Team-scoped keys introduce the ability to restrict your token authentication keys to either development or production environments. Topic-specific keys in addition to environment isolation allow you to associate each key with a specific Bundle ID streamlining key management. For detailed instructions on accessing these features, read our updated documentation on establishing a token-based connection to APNs.

We're developing a Mac App Store application that embeds the V8 JavaScript engine (via Electron). The application has shipped successfully on macOS 15.x with the following entitlements: com.apple.security.app-sandbox = true com.apple.security.cs.allow-jit = true com.apple.security.cs.allow-unsigned-executable-memory = true com.apple.security.cs.disable-library-validation = true On macOS 26 Tahoe, the exact same signed binary crashes deterministically within ~1.5 seconds on Apple Silicon with EXC_BREAKPOINT (SIGTRAP), ESR 0xf2000000. The crash is in V8's background JIT compilation thread when it attempts to manage memory page protections (transitioning pages between Read-Write and Read-Execute states via mprotect). The crash does not occur in these configurations: macOS 26 + App Sandbox + Intel x86_64 — works macOS 26 + Hardened Runtime (no sandbox) + ARM64 — works macOS 15.x + App Sandbox + ARM64 — works This appears to be a regression in how the XNU kernel handles mprotect calls for sandboxed processes on ARM64 under macOS 26, specifically in the context of the allow-jit entitlement. Has the behavior of allow-jit changed in macOS 26 with respect to runtime code generation memory management on ARM64? Is there a new API or entitlement that V8-style JIT engines should use instead of mprotect-based RW↔RX page transitions?

My MacBook Air M2 is connected to an external monitor. App windows keep switching screens every time I turn the screen off and then on again, which started happening after the new developer beta update. How can I fix this? Or is this a big I have to wait for to be fixed until the next update?

Hey I wanted to ask how long is the waitinguntil the request will be approved. Im waiting 12 hours already and I seems like smth is wrong thank u

noticed something here, dont underasand why. but here in Retrieve the registrations for a device in Apple Developer Documentation in Retrieve the registrations for a device. There is no Authorization in the header to include, however, other endpoints support that? Is this header will be sent from Walle? meaning that it has been missed in the documentation ? https://developer.apple.com/documentation/walletorders/retrieve-the-registrations-for-a-device

hi so i own a iphone 14 pro max and my battery life on it has been horrible since ios 26.4 and i want to install the public beta to see if it will fix it, however with my previous experiences from apple phones (iphone 4s) sometimes something can go horribly wrong and the baseband chip fries itself to the point where you cant get past recovery mode and get a restore error, im scared that this can happen to my iphone 14 pro max when installing ios beta. can that happen or am i just overthinking?

Hello team, We are using below example https://github.com/apple/pir-service-example as a starting point to setup PIR server for our backend, but I am not really understanding what else we need in this example to configure OHTTP gateway. Any help will be appreciated.

How do I make a basic request with URLSession? See https://stackoverflow.com/questions/30573898 for reference. Also https://developer.apple.com/documentation/ has details.

URLSession question

After a user successfully completes a purchase and later requests a refund, how long does it typically take for the refund to be processed and take effect? How does Apple notify developers when a refund has been issued for an in-app purchase? Are there specific mechanisms or recommended approaches to reliably receive such notifications? In cases where users may abuse the refund system (e.g., frequent or malicious refund requests), is there any way for developers to prevent or intervene in the refund process?

