Team-scoped keys introduce the ability to restrict your token authentication keys to either development or production environments. Topic-specific keys in addition to environment isolation allow you to associate each key with a specific Bundle ID streamlining key management. For detailed instructions on accessing these features, read our updated documentation on establishing a token-based connection to APNs.

I’m currently developing an iOS app built in Unity, exported to Xcode for signing and deployment. The app needs to register for Apple Push Notifications (APNs) to retrieve the device token and register it with a backend service (PlayFab). Despite enabling the required capabilities and entitlements, the app never receives a device token — the authorization request succeeds, but the token remains empty (req.DeviceToken is null in Unity). I’ve confirmed that the issue occurs before PlayFab or Firebase are involved, meaning the app never receives the token from Apple Push Notification service (APNs) itself. The Unity script I am using is: #if UNITY_IOS using UnityEngine; using Unity.Notifications.iOS; using PlayFab; using PlayFab.ClientModels; using System.Collections; using System; public class iOSPushInit : MonoBehaviour { private const int MaxRetries = 5; private const float RetryDelay = 2f; // seconds void Start() { Debug.Log("🛠 iOSPushInitDebug starting..."); StartCoroutine(RequestAuthorizationAndRegister()); } private IEnumerator RequestAuthorizationAndRegister() { // Request Alert + Badge + Sound permissions and register for remote notifications var authOptions = AuthorizationOption.Alert | AuthorizationOption.Badge | AuthorizationOption.Sound; using (var req = new AuthorizationRequest(authOptions, true)) { Debug.Log("⏳ Waiting for user authorization..."); while (!req.IsFinished) { yield return null; } Debug.Log($"🔔 Authorization finished at {DateTime.Now}: granted={req.Granted}, error={req.Error}"); if (!req.Granted) { Debug.LogError("❌ User denied notification permissions! Cannot get APNs token."); yield break; } // Authorization granted → check for device token int attempt = 0; string token = req.DeviceToken; Debug.Log($"req.DeviceToken: {req.DeviceToken}"); while (string.IsNullOrEmpty(token) && attempt < MaxRetries) { attempt++; Debug.Log($"ℹ️ APNs token not available yet. Attempt {attempt}/{MaxRetries}. Waiting {RetryDelay} seconds..."); yield return new WaitForSeconds(RetryDelay); token = req.DeviceToken; } if (string.IsNullOrEmpty(token)) { Debug.LogWarning("⚠️ APNs token still null after multiple attempts. Try again on next app launch."); yield break; } Debug.Log($"📱 APNs Token acquired at {DateTime.Now}: {token}"); // Register with PlayFab var request = new RegisterForIOSPushNotificationRequest { DeviceToken = token, SendPushNotificationConfirmation = false }; PlayFabClientAPI.RegisterForIOSPushNotification(request, result => Debug.Log("✅ APNs token successfully registered with PlayFab."), error => Debug.LogError("❌ Failed to register APNs token with PlayFab: " + error.GenerateErrorReport())); } } } #endif When running on a real device (not simulator), the following is logged in Xcode: 🔔 Authorization finished: granted=True, error= ℹ️ APNs token not yet available. Try again on next app launch. In the Xcode console, I do not see the expected APNs registration message: [Device] Registered for remote notifications with token: <...> Environment Details: Engine: Unity 6000.2.6f2 Notifications package: com.unity.mobile.notifications 2.4.2 Xcode: 16.4 (16F6) iOS Device: iPhone 12, iOS 26.0.1 Testing Method: Building directly from Unity → Xcode → real device Signing mode: Automatic (with correct Team selected) Certificates in account: Apple Development certificate (active) Apple Distribution certificate (active) Provisioning Profile: Type: App Store (also tested Development profile) Enabled Capabilities: Push Notifications, In-App Purchase App ID Capabilities: Push Notifications: Enabled Development SSL certificate: Present Production SSL certificate: Not generated (yet) Background Modes -> remote notifications What I Have Verified: ✅ Push Notifications capability is enabled in the Xcode target (not UnityFramework). ✅ Team and Bundle Identifier match my Apple Developer App ID. ✅ App ID has Push Notifications enabled in the Developer Portal. ✅ Tested on a real iOS device with working internet. ✅ Rebuilt and reinstalled app after enabling Push Notifications. ✅ Authorization dialog appears and permission is granted by user. How can I resolve this issue?

