Problem : Connection error occurs in iOS26 beta while connecting to the device's softap via commercial app (Socket exception errSSLfeerBadCert CFSreamErrorDomainSSL code -9825). iOS 18 release version does not occur. Why does it cause problems? Does the iOS 26 version not cause problems? Is there a way to set it up in the app so that the iOS 26 beta doesn't cause problems? error : "alias":"SOCKET_LOG", "additional":{"currentNetworkStatus":"socket e=errSSLPeerBadCert ns WifiStatus: Connected Error Domain kCFStreamErrorDomainSSL Code-9825 "(null)" UserInfo={NSLocalizedRecoverySuggestion=Error code definition can be found in Apple's SecureTransport.h} Description : It's an issue that happens when you connect our already mass-produced apps to our home appliances (using SoftAP), and it's currently only happening in iOS 26 beta. This particular issue didn't appear until iOS 18 version. Let me know to make sure that this issue will persist with the official release of iOS 26? If the issue continues to occur with the official version, would you share any suggestions on how to mitigate or avoid it. Also, it would be helpful to find out if there are known solutions or processes such as exemptions to fix this issue.

I am developing a macOS application (targeting macOS 13 and later) that is non-sandboxed and needs to install and trust a root certificate by adding it to the System keychain programmatically. I’m fine with prompting the user for admin privileges or password, if needed. So far, I have attempted to execute the following command programmatically from both: A user-level process A root-level process sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /path/to/cert.pem While the certificate does get installed, it does not appear as trusted in the Keychain Access app. One more point: The app is not distributed via MDM. App will be distributed out side the app store. Questions: What is the correct way to programmatically install and trust a root certificate in the System keychain? Does this require additional entitlements, signing, or profile configurations? Is it possible outside of MDM management? Any guidance or working samples would be greatly appreciated.

Attempts to programmatically update or add numerous system-installed certificates (a common practice for organizations that rotate certificates regularly) are blocked, forcing manual, insecure, and error-prone workarounds. The root cause lies in the stricter security protocols implemented in macOS 15, specifically: System Integrity Protection (SIP) and Transparency, Consent, and Control (TCC) Command we are using : sudo security authorizationdb write com.apple.trust-settings.admin

Hello, I’m an iOS developer and the original creator of the app "Instant Save: Reels story" (App Apple ID: 6469411763). On July 5, 2025, I received two Apple emails saying the app was transferred to another developer account. However, I did not initiate or approve this transfer. My Apple Developer account has Two-Factor Authentication enabled, and I received no OTP or request for approval. I submitted a legal dispute form via Apple’s Intellectual Property page on July 7, 2025, but I’ve only received an automated acknowledgment — no dispute number or follow-up. I’ve also contacted Apple Developer Support multiple times by phone, but they confirmed they cannot escalate legal cases or access my dispute status. Has anyone else faced this issue recently? I’m looking for any guidance or similar experiences while I await a response from Apple Legal. Thanks in advance,
 Bhautik Amipara

We are experiencing a significant issue with macOS security alerts that began on July 9th, at approximately 4:40 AM UTC. This alert is incorrectly identifying output files from our snippet tests as malware, causing these files to be blocked and moved to the Trash. This is completely disrupting our automated testing workflows. Issue Description: Alert: We are seeing the "Malware Blocked and Moved to Trash" popup window. Affected Files: The security alert triggers when attempting to execute .par files generated as outputs from our snippet tests. These .par files are unique to each individual test run; they are not a single, static tool. System-Wide Impact: This issue is impacting multiple macOS hosts across our testing infrastructure. Timeline: The issue began abruptly on July 9th, at approximately 4:40 AM UTC. Before that time, our tests were functioning correctly. macOS Versions: The problem is occurring on hosts running both macOS 14.x and 15.x. Experimental Host: Even after upgrading an experimental host to macOS 15.6 beta 2, the issue persisted. Local execution: The issue can be reproduced locally. Observations: The security system is consistently flagging these snippet test output files as malware. Since each test generates a new .par file, and this issue is impacting all generated files, the root cause doesn't appear to be specific to the code within the .par files themselves. This issue is impacting all the snippet tests, making us believe that the root cause is not related to our code. The sudden and widespread nature of the issue strongly suggests a change in a security database or rule, rather than a change in our testing code. Questions: Could a recent update to the XProtect database be the cause of this false positive? Are there any known issues or recent changes in macOS security mechanisms that could cause this kind of widespread and sudden impact? What is the recommended way to diagnose and resolve this kind of false positive? We appreciate any guidance or assistance you can provide. Thank you.

