Team-scoped keys introduce the ability to restrict your token authentication keys to either development or production environments. Topic-specific keys in addition to environment isolation allow you to associate each key with a specific Bundle ID streamlining key management. For detailed instructions on accessing these features, read our updated documentation on establishing a token-based connection to APNs.

Hi! I'm trying to create an iOS peripheral service with UUID=180F which stands for standard GATT BAS. I'm getting the error: CBErrorDomain Code=8 "The specified UUID is not allowed for this operation." Is this prohibited by the system?

Is anybody else seeing this? Since iOS 26.4, calling SKPaymentQueue.restoreCompletedTransactions() no longer returns any transactions for active auto-renewable subscriptions. The success callback is invoked correctly, but the transactions array is empty. The same device and the same Apple ID return the expected transactions on iOS 26.3.1 and earlier. Environment Affected: iOS 26.4.x (confirmed on 26.4.2) Working: iOS 26.3.1 and earlier Product type: Auto-renewable subscriptions Deployment target: iOS 14.0 Steps to reproduce Have an active auto-renewable subscription on an Apple ID (sandbox or production) Run on a device with iOS 26.4 or later Call SKPaymentQueue.default().restoreCompletedTransactions() (or the equivalent via a wrapper such as RMStore) Observe the paymentQueueRestoreCompletedTransactionsFinished delegate callback Expected behaviour The delegate receives the restored transactions via paymentQueue(_:updatedTransactions:) before paymentQueueRestoreCompletedTransactionsFinished is called, as documented. Actual behaviour paymentQueueRestoreCompletedTransactionsFinished is called immediately with no prior transaction updates. The transactions array is empty.

We have an issue where Safari on iOS is not handing off to our app after an Auth0 authentication redirect. Issue After a user completes sign-in via an Auth0-hosted login page in Safari, the callback redirect is followed as a plain HTTP navigation rather than being intercepted and handed off to the app. Callback URL format https://identity.example.com/ios/com.example.app/callback Steps to reproduce Open an Auth0 /authorize URL in Safari on iOS with a redirect_uri pointing to a Universal Link callback, log in, and observe that Safari navigates to the callback URL as a plain HTTP request rather than launching the app. What works ASWebAuthenticationSession inside the app handles the same callback correctly. Navigating directly to a Universal Link launches the app, confirming AASA and Universal Links are correctly configured on the affected devices. The issue is specific to Safari intercepting the callback URL when it arrives as the result of an Auth0 redirect. Affected devices Reproducible across multiple devices and iOS versions from iOS 18.x through iOS 26.x. Does Safari have a restriction on intercepting Universal Links that result from a cross-domain redirect? Any guidance appreciated 🙏

Hi all, Technical architecture question for those experienced with iOS background audio / microphone constraints. I’m exploring an app concept where: the user explicitly starts a temporary active session during that session, on-device wake-word / keyword detection runs locally no audio is stored or transmitted during passive monitoring monitoring stops when the user ends the session The intended UX is that the user may then lock the phone or place it away while the active session remains in progress. Question: Is there any App Store-compliant architecture that would allow local keyword / wake-word detection to continue while the device is locked or the app is backgrounded during that active session? Or would iOS lifecycle / background execution rules make this infeasible for custom wake-word detection? Interested in practical experience around: AVAudioSession background audio modes on-device speech processing App Review acceptability Thanks in advance.

Requested "DriverKit USB Transport - VendorID" for two VendorID, one in main request and one in the description of the request. Then I was approved but found out the provisioning profile only had 1 vendor id. I then sent another request ID 964Y77AHUZ to add the other vendor id but have not heard back for a week now. What is the turn-around time on these requests? Anyway to request this to be expedited? Thank you, --Michael Team ID: MZR5GHAQX4

I submitted my Family Controls entitlement request on April 21 for my iOS app and still haven't heard anything back. We have had no approval or status update. It's been close to a month now. This is blocking me from testing and moving forward with the app since it relies on the Screen Time / Family Controls APIs. Has anyone run into delays this long recently? Thanks

