I'll preface by saying I am new to MacOS development. I've struggled with this issue for several days and have nowhere else to go for help. My MacOS app is an Electron build. It needs application-groups entitlement for IPC. But the developer portal, when generating the provisioning profile, always appends "groups." to the start and I am unable to remove it. This renders my provisioning profile invalid and causes my app to be rejected by Transporter because it is not supposed to start with "groups", but with my team identified for MacOS. Maybe I can still use the provisioning profile as is, but I've not found any way to do that. So I'm stuck unable to deliver. Any help with this is appreciated.

Hello Apple Developer Community, We have been experiencing a persistent notification issue in our application, Flowace, after updating to macOS 15 and above. The issue is affecting our customers but does not occur on our internal test machines. Issue Description When users share their screen using Flowace, they receive a repetitive system notification stating: "Flowace has accessed your screen and system audio XX times in the past 30 days. You can manage this in settings." This pop-up appears approximately every minute, even though screen sharing and audio access work correctly. This behavior was not present in macOS 15.1.1 or earlier versions and appears to be related to recent privacy enhancements in macOS. Impact on Users The frequent pop-ups disrupt workflows, making it difficult for users to focus while using screen-sharing features. No issues are detected in Privacy & Security Settings, where Flowace has the necessary permissions. The issue is not reproducible on our internal test machines, making troubleshooting difficult. Our application is enterprise level and works all the time, so technically this pop only comes after a period of not using the app. Request for Assistance We would like to understand: Has anyone else encountered a similar issue in macOS 15+? Is there official Apple documentation explaining this new privacy behavior? Are there any interim fixes to suppress or manage these notifications? What are Apple's prospects regarding this feature in upcoming macOS updates? A demonstration of the issue can be seen in the following video: https://youtu.be/njA6mam_Bgw Any insights, workarounds, or recommendations would be highly appreciated! Thank you in advance for your help. Best, Anuj Patil Flowace Team

Summary Recently a number of bugs affecting our Safari extension have been introduced with various Safari 18.X updates. We've submitted feedback for all of these, but most have received no response. We need to raise this to your attention as it has been affecting our developer experience and causing a lot of frustration for our users. It's something that adds a lot of uncertainty for us. These issues affect core web functionalities but seem to be isolated to the Start Page or Extension environments. For example: using window.open, no longer works using window.location.href = ... no longer works Including a tag in our start page causes infinite reloading to occur. registering a content script more than once will crash Safari Details Unable to open new window as as start page extension in Safari 18 FB15879470 What happens: Calling window.open does nothing. This broke our links to our feedback submission, marketing site & help site. When: Nov 18, 2024 - Initial launch of Safari 18 on macOS Status: Open, No response Unable to open app url scheme with window.location.href in start page extension in iOS 18 FB15879596 What happens: Changing the URL in this way does nothing (well actually it does work about 10% of the time). This broke our navigation to in app payment. When: Nov 18, 2024 - Initial launch of Safari 18 on iOS Status: Open, No response New tab extensions broken FB16126043 What happens: Having a tag in your causes an infinite loop of reloading the start page. This broke our entire start page extension. When: Dec 19, 2024 - Safari 18.3 on iOS beta Status: 10 similar tickets found, marked for future OS update. We did get a response and a fix is identified for a future release window.open opens “about:blank” when called from Start Page extension. FB16427985 What happens: calling window.open from the start page opens about blank on iOS 18.3. Similar to the first issue, but slightly different behaviour. This broke our links to our feedback submission, marketing site & help site. When: Jan 30, 2025 - Safari 18.3 Status: Open, No response Registering a content script more than once causes Safari to crash in macOS 15.4 beta FB16831768 What happens: We have an optional content script that we were registering every time it was used. Although somewhat redundant, it was much simpler than checking if one was already registered and tracking if an updated one needed to replace it. This works fine on all other browsers and all prior Safari versions we've released it on. However if a user enables site blocker on the latest version, as soon as they visit any website, our content script registration causes Safari to crash. Essentially preventing users from using Safari until they uninstall our extension. When: Mar 11, 2025 - Safari 18.4 Status: Open, No response In Conclusion Luckily we have been able to isolate and find workarounds for most of these issues so far, but we are not guaranteed to in the future. We are raising this not only to have these issues looked into, but to raise awareness of the rising trend of basic functionality of Safari extensions breaking with Safari updates. We hope that this can influence a shift in your QA & feedback intake practices to ensure these issues are less frequent in the future. We are happy to raise future issues through your provided channels as they are discovered. But to have our feedback ignored and then have to rely solely on workarounds to prevent disruptions to our users' experience is concerning. We submitted this feedback to our developer relations contact, and he suggested we submit a TSI to look into these issues. In response to this, we were advised to post this here.

