I’m prototyping a personal-use system that lets an iPhone with a physically attached controller act as an input device for a Mac. End goal: Use the iPhone as the transport and sensor host Use the attached physical controller for buttons/sticks Map the iPhone gyroscope to the controller’s right stick to get gyro aim in Mac games / cloud-streamed games such as GeForce NOW that don't support the gyro. What I’m trying to understand is whether Apple supports any path for this on macOS that does NOT require restricted entitlements or paid-program-only capabilities. What I’ve already found: CoreHID virtual HID device creation appears to require com.apple.developer.hid.virtual.device HIDDriverKit / system extensions appear to require Apple-granted entitlements as well GCVirtualController does not seem to solve the problem because I need a controller-visible device that other apps can see, not just controls inside my own app So my concrete question is: Is there any supported, entitlement-free way for a personal macOS app to expose a game-controller-like input device that other apps can consume system-wide? If not, is the official answer that this class of solution necessarily requires one of: CoreHID with restricted entitlement HIDDriverKit/system extension entitlement some other Apple-approved framework or program I’m missing I’m not asking about App Store distribution. This is primarily for local/personal use during development. I’m trying to understand the supported platform boundary before investing further. Any guidance on the recommended architecture for this use case would be appreciated.

I'm investigating supporting a touchscreen digitizer on macOS. I'd like to receive multi-touch reports from the device, and have them intercepted by my app. I also want to suppress the default absolute positioning 'mouse' behavior of the touch screen. The device exposes three HID interface: #0 - multi-touch (PrimaryUsagePage 0xD, PrimaryUsage 4) #1 - vendor-specific #2 - single-touch (PrimaryUsagePage 1, PrimaryUsage 2) I've only been able to achieve half of my goal using a HIDDriverKit dext - I can outmatch the OS for the single-touch HID interface and ignore its 7-byte single-touch reports. However, although I can match to the multi-touch interface, I never see any reports at all there, as if the OS never polls the interrupt endpoint. On Windows, the device "just works" - I've traced its behavior in Wireshark. The OS doesn't do any special setup, it sends no SET_FEATURE commands, it just reads from the multi-touch interrupt endpoint, where it receives 54-byte reports. Windows doesn't even get any 7-byte single-touch reports. On macOS, I managed to use Wireshark on an old Intel Mac, where I can still use XHC20 for logging. Here, macOS tries to read from all the interrupt endpoints for all the HID interfaces, and the digitizer only responds on the single-touch interface. MSDN's documentation for multi-touch support is quite unhelpful here, because it just says "use the OS driver", but doesn't detail how a digitizer switches between multi-touch and single-touch mode. If I were making a digitizer, I'd send reports on both interfaces, expecting the OS to read the single- or multi-touch interface as required. Although unlikely, it seems that this digitizer changes its behavior based on how it is accessed. I can outmatch the USB interface for the single-touch reports, so that the OS HID driver doesn't even see it. That doesn't change the device behavior. The HIDDriverKit APIs I use imply setting up an interrupt read. I call Open on the interface, and implement a ReportAvailable callback. This works for the single-touch interface, but I get no reports on the multi-touch interface. All the calls with return values return kIOReturnSuccess. Does anyone know how multi-touch digitizers switch between single- and multi-touch mode (if indeed they have a mode at all), or why macOS apparently doesn't even read the multi-touch interrupt end point? Does anyone know how I can ensure that my HID driver actually reads the interrupt endpoint on the HID interface it is matched to? Does macOS deliberately prevent access to multi-touch HID interfaces?

I was wondering if there's a method on MacOS to have my application hide a hid device such as a game controller and instead have the receiving game/application see my app's virtual controller? Is this possible via DriverKit or some other form of kernel level coding? On Windows we have a tool known as HidHide that hids a game controller from all other applications. Is it possible to implement such behavior into an app or is that system level?