Hello! I have a quirky situation that I am looking for a solution to. The iOS app I am working on needs to be able to communicate with systems that do not have valid root certs. Furthermore, these systems addresses will be sent to the user at run time. The use case is that administrators will provide a self signed certificate (.pem) for the iPhones to download which will then be used to pass the authentication challenge. I am fairly new to customizing trust and my understanding is that it is very easy to do it incorrectly and expose the app unintentionally. Here is our users expected workflow: An administrator creates a public ip server. The ip server is then configured with dns. A .pem file that includes a self signed certificate is created for the new dns domain. The pem file is distributed to iOS devices to download and enable trust for. When they run the app and attempt to establish connection with the server, it will not error with an SSL error. When I run the app without modification to the URLSessionDelegate method(s) I do get an SSL error. Curiously, attempting to hit the same address in Safari will not show the insecure warning and proceed without incident. What is the best way to parity the Safari use case for our app? Do I need to modify the urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) method to examine the NSURLAuthenticationMethodServerTrust? Maybe there is a way to have the delegate look through all the certs in keychain or something to find a match? What would you advise here? Sincerely thank you for taking the time to help me, ~Puzzled iOS Dev

Hey, there are plans to design a government app. When a citizen will login they will see their passport, driving license etc... What is the solution of avoiding mandatory in-app user data deletion?

I’m implementing a custom Authorization right with the following rule: <key>authenticate-user</key> <true/> <key>allow-root</key> <true/> <key>class</key> <string>user</string> <key>group</key> <string>admin</string> The currently logged-in user is a standard user, and I’ve created a hidden admin account, e.g. _hiddenadmin, which has UID≠0 but belongs to the admin group. From my Authorization Plug-in, I would like to programmatically satisfy this right using _hiddenadmin’s credentials, even though _hiddenadmin is not the logged-in user. My question: Is there a way to programmatically satisfy an authenticate-user right from an Authorization Plug-in using credentials of another (non-session) user?

Hello Apple Developer Team, We’re preparing a future version of our enterprise app, Lenovo XClarity Mobile, and would like to request guidance regarding a potential ATS exception scenario. Context: The app is used exclusively in enterprise environments. It connects via USB to a local Lenovo Think Server (embedded device). The connection is entirely offline (no internet use). The app uses SSDP to discover the device over the USB-attached local network. Communication occurs via HTTPS over 192.168.x.x, tunneled through the USB interface. The server uses a factory-generated self-signed certificate. Planned Behavior: In a future release, we plan to prompt the user with a certificate trust confirmation if a self-signed cert is detected locally. Only if the user explicitly agrees, the connection proceeds. Here’s a simplified code example: if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust, let serverTrust = challenge.protectionSpace.serverTrust { let accepted = UserDefaults.standard.bool(forKey: "AcceptInvalidCertificate") if accepted { let credential = URLCredential(trust: serverTrust) completionHandler(.useCredential, credential) return } // Show user confirmation alert before accepting } **Key Notes:** This logic is not in the current App Store version. ATS is fully enforced in production today. The exception would only apply to USB-based local sessions, not to internet endpoints. Question: Would such an implementation be acceptable under App Store and platform guidelines, given the restricted use case (offline, USB-only, user-confirmed self-signed certs)? We're looking for pre-approval or confirmation before investing further in development. Thank you in advance!

Hi Forum, We’re building a security-focused SDK for iOS that includes SIM Binding and SIM Swap detection to help prevent fraud and unauthorised device access, particularly in the context of banking and fintech apps. We understand that iOS limits access to SIM-level data, and that previously available APIs (such as those in CoreTelephony, now deprecated from iOS 16 onwards) provide only limited support for these use cases. We have a few questions and would appreciate any guidance from the community or Apple engineers: Q1. Are there any best practices or Apple-recommended approaches for binding a SIM to a device or user account? Q2. Is there a reliable way to detect a SIM swap when the app is not running (e.g., via system callback, entitlement, or background mechanism)? Q3. Are fields like GID1, GID2, or ICCID accessible through any public APIs or entitlements (such as com.apple.coretelephony.IdentityAccess)? If so, what is the process to request access? Q4. For dual SIM and eSIM scenarios, is there a documented approach to identify which SIM is active or whether a SIM slot has changed? Q5. In a banking or regulated environment, is it possible for an app vendor (e.g., a bank) to acquire certain entitlements from Apple and securely expose that information to a security SDK like ours? What would be the compliant or recommended way to structure such a partnership? Thanks in advance for any insights!