Implementing ACL support in a distributed filesystem, with macOS and Linux clients talking to a remote file server, requires compatibility between the ACL models supported in Darwin-XNU and Linux kernels to be taken into consideration. My filesystem does support EAs to facilitate ACL storage and retrieval. So setting ACLs via chmod(1) and retrieving them via ls(1) does work. However, the macOS and Linux ACL models are incompatible and would require some sort of conversion between them. chmod(1) uses acl(3) to create ACL entries. While acl(3) claims to implement POSIX.1e ACL security API, which, to the best of my knowledge, Linux VFS implements as well, their respective implementations of the standard obviously do differ. Which is also stated in acl(3): This implementation of the POSIX.1e library differs from the standard in a number of non-portable ways in order to support the MacOS/Darwin ACL semantic. Then there's this NFSv4 to POSIX ACL mapping draft that describes the conversion algorithm. What's the recommended way to bridge the compatibility gap there, so that macOS ACL rules are honoured in Linux and vice versa? Thanks.

Hi, trying to upgrade from macOS Sequoia 15.3.2 to 15.4 gives this error. Now I can not boot from internal drive of M1 Air 2020, because it restores 15.4, that does not boot. I can only boot from external USB SSD that has macOS 15.3.2. How I can install back 15.3.2 or alternatively newer macOS to internal drive? I only have one Mac, this M1 Air 2020. I have AppleAppleCare+ to 9/18/25. Remaining of error is attached here: Can't ignore lock validation @t8020dart.c:535 panic(cpu 2 caller 0x0): t8020dart 0xfffffdf053908000 (dart-dispext0): Can't ignore lock validation @t8020dart.c:535 Debugger message: panic Memory ID: 0x6 OS release type: Not set yet OS version: Not set yet Kernel version: Darwin Kernel Version 24.4.0: Wed Mar 19 21:12:54 PDT 2025; root:xnu-11417.101.15~1/RELEASE_ARM64_T8103 Fileset Kernelcache UUID: 2BBA525B95E0E6B962ECC44FC093AB57 Kernel UUID: 4E6CBD31-CD1E-3939-8A63-211A206AFA66 Boot session UUID: 3A34167D-2534-402F-9679-2CAD45F67CDA iBoot version: iBoot-11881.101.1 iBoot Stage 2 version: iBoot-11881.101.1 secure boot?: YES

Hello, is there a way to implement Continuity Markup in our own apps? (This is what I'm talking about: https://support.apple.com/en-us/102269 , scroll down to "Use Continuity Markup"). Also, why does a QuickLook panel (QLPreviewPanel.shared()) not display the markup options when triggered from my app for png image files in my app's Group Container? Do I need to implement certain NSServicesMenuRequestor methods for that? Sadly, I could not find any docs on that. Thank you, – Matthias

I am developing a React Native app for a health monitoring device that connects via Bluetooth and streams live data on iOS. To ensure the uniqueness of the device, I initially planned to use the MAC address. However, I discovered that iOS does not provide access to the original MAC address due to privacy restrictions. Is there an alternative approach to uniquely identifying a Bluetooth device in iOS? I need a reliable way to distinguish devices while maintaining secure and stable connections. Any insights or best practices on handling this in iOS would be greatly appreciated. Looking forward to hearing your suggestions! If anyone has experience with handling Bluetooth device uniqueness on iOS, please share your insights. Thank you!

