In my application, I use CallKit and have supportsHolding = true set. During my phone call, another call comes in (e.g., GSM). I accept the incoming call and put the current call on hold. If I end the active call myself, everything is fine, and CallKit calls the method provider(_ provider: CXProvider, didActivate audioSession: AVAudioSession). However, if the other party ends the call, the second call remains on hold. In the application, the user clicks on unhold, and I notify CallKit that the hold has ended. But in this case, the didActivate method is not called at all. If I try to activate the audio myself after unhold, I receive the error: Domain=NSOSStatusErrorDomain Code=561017449 "Session activation failed" UserInfo={NSLocalizedDescription=Session activation failed} AVAudioSessionErrorInsufficientPriority == NSOSStatusErrorDomain Code: 561017449 What needs to be done for CallKit to activate my audio?

I'm creating an App that can accepted PDFs from a shared context. I am using iOS, Swift, and UIKit with IOS 17.1+ The logic is: get the context see who is sending in (this is always unknown) see if I can open in place (in case I want to save later) send the URL off to open the (PDF) document and load it into PDFKit's pdfView.document I have no trouble loading PDF docs with the file picker. And everything works as expected for shares from apps like Messages, email, etc... (in which case URLContexts.first.options.openInPlace == False) The problem is with opening (sharing) a PDF that is sent from the Files App. (openInPlace == True) If the PDF is in the App's Document Folder, I need the Security scoped resource, to access the URL from the File's App so that I can copy the PDF's data to the PDFViewer.document. I get Security scoped resource access granted each time I get the File App's context URL. But, when I call fileCoordinator.coordinate and try to access a file outside of the App's document folder using the newUrl, I get an error. FYI - The newUrl (byAccessor) and context url (readingItemAt) paths are always same for the Files App URL share context. I can, however, copy the file to a new location in my apps directory and then open it from there and load in the data. But I really do not want to do that. . . . . . Questions: Am I missing something in my pList or are there other parameters specific to sharing a file from the Files App? I'd appreciate if someone shed some light on this? . . . . . Here are the parts of my code related to this with some print statements... . . . . . SceneDelegate func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) { // nothing to see here, move along guard let urlContext = URLContexts.first else { print("No URLContext found") return } // let's get the URL (it will be a PDF) let url = urlContext.url let openInPlace = urlContext.options.openInPlace let bundleID = urlContext.options.sourceApplication print("Triggered with URL: \(url)") print("Can Open In Place?: \(openInPlace)") print("For Bundle ID: \(bundleID ?? "None")") // get my Root ViewController from window if let rootViewController = self.window?.rootViewController { // currently using just the view if let targetViewController = rootViewController as? ViewController { targetViewController.prepareToLoadSharedPDFDocument(at: url) } // I might use a UINavigationController in the future else if let navigationController = rootViewController as? UINavigationController, let targetViewController = navigationController.viewControllers.first as? ViewController { targetViewController.prepareToLoadSharedPDFDocument(at: url) } } } . . . . ViewController function I broke out the if statement for accessingScope just to make it easier for me the debug and play around with the code in accessingScope == True func loadPDF(fromUrl url: URL) { // If using the File Picker / don't use this // If going through a Share.... we pass the URL and have three outcomes (1, 2a, 2b) // 1. Security scoped resource access NOT needed if from a Share Like Messages or EMail // 2. Security scoped resource access granted/needed from 'Files' App // a. success if in the App's doc directory // b. fail if NOT in the App's doc directory // Set the securty scope variable var accessingScope = false // Log the URLs for debugging print("URL String: \(url.absoluteString)") print("URL Path: \(url.path())") // Check if the URL requires security scoped resource access if url.startAccessingSecurityScopedResource() { accessingScope = true print("Security scoped resource access granted.") } else { print("Security scoped resource access denied or not needed.") } // Stop accessing the scope once everything is compeleted defer { if accessingScope { url.stopAccessingSecurityScopedResource() print("Security scoped resource access stopped.") } } // Make sure the file is still there (it should be in this case) guard FileManager.default.fileExists(atPath: url.path) else { print("File does not exist at URL: \(url)") return } // Let's see if we can open it in place if accessingScope { let fileCoordinator = NSFileCoordinator() var error: NSError? fileCoordinator.coordinate(readingItemAt: url, options: [], error: &error) { (newUrl) in DispatchQueue.main.async { print(url.path()) print(newUrl.path()) if let document = PDFDocument(url: newUrl) { self.pdfView.document = document self.documentFileName = newUrl.deletingPathExtension().lastPathComponent self.fileLoadLocation = newUrl.path() self.updateGUI(pdfLoaded: true) self.setPDFScale(to: self.VM.pdfPageScale, asNewPDF: true) } else { print("Could not load PDF directly from url: \(newUrl)") } } } if let error = error { PRINT("File coordination error: \(error)") } } else { DispatchQueue.main.async { if let document = PDFDocument(url: url) { self.pdfView.document = document self.documentFileName = url.deletingPathExtension().lastPathComponent self.fileLoadLocation = url.path() self.updateGUI(pdfLoaded: true) self.setPDFScale(to: self.VM.pdfPageScale, asNewPDF: true) } else { PRINT("Could not load PDF from url: \(url)") } } } } . . . . Other relevant pList settings I've added are: Supports opening documents in place - YES Document types - PDFs (com.adobe.pdf) UIDocumentBrowserRecentDocumentContentTypes - com.adobe.pdf Application supports iTunes file sharing - YES And iCloud is one for Entitlements with iCloud Container Identifiers Ubiquity Container Identifiers . . . . Thank you in advance!. B

