Team-scoped keys introduce the ability to restrict your token authentication keys to either development or production environments. Topic-specific keys in addition to environment isolation allow you to associate each key with a specific Bundle ID streamlining key management. For detailed instructions on accessing these features, read our updated documentation on establishing a token-based connection to APNs.

In the latest 26.5, when creating a VM we can no longer disable SIP. We have confirmed we're using the proper admin user (anka) and its proper password (same one we log into the GUI with). It just keeps asking for the password as if it's wrong. It's critical we can disable SIP for VMs like we have been in previous versions.

FB: https://feedbackassistant.apple.com/feedback/22556883 We're seeing a small number of production users where both Transaction.currentEntitlements and Transaction.all return zero transactions for a valid, active, non-refunded non-consumable IAP. This makes it impossible to restore the purchase via any StoreKit 2 API. Environment: Xcode 26.4 (Build 17E192) iOS 26.4.1 Direct call to SK2 Transactions.all & Flutter in_app_purchase package v3.2.3 (uses SK2 on iOS 15+) Non-consumable IAP (one-time purchase) What we observe: AppStore.sync() triggers but the purchase stream returns 0 transactions Transaction.all returns empty Transaction.currentEntitlements also returns empty User is confirmed on the correct Apple ID Issue reproduces on both iPhone and Mac for the same Apple ID Issue appears to have started recently for users who previously had no problems Debug log from affected production user: [2026-04-20T08:50:10.744115Z] init: iapAvailable=true [2026-04-20T08:50:10.744566Z] init: isPremium=false [2026-04-20T08:50:10.744567Z] init: triggering silent restorePurchases [2026-04-20T08:50:45.974566Z] restore: started [2026-04-20T08:50:45.986848Z] restore: sk2Transactions count=0 [2026-04-20T08:50:45.993004Z] restore: sk2Direct isVerified=false active=null [2026-04-20T08:50:45.993011Z] restore: sk2Direct inconclusive — falling back to standard restore [2026-04-20T08:51:16.000851Z] restore: timed out after 30s — fallback isPremium=false [2026-04-20T08:51:16.000910Z] restore: completed — succeeded=false foundPurchase=false Unable to reproduce in sandbox — Transaction.all works correctly there. Appears specific to production for a small subset of users. Has anyone else seen this?