Starting March 24, the API is incorrectly returning 302 Moved Temporarily" redirecting the API to Location: https://developer.apple.com/weatherkit/ This is incorrect, it should be giving an API JSON response as specified by: https://developer.apple.com/documentation/weatherkitrestapi/get-api-v1-weather-language-latitude-longitude Is this happening for anyone else? Here's reproduction steps curl -vvv -H "Authorization: Bearer YOUR_OWN_TOKEN_HERE" "https://weatherkit.apple.com/api/v1/weather/en/43.741667/-79.373333?dataSets=currentWeather&timezone=UTC&units=si" Here's what the output is: * Host weatherkit.apple.com:443 was resolved. * IPv6: (none) * IPv4: 23.58.127.73, 23.58.127.72, 23.58.127.75, 23.58.127.81, 23.58.127.80, 23.58.127.74, 23.58.127.83, 23.58.127.120, 23.58.127.82 * Trying 23.58.127.73:443... * Connected to weatherkit.apple.com (23.58.127.73) port 443 * ALPN: curl offers h2,http/1.1 * (304) (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/cert.pem * CApath: none * (304) (IN), TLS handshake, Server hello (2): * (304) (IN), TLS handshake, Unknown (8): * (304) (IN), TLS handshake, Certificate (11): * (304) (IN), TLS handshake, CERT verify (15): * (304) (IN), TLS handshake, Finished (20): * (304) (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF * ALPN: server accepted http/1.1 * Server certificate: * subject: C=US; ST=California; O=Apple Inc.; CN=weather-data.apple.com * start date: Feb 13 19:20:40 2026 GMT * expire date: Aug 19 17:49:59 2026 GMT * subjectAltName: host "weatherkit.apple.com" matched cert's "weatherkit.apple.com" * issuer: C=US; O=Apple Inc.; CN=Apple Public Server ECC CA 1 - G1 * SSL certificate verify ok. * using HTTP/1.x > GET /api/v1/weather/en/43.741667/-79.373333?dataSets=currentWeather&timezone=UTC&units=si HTTP/1.1 > Host: weatherkit.apple.com > User-Agent: curl/8.7.1 > Accept: */* > Authorization: Bearer ***SNIP*** > * Request completely sent off < HTTP/1.1 302 Moved Temporarily < Server: Apple < Content-Length: 0 < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=31536000; includeSubdomains < X-XSS-Protection: 1; mode=block < Access-Control-Allow-Origin: * < X-Content-Type-Options: nosniff < Content-Security-Policy: default-src 'self'; < X-REQUEST-ID: 2f605f12-8331-92fc-c7c1-acfb332b50b6 < X-Apple-Origin: 010decd0-02a4-34fc-8414-ac2bcd4692b9 < Cache-Control: must-revalidate,no-cache,no-store < Location: https://developer.apple.com/weatherkit/ < Date: Wed, 25 Mar 2026 18:55:51 GMT < X-Cache: TCP_MISS from a23-58-127-87.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-cf5672731e69c345796af56199edfb50) (-) < Connection: keep-alive < * Connection #0 to host weatherkit.apple.com left intact

iPhone16PM Clean DFU, no restore, no tweaks. Started on iOS 26.4.3 and still happening on iOS 26.4. Triggers: ∙ Editing Home Screen widgets ∙ Heavy media in Safari ∙ ProMotion UI transitions Panic log — 0x8badf00d watchdog timeout: userspace watchdog timeout: no successful checkins from SpringBoard in 180 seconds. service: backboardd Drivers: com.apple.driver.AppleAVD + com.apple.iokit.IOSurface Is there a solution for this? Thank you.

HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct. I double checked every thing but still getting same error