Looking for any more documentation on FSKit - https://developer.apple.com/documentation/fskit?language=objc I don't see any examples or sessions on it, but it looks fascinating. Attempted to try to put something together and immediately ran into failed at lookup with error 159 - Sandbox restriction

On macOS Sequoia, the settings to enable FIFinderSync seem to have gone. I have already figured out that Extensions are no longer in the Privacy &amp; Security section, but they are now at General › Login Items &amp; Extensions. Here there is a Finder section, but that is just for the Finder-Extensions, not the Finder-Sync-Extensions. Those previously did not have their own section and were hidden away in the Added Extensions section that apparently no longer exists. I expect that it has been forgotten when migrating. Where are the settings for this – have they been forgotten?

I am working on an app for a home automation device. If I were using HomeKit exclusively I could add custom services or custom characteristics on standard services and these things would all be reported to my app via HomeKit. There is sample code from Apple that demonstrates how to do this. When a Matter device is commissioned using HomeKit you might expect custom clusters and/or custom attributes in a standard cluster would be translated to appropriate HomeKit services and characteristics, but this doesn't appear to be the case. Is there a way to have HomeKit do this? If not it seems I would need to use Matter directly rather than via HomeKit to access custom features. But if I commission the device using Matter in my app then I understand a new fabric is created and the device would not show in the Home app. Maybe the user needs to commission the device twice, once with my custom app and once with the Home app? That seems like a poor user experience to me. Perhaps that is the price paid for using a cross-platform standard? Is there a better way to get the same level of customization using Matter that I am able to get using HomeKit?

Prior to Sequoia, Mac Catalyst Apps worked fine when using group folders that started with group. They now get an alert that the Mac Catalyst app is trying to access data from other applications. This may also impact some SwiftUI developers. According to this the documentation for the App Group Entitlements entitlement, on macOS we should begin use the Team Identifier instead of group. Should Mac Catalyst follow the macOS or iOS rules for com.apple.security.application-groups? If they should need to follow the macOS rules now, that creates several issues for developers. We would now need separate build targets to pick up the different Entitlements files. More distressing is that we would need to do some kind of migration process to get our files to the new location. There wouldn't be a transparent way to do so where the user wasn't warned about the application accessing files that don't belong to it. Any clarification on what Mac Catalyst developers should be doing to prepare for Sequoia would be greatly appreciated.