I have been trying to find a way to be able to sign some data with private key of an identity in login keychain without raising any prompts. I am able to do this with system keychain (obviously with correct permissions and checks) but not with login keychain. It always ends up asking user for their login password. Here is how the code looks, roughly, NSDictionary *query = @{ (__bridge id)kSecClass: (__bridge id)kSecClassIdentity, (__bridge id)kSecReturnRef: @YES, (__bridge id)kSecMatchLimit: (__bridge id)kSecMatchLimitAll }; CFTypeRef result = NULL; OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result); NSArray *identities = ( NSArray *)result; SecIdentityRef identity = NULL; for (id _ident in identities) { // pick one as required } SecKeyRef privateKey = NULL; OSStatus status = SecIdentityCopyPrivateKey(identity, &privateKey); NSData *strData = [string dataUsingEncoding:NSUTF8StringEncoding]; unsigned char hash[CC_SHA256_DIGEST_LENGTH]; CC_SHA256(strData.bytes, (CC_LONG)strData.length, hash); NSData *digestData = [NSData dataWithBytes:hash length:CC_SHA256_DIGEST_LENGTH]; CFErrorRef cfError = NULL; NSData *signature = (__bridge_transfer NSData *)SecKeyCreateSignature(privateKey, kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256, (__bridge CFDataRef)digestData, &cfError); Above code raises these system logs in console default 08:44:52.781024+0000 securityd client is valid, proceeding default 08:44:52.781172+0000 securityd code requirement check failed (-67050), client is not Apple-signed default 08:44:52.781233+0000 securityd displaying keychain prompt for /Applications/Demo.app(81692) If the key is in login keychain, is there any way to do SecKeyCreateSignature without raising prompts? What does client is not Apple-signed mean? PS: Identities are pre-installed either manually or via some device management solution, the application is not installing them.

I keep running into the following issue when trying to run preview for my application in Xcode. FailedToLaunchAppError: Failed to launch app.a /Users/me/Library/Developer/Xcode/DerivedData/a-aloudjuytoewlldqjfxshbjydjeh/Build/Products/Debug/a.app ================================== | [Remote] JITError | | ================================== | | | [Remote] XOJITError | | | | XOJITError: Could not create code file directory for session: Permission denied`

Hi, Is there a method to hide individual items in System Settings that is not Deprecated? It needs some of the settings set and hidden for the end user. I found the DisabledSystemSettings key however it is marked as Deprecated and does not include all the new items, especially those related to Apple Intelligence. Is there any method other than “Restrictions” that does not hide and only set individual settings ? It needs to hide items in system settings :)

