General: DevForums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained DevForums post --deep Considered Harmful DevForums post Don’t Run App Store Distribution-Signed Code DevForums post Resolving errSecInternalComponent errors during code signing DevForums post Finding a Capability’s Distribution Restrictions DevForums post Signing code with a hardware-based code-signing identity DevForums post Mac code signing: DevForums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding Nonstandard Code Structures in a Bundle documentation Embedding a Command-Line Tool in a Sandboxed App documentation Signing a Daemon with a Restricted Entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example DevForums post The Care and Feeding of Developer ID DevForums post TestFlight, Provisioning Profiles, and the Mac App Store DevForums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi. I'm planning of creating a system for in-office access control that allows putting employee ID card in Apple Wallet to unlock the door without unlocking iPhone, something like HID Global's Employee Badge in Apple Wallet. I searched and it seems that Apple Access is suitable for unlocking the office door, but I couldn't find any relevant development documentation. What kind of enrollment or application is required to put my employee ID card in Apple Wallet with Apple Access and use Express mode? Also, could one share any related development documents please? Thank you in advance.

I am applying for the NEHotspot API Entitlement with the details below, but Apple has rejected it multiple times. Can you help me understand what I am doing wrong? Q. In how many countries are your hotspots located? A - 1 Q. What is the approximate total number of hotspots you manage? A - 1000 Q. Which of the following best explains the relationship between you, the app publisher, and the users of these hotspots? A - These hotspots are free for anyone to use. Hotspot Helper API usage Q. A hotspot helper must claim the hotspot networks that it supports by setting a confidence value of either .low or .high when responding to the .evaluate command. See Figure 1-1 in Hotspot Network Subsystem Programming Guide for more background on this. When the helper claims a network, its display name (kNEHotspotHelperOptionDisplayName) is shown in Settings > Wi-Fi. What value do you intend to use for this? A - BSSID(MAC) Q. When responding to the .authenticate command, you system must interact with your hotspot to instruct it to pass traffic from the device to the wider internet. What network protocols does it use? A - DNS , HTTP Q. Provide any additional details about your usage to help us understand your planned implementation. A - We are implementing the following functionalities in our project: Connect to a Wi-Fi hotspot with a specified SSID. Remove Wi-Fi configurations for specific SSIDs. Initialize a new hotspot configuration with the specified SSID.

We have a pair of apps that are used to monitor the location of a person and allow them to reach out for help when needed. The apps are designed to be used with persons with special needs. A large portion of our target audience is people that have cognitive disabilities. One app is used by people that monitor and help the person with needs, and the other is used by the person with needs who is not with them all the time. The issue we have is that our users have trouble understanding what to do when this verification popup appears. This popup continues to appear over and over and over. This is a severe health and safety issue for us. We find that the user is often times confused by the popup and is disabling the background location tracking preventing the needs provider from being able to track the location of the user. It would be great if there was a special Entitlement that could be granted that would prevent this 'feature' of iOS. Or possibly simply a setting that the user's provider can setup on their phone to stop the annoying and dangerous constant popups. If anybody knows of a way to prevent this popup, please let us know. Otherwise, if someone at Apple could suggest how we can make this happen in the future.

Dear Apple Developer Forum community, I have a Multiplatform SwiftUI app that runs on both iOS and macOS. The app is available in the Mac App Store, and I aim to maintain backward compatibility. I use App Groups to synchronize data between the main app, where users configure content, and the widget, which displays this content. The data is stored using SwiftData. With macOS Sequoia now in beta testing, I have encountered a breaking change that affects my app. In macOS Sequoia, apps must use the team identifier number $(TeamIdentifierPrefix) as the prefix for App Groups on macOS. I cannot properly test future versions of my app without instructing my beta testers to turn off System Integrity Protection (SIP). This presents a significant issue for my Multiplatform SwiftUI app. On iOS, the app group identifier must start with group.identifier. Before macOS Sequoia, you could name your app group freely, and testing with TestFlight and publishing to the App Store was straightforward. Now, however, testing an app intended for the App Store is complicated by this rule. On macOS, you must use $(TeamIdentifierPrefix) to bypass this rule and allow for widgets to be tested and allow for synchronization between SwiftData. While on iOS, this approach is not allowed as the App Group becomes considered invalid. Additionally, this annoying popup appears every time a beta tester tries to open the app if they have SIP turned on: Instead of prompting for the app extensions, it rejects it. Rejecting this popup also prevents the main SwiftData app from opening. I am unsure how to proceed. If I want to test widgets (which is a primary focus of the app), I must use macOS Sequoia. I am particularly concerned about the implications if I decide to stop supporting macOS Sonoma in the future. Thank you in advance, LocalWE