Hi, I’m looking for clarification from folks familiar with CoreHID rather than App Review, as the guys there have not responded to my post (https://developer.apple.com/forums/thread/820676) We have a sandboxed macOS app that creates a virtual HID device (HIDVirtualDevice) as described in Creating virtual devices https://developer.apple.com/documentation/corehid/creatingvirtualdevices To work at all, the app requires the entitlement: com.apple.developer.hid.virtual.device With this entitlement present, macOS shows the system prompt requesting Accessibility permission App would like to control this computer using accessibility features. Grant access to this application in Security and Privacy preferences located in System Preferences. when HIDVirtualDevice(properties:) is called. There is no mention of Accessibility in the HIDVirtualDevice documentation, but the behavior is reproducible and seems unavoidable. My question is therefore: Is creating a virtual HID device from userspace via HIDVirtualDevice considered inherently incompatible with Mac App Store distribution? In other words: Is the Accessibility prompt an expected side‑effect of this API? And if so, does that mean using HIDVirtualDevice is only practical for direct (non–App Store) distribution unless the app is explicitly an accessibility tool? I’m not asking about review policy details—just whether, from a technical/system point of view, HIDVirtualDevice is actually intended to be usable by App Store apps. For context, there seem to be public, non‑accessibility uses of Apple’s virtual HID infrastructure, like this recent post: https://developer.apple.com/forums/thread/820708 and corresponding Github repo this project. I don't know if these intend to use the App Store, but they might end up in the same situation. Any insights from people who’ve worked with CoreHID would be greatly appreciated. Thanks, Magnus

We are trying to determine whether a third-party DriverKit HID dext can seize or intercept raw HID input reports from an external mouse through any top case–related path in the HID stack. Our dext is based on IOUserHIDEventDriver, and the goal is to receive raw input reports before they are translated into higher-level pointer events. Apple’s public HIDDriverKit documentation describes IOUserHIDEventDriver as the driver object responsible for dispatching pointer, digitizer, scrolling, and related HID-originated events, but it is not clear to us whether any “top case” path is actually exposed or supported for third-party matching in DriverKit. What we want to clarify is specifically about external mouse devices, not the built-in trackpad itself. Questions: Is there any officially supported way for a third-party DriverKit HID dext to bind through a top case–related path and receive raw HID input reports from an external mouse? Is “top case” something that third-party DriverKit drivers can meaningfully target for matching/attachment, or is it only an internal Apple implementation detail? If such a path exists, can it be used to seize raw reports before they are converted into higher-level pointer events? If not, what is the officially supported boundary for third-party DriverKit access to raw reports from external mouse-class HID devices? To be clear, we are not asking about synthesizing pointer events. We are asking whether a third-party DriverKit dext can directly observe or seize the original HID input reports from an external mouse by attaching through any top case–related portion of the HID stack. If “top case” is not a public DriverKit concept that third parties can target, confirmation of that would also be very helpful.

We are trying to intercept raw reports from the built-in MacBook haptic trackpad using a DriverKit IOUserHIDEventDriver dext. Our dext installs and activates successfully: OSSystemExtensionRequest finishes with result 0 systemextensionsctl list shows the dext as activated enabled the dext is embedded correctly in the app bundle However, it never attaches to the built-in trackpad IOHIDInterface. ioreg shows the built-in trackpad interface still matched only by Apple’s HID dext. We also observed that Apple’s own HID dext appears to use com.apple.developer.driverkit.builtin, while that entitlement is not available in our provisioning profile. Our dext specifically relies on: IOUserHIDEventDriver::handleReport(...) SetProperties() with kIOHIDEventDriverHandlesReport Questions: Is com.apple.developer.driverkit.builtin required for a third-party IOUserHIDEventDriver to match a built-in internal trackpad IOHIDInterface? Is that entitlement public/requestable, or Apple-internal only? At what stage is it enforced: activation, personality matching, provider attach, or before Start()? If builtin is not available to third parties, is there any officially supported way to receive raw reports from the built-in MacBook trackpad in DriverKit? Our conclusion so far is that activation succeeds, but provider binding to the built-in trackpad fails due to built-in-only authorization/matching.

