The root issues is a missing entitlement error. I've jumped through countless hoops of checking/rechecking .entitlement file/plist file, creating new credentials, creating new projects, creating new provisioning profiles with no luck, manual signing, automatic signing. Any suggestions appreciated. Looking at the Provisioning Profile Info shows NFC Tag capabilities is included and NFC Entitlements are included. I'm at a loss... I am including the following: Pertinent output from console Current Info.Plist Current .entitlement file Here are the pertinent sectsis the Console Log for reference: ... NFCConnectionManager[0x074d6e40].tagReaderSessionDidBecomeActive(:): NFCTagReaderSessionDelegate: Session did become active NFCConnectionManager[0x074d6e40].tagReaderSession(:didDetect:): NFCTagReaderSessionDelegate: Session didDetectTags – 1 tags NFCConnectionManager[0x074d6e40].connected(session:tag:): Manager.connected(session:tag:) - tag: 7 bytes NFCConnection.Type.connection(): NFCConnection.connection() – connection established DEBUG: Successfully established YubiKit NFCConnection. DEBUG: UI updated: 'YubiKey connected... Performing challenge-response...' DEBUG: Sending APDU to select OATH applet: 00a4040008a000000527210101 NFCConnection[0x04575e00].send(data:): NFCConnection.send(data:) – 13 bytes NFCConnectionManager[0x074d6e40].transmit(request:for:): Manager.transmit – 13 bytes to tag ISO7816Identifier(data: 7 bytes) Here is the dreaded error: -[NFCTagReaderSession transceive:tagUpdate:error:]:897 Error Domain=NFCError Code=2 "Missing required entitlement" UserInfo={NSLocalizedDescription=Missing required entitlement} ERROR: Operation failed: Missing required entitlement DEBUG: Unexpected error: Missing required entitlement Here is the info.plist Here is the entitlements file:

Hey, we also opened a bug regarding this behavior on April, back when you introduce the new event on MacOs 15.4 The bug ticket is: FB17139326 Starting macOs 15.4 you added a new event for the system extension framework named: tcc_modify The event should be triggered every-time there is a change regarding the tcc db (granted / revoked using various ways). One of the ways you can grant / revoke tcc db permission is by changing the user sqlite with root permissions. You can change various permissions regarding the user for example the apps that allowed to use microphone permissions. It is expected that when granted / revoked permissions using sqlite for microphone we will get notify from the system extension for tcc modify event. but the actual result is that the permission is added without any tcc modify event. We wanted to know if this is intentional that changing the user tcc db with root permissions, using sqlite and not conventional methods (user popup / settings), suppose to not initiate an event, and we should monitor them using other methods. Thank you, Idan

Note: This failure occurs even when running on the same machine that performed the build, signing, and notarization steps. We are developing a command-line Endpoint Security (ES) client for macOS, distributed to customers as part of an enterprise security suite. We have a valid Apple Developer Team ID (redacted for privacy) and have requested and received the Endpoint Security entitlement for our account. What We’ve Done Built a universal (x86_64/arm64) CLI ES client using Xcode on macOS Sonoma. Signed with a Developer ID Application certificate (matching our Team ID). Applied the entitlement: com.apple.developer.endpoint-security.client. Notarized the binary via notarytool after receiving Apple’s confirmation that the entitlement was “assigned to our account.” Distributed and unzipped the notarized ZIP (with com.apple.quarantine xattr intact). What Happens: When we run the binary (as root, via sudo) on any test Mac—including the original build/notarization machine—the process is killed immediately at launch. Kernel log (log stream --predicate 'eventMessage CONTAINS "AMFI"' --info) shows: AMFI: code signature validation failed. AMFI: bailing out because of restricted entitlements. AMFI: When validating /path/to/fidelisevents: Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: What We’ve Verified: codesign -dvvv --entitlements :- ./fidelisevents shows the correct entitlement, team identifier, and certificate. xattr ./fidelisevents shows both com.apple.provenance and com.apple.quarantine. spctl -a -vv ./fidelisevents returns: rejected (the code is valid but does not seem to be an app) origin=Developer ID Application: [REDACTED] The process is killed even if run on the same Mac where build/sign/notarization occurred. Other Details The entitlement approval email from Apple simply says it is “assigned to your account” and does not mention “production” or “distribution.” We have rebuilt, re-signed, and re-notarized after receiving the email. This occurs on both Apple Silicon and Intel Macs, with recent macOS versions (Sonoma, Ventura). Question Is it possible that Apple only assigned the development Endpoint Security entitlement, and not the production entitlement required for distributing/running notarized ES clients outside of development? Is there any way to verify the level of entitlement (dev vs. production) associated with our Team ID? What additional steps, if any, are needed to enable the production entitlement so that our binaries can run on customer endpoints without being killed by AMFI? Any advice, experience, or official documentation about production ES entitlement rollout, approval, or troubleshooting would be greatly appreciated! Thanks in advance!