Hello, We have a security solution which intercepts network traffic for inspection using a combination of Transparent Proxy Provider and Content filter. Lately we are seeing reports from the market that on M5 Macbooks and A18 Neos the system will kernel panic using our solution, even though it never happens on M1-M4 and no significant code changes were made in the mean time. All crashes seem to be related to an internal double free in the kernel: panic(cpu 0 caller 0xfffffe003bb68224): skmem_slab_free_locked: attempt to free invalid or already-freed obj 0xf2fffe29e15f2400 on skm 0xf6fffe2518aaa200 @skmem_slab.c:646 Debugger message: panic Memory ID: 0xff OS release type: User OS version: 25D2128 Kernel version: Darwin Kernel Version 25.3.0: Wed Jan 28 20:54:38 PST 2026; root:xnu-12377.91.3~2/RELEASE_ARM64_T6050 Additionally, from further log inspection, before panics we find some weird kernel messages which seem to be related to some DMA operations gone wrong in the network driver on some machines: 2026-03-30 14:11:21.779124+0300 0x30f2 Default 0x0 873 0 Arc: (Network) [com.apple.network:connection] [C9.1.1.1 IPv4#e5b4bb04:443 in_progress socket-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, ipv6, dns, uses wifi, flow divert agg: 1, LQM: good)] event: flow:start_connect @0.075s 2026-03-30 14:11:21.780015+0300 0x1894 Default 0x0 0 0 kernel: (402262746): No more valid control units, disabling flow divert 2026-03-30 14:11:21.780017+0300 0x1894 Default 0x0 0 0 kernel: (402262746): Skipped all flow divert services, disabling flow divert 2026-03-30 14:11:21.780102+0300 0x1894 Default 0x0 0 0 kernel: SK[2]: flow_entry_alloc fe "0 proc kernel_task(0)Arc nx_port 1 flow_uuid D46E230E-B826-4E0A-8C59-4C4C8BF6AA60 flags 0x14120<CONNECTED,QOS_MARKING,EXT_PORT,EXT_FLOWID> ipver=4,src=<IPv4-redacted>.49703,dst=<IPv4-redacted>.443,proto=0x06 mask=0x0000003f,hash=0x04e0a750 tp_proto=0x06" 2026-03-30 14:11:21.780194+0300 0x1894 Default 0x0 0 0 kernel: tcp connect outgoing: [<IPv4-redacted>:49703<-><IPv4-redacted>:443] interface: en0 (skipped: 0) so_gencnt: 14634 t_state: SYN_SENT process: Arc:873 SYN in/out: 0/1 bytes in/out: 0/0 pkts in/out: 0/0 rtt: 0.0 ms rttvar: 250.0 ms base_rtt: 0 ms error: 0 so_error: 0 svc/tc: 0 flow: 0x9878386f 2026-03-30 14:11:21.934431+0300 0xed Default 0x0 0 0 kernel: Hit error condition (not panicking as we're in error handler): t8110dart <private> (dart-apcie0): invalid SID 2 TTBR access: level 1 table_index 0 page_offset 0x2 2026-03-30 14:11:21.934432+0300 0xed Default 0x0 0 0 kernel: [ 73.511690]: arm_cpu_init(): cpu 6 online 2026-03-30 14:11:21.934441+0300 0xed Default 0x0 0 0 kernel: [ 73.511696]: arm_cpu_init(): cpu 9 online 2026-03-30 14:11:21.934441+0300 0xed Default 0x0 0 0 kernel: [ 73.569033]: arm_cpu_init(): cpu 6 online 2026-03-30 14:11:21.934441+0300 0xed Default 0x0 0 0 kernel: [ 73.569038]: arm_cpu_init(): cpu 9 online 2026-03-30 14:11:21.934442+0300 0xed Default 0x0 0 0 kernel: [ 73.577453]: arm_cpu_init(): cpu 7 online 2026-03-30 14:11:21.934442+0300 0xed Default 0x0 0 0 kernel: [ 73.586328]: arm_cpu_init(): cpu 5 online 2026-03-30 14:11:21.934442+0300 0xed Default 0x0 0 0 kernel: [ 73.586332]: arm_cpu_init(): cpu 8 online 2026-03-30 14:11:21.934442+0300 0xed Default 0x0 0 0 kernel: [ 73.621392]: (dart-apcie0) AppleT8110DART::_fatalException: dart-apcie0 (<ptr>): DART DART SID exception ERROR_SID_SUMMARY 0x00003000 ERROR_ADDRESS 0x0000000000009800 2026-03-30 14:11:21.934443+0300 0xed Default 0x0 0 0 kernel: [ 73.621397]: Hit error condition (not panicking as we're in error handler): 2026-03-30 14:11:21.934443+0300 0xed Default 0x0 0 0 kernel: t8110dart <ptr> (dart-apcie0): invalid SID 2 TTBR access: level 1 table_index 0 page_offset 0x2Expect a `deadbeef` in the error messages below 2026-03-30 14:11:21.934452+0300 0xed Default 0x0 0 0 kernel: Expect a `deadbeef` in the error messages below 2026-03-30 14:11:21.934456+0300 0xed Default 0x0 0 0 kernel: (AppleEmbeddedPCIE) apcie[0:centauri-control]::_dartErrorHandler() InvalidPTE caused by read from address 0x9800 by SID 2 (RID 2:0:1/useCount 1/device <private>) 2026-03-30 14:11:21.934469+0300 0xed Default 0x0 0 0 kernel: (AppleT8110DART) Ignored dart-apcie0 (0xfbfffe18820b0000): DART(DART) error: SID 2 PTE invalid exception on read of DVA 0x9800 (SEG 0 PTE 0x2) ERROR_SID_SUMMARY 0x00003000 TIME 0x11242d43fd TTE 0xffffffffffffffff AXI_ID 0 We do not have any correlation between machines, usage pattern or installed applications. Uninstalling the network protection features seem to largely fix the issues, even though we have heard of crashes happening even in safe mode or with our network extension disabled from system settings. We weren't able to reproduce internally and it seems to happen completely random on client machines, but often enough to be disrupting. Can you tell us please if this is a known problem and if there's a workaround or what can we do to narrow it down? Thanks.

