I am having a rare crash when calling FileHandle(forWritingTo:) initializer with a file that does not exist. In the documentation, I see that the expected behaviour is to return nil, but in my app, in rare cases I have a Crash. My code that causes the crash is if let handle = try? FileHandle(forWritingTo: logFile) { Is it a known behaviour ? should I test if the file exist before calling FileHandle(forWritingTo:) ? Shareable_2025-09-01_05-32-28.3051.crash

What’s the recommended way to recursively walk through a directory tree using File Coordination? From what I understand, coordinating a read of a directory only performs a “shallow” lock; this would mean that I’d need to implement the recursive walk myself rather than use FileManager.enumerator(at:includingPropertiesForKeys:options:errorHandler:) plus a single NSFileCoordinator.coordinate(with:queue:byAccessor:) call. I’m trying to extract information from all files of a particular type, so I think using NSFileCoordinator.ReadingOptions.immediatelyAvailableMetadataOnly on each file before acquiring a full read lock on it (if it’s the right file type) would make sense. Am I on the right track?

Has any one come across file corruption issues with tvOS 26? I am tracking an issue where files in my app's NSCachesDirectory are getting corrupted (not deleted) when my app is in the background. The issue is sporadic and very hard to reproduce, but is definitely a new issue with 26.

Hi everyone, I’m running into an issue with PHPickerFilter when using PHPickerViewController. When I configure the picker with a .videos and .livePhotos filter, it seems to work correctly in the Photos tab. However, when I switch to the Collections tab, the filter doesn’t always apply — users can still see and select static image assets in certain collections (e.g. from one of the People & Pets sections). Here’s a simplified snippet of my setup: var configuration = PHPickerConfiguration(photoLibrary: .shared()) configuration.selectionLimit = 1 var filters = [PHPickerFilter]() filters.append(.videos) filters.append(.livePhotos) configuration.filter = PHPickerFilter.any(of: filters) configuration.preferredAssetRepresentationMode = .current let picker = PHPickerViewController(configuration: configuration) picker.delegate = self present(picker, animated: true) Expected behavior: The picker should consistently respect the filter across both Photos and Collections tabs, only showing assets that match the filter. Actual behavior: The filter seems to apply correctly in the Photos tab, but in the Collections tab, other asset types are still visible/selectable. Has anyone else encountered this behavior? Is this expected or a known issue, or am I missing something in the configuration? Thanks in advance!

Title's basically the whole question. I'm writing an SMS/Call Reporting extension (ILClassificationUIExtensionViewController). My goal is to keep everything on device and not use the built-in SMS/network reporting. To that end, I'm trying to write to a file in the App Group container from the classificationResponse handler. I'm getting Error 513: "You don’t have permission to save the file “classification_log.txt” in the [app group container folder]". I haven't been able to find much in the documentation on whether this behavior is enforced in classificationResponse handlers. Apple's barebones page on "SMS and Call Spam Reporting"[1] says "the system always deletes your extension’s container after your extension terminates," but that doesn't answer whether you can write to an App Group container. I haven't been able to find that answer elsewhere. ChatGPT and Gemini are both very sure it can be done. Any thoughts? [1] https://developer.apple.com/documentation/identitylookup/sms-and-call-spam-reporting