This is a long post, so let me start with a summary: I am attempting to implement what "ought to be" a simple SwiftData migration, and am receiving the following fatal error from the ModelContainer initializer: NSCocoaErrorDomain Code=134504 "Cannot use staged migration with an unknown model version." The crash occurs both in the Simulator and on a physical device. Both the original schema and the new schema load and run as expected if loaded from scratch — so I conclude the Models are OK; it is the migration from the original schema to the new schema which is the issue. I have reported this as FB22652791 and Technical Incident Case # 19893980. I have two model projects available — one contrived, the other using my actual SwiftData models. Now the Details I am developing a SwiftUI/SwiftData app. I am (currently) using Xcode 26.5-beta-3. I set up an alpha-test build using the following approach: public class DatabaseSchema { public let dbSchema: Schema = Schema([ Model1.self, ... , Model16.self ], version: Schema.Version(0, 9, 0)) public var modelContainer: ModelContainer { let container: ModelContainer let modelConfiguration = ModelConfiguration(schema: dbSchema, isStoredInMemoryOnly: false) do { container = try ModelContainer(for: dbSchema, migrationPlan: nil, configurations: [modelConfiguration]) } catch { fatalError("Failed to creae model conainer") } return container } This defines database version 0.9. For version 1.0, I made three changes to the database: added an attribute of type String to Model2. added three attributes of type [Struct], where Struct conforms to Codable, Equatable and Hashable to Model3, and added a new model (which I'll call Model17) I define two schemas: public enum Schema090: VersionedSchema { public static var versionIdentifier = Schema.Version(0, 9, 0) public static var models: [any PersistentModel.Type] = [ Model1.self, Schema090.Model2.self, Schema090.Model3.self, ... ] } and public enum Schema100: VersionedSchema { public static var versionIdentifier = Schema.Version(1, 0, 0) public static var models: [any PersistentModel.Type] = [ Model1.swift, Schema100.Model2.self, Schema100.Model3.self, ..., Model16.self, Schema100.Model17.self ] } For models that changed, I use the following approach: public typealias Model3 = Schema100.Model3 extension Schema090 { @Model final class Model3 { ... } public init() { ... } } extension Schema100 { @Model final class Model3 { ... <added attributes, initialized> } public init() { ... } } The DatabaseSchema class was modified as follows: public class DatabaseSchema { public let dbSchema: Schema = Schema([ Model1.self, Schema100.Model2.self, Schema100.Model3.self, ... , Model16.self, Schema100.Model17.self ], version: Schema.Version(1, 0, 0)) public var modelContainer: ModelContainer { let container: ModelContainer let modelConfiguration = ModelConfiguration(schema: dbSchema, isStoredInMemoryOnly: false) do { container = try ModelContainer(for: dbSchema, migrationPlan: MigrationPlan.self, configurations: [modelConfiguration]) } catch { fatalError("Failed to creae model conainer") } return container } where the migration plan is the trivial custom migration that makes sure that all added attributes of existing records are properly initialized. enum MigrationPlan: SchemaMigrationPlan { static var schemas: [any VersionedSchema.Type] = [ Schema090.self, Schema100.self ] static var stages: [MigrationStage] = [version090ToVersion100] static let version090ToVersion100 = MigrationStage(fromVersion: Schema090.self, toVersion: Schema100.self, willMigrate: { _ in }, didMigrate: { context in let models = try context.fetch( FetchDescriptor<Schema100.Model3>()) for model in models { < initial the added attributes > { try context.save() }) } This is all simple stuff. Nothing particularly fancy here. But running this code always crashes in the ModelContainer initializer. In my two sample projects, I get two different error messages — in the contrived example, the error message is Code=134110 "An error occurred during persistent store migration." reason=Cannot migrate store in-place: Validation error missing attribute values on mandatory destination attribute, ... and in the sample project that uses my actual data model, I get NSCocoaErrorDomain Code=134504 "Cannot use staged migration with an unknown model version." My Thoughts Since obviously most folks are doing SwiftData migrations without the problems I am experiencing, the obvious possibilities are I'm doing something stupid that I just don't see. There is a problem because the original schema was given a version value of Schema.Version(0, 9, 0). (i.e., major version number was 0) There is a problem because I am adding an attribute of type [Struct] where Struct is Codable, Hashable, and Equatable. I.e., migration isn't working properly with attributes which are stored as their codable representations. Or maybe something else? In any case, any help you can offer would be greatly appreciated.