Howdy, I'm trying to figure out how to replicate the following behavior for our app: The system is able to ascertain that the Mac equivalent of some iOS app is installed locally, and it prevents notifications from being mirrored. However, I am unable to determine how this association is inferred. When I check our iOS app under this prefpane, the switch remains enabled and toggleable—we'd like to act like Slack here. My initial assumption is that an app group containing both the Mac and iOS apps can be used to create the association; however, I would like to confirm that this is indeed the case before doing so. I'm not terribly confident about this. Details: The bundle identifiers of both apps do not match. This also applies to Slack; its iOS app is com.tinyspeck.chatlyio while its Mac app is com.tinyspeck.slackmacgap. In our case, the iOS app's identifier is like com.company.app while the Mac app's identifier is com.company.app.desktop. Both apps are signed with certificates that have matching team identifiers. The com.apple.developer.team-identifier entitlement is present on the Mac app. The Mac app shares a keychain access group with the iOS app. The Mac app is not sandboxed. The Mac app is an Electron app. The Mac app does not use APNs. It sends notifications "locally". I currently only have the iOS app installed on my iPhone via TestFlight, if that matters. Notification mirroring does work, but we'd like to forcibly disable this by associating the apps together. To my knowledge, the iOS app makes use of both a UNNotificationServiceExtension and a UNNotificationContentExtension. The iOS app currently doesn't have an assigned category (at least in Xcode). The Mac app is currently miscategorized as a developer tool (LSApplicationCategoryType = "public.app-category.developer-tools";), but that should be fixed. (Redacted) bundle information for the Mac app: CFBundleDisplayName = App; CFBundleExecutable = "App Desktop"; CFBundleName = App; Note that our CFBundleExecutable differs from the bundle's display name/name because we're currently migrating our users to a new version of the app that they'd likely want to live alongside the new one. The filename of the bundle itself is, similarly, App Desktop.app. For the iOS app, to my knowledge, the CFBundleName and CFBundleDisplayName are App.

I'd like to write an app to help diagnose malfunctioning home theater setups. I've seen libcec, but it doesn't seem to support Apple's HDMI ports (and maybe APIs to support it don't exist? I'm not sure.) Thanks in advance. Sorry if I've applied the wrong tags to this post.

Environment: • macOS: Sequoia 15.3.2 • Xcode: 16.2 • Framework: AppKit (Objective-C) Issue: When programmatically setting the first responder to an NSSecureTextField shortly after its containing window loads or becomes key, a visual anomaly intermittently occurs (roughly 50% of the time). A semi-transparent UI element—likely related to the system’s Keychain password suggestion/autofill feature—appears detached from the text field. Instead of anchoring to the field, it renders elsewhere on the screen. I found similar issues discussed here: https://stackoverflow.com/questions/74220070/strange-transparent-view-appears-beneath-textfield-in-mac-catalyst-app https://stackoverflow.com/questions/73277582/swiftui-view-with-textfield-and-securefield-buggy-on-macos-shows-strange-view/73615876#73615876 https://developer.apple.com/forums/thread/708075

I have a UIView that displays lines, and I zoom in (scale by 2 on the scroll view zoomScale variable containing the UIView). As I zoom in, on the Mac version (Designed for IPad) I loose the graphic after a certain number of zooms (the scrollView maximumZoomScale is set at 10). To ensure that lines are correctly represented, I modify the contentScaleFactor variable on the UIView; otherwise, the line's display is pixelated. On the IPad (simulator and real) I do not loose the graphic when zooming. So the Mac port of the UIView drawing is not working as the IPad version. Everything else of the application works fine except this important details. I already submitted a feedback request (#FB16829106) with the images showing the problem. I need a solution to this problem. Thanks.

Hi, I saw that almost each OS version, on ios and macos, handles differently changing includeAllNetworks while the tunnel is running. On some the entire OS reports no-net, while others, specially latest versions, handle this fine. Can includeAllNetworks be changed while the tunnel is running, or the tunnel must be stopped and restarted with the new value? e.g. the tunnel is started with it set to false, but later is changed to true into VPN profile. And on the same note, regarding setTunnelNetworkSettings, can this be called multiple times while the tunnel is running? For example if the VPN server IP changes. Because what I've saw each call to setTunnelNetworkSettings after VPN connected results in at least DNS leaks, because the routing table is recreated. Let me know if it is easier to track to create separate questions. Thanks

I have an Electron Application which is hosting Endpoint Security System Extension. Usually I'm uninstalling it by deleting host application from /Applications/ folder. However, after updating multiple of my machines to Sonoma 15.3.2, this uninstallation flow doesn't work anymore. When I delete host app, it shows promt (approximately) "This application is hosting SysEx which will be removed..." After that, application is moved to .trash, however System Extension remains active and visible in System Settings. Host application name is changed to file name (Some Application -> Some Applciation.app) and this entry has no icon for Host App. I would appreciate any assistance on how to fix that or maybe create a bug report.