I cannot find anywhere in the documentation how to invalidate an FSItem. It seems to be cached indefinitely or am I missing something?

I've been stuck on Guideline 2.3 for two weeks now and I'm running out of ideas. My app is iPhone-only (UIDeviceFamily = [1]) and has been on the App Store since January. Version 2.1.9 passed review fine. The only change in 2.1.10 is adding two DeviceActivity extensions — a DeviceActivityMonitor and a DeviceActivityReport — for screen time-based stress detection. Every build since then gets rejected with the same message: "The UIRequiredDeviceCapabilities key in the Info.plist is set up in such a way that the app will not install on the device used in review." Review devices: iPhone 14 Pro, iPhone 17 Pro Max, iPad Air M3. Here's what I've tried across 13+ submissions: UIRequiredDeviceCapabilities as ["arm64"] (array) — rejected Empty array [] — rejected Removed the key entirely — upload validation fails, Xcode re-injects arm64 anyway Post-build script to force ["arm64"] — rejected Dictionary format {"arm64": true} — rejected Added com.apple.developer.family-controls to extension entitlements — rejected Enabled Family Controls (Distribution) on extension bundle IDs — rejected Fixed CFBundleVersion mismatch between host app and extensions — rejected Set TARGETED_DEVICE_FAMILY=1 on all targets including extensions — rejected Tried GENERATE_INFOPLIST_FILE=YES with minimal plists — rejected Tried ExtensionKit type for the report extension — rejected In the exported IPA, every target has UIRequiredDeviceCapabilities = ["arm64"] and UIDeviceFamily = [1]. The entitlements, provisioning profiles, and code signing all look correct. arm64 is supported on every review device they listed. The previous version (2.1.9) without DeviceActivity extensions passes review with the exact same UIRequiredDeviceCapabilities and signing configuration. Has anyone shipped an app with DeviceActivityMonitor + DeviceActivityReport extensions successfully? Is there something specific about these extension types that affects device capability validation? Or is there a known issue with the review system and FamilyControls extensions? I've replied to the review team multiple times asking which specific capability is causing the failure, but the response is always the same generic template. Any guidance would be really appreciated — I'm completely blocked on shipping this update.