We are an Apple Pay consumer and observed elevated response times and intermittent timeouts affecting the create‑session API (apple-pay-gateway.apple.com/paymentservices/paymentSession) between approximately 8:01 PM and 8:35 PM PST today. We are reaching out to understand whether there were any service disruptions during this timeframe, as we do not see corresponding updates on the system status pages. We would like to confirm whether this behavior was related to a broader Apple Pay issue or specific to our integration.

I am implementing device authentication for a macOS app. Our iOS app uses App Attest, but App Attest is not available on macOS, so we are evaluating StoreKit's AppTransaction plus AppStore.deviceVerificationID as the macOS equivalent signal. The issue: in a macOS app installed through TestFlight, AppStore.deviceVerificationID is available, but AppTransaction.shared throws StoreKitError code=2. I reproduced this in a focused standalone macOS test app with no backend and no custom dependencies. Environment: Platform: macOS Distribution: TestFlight App Store Connect app ID: 6769568350 Bundle ID: com.soundcity.AppTransactionProbe App version: 1.0 Build: 1 Observed output from the TestFlight-installed app: Bundle ID: com.soundcity.AppTransactionProbe App version: 1.0 Build: 1 deviceVerificationID available: true deviceVerificationID prefix: CA91ED5D... AppTransaction.shared threw error: StoreKitError; domain=StoreKit.StoreKitError; code=2 The relevant code path is essentially: import StoreKit let deviceVerificationID = try? AppStore.deviceVerificationID let appTransaction = try await AppTransaction.shared In the TestFlight-installed build: AppStore.deviceVerificationID succeeds. AppTransaction.shared throws StoreKitError code=2. Questions: Is AppTransaction.shared expected to work for macOS apps distributed through TestFlight? If yes, what does StoreKitError code=2 indicate in this context, and what setup might be missing? If no, is there an Apple-supported way to obtain an AppTransaction JWS, or equivalent signed App Store/TestFlight app-install assertion, for macOS TestFlight builds? For macOS apps that need a device-bound trust signal comparable to iOS App Attest, is AppStore.deviceVerificationID intended to be used without AppTransaction.shared, or should these APIs be used together? I have a focused Xcode test project that demonstrates the issue and can share it if helpful.

Subject: Family Controls (Distribution) — 2 pending requests for 9 days, no status update (WA2MPH4572 + HCQXH9P8VM) Tags: family-controls Body: Hello Apple Developer Forums and DTS team, I am requesting visibility on the status of two pending Family Controls (Distribution) entitlement requests submitted 10 days ago with no email confirmation or status update. REQUEST DETAILS App: SHIELD Bundle ID: app.shieldme Team ID: 4452N28RUS Request IDs (both submitted on May 6, 2026): WA2MPH4572 HCQXH9P8VM Status: Both showing "Submitted" in Identifiers → app.shieldme → Family Controls (Distribution) → View Requests USE CASE SHIELD is a Brazilian app focused on personal device usage management. The category covers the scenario the app addresses: device owners who want to apply additional access controls to their own apps in case of phone theft or loss, which are widespread concerns in Brazil. SHIELD is NOT a parental control app and does not facilitate management of devices belonging to other people. The device owner is the sole operator. The owner uses the system-provided picker to select which of their own apps should require additional access controls, configured and controlled exclusively by the owner. The use of FamilyControls + ManagedSettings is the iOS API path that allows a third-party app to offer this access-control layer on user-selected apps for the owner's own protection. Without this entitlement, the iOS version cannot offer parity with the Android version of the same product. ALIGNMENT WITH FAMILY CONTROLS USAGE TERMS Device owner is the sole operator (no third-party monitoring) Owner manages access to their own apps only Use case is personal device usage management No advertising or data broker use of device or usage data No organizational deployment Privacy disclosures complying with Brazilian LGPD law are included in-app at first launch ASK Could a DTS Engineer or the entitlements review team confirm whether the two pending requests are visible in the queue and share an approximate timeline? If additional clarification on the use case would help the review proceed, I will provide it the same day. The Android version of SHIELD is feature-complete and currently in beta testing, approaching public launch. The iOS version is designed to launch alongside Android, since the product relies on a referral mechanism where an existing user can invite a contact who may be on either platform. Releasing only one platform breaks the onboarding flow for invitees on the other. Family Controls (Distribution) is the single remaining blocker on the iOS side. If there is a recommended channel for aligning entitlement timing with a coordinated multi-platform release, please advise. Thank you for your time.