The objective C code using the kernel API ‘sysctlbyname’ for ‘kern.osproductversion’ returns 16.0 instead of 26.0 on macOS Tahoe. sysctlbyname("kern.osproductversion", version, &size, NULL, 0) The command ‘sysctl kern.osproductversion’ returns ‘kern.osproductversion: 26.0’ on same macOS Tahoe. Note: The objective C code was built using Xcode 16.3.

Until now I was using FileManager.contentsEqual(atPath:andPath:) to compare file contents in my App Store app, but then a user reported that this operation is way slower than just copying the files (which I made faster a while ago, as explained in Making filecopy faster by changing block size). I thought that maybe the FileManager implementation reads the two files with a small block size, so I implemented a custom comparison with the same block size I use for filecopy (as explained in the linked post), and it runs much faster. When using the code for testing repeatedly also found on that other post, this new implementation is about the same speed as FileManager for 1KB files, but runs 10-20x faster for 1MB files or bigger. Feel free to comment on my implementation below. extension FileManager { func fastContentsEqual(atPath path1: String, andPath path2: String, progress: (_ delta: Int) -> Bool) -> Bool { do { let bufferSize = 16_777_216 let sourceDescriptor = open(path1, O_RDONLY | O_NOFOLLOW, 0) if sourceDescriptor < 0 { throw NSError(domain: NSPOSIXErrorDomain, code: Int(errno)) } let sourceFile = FileHandle(fileDescriptor: sourceDescriptor) let destinationDescriptor = open(path2, O_RDONLY | O_NOFOLLOW, 0) if destinationDescriptor < 0 { throw NSError(domain: NSPOSIXErrorDomain, code: Int(errno)) } let destinationFile = FileHandle(fileDescriptor: destinationDescriptor) var equal = true while autoreleasepool(invoking: { let sourceData = sourceFile.readData(ofLength: bufferSize) let destinationData = destinationFile.readData(ofLength: bufferSize) equal = sourceData == destinationData return sourceData.count > 0 && progress(sourceData.count) && equal }) { } if close(sourceDescriptor) < 0 { throw NSError(domain: NSPOSIXErrorDomain, code: Int(errno)) } if close(destinationDescriptor) < 0 { throw NSError(domain: NSPOSIXErrorDomain, code: Int(errno)) } return equal } catch { return contentsEqual(atPath: path1, andPath: path2) // use this as a fallback for unsupported files (like symbolic links) } } }

When I connect to another Mac via Finder (using SMB), creating a hard link with FileManager.linkItem(atPath:toPath:) fails (both source and destination are on the remote Mac). I read online that SMB itself supports creating hard links, so is this a macOS limitation or bug?

We've been developing an iOS app in Swift for several years that run on iPad tablets in which our proprietary device emits EEG signals via BLE to the app running on the iPad tablet. The device emits the data as BLE notification messages in which the MTU is set to the maximum size that is allowed between our device and the iPad. Our device when communicating with the app running on a 10th generation iPad running iOS 18.5 it takes less than 200ms to transmit an interval of EEG signals which occurs at 500ms. Under the same conditions same version of iOS & app and the same device but using an iPad 11th generation, it takes anywhere from 800ms to 1.1 seconds (4x to 5x) to transmit an interval. Our device transmits the EEG signal using several ATT notification messages using the maximum MTU size. We are perplexed about such a huge step down in performance when running on the iPad 11th generation tablets. iPad generation Chipset Firmware -------------------------------------------------------------- 10th BCM_4387 22.5.614.3457 11th SRS_7923 HCI Rev. 2504 sub. 5003 We know that the 10th generation iPad used chipset manufactured by Broadcom. Whereas the iPad 11th generation that we've received uses a SRS chipset in which I'm unfamiliar with that chipset's manufacturer. We question if this performance degradation is due from the chipset manufacturer, the firmware revision when using attribute notifications messages over BLE in such a context. Using PacketLogger as to log the communication between the iPad tablets and our device and after analysis we haven't found anything that identifies difference in configuration settings that are exchanged between our device and iPad tablets that account for this performance degradation. Fortunately, our device is designed to work in complex environments & contexts and thus it has mechanisms accounting for transmission delays and interferences. I'd appreciate if any other Apple Developer or Apple staff is aware of the degradation when transmitting BLE attribute notification messages with the newer Apple devices using this series of chipset. If so, then: Are there any recommendations of solutions to improve this latency? Is this is being addressed for iPad 11th generation tablets? Regards, Steven Belbin Principal Developer at NeuroServo Inc.