I have an iOS app (1Address) which allows users to share their address with family and friends using CloudKit Sharing. Users share their address record (CKRecord) via a share link/url which when tapped allows the receiving user to accept the share and have a persistent view into the sharing user's address record (CKShare). However, most users when they recieve a sharing link do not have the app installed yet, and so when a new receiving user taps the share link, it prompts them to download the app from the app store. After the new user downloads the app from the app store and opens the app, my understanding is that the system (iOS) will/should then vend to my app the previously tapped cloudKitShareMetadata (or share url), however, this metadata is not being vended by the system. This forces the user to re-tap the share link and leads to some users thinking the app doesn't work or not completing the sharing / onboarding flow. Is there a workaround or solve for this that doesn't require the user to tap the share link a second time? In my scene delegate I am implementing: func scene(_ scene: UIScene, willConnectTo session: UISceneSession, options connectionOptions: UIScene.ConnectionOptions) {...} And also func scene(_ scene: UIScene, continue userActivity: NSUserActivity) {...} And also: func windowScene(_ windowScene: UIWindowScene, userDidAcceptCloudKitShareWith cloudKitShareMetadata: CKShare.Metadata) {...} And: func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) {...} Unfortunately, none of these are called or passed metadata on the initial app run after install. Only after the user goes back and taps a link again can they accept the share. This documentation: https://developer.apple.com/documentation/cloudkit/ckshare says that adding the CKSharingSupported key to your app's Info.plist file allows the system to launch your app when a user taps or clicks a share URL, but it does not clarify what should happen if your app is being installed for the first time. This seems to imply that the system is holding onto the share metadata and/or url, but for some reason it is not being vended to the app on first run. Open to any ideas here for how to fix and I also filed feedback: FB20934189.

Downloaded example app from here Xcode version: Version 26.1.1 (17B100) Simulator iOS Version: 26.1 & 18.5 Set custom location in the simulator to the center of the condition being monitored in the example. The only log entry was "Setup Monitor". Tried a custom gpx starting at the same point and moving 500m away. Same logs. Didn't change any of the source code, granted always permissions, allowed notifications, tapped "AddCircularGeographicCondition". Let me know if there is something I am missing or more information I can provide.

My iOS app uses CloudKit key-value storage. I have not updated the app in a few years but it works fine. Since it was last updated, I transferred the app from an old organization to my personal developer account. Now that I'm working on the app again I get an error: Provisioning profile "iOS Team Provisioning Profile: com.company.app" doesn't match the entitlements file's value for the com.apple.developer.ubiquity-kvstore-identifier entitlement. In the entitlement file, it has $(TeamIdentifierPrefix)$(CFBundleIdentifier) as the value for iCloud Key-Value Store. I've verified the variables resolve as expected. When I parse the provisioning profile there is no entitlement value for key-value storage. What am I getting wrong?

After adding furhter IAP Items to my app, none of the products are available for purchase an more on iOS. But it works just fine on the Mac Catalyst app. Logging the request shows that all product IAP IDs are "invalid", even those who already were on sale. Any idea what this can be caused by? Ive already double checked the obvious things like the product IDs on appstoreconnect, bundle ID, tested on different devices, Test Flight etc... Has anyone experienced this already?

I’m implementing a Live Activity that shows some text and a button. When the user taps the button, I want to open the host app. What I’ve done so far: Implemented a LiveActivityIntent to handle the button tap. The intent is triggered successfully. However, the app does not open by using deep link/universal app link. From what I can tell, LiveActivityIntent seems limited to system/background execution and doesn’t bring the app to the foreground. Questions: Is it possible for a LiveActivityIntent to open the app? Is this behavior a documented/intentional limitation? If not supported, is using a Universal Link or deep link the recommended solution for opening the app from a Live Activity button? Any official clarification or recommended best practice would be helpful.