My application will create a virtual touchpad. The problem I encountered is: click on the Product menu, select Archives, then select the Distribute App, then click on Drill Distribution, then click on Distribute, and then a prompt appears: Provisioning profile "Mac Team direct Provisioning Profile:"com.xxx.xxx"doesn't match the entitlements file's valuefor the com.apple.developer.driverkit.userclient-access entitlement. But My Identifiers Selected the:DriverKit Allow Any UserClient (development) Do I need toRequest a System Extension or DriverKit Entitlement Select "Virtual HID" in here? https://developer.apple.com/contact/request/system-extension/

Hi all, Wondering how I would go about creating a plugin/class to support a new (physical/hardware) device with the game controller framework? Between GCVirtualController on iOS and the "KeyboardAndMouseSupport.bundle" I see inside GameController.framework on my Mac, it looks like the framework must be designed to support this but I can't find any documentation. Thanks!

I have been working on a multi-platform multi-touch HID-standard digitizer clickpad device. The device uses Bluetooth Low Energy (BLE) as its connectivity transport and advertises HID over GATT. To date, I have the device working successfully on Windows 11 as a multi-touch, gesture-capable click pad with no custom driver or app on Windows. However, I have been having difficulty getting macOS to recognize and react to it as a HID-standard multi-touch click pad digitizer with either the standard Apple HID driver (AppleUserHIDEventDriver) or with a custom-coded driver extension (DEXT) modeled, based on the DTS stylus example and looking at the IOHIDFamily open source driver(s). The trackpad works with full-gesture support on Windows 11 and the descriptors seem to be compliant with the R23 Accessory Guidelines document, §15. With the standard, matching Apple AppleUserHIDEventDriver HID driver, when enumerating using stock-standard HID mouse descriptors, the device works fine on macOS 14.7 "Sonoma" as a relative pointer device with scroll wheel capability (two finger swipe generates a HID scroll report) and a single button. With the standard, matching Apple AppleUserHIDEventDriver HID driver, when enumerating using stock-standard HID digitizer click/touch pad descriptors (those same descriptors used successfully on Windows 11), the device does nothing. No button, no cursor, no gestures, nothing. Looking at ioreg -filtb, all of the key/value pairs for the driver match look correct. Because, even with the Apple open source IOHIDFamily drivers noted above, we could get little visibility into what might be going wrong, I wrote a custom DriverKit/HIDDriverKit driver extension (DEXT) (as noted above, based on the DTS HID stylus example and the open source IOHIDEventDriver. With that custom driver, I can get a single button click from the click pad to work by dispatching button events to dispatchRelativePointerEvent; however, when parsing, processing, and dispatching HID digitizer touch finger (that is, transducer) events via IOUserHIDEventService::dispatchDigitizerTouchEvent, nothing happens. If I log with: % sudo log stream --info --debug --predicate '(subsystem == "com.apple.iohid")' either using the standard AppleUserHIDEventDriver driver or our custom driver, we can see that our input events are tickling the IOHIDNXEventTranslatorSessionFilter HID event filter, so we know HID events are getting from the device into the macOS HID stack. This was further confirmed with the DTS Bluetooth PacketLogger app. Based on these events flowing in and hitting IOHIDNXEventTranslatorSessionFilter, using the standard AppleUserHIDEventDriver driver or our custom driver, clicks or click pad activity will either wake the display or system from sleep and activity will keep the display or system from going to sleep. In short, whether with the stock driver or our custom driver, HID input reports come in over Bluetooth and get processed successfully; however, nothing happens—no pointer movement or gesture recognition. STEPS TO REPRODUCE For the standard AppleUserHIDEventDriver: Pair the device with macOS 14.7 "Sonoma" using the Bluetooth menu. Confirm that it is paired / bonded / connected in the Bluetooth menu. Attempt to click or move one or more fingers on the touchpad surface. Nothing happens. For the our custom driver: Pair the device with macOS 14.7 "Sonoma" using the Bluetooth menu. Confirm that it is paired / bonded / connected in the Bluetooth menu. Attempt to click or move one or more fingers on the touchpad surface. Clicks are correctly registered. With transducer movement, regardless of the number of fingers, nothing happens.