I attempted to mount a WebDAV server on macOS using Finder. The mount was successful when using the server's IPv4 address or hostname, but failed when using its IPv6 address. I also tested the mount using the NetFS framework API via NetFSMountURLSync. The results were consistent: the mount succeeded with the IPv4 address and hostname but failed when using the IPv6 address. While observing live logs via Console.app, I saw that the process NetAuthSysAgent produced the following error during the IPv6 mount attempt: GetServerInfo failed with error 5

We are experiencing abnormal battery drain during sleep on several machines that installed our product. The affected devices appear to enter and exit sleep repeatedly every few seconds, even though the system logs show no new wake request reasons or changes in wake timers. Symptoms: Battery drops ~1% every ~15–20 minutes overnight. pmset -g log shows repeated "Entering Sleep" and "Wake Requests" events every few seconds. Wake requests remain unchanged between cycles and are scheduled far into the future (i.e. 20+ minutes later), yet the log lines keep repeating. On healthy machines, the same wake request entries appear only once every 20–30 minutes as expected, with minimal battery drop during sleep (~1% in 9 hours). What we've checked: No user activity (system lid closed, device idle). No significant pmset -g assertions; only powerd and bluetoothd are holding expected PreventUserIdleSystemSleep. pmset -g on affected machines shows sleep set to 0, likely due to sleep prevented by powerd, bluetoothd. No third-party daemons are holding assertions or logging excessive activity. Sample Logs from Affected Machine: 2025-06-28 21:57:29 Sleep Entering Sleep state due to 'Maintenance Sleep':TCPKeepAlive=active Using Batt (Charge:76%) 3 secs 2025-06-28 21:57:31 Wake Requests [process=mDNSResponder request=Maintenance deltaSecs=7198 wakeAt=2025-06-28 23:57:29 ...] 2025-06-28 21:57:38 Sleep Entering Sleep state due to 'Maintenance Sleep':TCPKeepAlive=active Using Batt (Charge:76%) 3 secs 2025-06-28 21:57:40 Wake Requests [process=mDNSResponder request=Maintenance deltaSecs=7198 wakeAt=2025-06-28 23:57:38 ...] 2025-06-28 21:57:47 Sleep Entering Sleep state due to 'Maintenance Sleep':TCPKeepAlive=active Using Batt (Charge:75%) 3 secs 2025-06-28 21:57:49 Wake Requests [process=mDNSResponder request=Maintenance deltaSecs=7198 wakeAt=2025-06-28 23:57:47 ...] The only change in logs is the wakeAt timestamp being slightly updated . The wake requests themselves (process, type, deltaSecs) remain identical. Yet, the system keeps entering/exiting sleep every few seconds, which leads to power drain. We would appreciate your help in identifying: Why the sleep/wake cycles are repeating every few seconds on these machines. Whether this behavior is expected under certain conditions or indicates a regression or misbehavior in power management. How we can trace what exactly is triggering the repeated wake (e.g., a subsystem, implicit assertion, etc.). Whether there are unified log predicates or private logging options to further trace the root cause (e.g., process holding IO or waking CPU without explicit assertion). We can provide access to full logs, configuration profiles, and system diagnostics if needed.

