[EDIT: Please ignore. Will delete in a second] Transaction.currentEntitlements is returning the complete history of transactions on a subscription product. I have a program with an In-App Purchase for a monthly subscription. I am testing with a local StoreKit file in Xcode. I configured the StoreKit test file to update every minute. When the program starts, I retrieve the current transactions from StoreKit to see if there is an active subscription. for await verificationResult in Transaction.currentEntitlements { guard case .verified(let transaction) = verificationResult else { continue } // update status for subscriptions This morning's testing is showing transactions for all transactions, both current and past. The current subscription renewal is sent plus all the past renewals that have expired. I thought in my previous testing that only one transaction (i.e., the latest/current) was sent per Product ID. Is this (all subscription transactions) the expected behavior, or should I file a bug report? Example debug output from Transaction.currentEntitlements loop (top transaction is the current one, but past expired ones are provided too; "DEBUG CURRENT ----" separates individual transactions): DEBUG CURRENT: getCurrentEntitlements BEGIN DEBUG CURRENT ---- DEBUG CURRENT: for product pro.monthly DEBUG CURRENT: Verified Reason: Renewal DEBUG CURRENT: Ownership: Purchased DEBUG CURRENT: Purchases: is good DEBUG CURRENT: signed date: 2026-03-26 17:37:12 +0000 DEBUG CURRENT: purchase date: 2026-03-26 17:36:24 +0000 DEBUG CURRENT: environment: Environment(rawValue: "Xcode") DEBUG CURRENT: store front: Storefront(countryCode: "USA", id: "143441", localeStorage: en_US (fixed en_US)) DEBUG CURRENT ---- DEBUG CURRENT: for product pro.monthly DEBUG CURRENT: Verified Reason: Renewal DEBUG CURRENT: Ownership: Purchased DEBUG CURRENT: Expired 2026-03-26 17:36:24 +0000 DEBUG CURRENT: signed date: 2026-03-26 17:35:25 +0000 DEBUG CURRENT: purchase date: 2026-03-26 17:35:24 +0000 DEBUG CURRENT: environment: Environment(rawValue: "Xcode") DEBUG CURRENT: store front: Storefront(countryCode: "USA", id: "143441", localeStorage: en_US (fixed en_US)) DEBUG CURRENT ---- DEBUG CURRENT: for product pro.monthly DEBUG CURRENT: Verified Reason: Renewal DEBUG CURRENT: Ownership: Purchased DEBUG CURRENT: Expired 2026-03-26 17:35:24 +0000 DEBUG CURRENT: signed date: 2026-03-26 17:34:25 +0000 DEBUG CURRENT: purchase date: 2026-03-26 17:34:24 +0000 DEBUG CURRENT: environment: Environment(rawValue: "Xcode") DEBUG CURRENT: store front: Storefront(countryCode: "USA", id: "143441", localeStorage: en_US (fixed en_US))

We are seeing an issue after updating iPads to iPadOS 26.4 where cellular service is lost until network settings are reset. Environment: Devices managed via Apple Business Manager and Microsoft Intune Carrier: Verizon Confirmed affected devices: iPad (9th generation) eSIM Behavior: After update, device shows no cellular service No prompt to re-activate or re-add the cellular plan The plan appears to still be present on the device Workaround observed: Resetting Network Settings restores service Notes: This does not appear to be a provisioning issue (no need to re-add eSIM) Behavior suggests the cellular/eSIM state may not be initializing correctly after update Toggling Cellular or Airplane mode has not yet been tested for service restoration. We have not yet confirmed whether devices using a physical SIM are affected Still gathering data on scope across additional iPad models Additional observation: We have not observed this behavior on iPhones (e.g., iPhone 16 on iOS 26.4 with LTE remains unaffected) Has anyone else observed similar behavior on iPadOS 26.4, particularly on managed devices or eSIM configurations?

After implementing the new structured concurrency API's for Network framework, we are noticing a few memory leaks in the Network framework when using API's like onViabilityUpdate and onBetterPathUpdate. Whenever a previously established connection is disconnected, the NWConnection object is never released by the Network framework when we use the 2 API's mentioned. Irrespective of what goes inside these handlers(or leave it empty), the connection object is leaking. If I comment out the handlers, there is no memory leak. Posting this here in the forum to understand if others have encountered similar issues and found a workaround? Raised a feedback assistant request with all the details and a sample app here: FB22339653

Hello, I’m facing an issue with StoreKit where no products are returned in Sandbox. Context: App: SylvoY (Bundle ID: fr.sylvoy.app) Product ID: sylvoy_sylvoy_premium_v2_monthly Type: auto-renewable subscription Build: TestFlight 1.0.16 (Build 20) Device: physical iPhone Environment: Sandbox account Setup: Paid Applications Agreement: Active Banking & Tax: Active Product status: Ready to Submit Product is linked to the current TestFlight build Issue: When fetching products using StoreKit, the returned array is empty: productsCount = 0 products = [] Expected: Product metadata (price, description) should be returned. Actual: No products are returned at all. Additional info: Product identifier is correct Tested on real device (not simulator) Installed via TestFlight Sandbox account properly configured This issue is currently blocking validation of the subscription flow before release. DTS Case-ID: 18968852 (redirected here) Any help would be appreciated.

Hello, How does macOS handle coexistence between multiple Transparent Proxy providers from different vendors if their network rules overlap and one provider modifies the traffic? Thank you in advance!

Hello, Is it possible for a Network Extension (running in its sandbox) to act as a client for an XPC service hosted by a Launch Daemon (e.g., to offload data processing)? Are there any specific sandbox restrictions or entitlement requirements for this type of XPC communication? Thank you in advance!

I have a macOS VPN app with a Network Extension (packet tunnel provider) distributed outside the App Store via Developer ID. Everything works perfectly when running from Xcode. After archiving and exporting for Developer ID distribution, the extension launches but immediately gets killed by nesessionmanager. The error: Signature check failed: code failed to satisfy specified code requirement(s) followed by: started with PID 0 status changed to disconnected, last stop reason Plugin failed What makes this interesting: the extension process does launch. AMFI approves it, taskgated-helper validates the provisioning profile and says allowing entitlement(s) due to provisioning profile, the sandbox is applied, PacketTunnelProvider is created — but then Apple's Security framework internally fails the designated requirement check and nesessionmanager kills the session. Key log sequence: taskgated-helper: Checking profile: Developer ID - MacOS WireGuardExtension taskgated-helper: allowing entitlement(s) for com.xx.xx.WireGuardNetworkExtension due to provisioning profile (isUPP: 1) WireGuardNetworkExtensionMac: AppSandbox request successful WireGuardNetworkExtensionMac: creating principle object: PacketTunnelProvider WireGuardNetworkExtensionMac: Signature check failed: code failed to satisfy specified code requirement(s) nesessionmanager: started with PID 0 error (null) nesessionmanager: status changed to disconnected, last stop reason Plugin failed Setup: macOS 15, Xcode 16 Developer ID Application certificate Manual code signing, Developer ID provisioning profiles with Network Extensions capability Extension in Contents/PlugIns/ (standard appex, not System Extension) Extension entitlement: packet-tunnel-provider-systemextension NSExtensionPointIdentifier: com.apple.networkextension.packet-tunnel codesign --verify --deep --strict PASSES on the exported app Hardened runtime enabled on all targets What I've verified: Both app and extension have matching TeamIdentifier Both are signed with the same Developer ID Application certificate The designated requirement correctly references the cert's OIDs The provisioning profiles are valid and taskgated-helper explicitly approves them No custom signature validation code exists in the extension — the "Signature check failed" comes from Apple's Security framework What I've tried (all produce the same error): Normal Xcode archive + export (Direct Distribution) Manual build + sign script (bypassing Xcode export entirely) Stripping all signatures and re-signing from scratch Different provisioning profiles (freshly generated) Comparison with official WireGuard app: I noticed the official WireGuard macOS app (which works with Developer ID) uses packet-tunnel-provider (without -systemextension suffix) in its entitlements. My app uses packet-tunnel-provider-systemextension. However, I cannot switch to the non-systemextension variant because the provisioning profiles from Apple Developer portal always include the -systemextension variants when "Network Extensions" capability is enabled, and AMFI rejects the mismatch. Questions: Is there a known issue with packet-tunnel-provider-systemextension entitlement + PlugIn-based Network Extension + Developer ID signing? Should the extension be using packet-tunnel-provider (without -systemextension) for Developer ID distribution? If so, how do I get a provisioning profile that allows it? The "Signature check failed" happens after taskgated-helper approves the profile — what additional code requirement check is the NE framework performing, and how can I satisfy it? Any guidance would be appreciated. I've exhausted all signing approaches I can think of.

We are implementing Apple Pay In-App Provisioning (EV_ECC_v2) for our EU app. The same codebase and encryption logic works successfully for our main app (different bundle ID and Adam ID), but the EU app consistently fails with HTTP 500. Environment: Entitlement: Granted (Case-ID: 18772317) Encryption scheme: EV_ECC_v2 Issue: During In-App Provisioning, the iOS app successfully obtains certificates, generates cryptographic material (encryptedCardData, activationData, ephemeralPublicKey), and POSTs to Apple's broker endpoint. The request fails at: Endpoint: POST /broker/v4/devices/{SEID}/cards Response: HTTP 500 with an HTML error page (not a JSON business error) <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> Key observations: Our main app (different bundle ID/Adam ID) uses identical encryption code, private keys, and key alias — and works correctly in production. Manual card provisioning through Apple Wallet on the same device succeeds. The entitlement com.apple.developer.payment-pass-provisioning is confirmed present in the provisioning profile (verified via codesign). The 500 response is HTML rather than JSON, suggesting the request is rejected at the gateway level before reaching Apple Pay business logic. What we've verified: Entitlement correctly configured in provisioning profile ephemeralPublicKey is in uncompressed format (65 bytes, starts with 0x04) encryptionVersion is EV_ECC_v2 No double Base64 encoding Question: Could you please check whether Adam ID 6745866031 has been correctly added to the server-side allow list for In-App Provisioning in the production environment? Given the HTML 500 (not JSON) and that the identical code works for our other app, we suspect this may be an allow list or account configuration issue rather than a cryptography error. I will follow up with a Feedback Assistant ID including sysdiagnose logs shortly, per the steps outlined in https://developer.apple.com/forums/thread/762893

I am seeing an issue with NETransparentProxyProvider where the extension successfully transitions from sleep to wake, but stops receiving handleNewFlow(_:) calls. Only below two methods gets called, We don't apply rules in these methods: override func wake() override func sleep(completionHandler: @escaping () -> Void) This breaking complete proxy workflow as it stops intercepting traffics. We are not observing this issues always. FYI: com.apple.developer.endpoint-security.client is not present in .entitlement file. I am not sure adding this will help. Any possibilities nesessionmanager might fail to re-bind the traffic rules for this extensions? Any thing we can do to avoid this issues?

Hi everyone, I'm building an iOS app using Capacitor 6 with Swift Package Manager (SPM). I have a custom native plugin (AppleIAPPlugin) for StoreKit 2 In-App Purchases that lives in the App target (not as an SPM package). Despite compiling successfully, the JavaScript bridge throws: "AppleIAP" plugin is not implemented on ios Setup AppleIAPPlugin.swift: swift import Foundation import Capacitor import StoreKit @objc(AppleIAPPlugin) public class AppleIAPPlugin: CAPPlugin, CAPBridgedPlugin { public let identifier = "AppleIAPPlugin" public let jsName = "AppleIAP" public let pluginMethods: [CAPPluginMethod] = [ CAPPluginMethod(name: "getProducts", returnType: CAPPluginReturnPromise), CAPPluginMethod(name: "purchase", returnType: CAPPluginReturnPromise), CAPPluginMethod(name: "restorePurchases", returnType: CAPPluginReturnPromise), CAPPluginMethod(name: "getCurrentEntitlements", returnType: CAPPluginReturnPromise), CAPPluginMethod(name: "openManageSubscriptions", returnType: CAPPluginReturnPromise), ] @objc func getProducts(_ call: CAPPluginCall) { /* StoreKit 2 implementation */ } @objc func purchase(_ call: CAPPluginCall) { /* ... */ } // etc. } AppleIAPPlugin.m: objc #import <Foundation/Foundation.h> #import <Capacitor/Capacitor.h> CAP_PLUGIN(AppleIAPPlugin, "AppleIAP", CAP_PLUGIN_METHOD(getProducts, CAPPluginReturnPromise); CAP_PLUGIN_METHOD(purchase, CAPPluginReturnPromise); CAP_PLUGIN_METHOD(restorePurchases, CAPPluginReturnPromise); CAP_PLUGIN_METHOD(getCurrentEntitlements, CAPPluginReturnPromise); CAP_PLUGIN_METHOD(openManageSubscriptions, CAPPluginReturnPromise); ) MyBridgeViewController.swift (custom bridge to register the plugin): swift import UIKit import Capacitor class MyBridgeViewController: CAPBridgeViewController { override open func capacitorDidLoad() { bridge?.registerPluginType(AppleIAPPlugin.self) } } Main.storyboard points to MyBridgeViewController (module: App) instead of CAPBridgeViewController. TypeScript side: typescript import { registerPlugin } from "@capacitor/core"; export const AppleIAP = registerPlugin("AppleIAP"); What I've verified Both .swift and .m files are in the Xcode project's Compile Sources build phase nm on the compiled binary confirms OBJC_CLASS_$_AppleIAPPlugin symbol exists The build succeeds with zero errors Other SPM-based Capacitor plugins (Share, Media, NativeAudio) work fine — they have pluginMethods and jsName symbols in the binary; my custom plugin does NOT A bridging header (App-Bridging-Header.h) is configured with #import <Capacitor/Capacitor.h> What I've tried (all failed) .m file with CAP_PLUGIN macro only (no CAPBridgedPlugin in Swift) Added CAPBridgedPlugin protocol conformance to Swift class Created MyBridgeViewController subclass with registerPluginType() in capacitorDidLoad() Removed/added override public func load() method Added #import <Foundation/Foundation.h> to .m file Various bridging header configurations Multiple clean builds and derived data wipes Environment Xcode 16 Capacitor 6 (via SPM, binary xcframework) iOS 17+ deployment target Physical device testing (not simulator) Question How should a custom plugin in the App target be registered with Capacitor 6 when using SPM? The SPM-based plugins from node_modules get auto-discovered, but my custom plugin in the App target does not. Is there a step I'm missing to make registerPluginType() work, or should I structure my custom plugin as a local SPM package instead? Any guidance would be greatly appreciated.

Hey Apple team, I'd love to see a native wind animation layer added to Apple Maps and MapKit. A built-in, system-level wind visualization — similar to the animated weather layers seen in third-party apps — would be an incredibly powerful tool for developers building weather, aviation, marine, outdoor recreation, and navigation apps. Having this baked natively into MapKit would mean smoother performance, better battery efficiency, and a consistent experience across iOS, iPadOS, and macOS — rather than every developer having to reinvent the wheel with custom particle systems or third-party SDKs. Please Apple — this would be a fantastic addition to the Maps ecosystem. 🌬️🗺️

This discussion is for iOS/iPadOS. I've written an NEAppProxyProvider network extension. I'd like to test it. I thought that using the "NETestAppMapping" dictionary was a way to get there, but when I try to instantiate an NEAppProxyProviderManager to try to install stuff, the console tells me "must be MDM managed" and I get nowhere. So can someone tell me, can I at least test the idea without needing to first get MDM going? I'd like to know if how I'm approaching the core problem even makes sense. My custom application needs to stream video, via the SRT protocol, to some place like youtube or castr. The problem is that in the environment we are in (big convention centers), our devices are on a LAN, but the connection from the LAN out to the rest of the world just sucks. Surprisingly, cellular has better performance. So I am trying to do the perverse thing of forcing traffix that is NOT local to go out over cellular. And traffic that is completely local (i.e. talking to a purely local server/other devices on the LAN) happens over ethernet. [To simplify things, wifi is not connected.] Is an app proxy the right tool for this? Is there any other tool? Unfortunately, I cannot rewrite the code to force everything through Apple's Network framework, which is the one place I know we can say "use cellular." [E.g. URLSession() has absolutely no way of forcing cellular, and even so, the low level streaming library I use is written with raw sockets, and its not feasible for me to rewrite it.] Any other suggestions of how to accomplish this "send non-local traffic to cellular, all local traffic out over ethernet" gratefully welcomed!

I've been working on an app. It uses iCloud syncing. 48 hours ago everything was working 100%. Make a change on the iPhone it immediately changed on the Mac. Change on the Mac, it immediately changed on the iPhone. I didn't work on it yesterday. I updated to iOS26.4 on the iPhone and 26.4 on the Mac yesterday instead. Today, I pull up the project again. I made NO changes to the code or settings. Make a change on the iPhone it immediately updates on the Mac. Make a change on the Mac, nothing happens on the iPhone. I've waited an hour, and the change never happens. If you leave the iPhone app, then return, it updates as it should. It appears that iCloud's silent notification is to being received by the iPhone. Anyone else having the issue? Is there something new with iOS 26.4 that needs to be adjusted to get this to work? Again, works flawlessly with the Mac, just not with the iPhone.

Hi everyone, I have a SwiftUI app using CKQuerySubscription on the public database for social notifications (friend requests, recommendations, etc.). Push notifications work perfectly in the Development environment but never fire in Production (TestFlight). Setup: iOS 26.4, Xcode 26, Swift 6 Container: public database, CKQuerySubscription with .firesOnRecordCreation 5 subscriptions verified via CKDatabase.allSubscriptions() registerForRemoteNotifications() called unconditionally on every launch Valid APNS device token received in didRegisterForRemoteNotificationsWithDeviceToken Push Notifications + Background Modes (Remote notifications) capabilities enabled What works: All 5 subscriptions create successfully in Production Records are saved and queryable (in-app CloudKit fetches return them immediately) APNS production push works — tested via Xcode Push Notifications Console with the same device token, notification appeared instantly Everything works perfectly in the Development environment (subscriptions fire, push arrives) What doesn't work: When a record is created that matches a subscription predicate, no APNS push is ever delivered in Production Tested with records created from the app (device to device) and from CloudKit Dashboard — neither triggers push Tried: fresh subscription IDs, minimal NotificationInfo (just alertBody), stripped shouldSendContentAvailable, created an APNs key, toggled Push capability in Xcode, re-deployed schema from dev to prod Additional finding: One of my record types (CompletionNotification) was returning BAD_REQUEST when creating a subscription in Production, despite working in Development. Re-deploying the development schema to production (which reported "no changes") fixed the subscription creation. This suggests the production environment had inconsistent subscription state for that record type, possibly from the type being auto-created by a record save before formal schema deployment. I suspect a similar issue may be affecting the subscription-to-APNS pipeline for all my record types — the subscriptions exist and predicates match, but the production environment isn't wiring them to APNS delivery. Subscription creation code (simplified): let subscription = CKQuerySubscription( recordType: "FriendRequest", predicate: NSPredicate(format: "receiverID == %@ AND status == %@", userID, "pending"), subscriptionID: "fr-sub-v3", options: [.firesOnRecordCreation] ) let info = CKSubscription.NotificationInfo() info.titleLocalizationKey = "Friend Request" info.alertLocalizationKey = "FRIEND_REQUEST_BODY" info.alertLocalizationArgs = ["senderUsername"] info.soundName = "default" info.shouldBadge = true info.desiredKeys = ["senderUsername", "senderID"] info.category = "FRIEND_REQUEST" subscription.notificationInfo = info try await database.save(subscription) Has anyone encountered this? Is there a way to "reset" the subscription-to-APNS pipeline for a production container? I'd really appreciate any guidance on how to resolve and get my push notifications back to normal. Many thanks, Dimitar - LaterRex

Hello, I got Purchase Error Couldn’t communicate with a helper application. when button 'Buy Pro' clicked in my app it uses storekit subscription created (correct id in configuration.storekit) got this error in console: Purchase did not return a transaction: Error Domain=ASDErrorDomain Code=5115 "Received failure in response from Xcode" UserInfo={NSDebugDescription=Received failure in response from Xcode, NSUnderlyingError=0xc5bc1c510 {Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service created from an endpoint was invalidated from this process." UserInfo={AMSDescription=An unknown error occurred. Please try again., AMSURL=http://localhost:49913/WebObjects/MZBuy.woa/wa/inAppBuy, NSDebugDescription=The connection to service created from an endpoint was invalidated from this process., AMSStatusCode=200, AMSServerPayload={ "app-list" = ( Thx for any help : )

We are developing an app which allows users to generate a HSBC virtual card using Mastercard API and add this card to an apple wallet. Staging test was passed successfully, but we are stuck in a production test phase. T&C is not even visible, 'Card is not added' is popped on a screen before that. User taps “Add to Apple Wallet” → we present PKAddPaymentPassViewController → they tap Next → after a few seconds the flow fails with "Set Up Later" alert. FB22332303 (MCDeanPortal app: In-App Provisioning Production Test fails) Thank you

In my Notification Service Extension I'm doing two things in parallel inside didReceive(_:withContentHandler:): Downloading and attaching a rich media image (the standard content modification work) Firing a separate analytics POST request (fire-and-forget I don't wait for its response) Once the image is ready, I call contentHandler(modifiedContent). The notification renders correctly. What I've observed (via Proxyman) is that the analytics POST request completes successfully after contentHandler has already been called. My question: Why does this network request complete? Is it because: (a) The extension process is guaranteed to stay alive for the full 30-second budget, even after contentHandler is called so my URLSession task continues executing during the remaining time? (b) The extension process loses CPU time after contentHandler but remains in memory for process reuse and the request completes at the socket/OS level without my completion handler ever firing? (c) Something else entirely? I'd like to understand the documented behaviour so I can decide whether it's safe to rely on fire-and-forget network requests completing after contentHandler, or whether I need to ensure the request finishes before calling contentHandler.

Hello! currently I got a massive issue after upgrading all 10.000 Macs from macOS 26.3 to 26.3.1 or 26.4 and running some programs/apps on it which are currently not running because we need to read out the Hardware UUID. After the Update to macOS 26.3.1 and 26.4 the Terminal for the command system_profiler SPHardwareDataType is return an additional line: % system_profiler SPHardwareDataType 2026-03-25 11:28:17.939 system_profiler[73588:434733] hw.cpufamily: 0x1b588bb3 Hardware: bevor the Update the response was: %system_profiler SPHardwareDataType Hardware: Why I am getting this extra line "2026-03-25 11:28:17.939 system_profiler[73588:434733] hw.cpufamily: 0x1b588bb3" with a timestamp and system_profilder + hw.cpufamily as response? How can I disable this? Also the difference is with the command: system_profiler -json SPHardwareDataType Above version macOS 26.3.1 I will get an percentage sign in the Output - this is not a valid json! ...(shorten)    }   ] }%   on macOS version 26.3 and lower the response is: ...(shorten)      }   ] }

Test File attachment README.txt

Currently I have an app which is completely free for all the users, I might have future versions where I will introduce paid version, where I will surely use Apple IAP and Revenue CAT. How should I clarify this to App store? Should I tell only what I am doing today, or also tell what I will do in future and keep Apple IAP in my conversation?