Is there a way to enumerate all files within a folder of an asset pack or just all files in general? My application is using the Apple demo code to load a file from an Apple hosted asset pack: let descriptor = try AssetPackManager.shared.descriptor(for: "NAV/NavData.db3") defer { try descriptor.close() } if let path = path(for: descriptor) { self.database = try Database(path: path) } As my "Navigation Data" is updated each month with an updated asset pack I would like to have the name of the .db3 file reflect the current data cycle (e.g. NAV2601.db3, NAV2602.db3, ...) Ideally I would like to iterate over all files within the NAV folder of the current asset pack and pick the most recent one. Unfortunately, neither the AssetPackManager nor the AssetPack object seem to include an API for this. It would be cool to have something like: let files = try AssetPackManager.shared.files(for: "NAV/") for file in files { //Check and load }

So I have an M3 Max MBP which I was planning on taking out to use while my son had his 4-hours-long archery class, but I've been using the Studio (running Tahoe) for development, and the version of Xcode running on there is too new for the version running on the MBP. So I try to update the MBP, but Settings thinks it's up to date: This is an M3 Max... so that seems ... unlikely. I've tried rebooting the thing, I've tried clicking any number of times on the 'check for updates' button, but no joy. Anyone got any pointers ?

Hello, I hope the title is self explanatory. As a system administrator I would like to use macOS server on Sequoia to manage the protected network behind this server: bootpd, natpmpd, paquet filter, postfix mail server, squid proxy… I am at a lost not to find in less than 15 minutes where this is available. Sorry for the silly question.

Since the introduction of the siblings / and /System/Volumes/Data architecture, some very basic, critical commands seems to have a broken behaviour ( cp, rsync, tar, cpio…). As an example, ditto which was introduced more than 10 years ago to integrate correctly all the peculiarity of HFS Apple filesystem as compared to the UFS Unix filesystem is not behaving correctly. For example, from man ditto: --rsrc Preserve resource forks and HFS meta-data. ditto will store this data in Carbon-compatible ._ AppleDouble files on filesystems that do not natively support resource forks. As of Mac OS X 10.4, --rsrc is default behavior. [...] --extattr Preserve extended attributes (requires --rsrc). As of Mac OS X 10.5, --extattr is the default. and nonetheless: # ls -@delO /private/var/db/ConfigurationProfiles/Store drwx------@ 5 root wheel datavault 160 Jan 20 2024 /private/var/db/ConfigurationProfiles/Store                            ********* com.apple.rootless 28 *************************** # mkdir tmp # ditto /private/var/db/ConfigurationProfiles tmp ditto: /Users/alice/Security/Admin/Apple/APFS/tmp/Settings: Operation not permitted ditto: /Users/alice/Security/Admin/Apple/APFS/tmp/Store: Operation not permitted # ls -@delO tmp/Store drwx------ 5 root wheel - 160 Aug 8 13:55 tmp/Store                            * # The extended attribute on copied directory Store is empty, the file flags are missing, not preserved as documented and as usual behaviour of ditto was since a long time ( macOS 10.5 ). cp, rsync, tar, cpio exhibit the same misbehaviour. But I was using ditto to be sure to avoid any incompatibility with the Apple FS propriaitary modifications. As a consequence, all backup scripts and applications are failing more or less silently, and provide corrupted copies of files or directories. ( I was here investigating why one of my security backup shell script was making corrupted backups, and only on macOS ). How to recover the standard behaviour --extattr working on modern macOS?

Hi everyone — I’m hoping to get a quick technical sanity check from folks familiar with Apple’s satellite features. I’ve put together a very narrowly scoped request around the temporary enablement of existing iPhone satellite capabilities (Emergency SOS / Messages via Satellite), focused on a simple “check-in” use case. The idea is intentionally minimal: preset status messages only (e.g. “I’m safe”, “I need help”) optional one-time location sharing strict rate limits temporary enablement with a clear sunset date This isn’t a request for new features, internet access, voice, or emergency-service integration — it’s framed as a configuration/policy enablement using systems Apple already operates. I’ve documented the full scope and assumptions here Posting mainly to invite technical review, correction, or perspective from anyone familiar with how the satellite stack is structured today. Appreciate any insights.