Hi all, I'm the developer of OV Message, an end-to-end encrypted SMS messaging app already shipped on Google Play (Android, where it natively encrypts SMS content). The iOS port aims to be the default carrier-messaging app, handling SMS, MMS, and RCS through TelephonyMessagingKit with the com.apple.developer.carrier-messaging-app entitlement under the EU programme. While testing the cold-launch flow on iOS 26.x, I've hit a reproducible bug that silently drops the first SMS/MMS/RCS that wakes the app, and I'd like to confirm whether other devs working with this API see the same. The bug When a default carrier-messaging app is force-killed and a message arrives, iOS correctly: Routes the message via CommCenter (IMS in my case — SFR France) Wakes the app in background (state = .background at didFinishLaunchingWithOptions) Acquires a TelephonyMessaging runningboard assertion on the app But CommCenter then pushes the pending message via XPC before the client TMK library has finished registering its messageHandlersByID dictionary. Result: client responds Received unhandled request, server logs TMKXPCError Code=2, message is dropped, never delivered to for await in incomingMessageNotifications. Subsequent messages (with the app warm) work fine. Native log sequence (from idevicesyslog with the Telephony logging profile) T+0.000 CommCenter: SMS arrives via IMS (k3GPP) T+0.003 CommCenter: Default app is set to com.example.app T+0.004 CommCenter: Attempting to launch and acquire process assertion T+0.083 CommCenter: Notifying SMS message received, target: bundleID=... T+0.085 CommCenter(TMK): There are no client connections matching, pending message [~125 ms — app boots] T+0.128 App(TMK): Configuring connection T+0.128 App(TMK): Pinging remote end T+0.130 CommCenter(TMK): Received new connection from PID T+0.130 CommCenter(TMK): New incoming connection, flushing pending messages (1) ← server flushes T+0.130 App(TMK): Received unhandled request ← client not ready T+0.131 CommCenter(TMK): Failed to send pending message: TMKXPCError Code=2 T+0.132 App(TMK): Registered for IncomingMessageNotification (smsReceived) ← ~2 ms too late The race window between Pinging remote end (client) and Registered for IncomingMessageNotification (client) is 2–7 ms across my measurements. CommCenter considers the connection ready as soon as the ping completes, but the client library populates messageHandlersByID slightly after, so the dispatch fails. Minimal reproduction I built a ~50-line Swift app to confirm this isn't specific to OV Message. UIKit AppDelegate, single for await in TelephonyMessagingSession.shared.smsService.incomingMessageNotifications started in didFinishLaunchingWithOptions. No SwiftUI, no other modules, no Darwin notifications. Just TMK. Steps: Build & install on iPhone iOS 26.x with carrier-messaging-app entitlement (auto-provisioned in iOS 26) Settings → Apps → Default Messaging → select the test app Force-kill, then send 2 SMS in rapid succession from another phone Wait 30 s, open the app — log shows only the 2nd SMS Same result: the 1st SMS is gone. I've reproduced this consistently dozens of times. Source code (Swift + xcodegen project.yml): https://gist.github.com/ovmessage/fbc529292a65222191bec6ce5e5a4275 What I've tried Task.detached(priority: .userInitiated) to decouple the for await from main thread scheduling — no effect (race is internal to TMK lib, before our scheduling) Pre-fetching cellularServices synchronously — no effect Subscribing MMS + RCS in parallel — no effect Direct XPCSession/xpc_connection_create_mach_service to com.apple.commcenter.tmk.xpc — Apple has marked these unavailable on iOS for 3rd-party apps (no public way to bypass the lib) I've also done runtime introspection of the TMK framework via Mirror, which confirms the architecture: a single XPCConnection.messageHandlersByID dict shared by smsReceived, mmsReceived, rcsReceivedNotification — all four entries (incl. serviceStatusNotification) are populated after the XPC ping. So the same race affects SMS, MMS, and RCS equally. Suggested fixes (Apple-side) Either: Server (CommCenter): defer flushing pending messages until the client confirms its handlers are registered (extra XPC handshake message) Client (TelephonyMessagingKit): register messageHandlersByID entries before sending Pinging remote end, so they exist when the server starts flushing Buffer client-side: cache messages received before handler registration completes, dispatch on attach Filed in Feedback Assistant FB[YOUR_FB_NUMBER_HERE] Question for fellow devs If you're also building with carrier-messaging-app entitlement (Beeper, Google Messages on iOS, anyone in the EU programme), can you confirm whether you see the same race? Especially interested in whether: It happens with non-IMS carriers (mine is SFR France, IMS-routed via SIP) iOS 26.1 / 26.2 changed the timing Anyone has found a workaround I haven't tried Thanks.

Hi We are modifying the official Wi‑Fi Aware sample app to integrate QUIC for transmission speed testing. Unfortunately, we have been unable to establish a successful QUIC connection between two iOS devices. Could you provide a correct implementation example of using QUIC over Wi‑Fi Aware? I have attached the iOS system logs and our modified app project for your reference in case FB22499984 . Thanks

HI, I am using mac os virtuzlation framework for running virtual machines. At prenset i add the shared folders when creating the VzVirtualMachine. Is it possible to add shared folders to running VZVirtualMachine Thannks