Videos recorded on older iOS versions (including beta builds) play choppily in the Photos gallery preview layer, appearing to drop frames or have incorrect frame pacing. The same video plays perfectly smoothly when opened in Edit mode, and also plays smoothly after trimming even 1 frame and saving as a new clip — suggesting the source file is intact. The issue appears to be stale or incompatible preview proxy data / frame timing metadata (likely elst/ctts box mismatches) generated by older or beta AVFoundation versions, which the current PLPlaybackView fast-path renderer cannot handle correctly — while the full AVAsset decoder used in Edit mode tolerates these gracefully. No workaround exists to bulk-rebuild video proxies on iOS without manually trimming each clip. A “Rebuild Video Previews” option (similar to the Mac Photos library repair tool) would resolve this globally. Steps to reproduce: Open any video recorded on iOS 16 beta or earlier in the Photos gallery. Observe stuttering. Open same video in Edit mode — stuttering gone. Trim 1 frame, save — new clip plays smoothly in gallery too. Expected: Gallery preview plays at the same smoothness as Edit mode. Actual: Gallery preview stutters; Edit mode is smooth. HDR off. Most Compatible format enabled. Issue persists after reboot.

I’m trying to understand which storage capacity key is the correct one to use when deciding whether my app can start downloading offline video content. I read the documentation here: https://developer.apple.com/documentation/foundation/checking-volume-storage-capacity but I still don’t fully understand the intended usage difference between: volumeAvailableCapacityKey volumeAvailableCapacityForImportantUsageKey My app allows users to download videos for offline viewing. These downloads may remain on the device for a long time (days or even months), so they are not just temporary cache files. On one hand, this seems to match the description of “storing data based on a user request”, which suggests using volumeAvailableCapacityForImportantUsageKey. On the other hand, my understanding is that this value may assume the system is willing to aggressively purge caches and reclaim space for this “important usage”. I’m worried this could lead to unexpected or unpleasant side effects for the user if my app relies on that space. What confuses me even more is that the values are significantly different on my device: iPhone Settings reports about 142 GB free volumeAvailableCapacityKey returns only ~56 GB volumeAvailableCapacityForImportantUsageKey returns ~132 GB So my question is: For an app that downloads videos for offline playback — where the user explicitly requested the download, but the content may stay on device for a long time — which value is the recommended one to use when deciding whether there is enough free space to start the download? Should offline media downloads generally be treated as “important usage” in the sense intended by this API?

Buongiorno, In azienda abbiamo molti iPhone gestiti su ABM integrati con Intune, adesso il passaggio su nuovi dispositivi con ripristino dei dati non è possibile avvicinandoli perché la funzione “inizia subito“ non appare. Qualcuno conosce un sistema rapido per la migrazione dei dati da un iPhone a un altro che non sia il Finder? Grazie per l’aiuto

Hi, I’m experiencing an issue with StoreKit 2 in my iOS app where Product.products(for:) always returns an empty array on a real iPhone device. iOS: 26 Device: iPhone 16 pro Max Xcode: 26.5 StoreKit: StoreKit 2

Hi, I'm experiencing an issue with StoreKit 2 in my iOS app where Product.products(for:) always returns an empty array on a real iPhone device. 📱 Environment iOS: 26 Device: iPhone 16 pro max Xcode: 26.5 StoreKit: StoreKit 2

I have been building an app where I have the user select what apps they would like to track and then I display a device activity report of only those apps. The device activity report shows data perfectly for the selected apps if the users apple account is "Adult". If the users apple account is "Parent/Guardian" or "Organizer" randomly the device activity report will show 0 minutes (no screen time data). Among randomly happening I have found a trigger for the bug to be opening any FamilyActivityPicker (even not the one used for filtering the device activity report extension) then going back to the device activity report extension on the profile page anywhere from 3-50 times. Once the bug happens repeating that process 1-2 times fixes it or removing screen time restrictions permission then adding it back.