Hello, Has anyone encountered issues with CoreBluetooth advertising and scanning between iOS 18/iPadOS 18 Beta 3 ? I'm want to know this is a bug or an intended change in behavior. Issue Summary: Central device on iOS 18/iPadOS 18 Beta 3 (foreground) and Peripheral device on iOS 17.5.1 (background) fail to communicate via BLE advertising. The reverse setup or using non-iOS 18 devices works as expected. Detailed Description: I am developing an iOS/iPadOS application using CoreBluetooth for advertising and scanning. Here are the specifics of my setup: The application uses a fixed BLE service UUID, and scanning is performed with the specified service UUID. Background Modes Uses Bluetooth LE accessories and Acts as a Bluetooth LE accessory are enabled to allow advertising and scanning even when the app is in the background. When the Central device is running iOS 18/iPadOS 18 Beta 3 and the app is in the foreground scanning, and the Peripheral device is running iOS 17.5.1 with the app in the background advertising, the Central device cannot receive the advertisements from the Peripheral device. ( CBCentralManagerDelegate.centralManager(_:didDiscover:advertisementData:rssi:) don't work.) In the reverse scenario (Central on iOS 17.5.1 in the foreground scanning, and Peripheral on iOS 18/iPadOS 18 Beta 3 in the background advertising), the advertisements are received correctly. Additionally, advertisements are received correctly in cases where both devices are not on iOS 18/iPadOS 18. I am wondering if anyone else has encountered this issue or if there is any information available regarding whether this is a bug or an intended behavior change in iOS 18/iPadOS 18. Thank you.

The copyfile() method of the macOS API does not seem to use SMB server-side copying, while copying in Finder does appear to use this.

A little bit of background: If you make an app with no compiled Arm64 binaries in the Content/MacOS folder, MacOS erroneously identifies it as an Intel based app. After launching the app, MacOS will prompt the user to install rosetta, despite the app running fine natively. I found a simple solution to this issue, either include a do-nothing compiled binary to Contents/MacOS, or add <key>LSArchitecturePriority</key> <array> <string>arm64</string> </array> to the plist. The problem is this change only fixes the issue if you also change the BundleID. If you run the app even once with the bad configuration, MacOS seems to cache the intel flag somewhere based on the BundleID. It does not seem to be cached in the usual places. How to reproduce: (On apple silicon) You probably already have rosetta, and it is a pain to remove, so a VM is likely needed. Make an empty app with Script Editor, export with file format: Application. Replace Example.app/Content/MacOS/applet with a script of the same name. Make sure the old applet is gone, don't rename it and leave it in the directory. I used: #!/usr/bin/osascript display dialog "Hello, world" Make it executable sudo chmod +x ./Example.app/Content/MacOS/applet Run the app and observe that it asks you to install rosetta Add the previously mentioned fix to you plist, including the BundleID change Run it again and observe that it now works Change your BundleID back. Running this now raises the rosetta prompt despite the fact that it runs fine on a clean install of MacOS. Things I have tried: Rebooting, no effect Reforming the app, no effect Reboot in recovery mode, no effect lsregister -delete, no effect ~/Library/Preferences, ~/Library/Caches, /Library/Preferences, and /Library/Caches, none contain an entry for the BundleId defaults delete, domain not found

Hi team, I was trying to launch Virtual machine on MacOS 14 using native framework with different Resolutions. let graphicsConfiguration = VZMacGraphicsDeviceConfiguration() graphicsConfiguration.displays = [ VZMacGraphicsDisplayConfiguration(widthInPixels: 2700, heightInPixels: 2200, pixelsPerInch: 100), VZMacGraphicsDisplayConfiguration(widthInPixels: 1920, heightInPixels: 1200, pixelsPerInch: 80) ] return graphicsConfiguration } But I'm getting below error: Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=VZErrorDomain Code=2 "More than one display is configured." UserInfo={NSLocalizedFailure=Invalid virtual machine configuration., NSLocalizedFailureReason=More than one display is configured.} Please let me know it is possible to have multiple resolutions in single VM or not. My use case is to get support of multiple resolutions like 1920x1080, 2048x1536, 1024x728 etc. Thanks.