I have the CarPlay Entitlement "Driving Task" and two of my apps use it. Now, in both apps, I have implemented Navigation. I requested the Navigation CarPlay Entitlement when the feature was mature and builds were available in Test Flight, since I wanted to release the new versions of the apps with navigation available both on the iPhone and in CarPlay. I got no answer to my request, so I decided to release the apps with only navigation in the iPhone and the Driving Task functionality in CarPlay, thinking that maybe being live with navigation in the App Store was a requirement. I have asked permission again, and so far, the request is being ignored again. What are the requirements to get the Navigation CarPlay Entitlement? If the app is approved for navigation, is there something else the app must do to get the entitlement? Requirements for CarPlay Entitlements seem quite obscure, are they listed anywhere? Is there a technical problem to move from an existing CarPlay Entitlement to another? Can that be the reason the entitlement has not been granted? Some of my competitors have the CarPlay Navigation entitlement. My use case is the same (in a better app in my opinion, of course). But I am only getting bad reviews because "the app does not include the map in CarPlay" after the big investment in implementing navigation in the apps. Any help or insight would be appreciated.

I have two MAUI Mac Catalyst apps. According to this guide https://learn.microsoft.com/en-us/dotnet/maui/mac-catalyst/deployment/publish-outside-app-store?view=net-maui-8.0#publish-using-the-command-line I created certificates, signed Release versions of applications, packed them with pkgbuild and productbuild which I also signed with created certificate They are both signed with same Code Signing key, have same team id. I had set up NSUpdateSecurityPolicy https://developer.apple.com/documentation/bundleresources/information_property_list/nsupdatesecuritypolicy like this: Using codesign -dv I cheked that updater, old and new versions of app share same Team Id and have correct bundle identifiers After update, updater wants to overwrite old app contents, but it always receives UnathorizedAccessException when touching any file located in application If my updater app has "App Managment" or "Full disk access" permission in System settings, everything works fine, but user needs to set up it manualy, that is not comfortable, so how can I request this permission? Also according to what I know, application don't need this permission if it's Team ID set up in NSUpdateSecurityPolicy Maybe I incorrectly set up NSUpdateSecurityPolicy, but I can't notice anything wrong. Also, can it be because I overwrite application using MAUI and C#? Thanks a lot for any answer!

Certain entitlements require special permission from Apple like DriverKit or Screentime API/Family controls. Those entitlements are tied to the bundle IDs of the app. If those entitlements have been granted for an app from developer A (personal account) and we transfer that app to developer B (organization account), including the bundle IDs, will those bundle IDs keep the entitlement? Or will we need to re-request from the developer account B? Any insights or experiences regarding this process would be greatly appreciated.

I'm setting up Auth0 to work with my app according to their instructions. I need to add an associated domain, but it doesn't work. When I try to use Auth0, it returns a message that says "Application with identifier (my-bundle-id) is not associated with domain (my-auth0-domain)". In Signing & Capabilities, I have the Associated Domains capability set up with this domain: "webcredentials:(my-auth0-domain)". I also added another version with ?mode=developer on the end of it, but neither works. I am sure that the domain I'm using is correct because I'm able to use it in Postman to authenticate with Auth0. I checked everything else against their documentation and samples several times.

I have an XPC service that embeds Python. It executes a python script on behalf of the main app. The app and xpc service are sandboxed. All seems to work just fine in the development environment but the script fails in the released version. I disabled writing pycache by setting the PYTHONDONTWRITEBYTECODE environment variable because pycache tries to write inside my app bundle which fails (I believe I can redirect the pycache directory with PYTHONPYCACHEPREFIX and may experiment with that later). Specifically this line fails in the release version only (not from Xcode): PyObject *pModule = PyImport_Import(moduleNameHere); if (pModuleOwnedRef == NULL) { // this is null in release mode only. } Any ideas what can be going wrong? Thanks in advance.

