Is it mandatory to get explicit user consent in iOS apps to collect their product usage data anonymously with something like mixpanel.
Note: this is not for advertising purposes, but only to make the product better based on usage patterns.
Explore the intersection of business and app development. Discuss topics like device management, education, and resources for aspiring app developers.
Post
Replies
Boosts
Views
Activity
Hello,
Is it acceptable to have subscriptions that are available for limited times on the app, for example I would like only 100 new paid subscription purchases on the App every month.
When the 100 quota is finished, users might see something like "Check back next month".
This is to control growth and marketing purposes.
Can someone help me, every time I insert a new attribute in the Table, the Query stops working, the bank keeps giving these messages, thank you
We have several apps that our business uses to connect to internal private HTTP sites. We noticed in IOS 18.3 we are getting SSL errors to the web server and noticed the issue in the Chrome Browser as well. Our team is looking at the Application Transport Security layer exceptions in our apps Info.Plist. We do notice the browser forcing HTTPS. Any insight on what could be the issue?
Main Issue
We are experiencing an issue where iOS devices become unresponsive when attempting to shutdown or reboot from the lock screen while locked into Single App Mode via MDM or Apple Configurator.
Steps to Reproduce:
Start any iOS device.
Use Apple Configurator or an MDM solution to enable Single App Mode.
Wait for the device to lock into the specified app.
Lock the device so that it goes to the lock screen.
Hold the Power button and Volume Up button until the shutdown/emergency screen appears.
At this point, the device becomes unresponsive.
After approximately 30 seconds, the message "Guided Access app unavailable. Please contact your administrator" appears.
The device is now frozen, and the only way to recover is to force restart it using Apple's forced restart method (Apple Support Link).
Additional Issue:
Additionally, we observe that when using an app in Single App Mode, attempting to reboot the device and canceling the reboot prevents any subsequent reboot attempts until a force restart is performed.
Steps to Reproduce This Behavior:
Lock the iOS device into Single App Mode.
Use the app normally.
Attempt to shut down the device by holding the Power and Volume Up buttons.
The shutdown/emergency screen appears as expected.
Cancel the shutdown by tapping "Cancel."
The device returns to the lock screen.
Swipe up to return to the app.
Attempt to shut down the device again using the same method.
Nothing happens—the shutdown screen no longer appears.
The only way to reboot the device now is through a forced restart.
This appears to be a bug in Single App Mode behavior, potentially related to Guided Access restrictions. Has anyone else encountered this issue?
Is this the right place to report this issue? or should I report it elsewhere?
I have more videos and material showing how to reproduce this issue if needed.
The security configuration updates have been enforced through automatic update policy enabled through an MDM policy. However our end users would like to know when these updates are triggered by the device and installed successfully. We can see on a few devices that even though the automatic updates are enabled there are many devices with config updates pending. Also is there a way to manually install these config updates as the end user cannot see these updates listed in the software update section.
Hello Apple Community,
We are integrating Apple Tap to Pay into our Point of Sale (POS) application. Our organization manages a fleet of supervised iPhones using Apple Business Manager (ABM) and Mobile Device Management (MDM) to onboard devices with preferred settings and automatically install our POS app via MDM-assigned licenses, then our OPS team installs our devices at merchant location and trains their staff on how to operate our service.
So far, we have avoided using Apple IDs on these devices, as our setup has relied solely on MDM enrollment and app deployment. However, Apple Tap to Pay requires an Apple ID and Passcode, which presents a challenge for automation at scale.
Our Questions:
1. Generally speaking, is there a recommended flow to manage Apple ID and Passcode for our case?
2. Is Managed Apple ID supported by Tap To Pay flow?
3. Is there a way to automate creation of Managed (or regular one if Managed is not supported by Tap to Pay) Apple ID and assignment into supervised iPhone via Apple MDM protocol?
4. Both regular and managed Apple ID requires 2FA via phone number. It appears Passkeys and Authentication Apps are not supported. What is recommended way to manage 2FA phone numbers on a scale of thousands of merchants?
5. Is there a way to enforce/assign specific passcode into supervised iPhone via Apple MDM protocol?
Key Considerations:
• Devices are corporate-owned and supervised.
• Practice shows that merchant staff is unable to manage Apple ID or any sort of iPhone credentials on their own due to frequent staff rotation and sometimes malicious actions by former employees.
• MDM is used to manage deployment, security policies, and app installations and updates.
• The goal is to avoid requiring end-users to manually sign in with Apple IDs and assign Passcode on each device.
Thank you!
We are attempting to block the attachment of photos from the Photos/Gallery app when sending emails or sharing on social media applications such as Gmail, Outlook, and other platforms. These are MDM Managed Applications While file attachments (e.g., PDFs, documents) are successfully blocked, photo attachments are not being restricted, allowing users to attach photos without limitations.