First, for the  employees reading, I filed FB14844573 over the weekend, because this is a reproducible panic or hang. whee I ran our stress tests for an entire long weekend, and my machine panicked, due to mbufs. Normally, I tell my coworkers that we can't really do anything to cause a panic -- but we're doing network things, so this is an exception. I started periodically testing the mbufs while the tests were running -- netstat -m | grep 'mbufs in use' -- and noticed that in fact they were going up, and never decreasing. Even if I killed our code and uninstalled the extensions. (They're increasing at about ~4mbufs/sec.) Today I confirmed that this only happens if we include UDP packets: let udpRule = NENetworkRule(destinationNetwork: host, prefix: 0, protocol: .UDP) let tcpRule = NENetworkRule(destinationNetwork: host, prefix: 0, protocol: .TCP) ... settings.includedNetworkRules = [udpRule, tcpRule] If I comment out that udpRule, part, mbufs don't leak. Our handleNewUDPFlow(:, initialRemoteEndpoint:) method checks to see if the application is a friendly one, and if so it returns false. If it isn't friendly, we want to block QUIC packets: if let host = endpoint as? NWHostEndpoint { if host.port == "80" || host.port == "443" { // We need to open it and then close it flow.open(withLocalEndpoint: nil) { error in Self.workQueue.asyncAfter(deadline: .now() + 0.01) { let err = error ?? POSIXError(POSIXErrorCode.ECONNABORTED) flow.closeReadWithError(err) flow.closeWriteWithError(err) } } return true } } return false Has anyone else run into this? I can't see that it's my problem at that point, since the only thing we do with UDP flows is to either say "we don't want it, you handle it" or "ok sure, we'll take it but then let's close it immediately".

Hello, I am working on app which must prevent attaching any USB devices to Mac due to security. Unfortunately I have not found any direct way to implement such blocking: Looks like IOKit does not allow to block USB (at least in user space) ES_EVENT_TYPE_AUTH_IOKIT_OPEN (Endpoint Security) does not prevent using USB device if I send response ES_AUTH_RESULT_DENY for "AppleUSBHostDeviceUserClient" I have found several similar problems on forum but no any solution: https://developer.apple.com/forums/thread/671193 (https://developer.apple.com/forums/thread/756573 https://developer.apple.com/forums/thread/741051 What is the easiest way to implement such blocking? Thank you in advance!

Working on a file server in c/c++ and need to do following: Validate user credentials (mac Username & password) Impersonate user security context in a thread running in a daemon, so that I can enumerate user's home directory and files/folders. Regarding 2, found API: pthread_setugid_np - is this the right approach? If so, how do I verify user credentials and call this API? Found this section in TN2083: Does this mean that its really not possible to impersonate user and access their home directory etc if the user isn't logged in via terminal/console? or if they have FileVault enabled?

After the release of iOS17, our app has collected JavaScriptCore crashes, and the crash has recently appeared in iOS17 and above. The number of crashes collected recently is increasing. We have tried various methods to troubleshoot and locate。 2024-05-08_20-45-00.5216_+0800-fdb980f66f56d73b944ccc3466922d7fd0690089.crash 2024-05-09_12-35-57.5470_+0800-70e61e8796f6967e04d1f523c54dde7b19dea31c.crash T 2024-05-13_14-30-03.2084_+0800-d9598b08a153f5214b51257400423d4079049578.crash he crash stack is as follows:

Hi, I’m an app developer and I would like to suggest that there is an API that allows me to check if the user has set their date and time setting to automatic. That setting should be accessible as a read only value. This would allow several apps to operate offline as there is no longer a need to check the internet for an accurate time to prevent users from skipping time ahead. I have implemented this check on my app on Android and it has been very well received as it is able to operate offline again. It would be a huge plus to be able to make my app offline compatible again.

My app saves its document files by default into ~/Documents. It does some important domain-specific stuff when a document is deleted. I monitor for deletion using https://github.com/eonist/FileWatcher Unfortunately several users have noticed my app doing this cleanup work even when they have not deleted the corresponding document. We've traced it through and realised it's the iCloud "Optimise Mac Storage" feature, or "Store in iCloud &gt; Desktop and Documents". I'm not sure which because I don't use these features of macOS at all, and also they seem to have been renamed or changed in Sonoma. Either way, I'm wondering: a) how I can tell in Swift whether a file has actually been deleted, or whether it's been "offloaded" to iCloud by macOS. b) how can I test this? My research is pointing at urlubiquitousitemdownloadingstatus but it's hard to play with it without knowing how to test it.

Is it known how to open in macOS Sequoia the Endpoint Security Extensions Pane. is there any anchor available for open "x-apple.systempreferences:com.apple.ExtensionsPreferences"?