Hi, I'm developing a app that can install eSIM profile to device within the app, check currently esim or device is support eSIM feature, but for the Core Telephony API that required eSIM entitlement... I trying to request the entitlement from apple, but for the "Carrier team ID", my partner (carrier) does not know about this part... anyone can help? how can i get the "carrier team id" and request to apple get the entitlement to my app, implement Core Telephony...

Hello everyone! I'm developing framework and app for macOS for PCI devices. For communication with driverkit, I'm verifying by giving userclient access entities of system extension to app. However, the app is just a sample program, and our customer is trying to develop the app using a framework with PCI communication part. Is there a way to build a framework with my company's signature, and to build and execute it without acquiring userclient access elements by any chance by a customer developer? Moreover, userclient access is only available to developers who have subscribed to the Apple Developer Program, so I hope that client/developers do not need to obtain separate entries.

I have a simple little Mac app that embeds a Python interpreter. I wrote this app almost ten years ago and completely forgot about it. Anyway I submitted an update to it with a new version of Python but it's being rejected by App review for the following reason: Your app uses or references the following non-public or deprecated APIs: Symbols: • _Tcl_NewByteArrayObj • _Tcl_ResetResult • _Tcl_MutexLock • _Tcl_GetBooleanFromObj • _Tcl_SetObjResult • _Tcl_CreateInterp • _Tcl_ThreadQueueEvent • _Tcl_UnsetVar2 • _Tcl_GetBignumFromObj • _TclBN_mp_to_unsigned_bin_n • _Tcl_ListObjLength • _Tcl_ConditionWait • _Tcl_GetDouble • _Tcl_GetDouble • _Tcl_DeleteFileHandler • _Tcl_SetVar • _Tcl_SetVar • _Tcl_SetVar • _Tcl_DoOneEvent • _TclFreeObj • _Tcl_Eval • _Tcl_Eval • _Tcl_Eval • _Tcl_FindExecutable • _Tcl_NewLongObj • _Tcl_CreateTimerHandler • _Tcl_Init • _Tcl_ConditionFinalize • _Tcl_GetByteArrayFromObj • _Tcl_ListObjIndex • _Tcl_ExprLong • _Tcl_NewDoubleObj • _Tcl_GetDoubleFromObj • _Tcl_ExprString • _TclBN_mp_read_radix • _Tcl_DeleteTimerHandler • _Tcl_CreateFileHandler • _Tcl_GetVar • _Tcl_GetVar • _Tcl_CreateObjCommand • _Tcl_SetVar2Ex • _Tcl_GetStringFromObj • _Tcl_NewStringObj • _Tcl_GetObjType • _Tcl_MutexUnlock • _Tcl_DeleteCommand • _TclBN_mp_init • _Tcl_GetCurrentThread • _Tcl_ExprDouble • _Tcl_AddErrorInfo • _Tcl_Free • _Tcl_GetStringResult • _Tcl_SetVar2 • _Tcl_SetVar2 • _Tcl_GetBoolean • _Tcl_GetBoolean • _Tcl_RecordAndEval • _Tcl_EvalFile • _Tcl_GetLongFromObj • _TclBN_mp_clear • _Tcl_ThreadAlert • _Tcl_ExprBoolean • _Tcl_DeleteInterp • _TclBN_mp_unsigned_bin_size • _Tcl_AttemptAlloc • _Tcl_GetObjResult • _Tcl_GetWideIntFromObj • _Tcl_NewListObj • _Tcl_ConditionNotify • _Tcl_NewBooleanObj • _Tcl_SplitList • _Tcl_EvalObjv • _Tcl_GetThreadData • _Tcl_GetVar2Ex • _Tcl_NewWideIntObj • _Tcl_NewBignumObj • _Tcl_ListObjGetElements • _Tcl_GetString • _Tcl_GetString • _Tcl_GetString The use of non-public or deprecated APIs is not permitted on the App Store, as they can lead to a poor user experience should these APIs change and are otherwise not supported on Apple platforms. I read online that this is a sort of a widespread issue right now with apps that embed Python (would share links but then my post will have to be approved by a moderator). Anyone have a workaround?