Hello, appreciate any help here. Objective: perform a scoped write to a removable block device (using low-level system frameworks in C). Issue: launchd-run privileged helper (as root) denied permission to open block device. Manual 'sudo ./helper' call succeeds, however. Importantly: the entire process works flawlessly if the main app is granted Full Disk Access in Privacy & Security. However, this should be completely unnecessary for this objective, as scoped access should be sufficient, and FDA is in fact not required for other apps which perform this task. Architecture and flow: Main GUI process collects ISO path and target removable device path (queried via IOKit). Main GUI process installs a Privileged Helper via SMJobBless. The Privileged Helper is started on demand by launchd as root (UID 0, EUID 0). Main GUI process communicates selected ISO and device paths to Privileged Helper via XPC. Privileged Helper conducts security and sanity checks, unmounts volumes from target device via DiskArbitration. Privileged Helper obtains file handles to ISO and target block device (e.g.: "/dev/disk4"). Privileged Helper performs a byte-by-byte write to the target block device. Problematic area: Simplified example using C syscalls (via Zig): const path = "/dev/disk5"; // Note that even with readonly flag this fails const fd = c.open(path, c.O_RDONLY, @as(c_uint, 0)); defer _ = c.close(fd); if (fd < 0) { const err_num = c.__error().*; const err_str = c.strerror(err_num); log("open() failed with errno {}: {s}", .{ err_num, err_str }); } Output (when run by launchd - UID 0, EUID 0, domain: system): open() failed with errno 1: Operation not permitted Simplified example with Zig open interface: const directory = try std.fs.openDirAbsolute(deviceDir, .{ .no_follow = true }); const device = try directory.openFile("/dev/disk5", .{ .mode = .read_write, .lock = .exclusive }); errdefer device.close(); Output (when run by launchd - UID 0, EUID 0, domain: system): Error: error.AccessDenied Running the same examples by manually launching the binary with a test argument succeeds: sudo ./helper "/dev/disk5" ... Notable points: Both Main GUI process and the Privileged Helper binary are codesigned (via codesign ...). Privileged Helper has both Info.plist and Launchd.plist symbols exported into its binary. Privileged Helper has no codesign flags (e.g.: for hardened runtime or others): CodeDirectory v=20400 size=8130 flags=0x0(none) hashes=248+2 location=embedded Output of sudo launchctl print system/<helper-bundle-id> shows nothing of interest to indicate any security restrictions. Appreciate any advice here!

Hi, My Mac app allows a customer to drag and drop a file package onto a SwiftUI view. I can't seem to find a way to successfully call .startAccessingSecurityScopedResource() with the file/dir that was dropped into the view. I put together a simple test app. Here is the code: struct ContentView: View { @State var isTargetedForDrop: Bool = false var body: some View { VStack { Image(systemName: "globe") .imageScale(.large) .foregroundStyle(.tint) Text("Hello, world!") Rectangle() .stroke(Color.gray) .onDrop(of: [UTType.fileURL], isTargeted: $isTargetedForDrop) { providers in guard let provider = providers.first(where: { $0.hasItemConformingToTypeIdentifier(UTType.fileURL.identifier) }) else { return false } provider.loadItem(forTypeIdentifier: UTType.fileURL.identifier, options: nil) { item, error in if let error = error { print("Drop load error: \(error)") return } if let url = item as? URL { print("Dropped file URL: \(url)") } else if let data = item as? Data, let url = URL(dataRepresentation: data, relativeTo: nil) { print("Dropped file URL (from data): \(url)") let access = url.startAccessingSecurityScopedResource() if access { print("Successfully accessed file at URL: \(url)") } else { print("Failed to access file at URL: \(url)") } url.stopAccessingSecurityScopedResource() } else { print("Unsupported dropped item: \(String(describing: item))") } } return true } } .padding() } } When I drop a file package into this view I see, "Failed to access file at URL: <the_full_file_path>" I'm running Xcode 26 on macOS 26.