Hi, I was testing the lockdown mode in iOS 16 and would like to know whether we can detect the lockdown mode status using any public API that Apple provides. I really appreciate any help you can provide.

Dear Apple Team, I am reaching out regarding the need for more sophisticated location verification APIs beyond basic IP lookup capabilities. As online fraud continues to evolve, IP-based geolocation has proven insufficient for many business use cases requiring accurate location verification. Would it be possible to discuss this proposal with your API development team? I believe this would be valuable for the entire iOS and macOS developer ecosystem while maintaining Apple's commitment to user privacy.

Hello I trying to implement authentication via apple services in unity game with server made as another unity app On client side I succesfully got teamPlayerID signature salt timestamp publicKeyUrl According to this documentation https://developer.apple.com/documentation/gamekit/gklocalplayer/fetchitems(foridentityverificationsignature:)?language=objc I have to Verify with the appropriate signing authority that Apple signed the public key. As I said my server is special build of unity project So now I have this kind of C# programm to check apple authority over public certificate i got from publicKeyUrl TextAsset textAsset; byte[] bytes; textAsset = Resources.Load<TextAsset>("AppleRootCA-G3"); bytes = textAsset.bytes; rootCert.ChainPolicy.ExtraStore.Add(new X509Certificate2(bytes)); textAsset = Resources.Load<TextAsset>("AppleRootCA-G2"); bytes = textAsset.bytes; rootCert.ChainPolicy.ExtraStore.Add(new X509Certificate2(bytes)); textAsset = Resources.Load<TextAsset>("AppleIncRootCertificate"); bytes = textAsset.bytes; rootCert.ChainPolicy.ExtraStore.Add(new X509Certificate2(bytes)); rootCert.Build(cert); Where cert is X509Certificate2 object I ge from publicKeyUrl AppleIncRootCertificate AppleRootCA-G2 AppleRootCA-G3 is certificates I got from https://www.apple.com/certificateauthority/ But it is not work Anytime rootCert.Build(cert); return false Why it is not work? May be I build keychain using wrong root CA cert? Or whole approach incorrect? Please help

What Has Been Implemented Replaced the default loginwindow:login with a custom authorization plugin. The plugin: Performs primary OTP authentication. Displays a custom password prompt. Validates the password using Open Directory (OD) APIs. Next Scenario was handling password change Password change is simulated via: sudo pwpolicy -u robo -setpolicy "newPasswordRequired=1" On next login: Plugin retrieves the old password. OD API returns kODErrorCredentialsPasswordChangeRequired. Triggers a custom change password window to collect and set new password. Issue Observed : After changing password: The user’s login keychain resets. Custom entries under the login keychain are removed. We have tried few solutions Using API, SecKeychainChangePassword(...) Using CLI, security set-keychain-password -o oldpwd -p newpwd ~/Library/Keychains/login.keychain-db These approaches appear to successfully change the keychain password, but: On launching Keychain Access, two password prompts appear, after authentication, Keychain Access window doesn't appear (no app visibility). Question: Is there a reliable way (API or CLI) to reset or update the user’s login keychain password from within the custom authorization plugin, so: The keychain is not reset or lost. Keychain Access works normally post-login. The password update experience is seamless. Thank you for your help and I appreciate your time and consideration

Hi everyone, I'm an indie developer and recently noticed some odd behavior in my app's subscription metrics. There’s been a sudden spike in annual subscriptions, which is very unusual for my app — historically, users rarely choose that option. What’s more concerning is that these subscriptions are almost immediately canceled and refunded. Upon checking analytics (RevenueCat + App Store Connect), I also noticed inconsistencies in user location data: users appear to be from one region (like Singapore), but deeper tracking shows actual usage from Vietnam, a market I’ve never targeted and where I do no advertising. This behavior seems coordinated and is affecting my app’s refund rate, which I worry could raise red flags on the App Store side. Has anyone experienced anything similar? Is there a recommended way to report suspicious subscription/refund activity to Apple or prevent potential abuse like this? Any advice would be really appreciated. Thanks!