Hello, I am currently developing a headless macOS daemon (HarmonBridge) that requires extremely low-latency, high-bandwidth UDP video streaming between a Mac and a Linux host over a dedicated 2.5GbE/5GbE local network link. We are utilizing widely available Realtek RTL8156 / RTL8156B based USB 2.5G network adapters. Under macOS, these adapters default to the generic com.apple.DriverKit.AppleUserECM driver. The hardware itself natively supports Jumbo Frames (MTU 9000), but the DriverKit implementation artificially restricts the MTU cap to 1500 bytes. Because we are forced through MTU 1500, we are incurring significant performance penalties: Excessive IP fragmentation for our large UDP video payloads. Unnecessary CPU overhead due to increased hardware interrupts and header processing at 2.5Gbps speeds. For a latency-critical application like ours, reducing CPU interrupts and utilizing true hardware-level Jumbo Frames is essential. My Questions: Is there an undocumented boot-arg or network sysctl parameter that permits overriding the AppleUserECM 1500 MTU hard-limit for 2.5G USB adapters on Apple Silicon? Are there any roadmap plans from the DriverKit/Networking team to re-enable standard Jumbo Frame negotiation for RTL8156 hardware using the generic ECM driver? If the answer to both is no, does Apple grant NetworkingDriverKit Entitlements to independent developers specifically for the purpose of writing custom hardware overrides to patch missing MTU features in the default ECM stack? Because AppleUserECM effectively acts as a gatekeeper to the underlying MAC/PHY capabilities of these modern USB NICs, any guidance on achieving wire-native MTU 9000 under the current DriverKit paradigm would be hugely appreciated. Thank you!

Hello, I released a new build for my app but it fails to run on iOS 12.5.8 (tested on iPad Air, iPhone 6, iPhone 5s). The launch storybard is shown, then the app stops abruptly. There is no crash log. It runs fine on iOS 13 or higher. Xcode 26.3 was showing a call stack (something with UIView) that did not include any app code. Now with Xcode 26.4 (and its new command line tools) there is an info popup with a debug metadata dump. However, I don’t intend to focus on Xcode here because it officially does not support iOS 12. It’s ok if I cannot debug, I just want the app to run on the device like the previous build did. Since there is no crash log, and the console is showing a bootstrap error, I believe my app code has not been executed and is therefore not at fault. Build 674 released on 23-Mar-2026: worked fine on iOS 12, built with Xcode 26.3 Build 675 released on 29-Mar-2026: Bootstrap error as described, with both Xcode 26.3 and 26.4 Deployment target = 12.4 Tried Instruments but it fails as soon as I hit record. In the console I found BKSProcessErrorDomain code 1. Here on the forum I found a post where the cause was no internet access but my device does have internet access. I made only very little code changes to my app between 674 and 675, no storyboard updates. I get the impression the loader does not even begin to execute my code. At this point I wonder if: some certificate has expired (see release dates above), or if something is incompatible in my main storyboard (though I did not change anything there), or the device ran out of memory (1 GB) Note: The app has 4 targets: main app target framework AU app extension intents app extension Thanks, Sven PS: Misclicked subtopic which should