We as a PSP register merchantIdentifiers when registering merchants to ApplePay. We then use these identifiers in a multiTokenContexts during ApplePay session creation / validation / payment. "multiTokenContexts": [ { "merchantIdentifier": "ABC-MID-1", "externalIdentifier": "MAIN_PURCHASE", "merchantName": "Main", "amount": "2.50" }, { "merchantIdentifier": "ABC-MID-1", "externalIdentifier": "CONVENIENCE_FEE", "merchantName": "Fee Processing", "merchantDomain": "m2.example.com", "amount": "2.50" } ] in response we get "authenticationResponses": [ { "merchantIdentifier": "0aff534d6d46fd653f60e6161c53101ee8d9cbc20b1bc40533c929d0a6aae6bc", "authenticationData": "AAAIAKnglVRsCyOvcgI*=", "transactionAmount": "250" }, { "merchantIdentifier": "bfc9a63b4ebab8cde90234731cb18a544c306b0af747d93d773fedb603f0945e", "authenticationData": "AAAIANBEqODkDcrDTgI*=", "transactionAmount": "250" } ] We need to know how to match the entries in the request array to the response array. Is the order guarantied? We did not find any documentation on how the response hash for the identifier is computed.

My app was rejected based on in app purchase requirement. it is an SaaS with nothing to sell on my part and no subscription payment for the parents who use the app. Some users of my app have the option of collecting cash for their services or set payment plans for parents to pay vial stripe link. Why is apple asking me to set up in-app-purchase.

