I am a novice developer, so please be kind. 😬 I am developing a simple macOS app backed with SwiftData and trying to set up iCloud sync so data syncs between two Macs running the app. I have added the iCloud capability, checked the CloudKit box, and selected an iCloud Container. Per suggestion of Paul Hudson, my model properties have either default values or are marked as optional, and the only relationship in my model is marked as optional. @Model final class Project { // Stable identifier used for restoring selected project across launches. var uuid: UUID? var name: String = "" var active: Bool = true var created: Date = Foundation.Date(timeIntervalSince1970: 0) var modified: Date = Foundation.Date(timeIntervalSince1970: 0) // CloudKit requires to-many relationships to be optional in this schema. @Relationship var timeEntries: [TimeEntry]? init(name: String, active: Bool = true, uuid: UUID? = UUID()) { self.uuid = uuid self.name = name self.active = active self.created = .now self.modified = .now self.timeEntries = [] } @Model final class TimeEntry { // Core timing fields. var start: Date = Foundation.Date(timeIntervalSince1970: 0) var end: Date = Foundation.Date(timeIntervalSince1970: 0) var codeRawValue: String? var activitiesRawValue: String = "" // Inverse relationship back to the owning project. @Relationship(inverse: \Project.timeEntries) var project: Project? init( start: Date = .now, end: Date = .now.addingTimeInterval(60 * 60), code: BillingCode? = nil, activities: [ActivityType] = [] ) { self.start = start self.end = end self.codeRawValue = code?.rawValue self.activitiesRawValue = Self.serializeActivities(activities) } I have set up the following in the AppDelegate for registering for remote notifications as well as some logging to console that the remote notification token was received and to be notified when when I am receiving remote notifications. private final class TimeTrackerAppDelegate: NSObject, NSApplicationDelegate { func applicationDidFinishLaunching(_ notification: Notification) { print("📡 [Push] Registering for remote notifications") NSApplication.shared.registerForRemoteNotifications() } func application(_ application: NSApplication, didRegisterForRemoteNotificationsWithDeviceToken deviceToken: Data) { let tokenPreview = deviceToken.map { String(format: "%02x", $0) }.joined().prefix(16) print("✅ [Push] Registered for remote notifications (token prefix: \(tokenPreview)...)") } func application(_ application: NSApplication, didFailToRegisterForRemoteNotificationsWithError error: Error) { let nsError = error as NSError print("❌ [Push] Failed to register for remote notifications: \(nsError.domain) (\(nsError.code)) \(nsError.localizedDescription)") } func application(_ application: NSApplication, didReceiveRemoteNotification userInfo: [String: Any]) { print("📬 [Push] Received remote notification: \(userInfo)") } } In testing, I run the same commit from Xcode on two different Macs logged into the same iCloud account. My problem is that sync is not reliably working. Starting up the app on both Macs shows that the app successfully registered for remote notifications. Sometimes, making an edit on Mac 1 is immediately reflected in Mac 2 UI along with didReceiveRemoteNotification message (all occurring while the Mac 2 app remains in foreground). Sometimes, the Mac 2 app needs to be backgrounded and re-foregrounded before the UI shows the updated data. Sometimes, an edit on Mac 2 will show on Mac 1 only after re-foregrounded but not show any didReceiveRemoteNotification on the Mac 1 console. Sometimes, an edit on Mac 2 will not show at all on Mac 1 even after re-foregrounding the app. Sometimes, no edits sync between either Mac. I had read about how a few years back, there was a bug in macOS where testing iCloud sync between Macs did not work while running from Xcode but would work in TestFlight. For me, running my app in TestFlight on both Macs has never been able to sync any edits between the Macs. Any idea where I might be going wrong. It seems this should not be this hard and should not be failing so inconsistently. Wondering what I might be doing wrong here.