After iOS 18, some new categories of crash exceptions appeared online, such as those related to the sqlite pcache1 module, those related to the photo album PHAsset, those related to various objc_release crashes, etc. These crash scenarios and stacks are all different, but they all share a common feature, that is, they all crash due to accessing NULL or NULL addresses with a certain offset. According to the analysis, the direct cause is that a certain pointer, which previously pointed to valid memory content, has now become pointing to 0 incorrectly and mysteriously. We tried various methods to eliminate issues such as multi-threading problems. To determine the cause of the problem, we have a simulated malloc guard detection in production. The principle is very simple: Create some private NSString objects with random lengths, but ensure that they exceed the size of one memory physical page. Set the first page of memory for these objects to read-only (aligning the object address with the memory page). After a random period of time (3s - 10s), reset the memory of these objects to read/write and immediately release these objects. Then repeat the operation starting from step 1. In this way, if an abnormal write operation is performed on the memory of these objects, it will trigger a read-only exception crash and report the exception stack. Surprisingly, after the malloc guard detection was implemented, some crashes occurred online. However, the crashes were not caused by any abnormal rewriting of read-only memory. Instead, they occurred when the NSString objects were released as mentioned earlier, and the pointers pointed to contents of 0. Therefore, we have added object memory content printing after object generation, before and after setting to read-only, and before and after reverting to read-write. The result was once again unexpected. The log showed that the isa pointer of the object became 0 after setting to read-only and before re-setting to read-write. So why did it become 0 during read-only mode, but no crash occurred due to the read-only status? We have revised the plan again. We have added a test group, in which after the object is created, we will mlock the memory of the object, and then munlock it again before the object is released. As a result, the test analysis showed that the test group did not experience a crash, while the crashes occurred entirely in the control group. In this way, we can prove that the problem occurs at the system level and is related to the virtual memory function of the operating system. It is possible that inactive memory pages are compressed and then cleared to zero, and subsequent decompression fails. This results in the accidental zeroing out of the memory data. As mentioned at the beginning, althougth this issue is a very rare occurrence, but it exists in various scenarios. definitely It appeared after iOS 18. We hope that the authorities will pay attention to this issue and fix it in future versions.

We are testing our existing live build, which was prepared with Xcode 16.2, on iOS 26 beta for experience assurance and found that the [[UIDevice currentDevice] systemVersion] API is returning iOS 19 instead of the expected version iOS 26. Has anyone else observed this issue?

I am trying to launch Nfc session but its failing with the below error ** CoreNFC CRASHING_DUE_TO_PRIVACY_VIOLATION NSLocalizedFailureReason = This app cannot be installed because its integrity could not be verified. Failed to verify code signature ... (A valid provisioning profile for this executable was not found.)** But We have declared NFC in capabilities both in code base and provisioning profile. Tools Used VS Code , MAUI IOS Development Please let me know how to resolve this issue

When establishing a Bluetooth connection and subscribing to feature values, the log shows a subscription failure with the error: did fail to update notification state: The handle is invalid.

When we ship an iOS app with a DriverKit driver bundled, we'd like to be able to check if the device the app is running on is actually capable of installing & running DriverKit drivers. However I have yet to find a reliable way to achieve this. We want to know before the driver has even been enabled, as we want to direct the user to enable it in the app's settings. I have tried a few things to no avail, and lots of it has just been unmaintainable guesses at which device the app is running on, rather than checking directly if DriverKit is actually available. Is there any suggested way of achieving this? Thanks!

I have tried a few different approaches but none of them were 100% reliable. I tried subscribing to the ES_EVENT_TYPE_NOTIFY_SETEXTATTR event to detect when a process sets the kMDItemWhereFroms attribute on a file, but the problem is that any process can set that attribute on any file. For example, I can use the xattr -w com.apple.metadata:kMDItemWhereFroms "https://example.com" SampleFile.txt command into the terminal and that would trigger an ES event. I also tried to listen for the com.apple.quarantine attribute but for some reason my ES client never receives an event for it, also, as with any attribute, this attriubte can be set manually by any process. Is there a recommended/reliable way to have an ES client that detects a file has been downloaded from the internet (.i.e. a remote network)?

Hello Apple Developer Community and Apple Team, I want to raise awareness and gather support for an important feature request regarding NFC support on iPhone devices in Argentina. Millions of Argentinians use the official public transit card, SUBE, daily to pay for buses, subways, and trains. On Android devices, the SUBE app allows users to: • Check balance via NFC • Reload credit instantly • Confirm top-ups by holding the card near the phone • Use a digital version of the card (in some cases) However, iPhone users cannot use these NFC features because iOS currently does not allow third-party apps like SUBE to access the NFC chip fully. This limitation negatively impacts iPhone users, many of whom rely heavily on SUBE. I have submitted detailed feedback to Apple requesting the enablement of controlled NFC access for third-party transit apps in Argentina, starting with SUBE. I encourage fellow developers, users, and community members to support this request. Enabling this would greatly improve the user experience for millions of iPhone users, align Apple with local needs, and potentially attract new customers from Android. If anyone has insights or updates on this topic, please share. Thank you.