DeviceActivityReportExtension issues Hi, I am currently working on a project and hoping to use DeviceActivityReportExtension. I have already successfully set up the DeviceActivityMonitorExtension and that is working correctly, but can't get this to reproduce. I initially had a complex capacitor project which displayed a native UI screen which (tried to) display the screen time report though it was failing silently. I tried a much simpler setup with a pure swift project (not an iOS dev so forgive my poor code quality) and still having an issue getting this to render on my computer. Here is a reproduction: https://github.com/ethanmichel0/screen-time-report-bug-recreation/tree/main Does this code work for others? and if not do you know how I can set this up? idk if my Xcode or iOS versions are incompatible (see versions in that link). Would be super grateful for some help, thanks so much.

Hi, I’m having issues with push notifications on my phone across multiple apps. When someone sends me a message, I only receive the notification 10 to 15 minutes later. For example, on WhatsApp, people say that my chat only shows one checkmark when they send me a message. I don’t know what else to do. I’ve already contacted Apple Support, visited an Apple-affiliated physical store, and followed all the recommended procedures. This is my first time using an iPhone—I bought it for professional use, but it’s practically useless if I don’t receive notifications instantly. They even told me that if I send it in for warranty service, there’s a 90% chance they won’t detect the issue, and the iPhone will come back with the same problem.

I'm working on building a Text Messages Filter Extension app and currently facing the below error: "Cannot find 'ILMessageFilterExtensionConfigurationManager' in scope". As required the app includes MessageFilterStatusManager.swift file, with the host app designated as the Target Membership. App minimum deployment is set to iOS 17.6 and I'm working with Xcode Version 26.2. If anyone has encountered this error I'd appreciate your feedback.

SMBClient-593 introduces a crtitical bug. When reading and writing data at high volume, the SMBClient no longer properly receives and handle responses from the server. In some cases, the client mishandles the response packet and the following errors are seen in the logs: 2025-12-02 21:36:04.774772-0700 localhost kernel[0]: (smbfs) smb2_smb_parse_write_one: Bad struct size: 0 2025-12-02 21:36:04.774776-0700 localhost kernel[0]: (smbfs) smb2_smb_write: smb2_smb_read_write_async failed with an error 72 2025-12-02 21:36:04.774777-0700 localhost kernel[0]: (smbfs) smbfs_do_strategy: file.txt: WRITE failed with an error of 72 In other cases, the client mishandles the response packet and becomes completely unresponsive, unable to send or receive additional messages, and a forced shutdown of the computer is required to recover. This bug is only present on macos 26. We believe the operative change is in the latest commit, SMBClient-593 beginning at line now 3011 in smb_iod.c. The issue seems to be a race, and occurs much more frequently once throughput exceeds around 10Gbps, and again more frequently above 20Gbps.

Hi all, I'm building an iOS app extension using ExtensionKit that works exclusively with its containing host app, presenting UI via EXHostViewController. I'd like the extension to have read-only access to the host's task for process introspection purposes. I'm aware this would almost certainly require a special entitlement. I know get-task-allow and the debugger entitlement exist, but those aren't shippable to the App Store. I'm looking for something that could realistically be distributed to end users. My questions: Does an entitlement exist (or is one planned) that would grant an extension limited, read-only access to its host's task—given the extension is already tightly coupled to the host? If not, is this something Apple would consider adding? The use case is an extension that needs to inspect host process state without the ability to modify it. Is there a path to request such an entitlement through the provisioning profile process, or is this fundamentally off the table for App Store distribution? It seems like a reasonable trust boundary given the extension already lives inside the host's app bundle, but I understand the security implications. Any insight appreciated. Thanks!

I. am working on an app that uses automounted files using nfsv4 where the server has zfs filesystems. As a test I've created a very simple example and the directory in question seems to automount correctly, but when I try to access it, I get strange behavior. The directory is mounted on is /System/Volumes/Data/mnt/subdir and I can change to that directory just fine. However I get the following: 63 rrsum@Anywhere:subdata% pwd /System/Volumes/Data/mnt/subdata 64 rrsum@Anywhere:subdata% ls -la total 3 drwxr-xr-x 3 nobody nobody 4 Jan 10 13:03 . dr-xr-xr-x 3 root wheel 2 Jan 8 17:27 .. drwxr-xr-x 2 nobody nobody 3 Jan 9 11:20 dir -rw-r--r-- 1 nobody nobody 12 Jan 10 13:09 file.txt 65 rrsum@Anywhere:subdata% cd dir cd: string not in pwd: ls The directory appears in the 'ls -la' properly, but I cannot cd to it.