i'm working on an app which shares a swiftdata database between the main app and its widgets. prior to the sequoia/xcode 16 betas this was working fine with setting the same app group for app & widget targets. however, now whenever i try to run my main app from Xcode i get a user permission requestor saying " would like to access data from other apps.". this happens every time i run it. whenever the widget is started (via trying to place it on the desktop, or the widgetkit simulator etc) it exits immediately (i assume because it can't show the permission requestor?) if i disable the app group for the widget, it runs.. however, of course, i can't access the main app's database. i'm on sequoia beta 2 (24A5279h) and Xcode 16 beta 2 (16A5171r) note: while the widgetkit simulator is now present in sequoia beta 2, i haven't actually been able to successfully use it

Hi, I have a PCI DriverKit System Extension project that our team has tested, and the entitlements are not a problem. Once we decided to place the project to the Apple Store the review team requested to add "App Sandbox" entitlement to the project. Then I added the entitlement manually to the ".entitlements" file ( I couldn't do that using the Xcode add entitlement section because since it is a driverkit project, the "App sandbox" is not visible in the entitlements page ) and re-packaged the project for distribution. Later on, I saw that the entitlement was removed during the packaging process. I also tried to add that using the "build settings" page in Xcode (the signing section ), but I had no luck. I feel like I'm being misled by the review team. Do you know if the "App sandbox" entitlement is applicable to a DriverKit project ?

I am converting some old objective-C code deployed on ios 12 to swift in a WKWebView app. Im also developing the app for Mac via MacCatalyst. the issue im experiencing relates to a programmable learning bot that is programmed via block coding and the app facilitates the read and writes back and forth. the audio works via a A2DP connection the user sets manually in their settings, while the actual movement of the robot is controlled via a BLE connection. Currently the code works as intended on MacCatalyst, while on iPhone, the audio being sent back to the robot is very choppy and sometimes doesn't play at all. I apologize for the length of this, but there is a bit to unpack here. First, I know there has been a few threads posted about this issue, this one that seems similar but went unsolved https://forums.developer.apple.com/forums/thread/740354 as well as this one where apple says it is "log noise" https://forums.developer.apple.com/forums/thread/742739 However I just find it hard to believe that this issue seems to be log noise in this case. Mac Catalyst uses a legacy header file for WebKit, and im wondering if that could be part of the issue here.I have enable everything relating to bluetooth in my info plist file as the developer documents say. In my app sandbox for mac catalyst I have the permissions set for bluetooth as well there. Here are snippets of my read and write function func readFunction(session: String){ // Wait if we are still waiting to hear from the robot if self.serialRxBuf == ""{ self.emptyReadCount += 1 } if (!self.serialRxWaiting){ return } // Make sure we are waiting for the correct session if (Int(session) != self.serialRxSession){ return } self.serialRxWaiting = false self.serialRxSession += 1 let buf = self.serialRxBuf self.serialRxBuf = "" print("sending Read: \(buf)") self.MainWebView.evaluateJavaScript(""" if (serialPort.onRead) { serialPort.onRead("\(buf)"); } serialPort.onRead = null; """ ,completionHandler: nil) } // ----- Write function for javascript bluetooth interface ----- func writeFunction(buf: String) -> Bool { emptyReadCount = 0 if((self.blePeripheral == nil) || (self.bleCharacteristic == nil) || self.blePeripheral?.state != .connected){ print("write result: bad state, peripheral, or connection ") // in case we recieve an error that will freeze react side, safely navigate and clear bluetooth information. if MainWebView.canGoBack{ MainWebView.reload() showDisconnectedAlert() self.centralManager = nil // we will just start over next time self.blePeripheral = nil self.bleCharacteristic = nil self.connectACD2Failed() return false } return false } var data = Data() var byteStr = "" for i in stride(from: 0, to: buf.count, by: 2) { let startIndex = buf.index(buf.startIndex, offsetBy: i) let endIndex = buf.index(startIndex, offsetBy: 2) byteStr = String(buf[startIndex..<endIndex]) let byte = UInt8(byteStr, radix: 16)! data.append(byte) } guard let connectedCharacteristic = self.bleCharacteristic else { print("write result: Failure to assign bleCharacteristic") return false } print("sending bleWrite: \(String(describing: data))") self.blePeripheral.writeValue(data, for: connectedCharacteristic, type: .withoutResponse) print("write result: True") return true } Here is what the log looks like when running on mac catalyst, which works just fine sending bleWrite: 20 bytes write result: True sending Read: sending Read: 55AA55AA0B0040469EE6000000000000000000ED sending bleWrite: 20 bytes write result: True sending Read: sending Read: sending Read: 55AA55AA0B0040469EE6000000000000000000ED sending bleWrite: 20 bytes write result: True sending Read: 55AA55AA0B0040469EE6000000000000000000ED sending bleWrite: 20 bytes write result: True sending Read: 55AA55AA0B0040EDCB09000000000000000000ED sending bleWrite: 20 bytes write result: True sending Read: sending Read: 55AA55AA0B00407A7B96000000000000000000ED sending bleWrite: 20 bytes write result: True Error acquiring assertion: <Error Domain=RBSServiceErrorDomain Code=1 "(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)" UserInfo={NSLocalizedFailureReason=(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)}> 0x12c0380e0 - ProcessAssertion::acquireSync Failed to acquire RBS assertion 'WebKit Media Playback' for process with PID=36540, error: Error Domain=RBSServiceErrorDomain Code=1 "(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)" UserInfo={NSLocalizedFailureReason=(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)} and here is the log from when we are running the code on iPhone (trying to save space here) I apologize for the length of this post, however submitting a test project to apple developer support just isn't possible with the device thats in use. Any help at all is appreciated. i've looked at every permission, entitlement, background processing, and tried every solution that I could find to no avail.