have been General (sorry). Here’s the redacted console excerpt: standard 22:21:13.187990+0200 SpringBoard Evaluate: making new window key: <SBMainSwitcherWindow: 0x159e5f640>, for reason: push standard 22:21:13.188303+0200 SpringBoard Removed: <FBUIApplicationSceneDeactivationAssertion: 0x283c9dfe0; reason: systemAnimation; all scene levels; hasPredicate: NO> standard 22:21:13.198299+0200 assertiond Submitting new job for "com.example.app" on behalf of <BKProcess: 0x141d15d50; SpringBoard; com.apple.springboard; pid: 48; agency: SystemShell; visibility: foreground; task: running> standard 22:21:13.198867+0200 SpringBoard Bootstrapping com.example.app with intent foreground-interactive standard 22:21:13.201136+0200 assertiond Submitted job with label: UIKitApplication:com.example.app[0x1d9f][58] standard 22:21:13.201244+0200 SpringBoard Icon touch canceled (tap gesture may still succeed): <private> fehler 22:21:13.201329+0200 SpringBoard [com.example.app] Bootstrap failed with error: <NSError: 0x283e4cd80; domain: BKSProcessErrorDomain; code: 1 (bootstrap-failed); reason: "Failed to start job"> fehler 22:21:13.201421+0200 SpringBoard Bootstrapping failed for <FBApplicationProcess: 0x15d13b3e0; com.example.app; pid: -1> with error: Error Domain=BKSProcessErrorDomain Code=1 "Unable to bootstrap process with bundleID com.example.app" UserInfo={NSLocalizedDescription=Unable to bootstrap process with bundleID com.example.app, BKSProcessExitReason=0, NSLocalizedFailureReason=Failed to start job, NSUnderlyingError=0x283e4c5d0 {Error Domain=NSPOSIXErrorDomain Code=3 "No such process" UserInfo={BKLaunchdOperation=launch_get_running_pid_4SB, NSLocalizedDescription=Unable to get pid for label UIKitApplication:com.example.app[0x1d9f][58], BKLaunchdJobLabel=UIKitApplication:com.example.app[0x1d9f][58], NSLocalizedFailureReason=No such process}}, BKSProcessJobLabel=UIKitApplication:com.example.app[0x1d9f][58], BSErrorCodeDescription=bootstrap-failed} standard 22:21:13.201507+0200 SpringBoard Adding: <FBApplicationProcess: 0x15d13b3e0; com.example.app; pid: -1> standard 22:21:13.201606+0200 SpringBoard <FBApplicationProcess: 0x15d13b3e0; com.example.app; pid: -1> exited. standard 22:21:13.202002+0200 assertiond Unable to get pid for 'UIKitApplication:com.example.app[0x1d9f][58]': No such process (3) fehler 22:21:13.202145+0200 assertiond Failed to start job with error <NSError: 0x141e1aba0; domain: NSPOSIXErrorDomain; code: 3; reason: "No such process"> { description = "Unable to get pid for label UIKitApplication:com.example.app[0x1d9f][58]"; failureReason = "No such process"; userInfo = { BKLaunchdJobLabel = UIKitApplication:com.example.app[0x1d9f][58]; BKLaunchdOperation = launch_get_running_pid_4SB; } } standard 22:21:13.202238+0200 assertiond Deleted job with label: UIKitApplication:com.example.app[0x1d9f][58] standard 22:21:13.202804+0200 SpringBoard Removing: <FBApplicationProcess: 0x15d13b3e0; com.example.app; pid: -1> standard 22:21:13.221231+0200 SpringBoard Application process state changed for com.example.app: <SBApplicationProcessState: 0x28336f0a0; pid: -1; taskState: Not Running; visibility: Unknown> standard 22:21:13.221566+0200 SpringBoard Process exited: <FBApplicationProcess: 0x15d13b3e0; com.example.app; pid: -1> -> <FBApplicationProcessExitContext: 0x283e37b10; exitReason: (none); terminationReason: (none)> { stateAtExit = <FBProcessState: 0x28337c760; pid: -1; taskState: Unknown; visibility: Unknown>; }