I'm debugging the following kernel panic to do with my custom filesystem KEXT: panic(cpu 0 caller 0xfffffe004cae3e24): [kalloc.type.var4.128]: element modified after free (off:96, val:0x00000000ffffffff, sz:128, ptr:0xfffffe2e7c639600) My reading of this is that somewhere in my KEXT I'm holding a reference 0xfffffe2e7c639600 to a 128 byte zone that wrote 0x00000000ffffffff at offset 96 after that particular chunk of memory had been released and zeroed out by the kernel. The panic itself is emitted when my KEXT requests the memory chunk that's been tempered with via the following set of calls. zalloc_uaf_panic() __abortlike static void zalloc_uaf_panic(zone_t z, uintptr_t elem, size_t size) { ... (panic)("[%s%s]: element modified after free " "(off:%d, val:0x%016lx, sz:%d, ptr:%p)%s", zone_heap_name(z), zone_name(z), first_offs, first_bits, esize, (void *)elem, buf); ... } zalloc_validate_element() static void zalloc_validate_element( zone_t zone, vm_offset_t elem, vm_size_t size, zalloc_flags_t flags) { ... if (memcmp_zero_ptr_aligned((void *)elem, size)) { zalloc_uaf_panic(zone, elem, size); } ... } The panic is triggered if memcmp_zero_ptr_aligned(), which is implemented in assembly, detects that an n-sized chunk of memory has been written after being free'd. /* memcmp_zero_ptr_aligned() checks string s of n bytes contains all zeros. * Address and size of the string s must be pointer-aligned. * Return 0 if true, 1 otherwise. Also return 0 if n is 0. */ extern int memcmp_zero_ptr_aligned(const void *s, size_t n); Normally, KASAN would be resorted to to aid with that. The KDK README states that KASAN kernels won't load on Apple Silicon. Attempting to follow the instructions given in the README for Intel-based machines does result in a failure for me on Apple Silicon. I stumbled on the Pishi project. But the custom boot kernel collection that gets created doesn't have any of the KEXTs that were specified to kmutil(8) via the --explicit-only flag, so it can't be instrumented in Ghidra. Which is confirmed as well by running: % kmutil inspect -B boot.kc.kasan boot kernel collection at /Users/user/boot.kc.kasan (AEB8F757-E770-8195-458D-B87CADCAB062): Extension Information: I'd appreciate any pointers on how to tackle UAFs in kernel space.

For years, my app has been receiving XLSX files from other apps using the share command. For example, in an email, I use the share command on an xlsx attachment and send it to my app. From my app, I go to the Documents/Inbox folder and find the file. This mechanism has broken! And I'm not talking about an app compiled with XCode26, but simply installing my app, still compiled with XCode16, on iPadOS26. It seems that the operating system no longer puts files in the Inbox. Is this true?

Hi, I just released a new version of an app that was transferred from another developer account. The previous version of this app used the App Groups feature to store some important data, and I would like to retrieve that data. In the new version, I’m using the same bundle identifier and the same App Group ID (which has already been deleted from the original developer account). I also added the App Groups entitlement in the project settings and set the same App Group ID. However, I still cannot access the data in the App Group. From the documentation and issues I’ve found, it seems that an app should still have permission to access the same App Group after being transferred. Did I miss something? Thanks!

How do I get the FileManager in SwiftUI to read information about the apps in the Applications folder. Lots of apps do it, Alfred, Raycast. It's not something that is unheard of, and yet I cannot for the life of me, using every kind of guide on the internet figure out how to achieve this. Please somebody help, this is legitimately affecting my mental health.

I would like to understand the recommended App Store–compliant method for uninstalling applications, particularly in cases where certain apps are owned by root rather than the user. Currently, since root-owned apps cannot be uninstalled, I display the error message: 'App name couldn’t be moved to the Trash because you don’t have permission to access it. please run sudo chown -R $user /application/appname and try again' I then instruct users to change the ownership of the app and try again, but this approach does not appear to align with App Store policies.