Our macOS application does not support case sensitive file systems. We have customers claiming that they purchased a new Mac and it was case sensitive by default without them taking any action. I am looking for an authoritative answer to the question: Is there any Mac that ships case sensitive by default? Or is this something that the end user must configure?

In iOS 18 if a number is registered with CallKit to be blocked, then if that number is also in contacts, then the number isn't blocked. If a user has added a number to their contacts, then in all probability they might not want the number blocked, so this might seem reasonable behaviour. However the point is, this is new behaviour for CallKit in iOS 18, and its never been like this before going back several years to the very first release. Why suddenly change it now, after all these years, without notice nor documentation, and take away that option from the user, should for some reason, they want to block a number which is also in their contacts. This is quite a disruptive change for apps using CallKit.

Crashed: com.apple.root.default-qos 0 libobjc.A.dylib 0x275c objc_release + 16 1 libobjc.A.dylib 0x275c objc_release_x0 + 16 2 libobjc.A.dylib 0x5acc object_cxxDestructFromClass(objc_object*, objc_class*) + 116 3 libobjc.A.dylib 0x4f00 objc_destructInstance + 80 4 libobjc.A.dylib 0x4ea4 _objc_rootDealloc + 80 5 CoreServices 0x47f0 std::__1::__hash_table<std::__1::__hash_value_type<objc_selector*, objc_object* __strong>, std::__1::__unordered_map_hasher<objc_selector*, std::__1::__hash_value_type<objc_selector*, objc_object* __strong>, std::__1::hash<objc_selector*>, std::__1::equal_to<objc_selector*>, true>, std::__1::__unordered_map_equal<objc_selector*, std::__1::__hash_value_type<objc_selector*, objc_object* __strong>, std::__1::equal_to<objc_selector*>, std::__1::hash<objc_selector*>, true>, std::__1::allocator<std::__1::__hash_value_type<objc_selector*, objc_object* __strong> > >::__deallocate_node(std::__1::__hash_node_base<std::__1::__hash_node<std::__1::__hash_value_type<objc_selector*, objc_object* __strong>, void*>>) + 36 6 CoreServices 0x47ac std::__1::__hash_table<std::__1::__hash_value_type<objc_selector*, objc_object* __strong>, std::__1::__unordered_map_hasher<objc_selector*, std::__1::__hash_value_type<objc_selector*, objc_object* __strong>, std::__1::hash<objc_selector*>, std::__1::equal_to<objc_selector*>, true>, std::__1::__unordered_map_equal<objc_selector*, std::__1::__hash_value_type<objc_selector*, objc_object* __strong>, std::__1::equal_to<objc_selector*>, std::__1::hash<objc_selector*>, true>, std::__1::allocator<std::__1::__hash_value_type<objc_selector*, objc_object* __strong> > >::~__hash_table() + 28 7 CoreServices 0x4760 -[LSRecord dealloc] + 36 8 CoreServices 0x472c -[LSBundleRecord dealloc] + 72 9 CoreServices 0x1bb7c -[LSApplicationProxy .cxx_destruct] + 60 10 libobjc.A.dylib 0x5acc object_cxxDestructFromClass(objc_object*, objc_class*) + 116 11 libobjc.A.dylib 0x4f00 objc_destructInstance + 80 12 libobjc.A.dylib 0x4ea4 _objc_rootDealloc + 80 13 CoreServices 0xb42d4 +[LSBundleProxy clearBundleProxyForCurrentProcess] + 48 14 CoreServices 0xb436c __45+[LSBundleProxy bundleProxyForCurrentProcess]_block_invoke.21 + 36 15 libdispatch.dylib 0x3dd4 _dispatch_client_callout + 20 16 libdispatch.dylib 0x72d8 _dispatch_continuation_pop + 600 17 libdispatch.dylib 0x1b1c8 _dispatch_source_latch_and_call + 420 18 libdispatch.dylib 0x19d8c _dispatch_source_invoke + 832 19 libdispatch.dylib 0x6dc4 _dispatch_queue_override_invoke + 504 20 libdispatch.dylib 0x15894 _dispatch_root_queue_drain + 392 21 libdispatch.dylib 0x1609c _dispatch_worker_thread2 + 156 22 libsystem_pthread.dylib 0x48f8 _pthread_wqthread + 228 23 libsystem_pthread.dylib 0x10cc start_wqthread + 8