I've just implemented background session downloads, and in testing (with 1044 downloadTasks), I'm seeing some strange behavior that's not 100% reproducible. Sometimes when I background the app, when I foreground it (or the OS does), the URLSessionDownloadDelegate's function urlSession(_:downloadTask:didFinishDownloadingTo:) gets called twice. I'm also logging the URLSessionTaskDelegate's function urlSession(_:task:didCompleteWithError:) and in this case, it does not get called between calls to didFinishDownloadingTo. Both cases are being called with the exactly same task, session and location. The first call copies the location to a semi-permanent destination (and I confirmed that file is correct), and the second call fails on move because the destination already exists. I can obviously work around this fairly easily, but wondering if I'm missing something or if there's a bug. It does appear to happen more reliably when I background for 15 seconds or longer. A second issue which is reproducible is that while backgrounded, some files are completing downloads and never calling the download delegate's urlSession(_:downloadTask:didWriteData:totalBytesWritten:totalBytesExpectedToWrite:) I tried resuming one or all of the tasks in applicationDidBecomeActive as suggested in multiple other forums posts, but neither of those seems to resolve the issue. Again, I can work around this (using a combination of totalBytesWritten and the known size of files which have completed downloads), but I'm wondering if I'm missing something obvious. I actually thought that perhaps the resume() workaround was causing the first issue, but removing it does not have an effect.

Hello together, the user is able to do recordings with my app. The recordings also runs, while the App is in Background. I have Background Modes Audio & Background enabled. When the user accidentally terminates the App while the recording is still running, the whole recording is lost. I tried AppDelegate applicationWillTerminate on my iOS 26 App and it works perfectly to wrap up the LiveActivity that is shown while the recording is active. But it does not save the Audio and also doesn't update the Widgets (they are interactive and show a different state while recording and stay stuck in recording-state on accidental termination). Any ideas? Best wishes, Dominik

I've managed to put together a WebSocket client in Swift using NWProtocolWebSocket (though the documentation does not make it easy.) The point I'm stuck on is how to get a meaningful error if the server rejects the HTTP request, for example with a 404 or 403 status. The error reported to my stateUpdateHandler is a low-level POSIXErrorCode(rawValue: 53): Software caused connection abort). Additionally, how can I add custom headers to the HTTP request, like authorization or cookies? (I'm kind of wondering whether good ol' NSURLSession would have been a better choice -- TN3151 says: "Unless you have a specific reason to use URLSession, use Network framework for new WebSocket code", but at this point I feel that's bad advice.)

After an app update replaces our extension with the new version, the XPC connection between the app and the extension fails to work roughly 20% of the time. Once it's broken, it stays broken — our reconnect/retry logic doesn't recover it, stopping and starting the extension doesn't recover it, and the only thing that fixes it is a full machine restart. This obviously isn't ideal. I've seen a few other threads describing the same or a very similar issue: https://developer.apple.com/forums/thread/728063 https://developer.apple.com/forums/thread/779395 https://developer.apple.com/forums/thread/742992 On a broken upgrade cycle, when we run: sudo launchctl print system/NetworkExtension.com.company.example.app.filter.5.5.0.2248 the endpoints entry is missing from the output entirely. On a working upgrade cycle, the same command shows endpoints = {} is present. So it looks like our XPC service isn't actually getting registered with launchd in the broken case. We've tried various changes to our connection logic, but nothing prevents the issue — random upgrades still end up broken with no obvious cause. Is there a known way to recover the XPC registration without requiring a machine restart?

