradicts Apple's guidance that PushToTalk should work reliably after termination. Any insights would be greatly appreciated. Thank you!

I'm trying to launch a command line app from my objective C application (sandboxed) using NSTask and I keep getting "launch path not accessible" Here is the path: [task setLaunchPath:@"/usr/local/bin/codeview"]; I have set the appropriate attributes for codeview and it is working perfectly when I use it from the command line and /usr/local/bin IS in the $PATH I know I have NSTask configured correctly because this WILL work: [task setLaunchPath:@"/usr/bin/hexdump"]; With the exception being that I'm using a command already in /usr/bin. But I can't copy codeview into /usr/bin due to SIPS. I've tried moving codeview to various other non-SIPS protected locations all to no avail. Must all NSTask commands come from /usr/bin? Where might I put codeview so that it can be launched. Today I'm going to use an older computer and disable SIPS to put my command in /usr/bin and see if that works. If it does. I will do it on my main machine.

Hi there, I am using Core NFC and I established the connection with the card, but after sending the command 'tag.sendCommand()' I receive this message: -[NFCTagReaderSession _connectTag:error:]:748 Error Domain=NFCError Code=2 "Missing required entitlement" UserInfo={NSLocalizedDescription=Missing required entitlement}. The version of XCode I am using is 16.3, and the iPhone version is iOS 18.4 Here is my entitlements file: com.apple.developer.nfc.readersession.formats NDEF TAG And my info.plist: NFCReaderUsageDescription NFC com.apple.developer.nfc.readersession.iso7816.select-identifiers A000112233445566 Signing & Capabilities‌ has added Near Field Communication Tag Reading‌.

Hi everyone, I applied for CarPlay Entitlements on [Date 04. 26, 2024] using CarPlay is Case ID "13045151". I haven't received any updates or responses regarding my application yet. It's been 7 days since the application. My service requires CarPlay integration with a Black Box device. The primary purpose of this integration is to allow users to configure device settings through CarPlay. Furthermore, we plan to utilize the "Communication" category of Entitlements to notify users of parking incidents detected by the Black Box device while parked. This functionality is crucial for alerting drivers to potential issues affecting their vehicles. Could anyone share their experience with the typical turnaround time for CarPlay Entitlements, especially for applications involving device integration and the "Communication" category? Is this delay normal? Is there any way to check the application status or contact the appropriate team to inquire about its progress? Thank you for any insights or advice you can provide! Sincerely,

I am currently creating a MacOS app that uses NetworkExtension and SystemExtension without going through the Store. Using entitlements, I manually codesign and create a pkg Installer, but when I run it I get an error message saying "No matching profile found." Below is the log /Applications/Runetale.app/Contents/MacOS/Runetale not valid: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=file:///Applications/Runetale.app/, unsatisfiedEntitlements=<CFArray 0x71c040fa0 [0x1f7bec120]>{type = immutable, count = 3, values ​​= ( 0 : <CFString 0x71c04f340 [0x1f7bec120]>{contents = "com.apple.developer.system-extension.install"} 1 : <CFString 0x71c1ccaf0 [0x1f7bec120]>{contents = "com.apple.developer.networking.networkextension"} 2 : <CFString 0x71c04fc00 [0x1f7bec120]>{contents = "com.apple.developer.team-identifier"} )}, NSLocalizedDescription=No matching profile found} I looked into it myself and found that if you want to install the app without going through the Store, you need to use packet-tunnel-provider-systemextension instead of packet-tunnel-provider. here However, simply changing to packet-tunnel-provider-systemextension does not allow the build to pass. I use a build method that changes the value of entitlements only during codesign in order to pass the build. SYSEXT="$APP_BUNDLE/Contents/Library/SystemExtensions/com.runetale.desktop.PacketTunnel.systemextension" if [ -d "$SYSEXT" ]; then echo "Signing PacketTunnel system extension with entitlements..." cp macos/PacketTunnel/PacketTunnelRelease.entitlements macos/PacketTunnel/PacketTunnelRelease-sign.entitlements sed -i '' 's/packet-tunnel-provider/packet-tunnel-provider-systemextension/' macos/PacketTunnel/PacketTunnelRelease-sign.entitlements codesign --force --options runtime --timestamp --entitlements "$ENTITLEMENTS_FILE" --sign "$DEV_ID_APP_CERT" "$SYSEXT" fi # 3. Sign the entire .app bundle (deep sign by signing the outer app after inner ones) echo "Signing Runetale App with entitlements..." cp macos/Runner/Release.entitlements macos/PacketTunnel/Release-sign.entitlements sed -i '' 's/packet-tunnel-provider/packet-tunnel-provider-systemextension/' macos/PacketTunnel/Release-sign.entitlementsmacos/PacketTunnel/Release-sign.entitlements codesign --force --options runtime --timestamp --entitlements "$APP_ENTITLEMENTS_FILE" --sign "$DEV_ID_APP_CERT" "$APP_BUNDLE" Is this build method wrong? The next solution I'm thinking of is as follows. Is there a way to write packet-tunnel-provider-systemextension directly to entitlments and pass the build? (provisioning profile?) Apply to forum and get permission to use packet-tunnel-provider-systemextension Thank you.