Hi everyone, I am developing a .NET MAUI Mac Catalyst app (sandboxed) that communicates with a custom vendor-specific HID USB device. Within the Catalyst app, I am using a native iOS library (built with Objective-C and IOKit) and calling into it via P/Invoke from C#. The HID communication layer relies on IOHIDManager and IOUSBInterface APIs. The device is correctly detected and opened using IOHIDManager APIs. However, IOHIDDeviceRegisterInputReportCallback never triggers — I don’t receive any input reports. To investigate, I also tried using low-level IOKit USB APIs via P/Invoke from my Catalyst app, calling into a native iOS library. When attempting to open the USB interface using IOUSBInterfaceOpen() or IOUSBInterfaceOpenSeize(), both calls fail with: kIOReturnNotPermitted (0xe00002e2). — indicating an access denied error, even though the device enumerates and opens successfully. Interestingly, when I call IOHIDDeviceSetReport(), it returns status = 0, meaning I can successfully send feature reports to the device. Only input reports (via the InputReportCallback) fail to arrive. I’ve confirmed this is not a device issue — the same hardware and protocol work perfectly under Windows using the HIDSharp library, where both input and output reports function correctly. What I’ve verified •Disabling sandboxing doesn’t change the behavior. •The device uses a vendor-specific usage page (not a standard HID like keyboard/mouse). •Enumeration, open, and SetReport all succeed — only reading input reports fails. •Tried polling queues, in queues Input_Misc element failed to add to the queues. •Tried getting report in a loop but no use.

Hey I’m working on a macOS app that wants to detect the MacBook lid / hinge angle (i.e. how far the screen is open) by directly reading the internal sensor via HID / IOKit (a private / undocumented API). I came across this project: LidAngleSensor — GitHub: https://github.com/samhenrigold/LidAngleSensor?tab=readme-ov-file Before investing too much effort, I’d like to ask the community: Has anyone succeeded in getting such an app accepted on the Mac App Store when it includes sensor-level, private API access like this? What were the reviewer feedback or rejection reasons (if any)? Are there documented cases (positive or negative) where Apple approved or rejected apps for accessing non-public hardware sensors? What’s the risk of getting banned or permanently rejected for integrating this kind of functionality? If you have direct experience (whether it passed or failed), I’d love to hear your stories, strategies, or pointers. Thanks in advance!

Hi Apple, We are working on a general USB device management solution on macOS for enterprise security. Our goal is to enforce policy-based restrictions on USB devices, such as: For USB storage devices: block mount, read, or write access. For other peripherals (e.g., USB headsets or microphones, raspberry pi, etc): block usage entirely. We know in past, kernel extension would be the way to go, but as kext has been deprecated. And DriverKit is the new advertised framework. At first, DriverKit looked like the right direction. However, after reviewing the documentation more closely, we noticed that using DriverKit for USB requires specific entitlements: DriverKit USB Transport – VendorID DriverKit USB Transport – VendorID and ProductID This raises a challenge: if our solution is meant to cover all types of USB devices, we would theoretically need entitlements for every VendorID/ProductID in existence. My questions are: Is DriverKit actually the right framework for this kind of general-purpose USB device control? If not, what framework or mechanism should we be looking at for enforcing these kinds of policies? We also developed an Endpoint Security product, but so far we haven’t found a relevant Endpoint Security event type that would allow us to achieve this. Any guidance on the correct technical approach would be much appreciated. Thanks in advance for your help.