Hi, Our project is a MacOS SwiftUI GUI application that bundles a System Network Extension, signed with a Developer ID certificate for distribution outside of the app store. The system network extension is used to write a packet tunnel provider. The signing of the app & network extension is handled by XCode (v16.0.0), we do not run codesign ourselves. We have no issues with XPC or the system network extension during normal usage, nor when the application is installed on a user's device for the first time. The problem only arises when the user upgrades the application. I have experienced this issue myself, as have our users. It's been reported on Apple Silicon macbooks running at least macOS 15.3.2. Much like the SimpleFirewall example (which we used as a reference), we use XPC for basic communication of state between the app and NE. These XPC connections stop working when the user installs a new version of the app, with OS logs from the process indicating that the connection is immediately invalidated. Subsequent connection attempts are also immediately invalidated. Toggling the VPN in system settings (or via the app) does not resolve the problem, nor does restarting the app, nor does deleting and reinstalling the app, nor does restarting the device. The only reliable workaround is to delete the system extension in Login Items & Extensions, under Network Extensions. No device restart is necessary to garbage collect the old extension - once the extension is reapproved by the user, the XPC issue resolves itself. This would be an acceptable workaround were it possible to automate the deleting of the system extension, but that appears deliberately not possible, and requiring our users to do this each time they update is unreasonable. When the upgraded app is opened for the first time, the OSSystemExtensionRequest request is sent, and the outcome is that the previously installed system network extension is replaced, as both the CFBundleVersion and CFBundleShortVersionString differ. When this issue is encountered, the output of systemextensionsctl list shows the later version is installed and activated. I've been able to reproduce this bug on my personal laptop, with SIP on and systemextensionsctl developer off, but on my work laptop with SIP off and systemextensionsctl developer on (where the network extension is replaced on each activation request, instead of only when the version strings differ), I do not encounter this issue, which leads me to believe it has something to do with the notarization process. We notarize the pkg using xcrun notarytool, and then staple to the pkg. This is actually the same issue described in: https://developer.apple.com/forums/thread/711713 https://developer.apple.com/forums/thread/667597 https://developer.apple.com/forums/thread/742992 https://developer.apple.com/forums/thread/728063 but it's been a while since any of these threads were updated, and we've made attempts to address it off the suggestions in the threads to no avail. Those suggestions are: Switching to a .pkg installer from a .dmg As part of the .pkg preinstall, doing all of the following: Stopping the VPN (scutil --nc stop), shutting down the app (using osascript 'quit app id'), and deleting the app (which claims to delete the network extension, but not the approval in Login Items & Extensions remains??), by running rm -rf on the bundle in /Applications As part of the .pkg postinstall: Forcing macOS to ingest the App bundle's notarization ticket using spctl --assess. Ensuring NSXPCListener.resume() is called after autoreleasepool { NEProvider.startSystemExtensionMode() } (mentioned in a forum thread above as a fix, did not help.) One thing I'm particularly interested in is the outcome of this feedback assistant ticket, as I can't view it: FB11086599. It was shared on this forum in the first thread above, and supposedly describes the same issue. I almost find it hard to believe that this issue has been around for this many years without a workaround (there's system network extension apps out there that appear to work fine when updating, are they not using XPC?), so I wonder if there's a fix described in that FB ticket. Since I can't view that above feedback ticket, I've created my own: FB17032197

Hi, is there any ETA on when we can see support for nested virtualization in MacOS VMs? Running Docker specifically would be nice.

Hello, I am experiencing a specific authorization error on macOS Tahoe when trying to discover all available service types on the local network. While the implementation works perfectly on iOS and macOS Sonoma, it fails on Tahoe with a specific error code. The Issue When calling DNSServiceBrowse with the meta-query string _services._dns-sd._udp, the function immediately returns kDNSServiceErr_NoAuth (-65555). // This call fails on macOS Tahoe DNSServiceErrorType err = DNSServiceBrowse( &ref, 0, kDNSServiceInterfaceIndexAny, "_services._dns-sd._udp", // Meta-query for all services domc, probe_browse_reply, (__bridge void *)self ); Important Findings & Observations Specific Services Work: If I change the service type to a specific one (e.g., _http._tcp or _ssh._tcp) using NWBrowser, it works correctly and returns results. The error only occurs when browsing for _services._dns-sd._udp using DNSServiceBrowse. Local Network Permission: I have confirmed that the Local Network toggle is ON for my app in System Settings > Privacy & Security > Local Network. Entitlements: My app has the com.apple.developer.networking.multicast entitlement. Info.plist: Both NSLocalNetworkUsageDescription and NSBonjourServices (including _services._dns-sd._udp) are properly configured. Sandbox: The issue persists regardless of whether the App Sandbox is enabled (with incoming/outgoing connections) or disabled. Environment Not Working OS: macOS Tahoe 26 Working OS: macOS Sonoma, iOS 26 Question It seems macOS Tahoe has introduced a stricter policy regarding Network Reconnaissance or meta-service browsing. Is there a new requirement or a specific entitlement needed in macOS Tahoe to browse for _services._dns-sd._udp? Any guidance on how to restore this functionality for network utility apps on macOS Tahoe would be greatly appreciated. Best regards.