I’m hitting a persistent conflict between my Business (Managed) Apple ID and my personal Apple ID when trying to use TestFlight. My Business ID is correctly tied to App Store Connect, but the device always forces TestFlight to associate with my personal Apple ID. When I try to “Review” the Business ID in the App Store, I get the endless loop: “This Apple ID has not been used in the iTunes Store.” The review flow never completes. What I’ve already confirmed: Business/Managed Apple IDs cannot be activated for the App Store -Signing out of Media & Purchases doesn’t fix it -Tried on multiple devices - sign out - same behaviour -TestFlight still forces a personal Apple ID login even when everything else is configured correctly This looks like a reproducible conflict introduced by recent Apple updates, and it’s affecting Managed/Business Apple IDs across the board. Developer Support hasn’t provided a single actionable response despite multiple tickets which is unacceptable for a paid service. Has anyone found a reliable workaround solution for this problem ? THANK YOU in advance !!

Hello everyone, We are in the process of migrating a high-performance storage KEXT to DriverKit. During our initial validation phase, we noticed a performance gap between the DEXT and the KEXT, which prompted us to try and optimize our I/O handling process. Background and Motivation: Our test hardware is a RAID 0 array of two HDDs. According to AJA System Test, our legacy KEXT achieves a write speed of about 645 MB/s on this hardware, whereas the new DEXT reaches about 565 MB/s. We suspect the primary reason for this performance gap might be that the DEXT, by default, uses a serial work-loop to submit I/O commands, which fails to fully leverage the parallelism of the hardware array. Therefore, to eliminate this bottleneck and improve performance, we configured a dedicated parallel dispatch queue (MyParallelIOQueue) for the UserProcessParallelTask method. However, during our implementation attempt, we encountered a critical issue that caused a system-wide crash. The Operation Causing the Panic: We configured MyParallelIOQueue using the following combination of methods: In the .iig file: We appended the QUEUENAME(MyParallelIOQueue) macro after the override keyword of the UserProcessParallelTask method declaration. In the .cpp file: We manually created a queue with the same name by calling the IODispatchQueue::Create() function within our UserInitializeController method. The Result: This results in a macOS kernel panic during the DEXT loading process, forcing the user to perform a hard reboot. After the reboot, checking with the systemextensionsctl list command reveals the DEXT's status as [activated waiting for user], which indicates that it encountered an unrecoverable, fatal error during its initialization. Key Code Snippets to Reproduce the Panic: In .iig file - this was our exact implementation: class DRV_MAIN_CLASS_NAME: public IOUserSCSIParallelInterfaceController { public: virtual kern_return_t UserProcessParallelTask(...) override QUEUENAME(MyParallelIOQueue); }; In .h file: struct DRV_MAIN_CLASS_NAME_IVars { // ... IODispatchQueue* MyParallelIOQueue; }; In UserInitializeController implementation: kern_return_t IMPL(DRV_MAIN_CLASS_NAME, UserInitializeController) { // ... // We also included code to manually create the queue. kern_return_t ret = IODispatchQueue::Create("MyParallelIOQueue", kIODispatchQueueReentrant, 0, &ivars->MyParallelIOQueue); if (ret != kIOReturnSuccess) { // ... error handling ... } // ... return kIOReturnSuccess; } Our Question: What is the officially recommended and most stable method for configuring UserProcessParallelTask_Impl() to use a parallel I/O queue? Clarifying this is crucial for all developers pursuing high-performance storage solutions with DriverKit. Any explanation or guidance would be greatly appreciated. Best Regards, Charles

Hey everyone, I really need help. My app versions keep getting approved for distribution and my subscriptions and business agreements are all approved. Yet, when the paywall in my app appears, and someone clicks the subscribe button to pay, the IAP isn't appearing. It just loads forever. When I tested in Xcode it just kept saying products not found. Id's are the same, bundle id is the same, ive done everything. Can someone help pls.