who can I change the logo of wallet extension "from apps on your iPhone", the problem is the background is not showing the real

We are observing multiple different deviceId values linked to the same user within short timeframes. In some instances, a new deviceId appears every few minutes or hours. We utilize this identifier for managing Apple Wallet pass updates. We would appreciate understanding which scenarios might cause the deviceId to change. Could it be influenced by: Device restoration or factory reset procedures App reinstallation or data clearing iOS version updates iCloud account changes or Apple ID authentication status changes Privacy feature activation (such as App Tracking Transparency or Private Relay) Testing environment usage (simulators or automated testing frameworks) We aim to determine whether this behavior is expected or if it suggests atypical usage patterns. Thank you for your assistance!

We are developing a native iOS financial application called Tradu: Stocks, Forex, and CFDs (Apple ID: 6473443264), which embeds a WKWebView to render all user-facing logic. All user interactions—including authentication with MFA—occur inside this WKWebView. To access native functionality, we use postMessage() to communicate between the web and native layers. This approach has worked successfully for biometric authentication, for example. We are currently integrating Apple Pay In-App Provisioning and have a few questions regarding compliance with the documentation provided by our Issuer Host (Modulr). In the document titled Getting Started with Apple Pay: In-App Provisioning, Verification, Security, and Wallet Extensions (Version 4.0, February 2023), all examples are based on a fully native application. We’ve managed to integrate most of the In-App Provisioning flow via postMessage() up to the point of passing encryptedData to the Payment View. Apple Pay button inside WKWebView In Section 7: Frontend Overview, the user initiates the provisioning by tapping a native PKPaymentButton (SwiftUI example). In our case, this button is rendered inside the WKWebView, styled according to the Apple Style Guide. While the document references this approach as a “raw mark text supplement,” is this method acceptable and compliant with Apple’s UX and technical guidelines? MFA requirement before provisioning In Section 4: Security Guidelines, it is stated that the user must have passed MFA at least once before starting the provisioning flow. In our implementation, users must complete MFA on every login (including on recognized devices) before the provisioning UI becomes available. Even though this is not tied specifically to “unrecognized devices,” is our MFA requirement sufficient to satisfy Section 4.2? Summary: Is using a web-rendered Apple Pay button inside WKWebView (instead of a native PKPaymentButton) considered compliant? Is our MFA enforcement model (required on every login) aligned with the security requirements outlined in Section 4.2 of the Apple Pay In-App Provisioning documentation?

I'm working on implementing Apple Wallet passes using background push notifications. My server successfully sends the push notification using APNs. The response from the server is HTTP/2 200, and the device receives the push — I can confirm this from device logs. However, the device logs show the following error: "Failed to parse JSON message payload for topic " "Unable to deserialize JSON message payload" My payload is below 2 payload. //string payload = "{"aps":{"content-available":1}}"; string payload = JsonConvert.SerializeObject(new { aps = new Dictionary<string, object> { { "content-available", 1 } } }); string curlArgs = $"-s -o nul -w \"%{{http_code}}\" " + $"--data-binary \"{payload}\" " + $"-H \"apns-topic: {bundleId}\" " + $"-H \"apns-push-type: background\" " + $"-H \"apns-priority: 5\" " + $"-H \"content-type: application/json\" " + $"-H \"authorization: bearer {jwt}\" " + $"--http2 https://api.push.apple.com/3/device/{token}"; I’ve confirmed that: The device has the Wallet pass installed. The apns-topic header is set to my passTypeIdentifier. The apns-push-type is background and apns-priority is 5. Steps to Reproduce: Install Wallet pass on iOS device. Send background push to device using the above payload. Observe the device logs using Console.app or log stream. See error: unable to deserialize JSON message payload. Is there a specific payload format expected for Wallet passes? Or any additional fields required in the push payload to avoid this deserialization error?