I'm using UIDocumentPickerViewController to open a url. Works fine in debug mode but version on the App Store is failing. Code to create the document picker is like: NSArray *theTypes = [UTType typesWithTag:@"docxtensionhere" tagClass:UTTagClassFilenameExtension conformingToType:nil]; UIDocumentPickerViewController *documentPicker = [[UIDocumentPickerViewController alloc]initForOpeningContentTypes:theTypes]; documentPicker.delegate = self;   [self presentViewController:documentPicker animated:YES completion:nil]; So in debug mode this is all gravy. -documentPicker:didPickDocumentsAtURLs: passes back a URL and I can read the file. In release mode I get a URL but my app is denied access to read the file. After inspecting some logging it appears the sandbox is not granting my app permission. error Domain=NSCocoaErrorDomain Code=257 "The file “Filename.fileextensionhere” couldn’t be opened because you don’t have permission to view it." UserInfo={NSFilePath=/private/var/mobile/Library/Mobile Documents/comappleCloudDocs/Filename.fileextensionhere, NSUnderlyingError=0x2834c9da0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}} -- If I'm doing something wrong with UIDocumentPickerViewController it is a real shame that permission is not being denied in Debug mode, as devs are more likely to catch in prior to release. Anyone know where I'm going wrong and if not have a workaround? Thanks in advance.

I have created a sample app which read/write from a network file. When the file was attempted to open (using open Linux API), connection to network file was lost. The thread which was stuck on the open method, returns after a long time. It was observed that for macOS, the maximum return time of the thread was around 10 mins, whereas in Windows and Linux, the maximum timeout was 60 sec and 90 sec. macOS has a very large timeout before returning the thread with a network failure error. Is this by designed and expected? With a large timeout as 10mins, it's difficult to respond swiftly back to the user.

Hi, The app that I'm developing requires data transfer between iOS device and external device through usb-c cable connection. So I'm trying to copy and paste the file between iOS and external storage device automactically. I've tried using UIDocuementPickerController with bookmark, which gives the url path of connected external storage after user selection for the first selection, but it could not be used directly without user interaction afterwards. Is it possible to use the storage url path automatically after user selection for the first time? How do I achieve that? Thanks in advance

I have an iOS app that allows user to select a folder (from local Files). User is seemingly capable selecting the "On My iPhone" folder (the "Open" button is enabled, clickable and when it is tapped the app gets the relevant URL) although there's nothing in that folder apart from ".trash" item. Is selecting that folder not supported? If not why is the "Open" button enabled on that level to begin with?

Hi, I'm trying to mount my FSKit volume with a client app (SwiftUI). I already successfully did it with the "mount" command and I can instantiate my file-system with FSPathURLResource. Also, I managed to mount the file-system with DiskArbitration in a SwiftUI app, but I only managed to get it working with FSBlockDeviceResource. Is there a way to programmatically do it in a client app? Or is "mount" command currently the only option?

Hello! I am trying to automate iOS builds for my Unreal Engine game using Unreal Automation Tool, but I cannot produce a functionnal build with it, while packaging from XCode works perfectly. I have tracked down the issue to a missing file. I'm using the Firebase SDK that requires a GoogleService-Info.plist file. I have copied this file at the root of my project, as the Firebase documentation suggests. I have not taken any manual action to specify that this file needs to be included in the packaged app. The Firebase code checks the existence of this file using NSString* Path = [[NSBundle mainBundle] pathForResource: @“GoogleService-Info” ofType: @“plist”]; return Path != nil; If I package my app from XCode using Product -> Archive, this test returns true and the SDK is properly initialized. If I package my app using Unreal Engine's RunUAT.sh BuildCookRun, this test returns false and the SDK fails to initialize (and actually crashes upon trying). I have tried several Unreal Engine tricks to include my file, like setting it as a RuntimeDependecies in my projects Build.cs file. Which enables Unreal Engine code to find it, but not this direct call to NSBundle. I would like to know either how to tell Unreal Engine to include files at the root of the app bundle, or what XCode does to automatically include this file and is there a way to script it? I can provide both versions .xcarchive if needed. Thanks!