Our app has a network extension (as I've mentioned lots 😄). We do an upgrade by downloading the new package, stopping & removing all of our components except for the network extension, and then installing the new package, which then loads a LaunchAgent causing the containing app to run. (The only difference between a new install and upgrade is the old extension is left running, but not having anything to tell it what to do, just logs and continues.) On some (but not all) upgrades... nothing ends up able to communicate via XPC with the Network Extension. My simplest cli program to talk to it gets Could not create proxy: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named blah was invalidated: failed at lookup with error 3 - No such process." UserInfo={NSDebugDescription=The connection to service named bla was invalidated: failed at lookup with error 3 - No such process.} Could not communicate with blah Restarting the extension by doing a kill -9 doesn't fix it; neither does restarting the control daemon. The only solution we've come across so far is rebooting. I filed FB11086599 about this, but has anyone thoughts about this?

Hi, Overview I have a SwiftData project which automatically syncs with CloudKit. When I run the app, I see the following error in Xcode logs. Error updating background task request: Error Domain=BGSystemTaskSchedulerErrorDomain Code=3 "(null)" My attempt I can enable Background processing (under Signing & Capabilities > Background modes), but I don't know the BGTaskSchedulerPermittedIdentifiers to add in the Info.plist Questions How can I resolve this? If I should enable background processing, what are the BGTaskSchedulerPermittedIdentifiers to add in Info.plist?

I've seen a number of similar posts from other network system extension developers reporting kernel panics on M5 devices in macOS. These kernel panics occur when network system extensions are enabled and are not observed on earlier mac platforms or versions of macOS. Reference: https://developer.apple.com/forums/thread/821372 In this post, it appears like Apple is aware of a problem as noted by Kevin Elliott in versions of macOS. Do we know if there is any way to work around this problem (short of not enabling a network filter) until a fix is available?

MapKit offers showsTraffic: Bool, which is great for displaying live traffic data on the map. However, MapPolyline sits above it, which makes it quite useless. Is this the expected behaviour?

In the last few weeks 5 users have reported my workout watch app being unable to read health data despite the permissions being enabled in the iPhone Settings app. This has been a common complaint over the years and is usually fixed by disabling the permissions; rebooting both devices; and then enabling them again. This usually nudges iOS into sending the permissions to watchOS. However that procedure doesn't work for these users, all of whom are using watchOS 10.6.2. They are using various versions of iOS 18 or 26 so it seems to be a problem with that version of watchOS, which users are usually limited to because their hardware won't support anything more up to date. It seems that unpairing and re-pairing the watch can fix the problem but not always. I looked around and it seems that other apps are having the same problem: https://www.reddit.com/r/runna/comments/1rhhs2n/runna_wont_start_an_outdoor_run_on_apple_watch/ Does anyone know a way to fix this? My current advice is to repeatedly unpair / re-pair until it works, which isn't really practical! Thanks in advance.

I'm a first time developer, relying heavily on Claude Agent. In my app, I'm using CloudKit to sync data between devices, but after a migration something got corrupted and syncing is no longer working. I'm using SwiftData with NSPersistentCloudKitContainer. I'm using Xcode 26.4.1 on a Mac mini. I'm testing my app on the same Mac mini, running Tahoe 26.4.1 as well as an iPad 12.9 running iPadOS 26.3.1 and an iPhone running iOS 18.7.8. Sync stopped after a cachedTotal property was added to a SwiftData model, which triggered a backfill migration that wrote to all records simultaneously across multiple devices. This was followed by an iCloud sign-out/sign-in on the Mac. Here’s a summary of everything I’ve tried already: Reset All Data on all devices multiple times Deleted and reinstalled the app on all devices Deleted the CloudKit zone twice Force-deleted local SQLite store files to clear change tokens Zone and subscription both appear correct in the dashboard Change token updates when data is written (confirming uploads work) No data propagates to other devices in any direction Uploads appear to succeed (change token changes) but imports never fire on any device. In other words, writes work, reads don’t. Is there a way to fully reset the CloudKit container's production private database for a TestFlight app, or is there a way to diagnose why imports are not firing despite a valid zone and subscription?