CarKeySession stays in the foreground with no BLE connection and disconnection events passthrough to the App! Here is my code: public func remoteControlSession(_ session: CarKeyRemoteControlSession, vehicleDidUpdateReport: VehicleReport) { Log.i(tag: "carKeySession", "vehicle connect state: (vehicleDidUpdateReport.isConnected)") Log.i(tag: "carKeySession", "vehicle identifier: (vehicleDidUpdateReport.identifier.lowercased()), (self.vehicleIdentifier.lowercased())") } } I don't know why it was not called. And the method which is "func remoteControlSession(_ session: CarKeyRemoteControlSession, didReceivePassthroughData: Data, fromVehicle vehicleID: String)" can work well!

Hello Apple Developer Community and Apple Team, I want to raise awareness and gather support for an important feature request regarding NFC support on iPhone devices in Argentina. Millions of Argentinians use the official public transit card, SUBE, daily to pay for buses, subways, and trains. On Android devices, the SUBE app allows users to: • Check balance via NFC • Reload credit instantly • Confirm top-ups by holding the card near the phone • Use a digital version of the card (in some cases) However, iPhone users cannot use these NFC features because iOS currently does not allow third-party apps like SUBE to access the NFC chip fully. This limitation negatively impacts iPhone users, many of whom rely heavily on SUBE. I have submitted detailed feedback to Apple requesting the enablement of controlled NFC access for third-party transit apps in Argentina, starting with SUBE. I encourage fellow developers, users, and community members to support this request. Enabling this would greatly improve the user experience for millions of iPhone users, align Apple with local needs, and potentially attract new customers from Android. If anyone has insights or updates on this topic, please share. Thank you.

Dear Apple Developer Support team, I would like to request an official confirmation regarding the handling of transaction status in the App Store Server API, specifically for the GET /inApps/v1/transactions/{transactionId} endpoint. As per our current understanding from the official documentation (Get Transaction Info), the API’s behavior appears to be: If a transaction is finalized and successfully processed by App Store, querying this API will return HTTP 200 OK along with transaction details. If a transaction is still in a pending or deferred state (such as awaiting Ask to Buy approval or pending authorization), the API will not return a 200, and instead respond with HTTP 404 Not Found or an appropriate error. Could you please confirm if this behavior is accurate and officially supported? Specifically: Does a 200 OK response guarantee that a transaction is finalized and successfully recorded on App Store servers? In cases where a transaction is pending approval (e.g. Ask to Buy), is it correct that GET /transactions/{transactionId} would return 404 Not Found until the transaction is finalized? We would greatly appreciate your confirmation to align our server-side logic for transaction validation accordingly. Thank you very much for your support! Kind regards, cuongnx

I've been using Apple's push service for pass notifications for years (since 2012) and everything has been working fine until recently. With no code changes, the push service has stopped working. Passes can still be installed on the device and pull to refresh does get the updates and highlights changes properly, so the pass signing is working properly, it's just the push notices don't seem to be getting to the device. I am getting log messages back from the APNS, and fwrite is returning the number of bytes written so I don't think there are any authentication issues. I'm using PHP on my own web server in case that's relevant. I also disabled rate limiting in the developer settings on my device to make sure that isn't the issue. I've also verified there are no outstanding messages in the feedback service (which also works fine without any errors). In fact, there are no errors and acting like everything is working which is why it is frustrating to troubleshoot since the problem seems to be between Apple and the device. I don't know if this may be related, but I know I saw this post from apple about a certificate change: https://developer.apple.com/news/?id=09za8wzy I have checked that the server has the new certificate per the instructions in this post: https://developer.apple.com/forums/thread/772665 Still no push updates work, however the Lock Screen location messages do appear and pass update notifications do appear on the Lock Screen correctly but only after pulling to refresh on the back of the pass. Does anyone have any ideas on how to fix or even start troubleshooting why the pushes aren't being delivered to the phone?