Hello, as the title says, I am trying to access Bluetooth in a system daemon. I am running on MacOS Sonoma 14.5. When initializing Bluetooth, my daemon received Unauthorized state. I have tried to add my daemon in the system settings (System Preferences > Security & Privacy > Privacy > Bluetooth) "Allow applications to access Bluetooth" by adding the program executable path defined by the entry Program of my system daemon as suggested here: https://developer.apple.com/forums/thread/662459. But I am still having the issue. Writing a system daemon with Bluetooth is not my final goal. The bigger picture is the smartcard reader driver with Bluetooth access which as the same issue and the solution is probably related. I do not remember how but my smartcard reader driver use to work with Bluetooth but it does now with the same Unauthorized error. As far as I can see daemon and smartcard drivers does not have support for entitlement. Here are the logs for my sample system daemon: my_daemon [0x6000011b0000] activating connection: mach=true listener=false peer=false name=com.apple.server.bluetooth.le.att.xpc bluetoothd [0x7f804828e8a0] activating connection: mach=false listener=false peer=true name=com.apple.server.bluetooth.le.att.xpc.peer[76672].0x7f804828e8a0 bluetoothd Received XPC message "CBMsgIdCheckIn" from session "" bluetoothd Received XPC check-in from session "my_daemon-5555494498236e3b5e2e395b93c13af176769937-peripheral-76672-67" fAccessLevel 0 fProgrammaticPairing 0 fLimitedForMediaAccess 0 bluetoothd Access level is less than kXPCAccessLevelSystem for session "my_daemon-5555494498236e3b5e2e395b93c13af176769937-peripheral-76672-67". Restricted state operation not allowed bluetoothd Sending 'session attached' event for session "my_daemon-5555494498236e3b5e2e395b93c13af176769937-peripheral-76672-67" bluetoothd Attached session for "my_daemon-5555494498236e3b5e2e395b93c13af176769937-peripheral-76672-67" with session: 0x7f804802d1b0, session handle: 0xef8d0000 bluetoothd Registering peripheral session "my_daemon-5555494498236e3b5e2e395b93c13af176769937-peripheral-76672-67" with backgrounding: off, persistence: off (CBSR) restoreID: (null) bluetoothd Error getting Application State for <private>: <private>, 3 bluetoothd Error getting Application State for <private>: <private>, 3 bluetoothd Session "my_daemon-5555494498236e3b5e2e395b93c13af176769937-peripheral-76672-67" tccRequired : 1 bluetoothd ReadyForTCC. TCC required:1 fLimitedForMediaAccess:0 fDeviceAccessForMediaExtension:0 bluetoothd Session "my_daemon-5555494498236e3b5e2e395b93c13af176769937-peripheral-76672-67" : needsRestrictedStateOperation = 0, overrideRestrictedState = 0 , denylistMode = 0, receivesControllerBTClockEvents=0 my_daemon Received CBMsgIdReadyForTCC my_daemon Running performTccCheck CBManager tccAvail 1, tccRequired 1 my_daemon TCC required my_daemon [0x6000011b8000] activating connection: mach=true listener=false peer=false name=com.apple.tccd my_daemon [0x6000011b8000] failed to do a bootstrap look-up: xpc_error=[3: No such process] my_daemon [0x6000011b8000] invalidated after a failed init my_daemon send_message_with_reply(): user tccd unavailable, sending 0x600000ab4000 to system tccd my_daemon [0x6000011b4000] activating connection: mach=true listener=false peer=false name=com.apple.tccd.system tccd [0x7fd4d1f7ed80] activating connection: mach=false listener=false peer=true name=com.apple.tccd.system.peer[76672].0x7fd4d1f7ed80 tccd REQUEST: tccd_uid=0, sender_pid=76672, sender_uid=0, sender_auid=-1, function=TCCAccessRequest, msgID=76672.1 tccd AUTHREQ_CTX: msgID=76672.1, function=<private>, service=kTCCServiceBluetoothAlways, preflight=no, query=1, client_dict=(null), daemon_dict=<private> tccd AUTHREQ_ATTRIBUTION: msgID=76672.1, attribution={requesting={TCCDProcess: identifier=my_daemon-5555494498236e3b5e2e395b93c13af176769937, pid=76672, auid=0, euid=0, binary_path=/Users/olivier/daemon/my_daemon}, }, tccd AUTHREQ_SUBJECT: msgID=76672.1, subject=/Users/olivier/daemon/my_daemon, tccd Refusing TCCAccessRequest for service kTCCServiceBluetoothAlways from client Sub:{/Users/olivier/daemon/my_daemon}Resp:{TCCDProcess: identifier=my_daemon-5555494498236e3b5e2e395b93c13af176769937, pid=76672, auid=0, euid=0, binary_path=/Users/olivier/daemon/my_daemon} in background session tccd AUTHREQ_RESULT: msgID=76672.1, authValue=0, authReason=5, authVersion=1, error=(null), tccd REPLY: (0) function=TCCAccessRequest, msgID=76672.1 my_daemon [0x6000011b4000] invalidated after the last release of the connection object bluetoothd Received XPC message "CBMsgIdTCCDone" from session "my_daemon-5555494498236e3b5e2e395b93c13af176769937-peripheral-76672-67" tccd [0x7fd4d1f7ed80] invalidated after getting a no-senders notification - client is gone bluetoothd [0x7f80482820f0] activating connection: mach=true listener=false peer=false name=com.apple.tccd.system tccd [0x7fd4d32585f0] activating connection: mach=false listener=false peer=true name=com.apple.tccd.system.peer[169].0x7fd4d32585f0 tccd REQUEST: tccd_uid=0, sender_pid=169, sender_uid=0, sender_auid=-1, function=TCCAccessRequest, msgID=169.48 tccd [0x7fd4d313d880] activating connection: mach=true listener=false peer=false name=com.apple.tccd tccd [0x7fd4d313d880] failed to do a bootstrap look-up: xpc_error=[3: No such process] bluetoothd [0x7f80482820f0] invalidated after the last release of the connection object bluetoothd Bluetooth user permission alwaysAuth: denied tccd [0x7fd4d313d880] invalidated after a failed init tccd FORWARD: to=com.apple.tccd/0, request: { require_purpose=<xpc_null> service="kTCCServiceBluetoothAlways" function="TCCAccessRequest" preflight=true target_token={pid:76672, auid:-1, euid:0} TCCD_MSG_ID="169.48" background_session=false } tccd REPLY: from=com.apple.tccd, reply: { XPCErrorDescription="Connection invalid" } tccd forwardMessage error: Connection invalid. tccd [0x7fd4d3152bf0] activating connection: mach=false listener=false peer=true name=com.apple.tccd.system.peer[169].0x7fd4d3152bf0 bluetoothd [0x7f80482820f0] activating connection: mach=true listener=false peer=false name=com.apple.tccd.system tccd REQUEST: tccd_uid=0, sender_pid=169, sender_uid=0, sender_auid=-1, function=TCCAccessRequest, msgID=169.49 tccd [0x7fd4d32585f0] invalidated after getting a no-senders notification - client is gone tccd [0x7fd4d1f4c810] activating connection: mach=true listener=false peer=false name=com.apple.tccd tccd [0x7fd4d1f4c810] failed to do a bootstrap look-up: xpc_error=[3: No such process] tccd [0x7fd4d1f4c810] invalidated after a failed init tccd FORWARD: to=com.apple.tccd/0, request: { require_purpose=<xpc_null> service="kTCCServiceBluetoothAlways" function="TCCAccessRequest" preflight=true target_token={pid:76672, auid:-1, euid:0} TCCD_MSG_ID="169.49" background_session=false } tccd REPLY: from=com.apple.tccd, reply: { XPCErrorDescription="Connection invalid" } tccd forwardMessage error: Connection invalid.