Hello, I have an iOS app that is recording audio that is working fine on iPads/iPhones. It asks for microphone permission and after that recording works. I installed the same app on my M3 MacBook via TestFlight since iPad apps are supposed to work without a change that way. The app starts fine and everything, but it never asks for Microphone permission, so I can't record. Do I need to do something to make this happen (this is not macCatalyst, its running the arm64 iPhone binary on macOS) thanks

Hi all, with my app ScreenFloat, you can record your screen, along with system- and microphone audio. Those two audio feeds are recorded into separate audio tracks in order to individually remove or edit them later on. Now, these recordings you create with ScreenFloat can be drag-and-dropped to other apps instantly. So far, so good, but some apps, like Slack, or VLC, or even websites like YouTube, do not play back multiple audio tracks, just one. So what I'm trying to do is, on dragging the video recording file out of ScreenFloat, instantly baking together the two individual audio tracks into one, and offering that new file as the drag and drop file, so that all audio is played in the target app. But it's slow. I mean, it's actually quite fast, but for drag and drop, it's slow. My approach is this: "Bake together" the two audio tracks into a one-track m4a audio file using AVMutableAudioMix and AVAssetExportSession Take the video track, add the new audio file as an audio track to it, and render that out using AVAssetExportSession For a quick benchmark, a 3'40'' movie, step 1 takes ~1.7 seconds, and step two adds another ~1.5 seconds, so we're at ~3.2 seconds. That's an eternity for a drag and drop, where the user might cancel if there's no immediate feedback. I could also do it in one step, but then I couldn't use the AV*Passthrough preset, and that makes it take around 32 seconds then, because I assume it touches the video data (which is unnecessary in this case, so I think the two-step approach here is the fastest). So, my question is, is there a faster way? The best idea I can come up with right now is, when initially recording the screen with system- and microphone audio as separate tracks, to also record both of them into a third, muted, "hidden" track I could use later on, basically eliminating the need for step one and just ripping the two single audio tracks out of the movie and only have the video and the "hidden" track (then unmuted), but I'd still have a ~1.5 second delay there. Also, there's the processing and data overhead (basically doubling the movie's audio data). All this would be great for an export operation (where one expects it to take a little time), but for a drag-and-drop operation, it's not ideal. I've discarded the idea of doing a promise file drag, because many apps do not accept those, and I want to keep wide compatibility with all sorts of apps. I'd appreciate any ideas or pointers. Thank you kindly, Matthias

In our Mac application, we are creating a web-socket connection using NWConnection and we are able to successfully establish the connection and read/write data from both sides. We have auth tokens which are sent in headers of NWProtocolWebSocket.Options to the server. If token is good, server accepts the web-socket connection. As per RFC 6455, if server does not want to accept the connection for any reason during web-socket handshake, it returns 403 status code. In our case, if cookies are not valid, server returns 403 during web-socket handshake. However, we could not find a way to read this status code in Network.framework. We are only getting failed state with NWErrorwhich is .posix(53) but there is no indication of the status code 403. We tried looking into protocol metadata on NWConnection object and they are nil. We tested the same using URLSessionWebSocketTask where in failure callback method, we could see 403 status code on task.response which means client is getting the code correctly from server. So, is there a way to read the HTTP status code returned by server during web-socket handshake using Network.framework?

The newly introduced enum value NEProviderStopReasonInternalError (macOS 15.1) is not documented (assuming being documented means having at least a sentence describing the enum value). [Q] What kind of situation is the NEProviderStopReasonInternalError enum value supposed to describe? An internal error that requires to try to restart the provider? A fatal error that requires to reinstall macOS? A fatal error that requires to purchase a new Mac? Something less serious but with a human friendly description in the headers (I'm using Xcode 16.2) and online documentation.