I've been using /usr/bin/shortcuts for various tasks (eg. Quicksilver uses it to list and run shortcuts), and after updating from 14.7.4 to 14.7.5 the tool gets killed on startup. Eg. here is what it looks like in my shell: ❯ shortcuts list zsh: killed shortcuts list (And this is regardless of whether I have "full disk access" or "developer tools" toggled on or off for iTerm.) Looking at system logs it seems like the binary is missing an entitlement, which causes MACF / Gatekeeper to throw a fit: 2025-04-12 18:38:48.847576 kernel: mac_vnode_check_signature: /usr/bin/shortcuts: code signature validation failed fatally: When validating /usr/bin/shortcuts: in-kernel: com.apple.shortcuts.ShortcutsCommandLine disallowed without com.apple.private.security.restricted-application-groups 2025-04-12 18:38:48.847582 kernel: validation of code signature failed through MACF policy: 1 2025-04-12 18:38:48.847583 kernel: check_signature[pid: 2475]: error = 1 2025-04-12 18:38:48.847587 kernel: proc 95761: load code signature error 4 for file "shortcuts" 2025-04-12 18:38:48.847613 kernel: exec_mach_imgact: not running binary "shortcuts" built against preview arm64e ABI 2025-04-12 18:38:48.855481 syspolicyd: (Security) SecTrustEvaluateIfNecessary 2025-04-12 18:38:48.857970 syspolicyd: [com.apple.syspolicy.exec:default] GK evaluateScanResult: 2, PST: (path: /usr/bin/shortcuts), (team: (null)), (id: (null)), (bundle_id: (null)), 0, 0, 1, 0, 1, 1, 0evaluateScanResult: 2, PST: (path: /usr/bin/shortcuts), (team: (null)), (id: (null)), (bundle_id: (null)), 0, 0, 1, 0, 1, 1, 0 I used Time Machine to compare the binary's entitlements between 14.7.4 and 14.7.5, and looks like in 14.7.5 /usr/bin/shortcuts indeed is missing the com.apple.private.security.restricted-application-groups entitlement that 14.7.4 had. The old binary had these two entitlements that the new one doesn't: [Key] com.apple.private.security.restricted-application-groups [Value] [Array] [String] group.com.apple.shortcuts [String] group.is.workflow.my.app [String] group.is.workflow.shortcuts [Key] com.apple.security.application-groups [Value] [Array] [String] group.com.apple.shortcuts [String] group.is.workflow.my.app [String] group.is.workflow.shortcuts Is there a sensible workaround for this (and by "sensible" I mean something that'd allow me to keep using the tool)? (I already asked this on the support forums but I figured I might as well ask here too)

Hey All, Seem to be in a loop and unable to proceed. New app specific for iOS being built on xCode. Project is configured only to deploy and use iOS, not macOS or anything else. Trying to create a new App iD always see it default to all platforms which means "Background Modes" is not visible or available. Automatic signing etc in xcode can't seem to get around this and just continues to flag I'm missing the entitlement for locations.background. Not sure what I am missing as I cannot manually configure the ID for iOS only and xcode is also generating new ID's with the same platform structure and constraints. Any thoughts or insights here please?

Hello Apple Developer Community, I have an existing Family Controls entitlement approved for my main app. My app includes the following extensions: AppLimitMonitorExtension ShieldConfigurationExtension ShieldActionExtension I am seeking clarification on whether my existing Family Controls entitlement for the main app automatically covers these extensions, or if I must submit separate entitlement requests for each extension. Because when I try to distribute app on App Store Connect it give me error "Provisioning profile failed qualification". Many developers appear to be facing this issue, and it seems that Apple has not clearly documented this. is information anywhere.