ES_EVENT_TYPE_AUTH_SIGNAL DENY causes Dock icon to disappear and LaunchServices to lose track of the process Platform: macOS 11.0 (Big Sur) – macOS 15 (Sequoia) Xcode: 16.4 (16F6) Language: Swift, EndpointSecurity framework Testing OS: macOS 15.5 (primary), reproduced on macOS 11.0+ [1]Description I'm developing a System Extension using the EndpointSecurity framework for a security product. My extension subscribes to ES_EVENT_TYPE_AUTH_SIGNAL to block unauthorized signals sent to protected GUI applications (self-protection feature). When I respond with ES_AUTH_RESULT_DENY to an AUTH_SIGNAL event targeting a GUI application, the system enters an inconsistent state: The Dock icon disappears — loginwindow removes the app's UI via its applicationQuit event, even though the process is still running LaunchServices loses track of the application's PID — it can no longer determine the PID from the LSASN Activity Monitor's subsequent Force Quit attempts fail silently — no kill() syscall is issued because LaunchServices cannot resolve the PID The issue only resolves after: Restarting Activity Monitor (clears its internal cache), or Relaunching the protected application (re-registers with LaunchServices) Expected: Signal is denied, the process keeps running, Dock icon remains visible, and Activity Monitor can still force-quit the process normally. Actual: Dock icon disappears after the first blocked signal. Subsequent Force Quit attempts do nothing — no kill() syscall is issued. The process remains alive but is invisible to the system. [2]Minimal Reproducible Code Requires System Extension entitlement: com.apple.developer.endpoint-security.client entitlements.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> </dict> </plist> SignalBlockingDemo.swift import EndpointSecurity import Foundation var client: OpaquePointer? es_new_client(&client) { _, message in guard message.pointee.event_type == ES_EVENT_TYPE_AUTH_SIGNAL else { return } let sig = message.pointee.event.signal.sig let target = message.pointee.event.signal.target.pointee let targetPid = audit_token_to_pid(target.audit_token) // es_string_token_t does not guarantee null-termination — read via buffer let esToken = target.executable.pointee.path let targetPath: String let count = Int(esToken.length) if count > 0, let rawPtr = esToken.data { let buf = UnsafeBufferPointer( start: UnsafeRawPointer(rawPtr).assumingMemoryBound(to: UInt8.self), count: count) targetPath = String(decoding: buf, as: UTF8.self) } else { targetPath = "" } // Protect a specific GUI app — replace with your target path let protectedPath = "/Applications/Numbers.app/Contents/MacOS/Numbers" guard targetPath == protectedPath else { es_respond_auth_result(client!, message, ES_AUTH_RESULT_ALLOW, false) return } print("[ES] Blocking signal \(sig) -> pid \(targetPid) (\(targetPath))") // After this DENY: Dock icon disappears, LaunchServices loses the PID es_respond_auth_result(client!, message, ES_AUTH_RESULT_DENY, false) } let events: [es_event_type_t] = [ES_EVENT_TYPE_AUTH_SIGNAL] es_subscribe(client!, events, UInt32(events.count)) print("Signal blocking active. Press Enter to stop.") _ = readLine() es_unsubscribe_all(client!) es_delete_client(client!) Build & run: swiftc -o SignalBlockingDemo SignalBlockingDemo.swift codesign --force --sign - --entitlements entitlements.plist SignalBlockingDemo sudo ./SignalBlockingDemo [3]Steps to Reproduce Build and run SignalBlockingDemo as above (targets Numbers.app) Launch Numbers.app — note its PID Open Activity Monitor In Activity Monitor, select Numbers → click Force Quit (⊗) Observe: ES extension logs "Blocking signal 15" — signal is denied Bug: Numbers.app Dock icon disappears, even though the process is alive Press Enter in the demo terminal to stop signal blocking In Activity Monitor, click Force Quit again on the Numbers process Bug: No error shown in Activity Monitor UI, but the process is NOT terminated In Console.app (filter: LaunchServices), observe: "Unable to determine pid of LSASN:{hi=0x1;lo=0x...}" Confirm: No kill() syscall is issued — verify with DTrace script below DTrace verification (trace_kill.d): syscall::kill:entry /execname == "Activity Monitor"/ { printf("%Y: Activity Monitor calling kill(%d, %d)\n", walltimestamp, arg0, arg1); } sudo dtrace -s trace_kill.d During the broken Force Quit: no output (no kill() issued). After restarting Activity Monitor and retrying: kill() appears and process terminates. [4 What We've Tried Allowing ALL signals → Dock icon never disappears, behavior is normal Subscribing to AUTH_SIGNAL but always returning ALLOW → no issue Denying signals only on headless daemon processes → no issue observed Always allowing signals from launchd (PID 1) → does not prevent the Dock issue Always allowing SIGCHLD, SIGWINCH, SIGCONT → does not prevent the Dock issue Hypothesis: loginwindow observes the AUTH_SIGNAL event (or a related notification) and proactively removes the Dock UI entry when a termination signal targets a GUI app — regardless of whether the signal was ultimately denied. This seems like a coordination gap between EndpointSecurity's signal interception and loginwindow/LaunchServices' app lifecycle management. [5] Specific Questions Is it expected that loginwindow removes the Dock UI entry for a GUI app when AUTH_SIGNAL is received, even if the signal is ultimately denied (ES_AUTH_RESULT_DENY)? Is there a known coordination mechanism between EndpointSecurity's AUTH_SIGNAL and loginwindow / LaunchServices that we should be aware of when implementing self-protection for GUI apps? Is there a recommended pattern or API for protecting a GUI app from termination signals via AUTH_SIGNAL without disrupting its Dock presence and LaunchServices registration? Should we notify loginwindow or LaunchServices to re-register the application after denying a signal, and if so, how? [6] Additional Context The issue reproduces on macOS 11.0 through macOS 15.5 Tested with Numbers.app and other GUI applications — all reproduce the same behavior The issue is NOT reproducible when the protected process is a headless daemon (no Dock presence) launchd (PID 1) senders are always allowed in our policy SIGCHLD, SIGWINCH, SIGCONT are excluded from our deny list DTS Case ID: 19226051 Feedback ID :FB22338746

Hello, I am trying to enroll in the Apple Developer Program (Individual). Timeline: 3 days ago: paid €99 (money taken from my bank account) 3 days ago: uploaded my valid international passport (as requested) Apple confirmed receipt of my passport document Current status: My enrollment still shows as "pending" or incomplete I have received no email confirmation, no status update, no questions from Apple What I have done: I contacted Apple Developer Support and received Case ID: 20000116325435 Since then — complete silence for 3 days My situation: My app is fully built and ready for the App Store Every day of delay pushes back my launch I am using a Russian international passport (valid, not expired) My questions to the community: Is anyone else experiencing the same silence after payment and document upload? How long did you wait for activation? Does a Russian passport cause additional delays (even though it's a valid international document)? What finally worked for you — calling support, posting here, or just waiting? I understand Apple is busy, but 3 days of zero communication after taking my money feels wrong. Thank you for any advice. Daria