(Using macOS 26 Beta 9 and Xcode 26 Beta 7) I am trying to support basic onDrop from a source app to my app. I am trying to get the closest "source" representation of a drag-and-drop, e.g. a JPEG file being dropped into my app shouldn't be converted, but stored as a JPEG in Data. Otherwise, everything gets converted into TIFFs and modern iPhone photos get huge. I also try to be a good app, and provide asynchronous support. Alas, I've been running around for days now, where I can now support Drag-and-Drop from the Finder, from uncached iCloud files with Progress bar, but so far, drag and dropping from Safari eludes me. My code is as follows for the onDrop support: Image(nsImage: data.image).onDrop(of: Self.supportedDropItemUTIs, delegate: self) The UTIs are as follows: public static let supportedDropItemUTIs: [UTType] = [ .image, .heif, .rawImage, .png, .tiff, .svg, .heic, .jpegxl, .bmp, .gif, .jpeg, .webP, ] Finally, the code is as follows: public func performDrop(info: DropInfo) -> Bool { let itemProviders = info.itemProviders(for: Self.supportedDropItemUTIs) guard let itemProvider = itemProviders.first else { return false } let registeredContentTypes = itemProvider.registeredContentTypes guard let contentType = registeredContentTypes.first else { return false } var suggestedName = itemProvider.suggestedName if suggestedName == nil { switch contentType { case UTType.bmp: suggestedName = "image.bmp" case UTType.gif: suggestedName = "image.gif" case UTType.heic: suggestedName = "image.heic" case UTType.jpeg: suggestedName = "image.jpeg" case UTType.jpegxl: suggestedName = "image.jxl" case UTType.png: suggestedName = "image.png" case UTType.rawImage: suggestedName = "image.raw" case UTType.svg: suggestedName = "image.svg" case UTType.tiff: suggestedName = "image.tiff" case UTType.webP: suggestedName = "image.webp" default: break } } let progress = itemProvider.loadInPlaceFileRepresentation(forTypeIdentifier: contentType.identifier) { url, _, error in if let error { print("Failed to get URL from dropped file: \(error)") return } guard let url else { print("Failed to get URL from dropped file!") return } let queue = OperationQueue() queue.underlyingQueue = .global(qos: .utility) let intent = NSFileAccessIntent.readingIntent(with: url, options: .withoutChanges) let coordinator = NSFileCoordinator() coordinator.coordinate(with: [intent], queue: queue) { error in if let error { print("Failed to coordinate data from dropped file: \(error)") return } do { // Load file contents into Data object let data = try Data(contentsOf: intent.url) Dispatch.DispatchQueue.main.async { self.data.data = data self.data.fileName = suggestedName } } catch { print("Failed to load coordinated data from dropped file: \(error)") } } } DispatchQueue.main.async { self.progress = progress } return true } For your information, this code is at the state where I gave up and sent it here, because I cannot find a solution to my issue. Now, this code works everywhere, except for dragging and dropping from Safari. Let's pretend I go to this web site: https://commons.wikimedia.org/wiki/File:Tulip_Tulipa_clusiana_%27Lady_Jane%27_Rock_Ledge_Flower_Edit_2000px.jpg and I try to drag-and-drop the image, it will fail with the following error: URL https://upload.wikimedia.org/wikipedia/commons/c/cf/Tulip_Tulipa_clusiana_%27Lady_Jane%27_Rock_Ledge_Flower_Edit_2000px.jpg is not a file:// URL. And then, fail with the dreaded Failed to get URL from dropped file: Error Domain=NSItemProviderErrorDomain Code=-1000 As far as I can tell, the problem lies in the opaque NSItemProvider receiving a web site URL from Safari. I tried most solutions, I couldn't retrieve that URL. The error happens in the callback of loadInPlaceFileRepresentation, but also fails in loadFileRepresentation. I tried hard-requesting a loadObject of type URL, but there's only one representation for the JPEG file. I tried only putting .url in the requests, but it would not transfer it. Anyone solved this mystery?

Hello, The customer requires transparent data encryption within their DLP system. All data on external storage must be encrypted and decrypted transparently. How can the data stream (read/write) be controlled? Are there any recommended way? Thank you in advance!