$ tccutil reset All This command resets the other permissions (i.e. camera, microphone) but doesn't reset the Local Network permission. OS: macOS 15.0

I already have an iOS app accepted on the App Store, and now I want to add a macOS platform version. I created a new Xcode project and used the same bundle ID as my iOS app. When I tried to upload the macOS bundle, I encountered the following error: Invalid Provisioning Profile. The provisioning profile included in the bundle ABC.123456 [ABC.123456.pkg/Payload/ABC.app] is invalid. [Invalid 'com.apple.application-identifier' entitlement value.] For more information, visit the macOS Developer Portal. (ID: xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx) I found that this problem occurs when the "Team ID" and "App ID Prefix" are different. How can I make them match?

I have published an application that makes use of AppGroup containers to share an sqlite database between the main application and a notification service extension. I have taken into account special file access coordination requirements for an sqlite database shared between processes (WAL, https://github.com/andpor/react-native-sqlite-storage/issues/308#issuecomment-522250831). The application is part of an educational study involving several hundred students of young age. As such, many devices are enrolled in FamilySharing where parents control access of their children. In production, records are added to the database by the main application. The notification service extension reads the database and syncs metadata with a server. Unfortunately, I'm seeing issues with database access from the extension on devices where FamilySharing is enabled. I cannot see detailed information about the issue, because Crash reporting is disabled as per guidelines of the participating institutions. Moreover, I have implemented logging in the extension such that any conventional error (do, catch) thrown by database access code would be visible to me in server logs. I cannot see errors in my log, which leads me to believe something is crashing the extension process when it tries to access the database in the AppGroup container. I cannot find any information in Apple documentation or the pertinent online forums about a special case for AppGroups in FamilySharing context. However, since I've only ever seen the issue on devices where FamilySharing is enabled, I have to assume the error lies there. Is there any undocumented special consideration for AppGroup access in FamilySharing contexts? Is an AppGroup that was created while the app was running under the child's account no longer accessible by the same application when it's running under the parent's account?

Hi, I'm having headaches with the debugging of my Unwanted Communication Reporting extension. iPhone log says: com.apple.IdentityLookup.MessageFilter[1774] <Error>: Extension's containing app (appID <private>) unauthorized to defer requests to host <private> So I guess I have something wrong with my apple-app-site-association. The AASA file I get with swcutil dl -d services.mydomain.com { classificationreport = { apps = ( "<MYTEAMID>.com.mydomain.myapp", "<MYTEAMID>.com.mydomain.myapp.unwanted" ); }; } where .com.mydomain.myapp is my containing app (bundle id). and .com.mydomain.myapp.unwanted is my extension The AASA file on the server is obviously in JSON format and correctly served from the server : services.mydomain.com In the extension Info.plist I've set the following : <key>NSExtension</key> <dict> <key>NSExtensionAttributes</key> <dict> <key>ILClassificationExtensionNetworkReportDestination</key> <string>https://services.mydomain.com/path/unwanted/report</string> </dict> <key>NSExtensionMainStoryboard</key> <string>MainInterface</string> <key>NSExtensionPointIdentifier</key> <string>com.apple.identitylookup.classification-ui</string> </dict> I suppose the reply from classificationResponse method is correct since MessageFilter "tries" to send the request. Where am I mistakening ? Difficult to debug... MessageFilter's log keeps interesting data as private (so there is no way to check what it's actually doing). And I've found no way to go deeper in the debug process. Many thanks Emmanuel