I am trying to find out about the availability of BLE scanning for advertisements when a watchOS app (on watchOS 26.4 with CoreBluetooth) which starts running a HKWorkoutSession becomes dimmed, ie. due to the user lowering their arm. From my understanding there is still availability for ongoing scanning whilst in the dimmed mode. If this is correct, what settings are required (e.g. using background capability for 'Workout Processing', 'bluetooth-central', etc), and does scanning whilst in background mode limit to requiring service uuids in scanForPeripherals? Also if scanning is throttled, is there an 'estimated' inter scan time? Thanks

Hi all, I’m trying to determine whether the loudness gap I’m seeing between AlarmKit alert playback and normal app-managed playback is expected behavior, a sound-asset issue, or something that should be reported as a bug. Observed behavior When an alarm fires through AlarmKit while the device is locked, the alarm sound is significantly quieter than playback of the same or very similar audio once the app is active and using its own audio session. The difference is large enough that it does not feel like a small mastering difference. It feels like the AlarmKit / system alerting path is using a meaningfully lower effective output level than normal app playback. Test scenario My repro is roughly: Schedule an alarm with AlarmKit. Lock the device. Let the alarm fire and listen during the system alerting phase. Enter the app / continue into the app-driven alarm experience. Play the same or equivalent alarm asset via app-managed playback. Result: AlarmKit / lock-screen alerting phase sounds much quieter. In-app playback sounds noticeably louder and fuller on the same device. Current implementation Alarm flow is currently split into two paths: 1) System alarm path Alarm scheduling and alert surfacing via AlarmKit Device may be locked No attempt to manipulate system volume No private APIs 2) In-app playback path After app activation, playback uses: AVAudioSession category .playback AVAudioPlayer Audio is routed as normal app playback This path sounds substantially louder than the AlarmKit path Important detail I am not asking how to override system volume. I understand that AlarmKit appears to follow the system ringer / alert volume model and does not expose a public API for custom alarm loudness. My question is narrower: Is it expected that the same asset or an equivalent asset will sound materially quieter during the AlarmKit alerting phase than during ordinary app playback with AVAudioSession(category: .playback)? Questions Is the lower perceived loudness during AlarmKit alerting an expected property of the framework / system alarm path? Does AlarmKit playback use a different output path, gain policy, processing chain, or speaker treatment than normal app playback with .playback? Are there recommended authoring constraints for AlarmKit alarm sounds to maximize perceived loudness on iPhone speakers? transient-heavy mix stronger mids reduced low-end different LUFS / peak strategy shorter attack, etc. Has anyone measured this directly with: the same WAV / CAF file same device same system volume locked AlarmKit playback vs unlocked in-app playback If this is not expected, would Apple want this reported as a bug with: sample project exact iOS version device model screen recording / audio recording What I’m trying to figure out For alarm-app UX, this matters a lot because: AlarmKit is the most reliable lock-screen/system path. But if AlarmKit playback is substantially quieter than normal app playback, the alarm experience is inconsistent depending on device/app state. That makes it hard to know whether to treat this as: expected system behavior, a framework limitation, an asset/mastering problem, or a bug. If anyone has tested this in a controlled way or received guidance from Apple/DTS, I’d appreciate any technical detail. Thanks.

I have the following code that is attempting to set up Hotspot 2.0 using an EAP-TLS configuration. I am importing a pk12 file and using those certificates. I have tried all manner of permutations for the configuration, and have narrowed down all the errors I was getting and now I am just getting a generic: Error: invalid EAP settings. I have tried adding the identity separately and either get an entitlements issue which I can't figure out why since I have added the required network extension sharing groups, or a duplicate item error, meaning it was already correctly added. The certificate and configuration are correctly working through an Android app already. static let accessGroup: String? = { guard let prefix = Bundle.main.object(forInfoDictionaryKey: "AppIdentifierPrefix") as? String else { print("Could not load group") return nil } return "\(prefix)com.apple.networkextensionsharing" }() static func setupHotspot(data: CertificateData) { let h20 = NEHotspotHS20Settings(domainName: data.realm, roamingEnabled: false) h20.naiRealmNames = [data.realm] var result: CFArray? let options: [CFString: Any] = [ kSecImportExportPassphrase: "**********", kSecAttrLabel: "ident:\(data.user)", kSecAttrAccessGroup: accessGroup!, kSecReturnPersistentRef: true ] let status = SecPKCS12Import(data.p12 as CFData, options as CFDictionary, &result) guard status == errSecSuccess, let importResult = result as? [[String: Any]], let resultDict = importResult.first else { print("P12 Import failed: \(status)") return } let identity = resultDict[kSecImportItemIdentity as String] as! SecIdentity let eap = NEHotspotEAPSettings() eap.supportedEAPTypes = [NEHotspotEAPSettings.EAPType.EAPTLS.rawValue as NSNumber] eap.isTLSClientCertificateRequired = true eap.trustedServerNames = [ data.realm ] eap.outerIdentity = "anonymous" guard eap.setIdentity( identity ) else { print("setIdentity failed") return } let configuration = NEHotspotConfiguration(hs20Settings: h20, eapSettings: eap) NEHotspotConfigurationManager.shared.apply(configuration) { error in if let error = error { print("Error: \(error.localizedDescription)") } else { print("Success") } } }