first post here and this is kinda a long shot. I’m working on a custom keypad project for a young man with some mobility issues that unfortunately prevents gestrue and voice control as UI options. id like to see if I can pull track metadata via a Bluetooth connection into a custom keyboard with a small screen. I know hid doesn’t support this but I was hoping maybe the API for iOS’s blueprint remote app could be leveraged. I haven’t don’t much with Apple previousl. Usually Roku and Crestron implantations but I’m hoping to see if I can accomplish something with Apple, without needing to implement any IP connection.

Hello every one good day :) My project uses a mouse driver handling all events from the mouse produced by our company. In the past the driver is a kext, which implement acceleration by HIDPointerAccelerationTable, we prepare data in the driver's info.plist, while our app specifies a value to IOHIDSystem with key kIOHIDPointerAccelerationKey, the driver will call copyAccelerationTable() to lookup the HIDPointerAccelerationTable and return a value. In current DriverKit area, the process above is deprecated. Now I don't know to do. I've read some document: https://developer.apple.com/documentation/hiddriverkit/iohidpointereventoptions/kiohidpointereventoptionsnoacceleration?changes=__7_8 https://developer.apple.com/documentation/hiddriverkit/kiohidmouseaccelerationtypekey?changes=__7_8 https://developer.apple.com/documentation/hiddriverkit/kiohidpointeraccelerationkey?changes=__7_8 but no any description in those articles. Please help!

Hello, As part of developing a DLP system, I need to block input devices upon detection of data leakage. Could you advise if it's possible to temporarily disable the built-in keyboard and camera? Thank you in advance, Pavel

I am aware the USB / HID devices can come and go, if you have a long running application that's what you want to monitor. But for a "one-shot" command-line tool for example, I would like to enumerate the devices present on a system at a certain point in time, interact with a subset of them (and this interaction can fail since the device may have been disconnected in-between enumerating and me creating the HIDDeviceClient), and then exit the application. It seems that HIDDeviceManager only allows monitoring an Async[Throwing]Stream which provides the initial devices matching the query but then continues to deliver updates, and I have no idea when this initial list is done. I could sleep for a while and then cancel the stream and see what was received up to then, but that seems like the wrong way to go about this, if I just want to know "which devices are connected", so I can maybe list them in a "usage" or help screen. Am I missing something?

Hi Everyone! I want to block the USB wired mouse from accessing my machine. Which framework is used to implement ? PS: I have already tried DriverKit Framework but it requires Apple's paid developer account. What will be alternative ?

Hi Apple support, We requested the 4 HID-related Entitlements back in December 2024. Similarly to another post here in the forums that was completely ignored, our request has NOT been processed for months. Mailing the support staff results in boilerplate email responses with no content, calling them results in a chat with very nice people who are unable to help since they can't seem to reach the entitlement team directly. Having to wait for MONTHS when dealing with one of the biggest and supposedly best companies in the world is beyond disappointing. Can anyone help? Is there anyone else that has had this same issue and that has found a work-around? I can share all necessary details. Thanks, Matteo

I'm working on a project to allow HID input from macOS to a connected iOS device. Are we prohibited from matching to a connected iPhone with DriverKit? I see the attribute kCDCDoNotMatchThisDevice for my iPhone is YES when looking at the IO registry and my dext does not initialize

Hi, I am working on a personal HIDDriverKit project. The documentation suggests that you do not need the entitlements from Apple to do local development - that all you need to do is turn of SIP, enable developer mode, and turn signing to "Sign to Run Locally". However, I have followed all of these steps, and am still running into the error that to build, I need to have a provisioning profile with the DriverKit (development) feature (MacOS 15.2 Xcode 16.2). Am I missing something here regarding the steps for local development? Does one need to request a development version of the entitlements even for local development? Do I need a paid developer account to do this? Thank-you in advance.