This is great for writing device drivers and somewhat fine tuning macOS for performance! And somewhat foresnical data (ie this matches that in this situation; ie kern.stack_size: 16384 vs allocating x, xy, xyz to this resource Good luck! and if you find any exploits the bug security line (and there is a bug bounty, that means they pay for exploits!) is product hyphen security at apple dot com Good luck !! unidef (also don't goto unidef.org its actually some kind of "troll" thing!) (and yeah I had a website =/)

Hello, I'm working on an app at work and we finally got to signing and notarizing the app. The app is successfully notarized and stapled, I packaged it in a .dmg using hdiutil and went ahead and notarized and stapled that as well. Now I tried to move this app to another machine through various methods. But every time I download it from another machine, open and extract the contents of the dmg and attempt to open the app, I get the "Apple could not verify my app is free of malware that may harm your Mac or compromise your privacy. When I check the extended attributes there's always the com.apple.quarantine attribute which from what I know, is the reason that this popup appears I've tried uploading it to google drive, sending through slack, onedrive, even tried our AWS servers and last but not least, I tried our Azure servers (which is what we use for distribution of the windows version of our app). I tried uploading to Azure through CloudBerry (MSP360 now), and azure-cli defining the content-type as "application/octet-stream", the content-disposition as "attachment; filename=myApp.dmg", and content-cache-control as "no-transform". None of these worked The only times where a download actually worked with no problems was when I downloaded through the terminal using curl, which obviously not a great solution especially that we're distributing to users who aren't exactly "tech savy" I want the installation experience to be as smooth as other apps outside the App Store (i.e Discord, Slack, Firefox, Chrome etc....) but I've been stuck on this for more than a week with no luck. Any help is greatly appreciated, and if you want me to clarify something further I'd be happy to do so

Hi! We are developing an authentication plugin for macOS that integrates with the system's authentication flow. The plugin is designed to prompt the user for approval via a push notification in our app before allowing access. The plugin is added as the first mechanism in the authenticate rule, followed by the default builtin:authenticate as a fallback. When the system requests authentication (e.g., during screen unlock), our plugin successfully displays the custom UI and sends a push notification to the user's device. However, I've encountered the following issue: If the user does not approve the push notification within ~30 seconds, the system resets the screen lock (expected behavior). If the user approves the push notification within approximately 30 seconds but doesn’t start entering their password before the timeout expires, the system still resets the screen lock before they can enter their password, effectively canceling the session. What I've Tried: Attempted to imitate mouse movement after the push button was clicked to keep the session active. Created a display sleep prevention assertion using IOKit to prevent the screen from turning off. Used the caffeinate command to keep the display and system awake. Tried setting the result as allow for the authorization request and passing an empty password to prevent the display from turning off. I also checked the system logs when this issue occurred and found the following messages: ___loginwindow: -[LWScreenLock (Private) askForPasswordSecAgent] | localUser = >timeout loginwindow: -[LWScreenLock handleUnlockResult:] _block_invoke | ERROR: Unexpected _lockRequestedBy of:7 sleeping screen loginwindow: SleepDisplay | enter powerd: Process (loginwindow) is requesting display idle___ These messages suggest that the loginwindow process encounters a timeout condition, followed by the display entering sleep mode. Despite my attempts to prevent this behavior, the screen lock still resets prematurely. Questions: Is there a documented (or undocumented) system timeout for the entire authentication flow during screen unlock that I cannot override? Are there any strategies for pausing or extending the authentication timeout to allow for complex authentication flows like push notifications? Any guidance or insights would be greatly appreciated. Thank you!

Hi! We are planning to build an app for a research project that collects sensitive information (such as symptoms, photos and audio). We don't want to store this data locally on the phone or within the app but rather have it securely transferred to a safe SFTP server. Is it possible to implement this i iOS, and if so, does anyone have any recommendations on how to do this?

In my app, I use SecItem to store some data in the Keychain. I’d like to know — when a user sets up a new iPhone and transfers data from the old device, will those Keychain items be migrated or synced to the new device?