This post contains sensitive language. Please revise it in order to continue.Hello, We are working on digital key style application using custom communication with HCE (Host Card Emulation). We have a working solution but there is one issue - if our application is not selected as default NFC application our users may see Wallet popup when there's no active presentment intent in our application. I didn't find in documentation any information how to stop Wallet from activating. I found there's requestAutomaticPassPresentationSuppression method in PassKit, it requires special permission, however I am not sure if it can be used in this situation, as there's no information how it will impact HCE communication in our application. I'll be greatful for any advice. Regards, Valdemar

Due to it's new UI with transprent theme, sometimes its lacked between switching the apps. Please add AI eraser in photos app so that we can experience new ai tool. Due to india region, unable to use wallet options, Please add some options so that we can add cards and use this option.

我是一个银行app开发人员，请问怎么将银行名称显示在苹果钱包“选取银行”列表中，实现用户点击跳转银行app进行免输卡号签约绑定，是否有详细接入步骤和文档？

How to Check Apple Development, iCloud ,Apple ID or Apple Account got some criminal act with Old Business Partners System and Fake reality shows to Stole my system Identity and Money. Can hear the sounds from up area in the air! and the accents and contenxt very bad behavior act! i tried to stop them on 2022, I know who they are, they **** up the reality bank , hospital ,apartment fire and lobby packages systems. and they got seriously damaged the other contries and humans body healthy system! and all my creations works.

For the pushToken sent by APNS to register a wallet pass for update notifications, is there a max length or size that APNS will send? I save the token in my database and have it defined as varchar(256), but I have had some instances where the pushToken is larger than that. I'd like to know if there's an absolute max size that APNS will send. Then I'll know if I should reject requests with tokens larger than what's expected, and/or if I need to make the token size larger in the database.

Hi, I’ve been reviewing the Apple Wallet provisioning documentation (Getting Started with Apple Pay In-App Provisioning_ Verification_Security_Wallet Extensions )and had a few questions regarding the color path recommendation (Green, Yellow, Orange, Red) returned during the in-app provisioning flow: Who determines the color path—is it Apple directly, the Payment Network Operator (PNO), or both? What criteria are used to determine the color path (e.g., device info, Apple ID reputation, past provisioning attempts)? At what point in the provisioning flow is the color path recommendation received? Is it included in the response after the PKAddPaymentPassRequest is submitted? Is it accessible through any specific property or callback in the delegate method? Additionally, for Orange Path with Reason Code 0G, I understand that in-app verification is not allowed and must be handled via tenured channels (e.g., SMS/email). Can you confirm if this logic still applies for requests initiated from within the issuer's iOS app? Would appreciate any clarification or pointers to related documentation.

I download a demo from:https://applepaydemo.apple.com/wallet-extensions And I run my WalletUIExtention,but it's failed. This is some key in my info.plist <key>NSExtensionMainStoryboard</key> <string>MainInterface</string> <key>NSExtensionPointIdentifier</key> <string>com.apple.PassKit.issuer-provisioning.authorization</string> <key>NSExtensionPrincipalClass</key> <string>MyAUViewController</string> But I found that deleting the key: NSExtendesionPrincipalClass or NSExtendeionMainStoryboard in the info.plist file can make it run. Should I delete the key ? Whitch key ? This is it alert: This it's message: 2025-05-06 09:15:02.946890+0800 WalletUIExt[626:13530] Successfully load keyboard extensions Line: 1 Col:1 2025-05-06 09:15:02.972702+0800 WalletUIExt[626:13597] [xpc.exceptions]<NSXPCConnection: 0x2830c30c0> connection from pid 584 on mach service named com.bank.app.WalletUIExt.viewservice: Exception caught during decoding of received selector __connectToViewControllerFromRemoteViewController:replyHandler:, dropping incoming message. Exception:<NSXPCDecoder: Qx12a82bc00> received a message or reply block that is not in the interface of the remote object (__connectToViewControllerFromRemoteViewController:replyHandler:),

I'm encountering an issue with Apple Pay on both Wallet and the Watch app where the app name is not showing up on the back of the payment card(Card details). The pass was successfully provisioned, and everything seems to be working, but the expected app name or brand isn't displayed, and instead, I see the generic "Something went wrong. Try again Later" message. Do we need to configure something to get this displayed in Wallet app?

Hi, We are trying to make payment from ecomm merchant. The last request during process is { "sessionData": { "epochTimestamp": "1741082241", "expiresAt": "1741092241", "merchantSessionIdentifier": "SSH88312C485D_7E0DD10173", "nonce": "3f6dc197", "merchantIdentifier": "5F9BC6BAF8", "domainName": "libertybank.ge", "displayName": "Apple Pay Purchase", "signature": "3080060000", "operationalAnalyticsIdentifier": "Apple Pay Purchase:5F9BC6BAF8", "retries": 0, "pspId": "5F9BC6BAF8" } } which is successfully validated applePaySession.completeMerchantValidation(data.sessionData) After this, the "oncancel" handler is triggered in applePay. Please help us to understand what is wrong. Please note the domain where the applepay button is located is at txpg.libertypay.ge Which is successfully verified.

Hi all, I'm working on a use case where a customer checks in at a point of service (e.g., a cafeteria or restaurant) using their Apple Wallet pass (e.g., a digital employee badge). In this scenario, we would like to use an iPhone (with a custom iOS app) as the NFC terminal to read the pass directly from the customer's iPhone over NFC. I’m aware that "Tap to Pay on iPhone" allows NFC-based payment acceptance, but it’s unclear if similar functionality is available or permitted for reading access-type passes from another iPhone via NFC. Key questions: Is it technically possible for an iPhone to act as an NFC reader for a Wallet pass on another iPhone? If not, is this restricted due to Secure Element isolation or protocol limitations? Is there any Apple-supported path for building such a solution — or is certified external hardware (e.g., HID, Wavelynx) the only option? I’ve reviewed the Core NFC and PassKit documentation but couldn't find a definitive answer. Thanks in advance for your clarification!

We requested the com.apple.developer.passkit.pass-presentation-suppression entitlement in our app to suppress the Apple Pay popup when our app is near a reader. This entitlement was approved by Apple and successfully suppresses Apple Pay popups when approaching readers. Currently, we have another use case in the same app: presenting a PKPass (our door key pass) by calling the Wallet from our code using passLibrary.present(pass.secureElementPass!). This should take us to the Wallet and display our pass. This functionality works perfectly in other environments where this entitlement is not in place. We now understand that this entitlement suppresses all passes from our app. Our questions are: How can we suppress the Apple Pay popup while displaying our app key against a reader and also present the pass in the Wallet? Both requirements are essentially the same but implemented in two different ways, and we need both functionalities. Presenting the pass through a URL is not a viable option for us according to our standards. (https://developer.apple.com/forums/content/attachment/c2542a51-fd2c-42ce-88a2-207689b31159)

Hello Apple Developer Community, I recently encountered a serious security issue involving a third-party app development company that requested full JSON API key access to my Apple Developer account. After conducting research, I realized that granting this access would allow permanent backend control over my app—even after our contract ended. Key Issue: • Third-party developers extract JSON API keys from client accounts. • These keys allow unrestricted backend access, even after being removed from the account. • With this access, they can: • Modify apps remotely • Interfere with financial settings • Restrict client access while maintaining their own backend control Why This Matters: • This could be happening at scale, affecting many developers unknowingly. • It’s a major security risk—developers could be losing control of their apps without realizing it. • Apple’s policies do not explicitly warn against this kind of practice, which leaves developers vulnerable. I Need Guidance: • Is there an official Apple security team I can report this to? • How can developers safeguard themselves from these kinds of exploits? • Does Apple have a protocol for auditing third-party developer activity within client accounts? I have full documented evidence of this practice, including chat logs, emails, and technical breakdowns. This is a serious issue that needs the right eyes on it. Please advise on the next steps Apple recommends for reporting and addressing this vulnerability. Kindly find my evidence below. https://drive.google.com/drive/folders/1uZnAvJE48OazvSgMYr6-wSB1Ss5rF5r4