Apple's iCloud File Management documentation says to "avoid special punctuation or other special characters" in filenames, but doesn't specify which characters. I need a definitive list to implement filename sanitization in my shipping app. Confirmed issues Our iOS app (CyberTuner, App Store, 15 years shipping on App Store) manages .rcta files in the iCloud ubiquity container via NSFileManager APIs. We've confirmed two characters causing sync failures: Ampersand (&): A file named Yamaha CP70 & CP80.rcta caused repeated "couldn't be backed up" dialogs. ~12 users reported this independently. Replacing & resolved it immediately. No other files in the same directory were affected. Percent (%): A file with % in the filename was duplicated by iCloud sync (e.g., filename% 1.rcta, filename% 2.rcta), and the original was lost. Currently reproducing across multiple devices. Both characters have special meaning in URL encoding (% is the escape character, & is the query parameter separator), which suggests the issue may be in URL handling within the sync pipeline. What I'm looking for: A definitive list of characters that cause problems in the iCloud sync pipeline specifically — not APFS restrictions, but CloudDocs/FileProvider/server-side issues. Confirmation whether these characters are problematic: & % # ? + / : * " < > | Is there a system API for validating or sanitizing filenames for iCloud compatibility before writing to the ubiquity container? Our users are piano technicians who naturally name files "Steinway & Sons" — we need to know exactly what to sanitize rather than guessing. Environment: iOS 17–26, Xcode 26.1, APFS, NSFileManager ubiquity container APIs Bundle FEEDBACK ASSISTANT ID FB21900837

Hello! We've had reports of iOS devices 'waking up' and vibrating in response to the push notifications arriving but the notification itself is not being displayed to the user, despite having been granted the correct permissions. Is this a known issue?

Hi, I’m working on a macOS app that includes a file browser component. And I’m trying to match Finder’s behavior for color tags and folder icons. For local files/folders everything works fine: Tag color key returns the expected label number via NSColor * labelColor = nil; [fileURL getResourceValue:&labelColor forKey:NSURLLabelColorKey error:nil]; NSNumber * labelKey = nil; [fileURL getResourceValue:&labelKey forKey:NSURLLabelNumberKey error:nil]; QLThumbnailGenerator obtains the expected colored folder icon (including emoji/symbol overlay if set) via QLThumbnailGenerationRequest * request = [[QLThumbnailGenerationRequest alloc] initWithFileAtURL:fileURL size:iconSize scale:scaleFactor representationTypes:QLThumbnailGenerationRequestRepresentationTypeIcon]; request.iconMode = YES; [[QLThumbnailGenerator sharedGenerator] generateBestRepresentationForRequest:request completionHandler:^(QLThumbnailRepresentation * _Nullable thumbnail, NSError * _Nullable error) { if (thumbnail != nil && error == nil) { NSImage * thumbnailImage = [thumbnail NSImage]; // ... } }]; However, for items on iCloud Drive (whether currently downloaded locally or only stored in the cloud), the same code always produces gray colors, while Finder shows everything correctly: NSURLLabelNumberKey always returns 1 (gray) for items with color tags, and 0 for non-tagged. Folder icons returned via QLThumbnailGenerator are gray, no emoji/symbol overlays. Reading tag data from xattr gives values like “Green\1” (tag name matches, but numeric value is still "Gray"). Also, if I move a correctly-tagged local item into iCloud Drive, it immediately becomes gray in my app (Finder still shows the correct colors). Question: What is the supported way to retrieve Finder tag colors and the correct folder icon appearance (color + overlays) for items in iCloud Drive, so that the result matches Finder? I am on macOS Tahoe 26.2/26.3, Xcode 26.2 (17C52). If you need any additional details, please let me know. Thanks!

Hello, I am an individual developer working on a macOS application using SwiftUI and RealityKit. I would like to understand the feasibility of face-related tracking on macOS when using an external USB camera, compared to iOS/iPadOS. Specifically: • Does macOS provide an ARKit Face Tracking–equivalent API (e.g., real-time facial expressions, gaze direction, depth)? • If not, is it common to rely on Vision / AVFoundation as alternatives for: • Facial expression coefficients • Gaze estimation • Depth approximation • In an environment without dedicated sensors such as TrueDepth, is it correct to assume that accurate depth data and high-fidelity blend shape extraction are realistically difficult? Any clarification on official limitations, recommended alternatives, or relevant documentation would be greatly appreciated. Thank you.

Dears, Please take a look at case: FB21940123 (Wallet Extension unable to add card) Thanks

In iOS 18, when a contact with multiple phone numbers called, the system clearly indicated which specific number was used—often by highlighting it in red for missed calls or tagging it as 'recent.' However, in iOS 26, this distinction is missing, and there is no way to determine which of the contact's numbers the call originated from.

Dears, Please review: FB21940123 (Wallet Extension unable to add card) Thanks,

Hi Everyone, Need help 🙌 Could someone help how to test pending purchases in Sandbox accounts ? Can test ask to buy flow ? if yes how, could not find any information about that.

Hello team, I am trying to find out a way to block urls in the chrome browser if it is found in local blocked list cache. I found URL Filter Network very much suitable for my requirement. But I see at multiple places that this solution is only for Enterprise level or MDM or supervised device. So can I run this for normal user ? as my targeting audience would be bank users. One more thing how can I test this in development environment if we need supervised devices and do we need special entitlement ? When trying to run sample project in the simulator then getting below error

Hey! Wa are developing a VPN app for iOS and whenever we enable enforceRoutes we see 20% to 30% download and upload speed drop. Here are example results from our environment: | Upload | Download | ------------------------------------------ enforceRoutes off | 337.65 | 485.38 | ------------------------------------------ enforceRoutes on | 236.75 | 357.80 | ------------------------------------------ Is this behavior known and expected? Is there anything we can do to mitigate the effect of enforceRoutes in our application? Test were performed on iOS 26.2.1.

Hello, thanks for your effort! I found that when showsUserLocation is set to true (by default), the pulsing blue dot user location annotation is shown, which is cool and beautiful. However, it will automatically and periodically attempt to call the Apple Server API GET https://api.apple-mapkit.com/v1/reverseGeocode within userLocationDidChange() and updateUserLocationAnnotation() to display, I assume, the user's current address when single-tapping on the blue dot. It will significantly use the MapKit service calls quota since the user location is automatically updated. It almost runs out of quota even though the map initialization is plenty enough. Is there any way to disable the bubble behavior but preserve the user location blue dot, which is lovely and better than drawing my own user location dot? It seems I can only turn off all user location features. Many thanks!

I’m using Network Framework with UDP and calling: connection.receive(minimumIncompleteLength: 1, maximumLength: 1500) { data, context, isComplete, error in ... // Some Logic } Is it possible for this completion handler to be called with data==nil if I haven't received any kind of error, i.e., error==nil and the connection is still in the .ready state?

I'm testing CloudKit Sharing (CKShare) in my app. My app uses CloudKit Sharing to share private data between users (this is not App Store Family Sharing or purchase sharing, it's app-level sharing via CKShare). To properly test this, I need three or four Apple Accounts with distinct roles in my app. This means I need three/four separate iCloud accounts signed in on test devices. Simulators are probably ok: two acting as "parents" (share owner and participant): parent1.sandbox@example.com parent2.sandbox@example.com, one or two as a "child" (participant) child1.sandbox@example.com child2.sandbox@example.com except obviously using my domain name. I attempted to create Sandbox Apple Accounts in App Store Connect, but these don't appear to work with CloudKit Sharing. I then created several standard Apple Accounts, but I've now hit a limit — I believe my mobile number (used for two-factor authentication on the test accounts) has been flagged or rate-limited for account creation, and I can no longer create or verify new accounts with it. It's also blocked the email addresses associated with those accounts from being used for new account creation. Can Apple or anyone advise on the recommended approach for testing CloudKit Sharing with multiple participants? are Sandbox accounts supposed to work for CKShare, or do I need full Apple Accounts? How do i create and verify these in the correct way to avoid hitting these limits or breaking terms of service?

Hello, We are implementing a Transparent Proxy using NETransparentProxyProvider and configuring NETransparentProxyNetworkSettings with NENetworkRule. Currently, NENetworkRule requires: NENetworkRule( destinationHost: NWHostEndpoint(hostname: String, port: String), protocol: .TCP / .UDP / .any ) NWHostEndpoint.port accepts only a single port value (as a String) or an empty string for all ports. At present, we are creating a separate NENetworkRule for each port in the range (ex for range 49152–65535 approximately 16,384 rules). After deploying this configuration, we observe the following behavior: nesessionmanager starts consuming very high CPU (near 100%) The system becomes unresponsive The device eventually hangs and restarts automatically The behavior resembles a kernel panic scenario This strongly suggests that creating thousands of NENetworkRule entries may not be a supported or scalable approach. Questions: Is there any officially supported way to specify a port range in NENetworkRule? Is creating thousands of rules (one per port) considered acceptable or supported? Is the recommended design to intercept broadly (e.g., port = "") and filter port ranges inside handleNewTCPFlow / handleNewUDPFlow instead? Are there documented system limits for the number of NENetworkRule entries allowed in NETransparentProxyNetworkSettings?

Background: My app uses a third-party SDK for payments, and it uses Original StoreKit internally for IAP payments. Now I'm getting ready to migrate to StoreKit2, and during the transition, users may use either method to initiate payments, and there's no way to avoid the coexistence of StoreKit2 and Original StoreKit. Problem: When a user has an unfinished transaction, if the app is restarted, both StoreKit2 and Original StoreKit will receive a notification of the transaction: Original StoreKit's '-paymentQueue:updatedTransactions:' method StoreKit2's 'Transaction.updated' method resulting in duplicate calls to the shipping API. My current treatment is to only add '-paymentQueue:updatedTransactions:' to listen for unfinished transactions. Even if the user is using StoreKit2 to initiate the payment, if the transaction is not Finished, it will be fetched via this method after restarting the app to process this transaction. Is this approach feasible and are there any best practices for this scenario? To summarize: Is it feasible to fetch unfinished StoreKit2 transactions via Original StoreKit methods when StoreKit2 coexists with Original StoreKit? Is there a recommended way

How to legally and compliantly upload users' fitness and health data to our own server—while adhering to Apple's strict privacy policies—for analysis by our AI large model to provide personalized feedback and recommendations to users.

iOS mTLS Client Certificate Authentication Fails in TestFlight with Error -25303 Problem I'm building an iOS app that uses mTLS (client certificates received from server at runtime). Storing SecCertificate to keychain fails with error -25303 in both development and TestFlight builds, preventing SecIdentity creation needed for URLSession authentication. Environment: iOS 18.2, iPad Pro, TestFlight internal testing, keychain-access-groups properly configured Diagnostic Results Testing keychain operations shows an interesting pattern: ✅ Generic Password - Works: let addQuery: [CFString: Any] = [ kSecClass: kSecClassGenericPassword, kSecAttrAccount: "test", kSecValueData: "password".data(using: .utf8)! ] SecItemAdd(addQuery as CFDictionary, nil) // Returns: 0 (success) ✅ SecKey - Works: let addKeyQuery: [CFString: Any] = [ kSecClass: kSecClassKey, kSecValueRef: privateKey, kSecAttrApplicationTag: tag ] SecItemAdd(addKeyQuery as CFDictionary, nil) // Returns: 0 (success) ❌ SecCertificate - Fails: let addCertQuery: [CFString: Any] = [ kSecClass: kSecClassCertificate, kSecValueRef: certificate, // Created from server-provided PEM kSecAttrApplicationTag: tag ] SecItemAdd(addCertQuery as CFDictionary, nil) // Returns: -25303 Code Context Attempting to create SecIdentity for mTLS: private func createIdentity(fromCert certPEM: String, key keyPEM: String) throws -> SecIdentity { // 1. Parse PEM to DER and create SecCertificate - succeeds guard let certData = extractPEMData(from: certPEM, type: "CERTIFICATE"), let certificate = SecCertificateCreateWithData(nil, certData as CFData) else { throw CertificateError.invalidCertificate } // 2. Parse PEM key and create SecKey - succeeds guard let keyData = extractPEMData(from: keyPEM, type: "PRIVATE KEY"), let privateKey = SecKeyCreateWithData(keyData as CFData, attrs as CFDictionary, &error) else { throw CertificateError.invalidKey } // 3. Add key to keychain - SUCCEEDS (errSecSuccess) let tempTag = UUID().uuidString.data(using: .utf8)! SecItemAdd([ kSecClass: kSecClassKey, kSecValueRef: privateKey, kSecAttrApplicationTag: tempTag ] as CFDictionary, nil) // ✅ Works // 4. Add certificate to keychain - FAILS (-25303) let status = SecItemAdd([ kSecClass: kSecClassCertificate, kSecValueRef: certificate, kSecAttrApplicationTag: tempTag ] as CFDictionary, nil) // ❌ Fails with -25303 guard status == errSecSuccess else { throw CertificateError.keychainError(status) } // 5. Would query for SecIdentity (never reached) // ... } Network Behavior When mTLS fails, console shows: Connection: asked for TLS Client Certificates Connection: received response for client certificates (-1 elements) Connection: providing TLS Client Identity (-1 elements) Task received response, status 403 The -1 elements indicates no certificates were provided. Entitlements <key>keychain-access-groups</key> <array> <string>$(AppIdentifierPrefix)com.ellin.tshios</string> </array> Keychain Sharing capability is enabled. What I've Tried Both kSecValueRef and kSecValueData approaches - same error Various kSecAttrAccessible values - same error Different keychain access groups - same error TestFlight build (vs dev build) - same error PKCS#12 creation - requires complex ASN.1/DER encoding, no iOS API Questions Is error -25303 expected when adding SecCertificate in development/TestFlight builds? Will App Store distribution resolve this? Or is there a fundamental limitation? Why does SecKey succeed but SecCertificate fails with identical entitlements? Is there an alternative to create SecIdentity without keychain access? Constraints Certificates come from server at runtime (cannot bundle) Need SecIdentity for URLSession client certificate authentication Server provides PEM format certificates Tested on: Simulator (dev), iPad Pro (dev), iPad Pro (TestFlight) - all fail Any insights appreciated - specifically whether this is a provisioning profile limitation that App Store distribution would resolve.