When I query, an existing database with over 10,000 records from an Objective C app (i.e. CKQueryOperation) I get only N x 100 records returned where N varies each time between 0 and about 10 (i.e. never more than 1000 records and always an even multiple of 100). When I do a “Query Records” on the CloudKit Dashboard I get a similar number of pages of records downloaded (i.e. 0-10). If I tap “Query Records” multiple times I will get more pages of records until the full 10,000 are downloaded. This had been working fine until recently, both from the app and the Dashboard. There are multiple Record Types in the database. Only one Record Type is erroring. The other Record Types continue to work both from the app and the Dashboard. In particular, the Users Record Type has many many records and they all download to many pages with a single tap of “Query Records”. I have posted this to the Feedback Assistant under FB22358865. Here is my code: NSPredicate *predicate =[NSPredicate predicateWithFormat:@"modificationDate>%@",dateLastSynched]; CKRecordType theRecordName=[NSString stringWithString:@"Notices”]; // I also try this for @“Links” and @“Messages” and @“EventMessages" CKQuery *query = [[CKQuery alloc] initWithRecordType:theRecordName predicate:predicate]; CKQueryOperation *theOperation=[[CKQueryOperation alloc] initWithQuery:query]; [self startAQueryOperation:(CKQueryOperation *)theOperation theName:(NSString *)recordName]; -(void)startAQueryOperation:(CKQueryOperation *)theOperation theName:(NSString *)recordName{ theOperation.recordFetchedBlock=^(CKRecord *theRecord){ NSLog(@"XXXjust downloaded a %@",recordName); }; theOperation.queryCompletionBlock=^(CKQueryCursor *theCursor, NSError *error){ if(error){ NSLog(@"XXXerror %@",error); } if(theCursor){ CKQueryOperation *anotherOperation=[[CKQueryOperation alloc] initWithCursor:theCursor]; [self startAQueryOperation:anotherOperation theName:recordName]; } }; CKDatabase *publicDatabase = [[CKContainer defaultContainer] publicCloudDatabase]; [publicDatabase addOperation:theOperation]; } When I run this code in the app I get no “XXXerror” from the NSLogs. I get the expected number of “XXXjust downloaded a” EventMessages (435) and Messages (594) and Links (15) but I get varying amounts, 100 or 400 or 500 “xxjust downloaded a” for the Notices when I should get 10,118 records. Thinking that 10,000 records is too much, if I alter “dateLastSynched” for Notices I still get only 100 or 200, not the expected number. Note that the number is always a multiple of 100. This seems to be consistent with the typical number of records I get on the CloudKit dashboard each time I tap “Query Records”.

How does an app bind a custom display name to a sidebar Favorites entry pointing at a NSFileProviderDomain mount, while preserving the FP extension's icon? Inserting the volume URL directly via LSSharedFileListInsertItemURL keeps the icon but uses the volume's default name. Inserting an alias-bookmark file or symlink to the volume with a custom filename gives the custom name but drops the icon to the generic alias glyph. Since other apps seem to have achieved this, I wonder what's missing in order to get it working. I've dropped a lot of work into this already and tried so many things but none has been working. What's complicating things is that working with plugins are easy to get wrong – the old plugin might not be correctly unloaded so you get stale behaviour etc. I've already spent more time with this than I'd care to admit. Since LSSharedFileListInsertItemURL is deprecated it's natural that setting the name/icon is getting ignored, but there's clearly a way to make it work. For apps that have this working I did the following test: Change the name - icon stays the same Restart Finder - icon now becomes a generic icon Change the name back to the original Restart Finder - icon reverts to the "proper" icon. Apart from this I've been able to verify that aliases produced by my app has the same data as apps with this working. Any hints would be greatly appreciated.