Hi all, I'm working on a use case where a customer checks in at a point of service (e.g., a cafeteria or restaurant) using their Apple Wallet pass (e.g., a digital employee badge). In this scenario, we would like to use an iPhone (with a custom iOS app) as the NFC terminal to read the pass directly from the customer's iPhone over NFC. I’m aware that "Tap to Pay on iPhone" allows NFC-based payment acceptance, but it’s unclear if similar functionality is available or permitted for reading access-type passes from another iPhone via NFC. Key questions: Is it technically possible for an iPhone to act as an NFC reader for a Wallet pass on another iPhone? If not, is this restricted due to Secure Element isolation or protocol limitations? Is there any Apple-supported path for building such a solution — or is certified external hardware (e.g., HID, Wavelynx) the only option? I’ve reviewed the Core NFC and PassKit documentation but couldn't find a definitive answer. Thanks in advance for your clarification!

I'm getting this error when uploading a build of my macOS app to App Store Connect. It has always worked before, and nothing changed about my use of app groups, and the iOS build uploaded without any problems. Cleaning the build folder and derived data folder doesn't help. I'm using automatically managed signing in Xcode. Invalid code signing entitlements. Your application bundle’s signature contains code signing entitlements that aren’t supported on macOS. Specifically, the “[group.]” value for the com.apple.security.application-groups key in “.pkg/Payload/.app/Contents/MacOS/” isn’t supported. This value should be a string or an array of strings, where each string is the “group” value or your Team ID, followed by a dot (“.”), followed by the group name. If you're using the “group” prefix, verify that the provisioning profile used to sign the app contains the com.apple.security.application-groups entitlement and its associated value(s).

On MacOS, I know that App Groups (com.apple.security.application-groups) do not require a provisioning profile. I was wondering if it's possible to sign them "ad hoc" and have it work? So maybe use a random TEAMID prefix and have it work? I would only need the app to work locally (for testing), not be distributed in that fashion, of course.

I requested the Family Controls Entitlement last week and haven’t heard back at all. I’ve submitted the request three times now, but I haven’t received a confirmation, a case number, or even an acknowledgment that it was received. I called Apple Support, but they said they have no visibility into the entitlement request process, which leaves me completely in the dark. I just want to know if my request is under consideration or not. This is especially frustrating because I’ve had strong engagement on social media around my app, and I have stakeholders waiting for updates. Right now, I can’t send the app for review, and I can’t even distribute it via TestFlight to internal testers. Honestly, I didn’t expect this kind of radio silence from Apple. Has anyone else experienced this when requesting entitlements?

I’ve been working on a Catalyst version of my iOS apps. Finally everything is working apart from the custom intents the user user to configure the widgets. The config UI loads: And changing settings at this level works. But it can’t load the options for the other settings: “No options were provided for this parameter” I see this crash in the intent: Termination Reason: Namespace DYLD, Code 1 Library missing Library not loaded: @rpath/CocoaLumberjack.framework/Versions/A/CocoaLumberjack Referenced from: <E1BF4CC5-4181-3272-828C-86B1CD1A66BF> /Applications/my.app/Contents/PlugIns/Intents.appex/Contents/MacOS/Intents Reason: , (security policy does not allow @ path expansion) (terminated at launch; ignore backtrace) I have added the Hardened Runtime Capability to the Main App Target, the Widget Target and the Intents Target. I also allowed “Disable Library Validation” just in case. What am I missing?

Hi, We have an app that is a default mail client, so it has this entry in its entitlements file: com.apple.developer.mail-client. This seems to create issues with ad-hoc distribution. We can distribute the app on App Store Connect without any issues and have been doing so for a while. We wanted to try using Xcode Cloud to manage our releases. The app export works fine for both App Store Distribution and Development Distribution. However, the ad-hoc distribution step fails. (We don't need ad-hoc distribution, but Xcode Cloud seems to prevent us from removing this step.) I tried building and releasing the app locally for ad-hoc distribution and encountered the same error as on Xcode Cloud. When Xcode tries to generate the profile, it outputs the following error: Provisioning profile "iOS Team Ad Hoc Provisioning Profile: com.infomaniak.mail" failed qualification checks: Profile doesn't support Default Mail App. Profile doesn't include the com.apple.developer.mail-client entitlement. Is it something broken with our config ? What are we missing ? Local error in Xcode Organizer: Remote error on Xcode cloud: