According to Apple's development documentation, if I want to install an Endpoint Security system extension, I need to develop a host app that must be installed in the Applications directory. Now, I want to create an ES extension to protect users from accessing certain folders. However, I don't want a custom app to pop up asking the user to allow the installation of the ES extension. (To clarify, it's fine if the system authorization request dialog pops up, but I don't want the host app's UI to appear.) Is there any way to do this?

fetchCurrent(completionHandler:) https://developer.apple.com/documentation/networkextension/nehotspotnetwork/fetchcurrent(completionhandler:) The same code works fine in Xcode 16, but when I run the same project in Xcode 26, it doesn't work

I have downloaded the IOS 17 beta package from the Apple Developer download site. I am having issues installing it on an iPhone 13 mini. The iPhone is in Developer mode but it still errors out when restoring the image. What is the procedure to accomplish this downgrade?

My application (using a nested framework for networking) was working correctly on iPadOS 18, but failed to perform a UDP broadcast operation after upgrading the device to iPadOS 26. The low-level console logs consistently show a "Permission denied" error. Symptoms & Error Message: When attempting to send a UDP broadcast packet using NWConnection (or a similar low-level socket call within the framework), the connection fails immediately with the following error logged in the console: nw_socket_service_writes_block_invoke [C2:1] sendmsg(fd 6, 124 bytes) [13: Permission denied] (Error code 13 corresponds to EACCES). Verification Steps (What I have checked): Multicast Networking Entitlement is Approved and Applied: The necessary entitlement (com.apple.developer.networking.multicast) was granted by Apple. The Provisioning Profile used for signing the Host App Target has been regenerated and explicitly includes "Multicast Networking" capability (see attached screenshot). I confirmed that Entitlements cannot be added directly to the Framework Target, only the Host App Target, which is the expected behavior. Local Network Privacy is Configured: The Host App's Info.plist contains the NSLocalNetworkUsageDescription key with a clear usage string. Crucially, the Local Network Access alert does not reliably appear when the Broadcast function is first called (despite a full reinstall after OS upgrade). Even when Local Network Access is manually enabled in Settings, the Broadcast still fails with EACCES. Code Implementation: The Broadcast is attempted using NWConnection to the host 255.255.255.255 on a specific port. Request: Since all required entitlements and profiles are correct, and the failure is a low-level EACCES on a newly updated OS version, I suspect this may be a regression bug in the iPadOS 26 security sandbox when validating the Multicast Networking Entitlement against a low-level socket call (like sendmsg). Has anyone else encountered this specific Permission denied error on iPadOS 26 with a valid Multicast Entitlement, and is there a known workaround aside from switching to mDNS/Bonjour?

We implemented AppIntents using EnumerableEntityQuery and @Dependency and we are receiving these crash reports: AppIntents/AppDependencyManager.swift:120: Fatal error: AppDependency of type MyDependency.Type was not initialized prior to access. Dependency values can only be accessed inside of the intent perform flow and within types conforming to _SupportsAppDependencies unless the value of the dependency is manually set prior to access. I can't post the stack because of the Developer Forums sensitive language filter :( but basically it's just a call to suggestedEntities of MyEntityQuery that calls the dependency getter and then it crashes. My understanding was that when using @Dependency, the execution of the intent, or query of suggestedEntities in this case, would be delayed by the AppIntents framework until the dependency was added to the AppDependencyManager by me. At least that's what's happening in my tests. But in prod I'm having these crashes which I haven't been able to reproduce in dev yet. Does anyone know if this is a bug or how can this be fixed? As a workaround, I can avoid using @Dependency and AppDependencyManager completely and make sure that all operations are async and delay the execution myself until the dependency is set. But I'd like to know if there's a better solution. Thanks!

Since iOS 26, the Apple Maps share sheet no longer provides a com.apple.mapkit.map-item attachment when sharing a location to my Share Extension. Additionally, on real devices the shared URL is now a short link (https://maps.apple/p/...), which does not contain coordinates. On the simulator, the URL still includes coordinates (as in previous iOS versions). I'm trying to find the official or recommended way to extract coordinates from these new short URLs. Environment: Devices: iPhone (real device) on iOS 26.0 / 26.0.1 Simulator: iOS 26.0 / 26.0.1 simulator (behaves like iOS 18 — see below) App: Share Extension invoked from Apple Maps -> Share -> my app Xcode: 26.0.1 Steps to Reproduce Open Apple Maps on iOS 26 (real device). Pick a POI (store/restaurant). Share -> choose my share extension. iOS 18 and earlier (lldb) po extensionContext?.inputItems ▿ Optional<Array<Any>> ▿ some : 1 element - 0 : <NSExtensionItem: 0x60000000c5d0> - userInfo: { NSExtensionItemAttachmentsKey = ( "<NSItemProvider: 0x600002930d20> {types = (\"public.plain-text\")}", "<NSItemProvider: 0x600002930c40> {types = (\"com.apple.mapkit.map-item\")}", "<NSItemProvider: 0x600002930bd0> {types = (\"public.url\")}" ); } Typical URL: https://maps.apple.com/place?address=Apple%20Inc.,%201%20Apple%20Park%20Way,%20Cupertino,%20CA%2095014,%20United%20States&coordinate=37.334859,-122.009040&name=Apple%20Park&place-id=I7C250D2CDCB364A&map=explore iOS 26 (lldb) po extensionContext?.inputItems ▿ 1 element - 0 : <NSExtensionItem: 0x6000000058d0> - userInfo: { NSExtensionItemAttachmentsKey = ( "<NSItemProvider: 0x600002900b60> {types = (\"public.url\")}", "<NSItemProvider: 0x600002900fc0> {types = (\"public.plain-text\")}" ); } URL looks like: https://maps.apple/p/U8rE9v8n8iVZjr On simulator iOS 26 same missing map-item provider - but the URL is still long and contains coordinates, like this: https://maps.apple.com/place?coordinate=37.334859,-122.009040&name=Apple%20Park&.. Issue The short URLs (maps.apple/p/...) cannot be resolved directly - following redirects ends with: https://maps.apple.com/unsupported The only way I've found to get coordinates is to intercept intermediate redirects - one of them contains the expanded URL with coordinate=.... Example of my current workaround: final class RedirectSniffer: NSObject, URLSessionTaskDelegate { private(set) var redirects: [URL] = [] func urlSession(_ session: URLSession, task: URLSessionTask, willPerformHTTPRedirection response: HTTPURLResponse, newRequest request: URLRequest) async -> URLRequest? { if let url = request.url { redirects.append(url) } return request } } Then I look through redirects to find a URL containing "coordinate=". This works, but feels unreliable and undocumented. Questions Was the removal of com.apple.mapkit.map-item from the Maps share payload intentional in iOS 26? If yes, is there a new attachment type or API to obtain an MKMapItem? What’s the official or supported way to resolve https://maps.apple/p/... to coordinates? Is there any MapKit API or documented URL scheme for this? Is intercepting redirect chains the only option for now? Why does the iOS 26 simulator still return coordinate URLs, while real devices don't?

My application (using a nested framework for networking) was working correctly on iPadOS 18, but failed to perform a UDP broadcast operation after upgrading the device to iPadOS 28. The low-level console logs consistently show a "Permission denied" error. Symptoms & Error Message: When attempting to send a UDP broadcast packet using NWConnection (or a similar low-level socket call within the framework), the connection fails immediately with the following error logged in the console: nw_socket_service_writes_block_invoke [C2:1] sendmsg(fd 6, 124 bytes) [13: Permission denied] (Error code 13 corresponds to EACCES). Verification Steps (What I have checked): Multicast Networking Entitlement is Approved and Applied: The necessary entitlement (com.apple.developer.networking.multicast) was granted by Apple. The Provisioning Profile used for signing the Host App Target has been regenerated and explicitly includes "Multicast Networking" capability (see attached screenshot). I confirmed that Entitlements cannot be added directly to the Framework Target, only the Host App Target, which is the expected behavior. Local Network Privacy is Configured: The Host App's Info.plist contains the NSLocalNetworkUsageDescription key with a clear usage string. Crucially, the Local Network Access alert does not reliably appear when the Broadcast function is first called (despite a full reinstall after OS upgrade). Even when Local Network Access is manually enabled in Settings, the Broadcast still fails with EACCES. Code Implementation: The Broadcast is attempted using NWConnection to the host 255.255.255.255 on a specific port. Request: Since all required entitlements and profiles are correct, and the failure is a low-level EACCES on a newly updated OS version, I suspect this may be a regression bug in the iPadOS 28 security sandbox when validating the Multicast Networking Entitlement against a low-level socket call (like sendmsg). Has anyone else encountered this specific Permission denied error on iPadOS 28 with a valid Multicast Entitlement, and is there a known workaround aside from switching to mDNS/Bonjour?

I’m restructuring my business and want to remove Apple Pay. I use Woocommerce Square for payments. Do I do it in the Square dashboard or here? I honestly can’t remember how I set it up. I’m not a developer. I’m a farmer and work on my own website. Thanks!

I am adding In-App provisioning to my app. I am able to access the Apple Pay Sandbox and I have successfully tested adding a secure element/payment pass to Apple Wallet. However, once the pass has been added to the wallet, I can not access or retrieve the pass from my app. I have confirmed with the PNO that the PNO Pass Metadata Configuration in the testing environment include the correct metadata for "associatedApplicationIdentifiers" and "associatedStoreIdentifiers". Does anyone know why I am having this issue and how I can resolve it? Steps used to access pass in Apple Wallet I am unable to view the pass when I attempt to access it using the PKPassLibrary function as follows: let library = PKPassLibrary() if #available(iOS 13.4, *) { // This returns an empty array library.passes(of: .secureElement) } else { // This also returns an empty array library.passes(of: .payment) } // This returns an empty array too library.passes() Steps used to add pass to Apple Wallet These are the steps I follow to add the card: I create a PKAddPaymentPassRequestConfiguration I use this config to instantiate a PKAddPaymentPassViewController. I provide the nonce, nonceSignature, and certificates to my PNO along with the card data. I receive the activationData, encryptedPassData, and ephemeralPublicKey from my PNO and create a PKAddPaymentPassRequest using this data. I add the pass to Apple Wallet. In the addPaymentPassViewController callback, I am able to view the pass data from the .didFinishAdding pass: PKPaymentPass? variable. I am also able to see that the pass has been added from Apple Wallet app. I am not able to access the pass using PKPassLibrary().passes() at this point. I am not able to access the pass at any point after adding it either.

Hi all. Does anyone know if there's a way to get a list of watch faces for a paired Apple Watch or to set the current face? Or is this just not allowed? I've taken a look at the WatchOS, WatchKit, and WatchConnectivity documentation and no luck there.

Im running macOS Tahoe and I have the proper nvram boot-args , however when I try to poke the log stream im not getting any verb information related to the card im using. The audio system im using is AppleHDA.kext from the Beta 1 KDK. I've tried asking AI it doesn't make a difference what it suggests to me..... In the meantime of while im asking for assistance what ill do is go ahead and let it template me a kernel extension that I guess just traffics it to the Log for me and hopefully this isn't filtered out as what I suspect is it saying is happening is is that it actually masks some of the information. Why am I doing this? not For the Linux Driver its so I can see from the Log where it came from as this is what the developer said he did GitHub/davidjo/snd_hda_macbookpro is the kabylake iMac.

I am able to symbolicate kernel backtraces for addresses that belong to my kext. Is it possible to symbolicate kernel backtraces for addresses that lie beyond my kext and reference kernel code? Sample kernel panic log

Hi, I'm trying to download the container with SwifData of my App from the iPhone device connect through a cable to my MAC, for debug purpose. I get an error The specified file could not be transferred. Domain: com.apple.dt.CoreDeviceError Code: 7000 User Info: { DVTErrorCreationDateKey = "2025-10-30 10:00:38 +0000"; NSURL = "file:///Users/maurizio/Desktop/DatiTRIPBOOK/mm.com.TripBook%202025-10-30%2011:00.28.199.xcappdata/AppData/Library"; } The specified file could not be transferred. Domain: com.apple.dt.CoreDeviceError Code: 7000 User Info: { NSURL = "file:///Users/maurizio/Desktop/DatiTRIPBOOK/mm.com.TripBook%202025-10-30%2011:00.28.199.xcappdata/AppData/Library"; } Performing a file system operation failed. Domain: com.apple.dt.remoteservices.error Code: 11001 Failure Reason: The file could not be opened for writing. Failed to open Library/SplashBoard/Snapshots/sceneID:mm.com.TripBook-703D890D-C844-4329-B913-288B5FFB9289/9B937793-D789-43D5-B94C-3FA27A508650 for reading, openat(2) returned POSIX error code 1 (parentParam = 5) Domain: NSPOSIXErrorDomain Code: 1 Failure Reason: Operation not permitted System Information macOS Version 26.0.1 (Build 25A362) Xcode 26.0.1 (24229) (Build 17A400) Timestamp: 2025-10-30T11:00:38+01:00

Hello, I'm suddenly encountering errors with In-App Purchases (IAP) and my sandbox webhooks, which were working correctly just a few days ago. Specifically: Product Information Error: I'm receiving the following error when trying to fetch product information: { "type": "product_info", "result": "error", "error": "An unknown error occurred" } This API call was functioning normally until today. Sandbox Webhook Failure: I have configured a sandbox webhook, but my server is not receiving any notifications from the App Store. Test API 401: When I attempt to call the test API (https://api.storekit-sandbox.itunes.apple.com/inApps/v1/notifications/test), I consistently receive a 401 (Unauthorized) error. Could you please provide some guidance on how to troubleshoot these issues? Thank you.

Hello, We use the Network API in our macOS ObjectiveC applications to create a small web server. With macOS Sequoia or Tahoe (not with Sonoma), downloading files from another computer using the built-in ethernet port is way too slow. Steps to reproduce: Computer A (using macOS Tahoe or Sonoma), run an application using the Network APIs to create a webserver Make sure that this computer connects to the network using the Ethernet port, there is no issue when using WiFi On computer B, make an HTTP request to download a 20MB file => it will take about 30 seconds to download => way too slow... We tested with: if on computer A you run a web server using the GCD API instead of Network, it takes 0.2 seconds to download the file => no issue on computer A disable TSO, it improves the results, but that's not a long term solution as it doesn't hold when rebooting I can provide sample code to demonstrate this if needed. This is a new issue as it's been a while we use that code, and only noticed it recently, and macOS Sonoma is not impacted. Thank you for the help you can provide. Pierre

Hi, A lot of e-mail providers supports OAuth2 authentication. However, Mail.app on macOS and iOS do not support configuring a mail account that would use OAuth2 authentication, unless it's on its hardcoded list of account providers. Is there any framework that allows setting up a custom account for my institution, so that we could begin to offer OAuth2 authentication for mail and calendar?

We have developed an app that communicates with an external reader using BLE, and the reader also supports NFC. We are implementing a feature that uses PKPassLibrary.requestAutomaticPassPresentationSuppression to prevent the Wallet from appearing when unlocking a lock. We have already completed the approval process for the entitlement required to enable Pass Presentation Suppression, referencing Apple’s documentation: https://developer.apple.com/documentation/passkit/pkpasslibrary/requestautomaticpasspresentationsuppression(responsehandler:) In most cases, this works as expected and the Wallet popup does not appear. However, in some cases — particularly when the app is running in the foreground — the Wallet still appears for users. We have verified that the app bundle includes the required entitlement, and the Info.plist correctly specifies the Pass Presentation Suppression key set to true. Could you please help us understand under what conditions this behavior might still occur, or if any additional configuration is required?

Hello everyone I need to present a password to a ST25DV ISO15693 device. From the ST microelectronics datasheet I use the command 0xB3 With customcommandwithrequestflag method with the FLAGs High data rate and Address mode. I have trouble to get it working I receive error code 2 each time I sent the password. The password is composed with int8 area passwor + 8 int8 password. I'd like to know how the customcommand 0xB3 works.

One of the responses to a call to AgeRangeService.shared.requestAgeRange is AgeRangeService.Error.invalidRequest. This has no documentation. What on earth is an invalid request - I mean the app just calls the API, there's no parameters supplied or anything, how can the request ever be invalid? If the app calls AgeRangeService.shared.requestAgeRange and gets this as a response then what is the app supposed to do with that?

I am seeking assistance with how to properly handle / save / reuse NWConnections when it comes to the NWBrowser vs NWListener. Let me give some context surrounding why I am trying to do what I am. I am building an iOS app that has peer to peer functionality. The design is for a user (for our example the user is Bob) to have N number of devices that have my app installed on it. All these devices are near each other or on the same wifi network. As such I want all the devices to be able to discover each other and automatically connect to each other. For example if Bob had three devices (A, B, C) then A discovers B and C and has a connection to each, B discovers B and C and has a connection to each and finally C discovers A and B and has a connection to each. In the app there is a concept of a leader and a follower. A leader device issues commands to the follower devices. A follower device just waits for commands. For our example device A is the leader and devices B and C are followers. Any follower device can opt to become a leader. So if Bob taps the “become leader” button on device B - device B sends out a message to all the devices it’s connected to telling them it is becoming the new leader. Device B doesn’t need to do anything but device A needs to set itself as a follower. This detail is to show my need to have everyone connected to everyone. Please note that I am using .includePeerToPeer = true in my NWParameters. I am using http/3 and QUIC. I am using P12 identity for TLS1.3. I am successfully able to verify certs in sec_protocal_options_set_verify_block. I am able to establish connections - both from the NWBrowser and from NWListener. My issue is that it’s flaky. I found that I have to put a 3 second delay prior to establishing a connection to a peer found by the NWBrowser. I also opted to not save the incoming connection from NWListener. I only save the connection I created from the peer I found in NWBrowser. For this example there is Device X and Device Y. Device X discovers device Y and connects to it and saves the connection. Device Y discovers device X and connects to it and saves the connection. When things work they work great - I am able to send messages back and forth. Device X uses the saved connection to send a message to device Y and device Y uses the saved connection to send a message to device X. Now here come the questions. Do I save the connection I create from the peer I discovered from the NWBrowser? Do I save the connection I get from my NWListener via newConnectionHandler? And when I save a connection (be it from NWBrowser or NWListener) am I able to reuse it to send data over (ie “i am the new leader command”)? When my NWBrowser discovers a peer, should I be able to build a connection and connect to it immediately? I know if I save the connection I create from the peer I discover I am able to send messages with it. I know if I save the connection from NWListener - I am NOT able to send messages with it — but should I be able to? I have a deterministic algorithm for who makes a connection to who. Each device has an ID - it is a UUID I generate when the app loads - I store it in UserDefaults and the next time I try and fetch it so I’m not generating new UUIDs all the time. I set this deviceID as the name of the NWListener.Service I create. As a result the peer a NWBrowser discovers has the deviceID set as its name. Due to this the NWBrowser is able to determine if it should try and connect to the peer or if it should not because the discovered peer is going to try and connect to it. So the algorithm above would be great if I could save and use the connection from NWListener to send messages over.