I am developing an iOS App for a Bluetooth peripheral using SwiftUI with Swift 5 or 6. I have a few past attempts that got so far (connected to a peripheral), and some downloaded examples that connect to peripherals. Lately (last month or so), my current attempt never gets BleManager to start, and every attempt ends at my View that says 'please enable Bluetooth'. The Xcode console is totally blank with no print outputs. Coding Assistant suggested the init() in my @main structure could contain print("App initializing"), but even that never prints. Coding Assistant suggests: "• Open your project's Info.plist in Xcode. • Make sure UIApplicationSceneManifest is present and configured for SwiftUI, not referencing any storyboard. • Ensure UIMainStoryboardFile is not present (or blank)." but there is no info.plist because it is no longer required. Downloaded sample code runs and connects to peripherals, so Bluetooth is working on my iPhone and the Bluetooth device is accessible. My older attempts used to work, but now have the same problem. All attempts have "Enable Bluetooth to connect to Device" in the Privacy - Bluetooth Info.plist setting. Something is fundamentally wrong with many different code attempts. I have searched all the various settings for mention of SwiftUI or Storyboard, but not found them in working or failing projects. The downloaded code which works has minimum deployment iOS 14.0 and Swift Compiler Language Version Swift 5. My latest code attempt has minimum deployment iOS 16 and Swift 5. All code is target device iPhone (I am testing on iPhone 16e running iOS 26.2.1) and developing with Xcode 26.2 on MacBook Air M1 running the latest Tahoe. I do a Clean Build Folder before every test, and have tried re-starting both Mac and iPhone. How can my coding fail so spectacularly?

We have an app that controls InDesign Desktop and InDesignServer via hundreds of AppleScripts. Some macOS security updates a while back dictated that we start communicating with other apps via ScriptingBridge. We couldn't afford to convert the hundreds of AppleScripts into direct ScriptingBridge nomenclature, so we opted to keep them as is and instead tell the external apps to: [app doScript:<the script text> language:InDesignScLgApplescriptLanguage withArguments:nil undoMode:InDesignESUMScriptRequest undoName:@"blah"] There are a handful of scripts that we did convert to direct ScriptingBridge. There are times (and under the right circumstances, it's repeatable) when a certain script will have run perfectly dozens of times, and then it will throw errOSAInternalTableOverflow. We create a new SBApplication for every job (which could be a single instance of Desktop or the multiple instances of Server). Why is this error happening seemingly randomly? Is there anything we can do to work around or prevent this?