Hi, I am developing an app that checks if Bluetooth is available on the device or not (does not actually use any Bluetooth capabilities). The only CoreBluetooth API's that I use are: CBCentralManager the state property of the CBCentralManager centralManagerDidUpdateState When I am testing, I experience different behaviors on my test devices. On an iPhone 15 iOS 18.5, the app works fine. However, on an iPhone 13 iOS 18.3.2, the app crashes with the following error: This app has crashed because it attempted to access privacy-sensitive data without a usage description. The app's Info.plist must contain an NSBluetoothAlwaysUsageDescription key with a string value explaining to the user how the app uses this data. Why is this permission required on my iPhone 13 iOS 18.3.2, but not my iPhone 15 iOS 18.5? Why do I experience different behavior on different iPhone configurations?

Dear Apple Support, We are experiencing a critical issue affecting some of our macOS users during application updates via DMG. In certain cases, when users attempt to update the app by dragging it from the mounted DMG to the /Applications folder (replacing the old version), the application becomes corrupted. Users receive an error indicating that the app cannot be opened. On retry, they are met with an error stating that the app cannot be overwritten. Upon inspection, the resulting application bundle is incomplete and contains only the following structure: . └── Contents └── CodeResources The only known workaround is to completely remove the existing app from /Applications before copying the new version — this resolves the issue consistently. We’ve observed this issue in the field with increasing frequency, which negatively impacts user trust. We also found similar reports from other developers (e.g., https://github.com/warpdotdev/Warp/issues/5492), suggesting a broader issue. Questions: What could be the underlying cause of this behavior on macOS (e.g., MDM, security policies, filesystem behavior)? Are there any recommended practices to prevent or mitigate this issue when updating apps via DMG? We would appreciate any guidance or clarification you can provide. Best regards, Ivan Poluianov

I have a BLE device and I'm developing an iOS app that communicates with that device. The device has a characteristic that has both notify and indicate properties, and sends some messages via notify and others via indicate, therefore I cannot use setNotifyValue. If the specified characteristic’s configuration allows both notifications and indications, calling this method enables notifications only. Is there any way to enable simultaneously both notify and indicate for the same characteristic?

Hello, I am having some issues with running an XPC server on an endpoint security and connecting to it from the sandboxed host application. I tried doing the following: setting xpc server in endpoint security extension entitlements: &lt;key&gt;com.apple.developer.endpoint-security.client&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.xpc.server&lt;/key&gt; &lt;true/&gt; Adding the mach service with the plist: &lt;dict&gt; &lt;key&gt;NSExtension&lt;/key&gt; &lt;dict&gt; &lt;key&gt;NSExtensionPointIdentifier&lt;/key&gt; &lt;string&gt;com.apple.system-extension-endpoint-security&lt;/string&gt; &lt;key&gt;NSExtensionPrincipalClass&lt;/key&gt; &lt;string&gt;$(PRODUCT_MODULE_NAME).ESFExtension&lt;/string&gt; &lt;/dict&gt; &lt;key&gt;NSEndpointSecurityMachServiceName&lt;/key&gt; &lt;string&gt;[TEAMID]com.[UNIQUE_ID]&lt;/string&gt; &lt;/dict&gt; &lt;/plist&gt; Putting a mach-lookup in sandboxed host application entitlements &lt;dict&gt; &lt;key&gt;com.apple.security.app-sandbox&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.files.user-selected.read-only&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.developer.system-extension.install&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.security.exception.mach-lookup.global-name&lt;/key&gt; &lt;array&gt; &lt;string&gt;[TEAMID]com.[UNIQUE_ID]&lt;/string&gt; &lt;/array&gt; &lt;/dict&gt; Creating the server in the system extension using xpc_connection_create_mach_service(_service_name.c_str(), dispatch_get_main_queue(), XPC_CONNECTION_MACH_SERVICE_LISTENER); with _service_name being the same as in the mach-lookup entitlement. And connecting to it in the host app with: xpc_connection_create_mach_service([self.serviceName UTF8String], dispatch_get_main_queue(), 0); My problem is I get an xpc error 159 (sandbox restriction) in the lookup (libxpc.dylib) [com.apple.xpc:connection] [0x600001a7db30] failed to do a bootstrap look-up: xpc_error=[159: Unknown error: 159] I tried putting the sysex and the host app in the same app group, and it didn't help and I also read this is bad practice to have an app group between a sandboxed app and a system extension so I removed it. I tried adding a temporary-exception and with it, the code works properly. I tried with the XPC_CONNECTION_MACH_SERVICE_PRIVILEGED flag but it still didn't work. Is it possible to have an XPC connection between a ES sysex and it's host app? Should the service name have a prefix of the bundle name or does it must have a certain pattern? Do I need to add some capability in the Certificates, Identifiers &amp; Profiles? Thanks for helping.