We are applying the below restriction to the device through an MDM
allowOpenFromUnmanagedToManaged: false
https://developer.apple.com/documentation/devicemanagement/restrictions
Steps to Reproduce:
Open the Photos or Gallery app on a mobile device.
Open Gmail, Outlook, or a social media application (e.g., Facebook, Instagram).
Open the Photos or Gallery app on a mobile device.
Select a photo to attach.
Try to attach the selected photo to an email or post.
Observe that the photo is successfully attached, despite restrictions on file attachments.
Hello,
Thank you for your message.
Regarding 3.2, we still find that your app is intended to be used by a specific business or organization, including partners, clients, or employees, but you've selected public distribution on the App Store in App Store Connect.
To resolve this issue, it would be appropriate to review the other distribution options available for apps designed for specific businesses or organizations and choose a distribution option that works for your app and users. You can review these app distribution options on Apple Developer.
I appreciate the help to get out of this inconvenience. Thank you.
The issue is with all our enterprise apps. All apps worked on version 18.1. For the few users that updated to 18.2.1 it stopped working after the update.
I have a phone that had 18.2.1 installed before I added any enterprise apps, they work fine.
So the issue is you have enterprise apps, update from 18.1 to 18.2.1 they stop working. Removing the app (and trust), and installing again doesn't solve the issue. On the app reinstall it's doesn't ask to add the trust or reboot, but the trust is added back.
When running the app, it opens for a second or two, then closes.
Apologies if this has been asked before, but I am struggling to understand what our options are for app distribution for a new (to our company) use case. Note: we have both an Enterprise account as well as a standard App Store account.
We are developing an Apple Vision app for a client company. We need to be able to distribute the app to people within our company as well as within the client company for testing. Once that is complete, we need to be able to distribute the app to a select group of employees in the client company. The client company does not have an MDM, so we originally thought to distribute the app using TestFlight. But that is not available with our Enterprise account.
Is this something we can manage with a Business account since the devices involved would belong to our client company instead of ours? Is there a different solution to this workflow within the existing tools provided by Apple? Or is the only option to help the client set up an MDM/set up our own MDM to manage client devices for this?
Microsoft are retiring the “Azure AD Graph API”.
We allow the use of Apple email apps in our M365 tenant via the “Apple Internet Accounts” Entra ID Enterprise Application, however this is using the “User.Read” permission from this retiring “Azure AD Graph API”.
My concern is that Apple email app’s will stop working in our tenant when Microsoft retire the “Azure AD Graph API” and this permission is removed, as this is an Apple managed Enterprise Application, we have no method of changing the permissions ourselves.
I have not been able to find any information on how the “Apple Internet Accounts” Entra ID Enterprise Application can be updated to use the required, newer “Microsoft Graph API” “User.Read” permission.
It is not possible for us to change the permissions on the “Apple Internet Accounts” Entra ID Enterprise Application in our tenant, my assumption is that Apple would need to deploy a newer version of Email app that uses the newer “Microsoft Graph API” “User.Read” permission, and we would then need to consent the use of this new permission in our tenant.
I would have thought Apple would have deploy this by now, but we have not seen any consent requests.
Does anyone have any information about how Apple are handling this Microsoft change and how we can pre-emptively update the “Apple Internet Accounts” Entra ID Enterprise Application to ensure that Apple email client continue to work in our tenant?
Many thanks.
We are using management properties in DDM to assign configurations and assets to a particular device, and one of those properties should be updated by a business app on the device.
For example, if the business application is not launched every 30 days, then a predicate should evaluate to false and the device put into single app mode to force the application to run.
If, however, the app is launched any time in the 30 days, then the counter should be reset. Essentially trying to enforce that users in the field cannot work offline for extended periods of time without getting the latest dataset from the company.
The single app mode part is very clear and the predicate to assign the configuration based on the date in the management property seems logical.
However, the question is: Can a predicate be built upon data that is updated by the custom MDM app? ie: If the app is launched on the device without connectivity, can a property be updated that the DDM predicate system can access that can be used as an input property? such as "last launch time" or "last check-in" of the custom app?
Alternately, could the custom MDM app read any of the management properties set via DDM? That way the user would know the value that the DDM configuration for restricting the device.
I have an in house application that I develop for my company.
The application requires our corporate MDM profile is installed on the phone. I recently got a new phone and our corporate IT team installed the MDM profile and the Comp Portal application for me to manage our corporate applications.
I installed the application through the Comp Portal. It crashes right away when I launch the application and I see this error message in the Console when connected to the phone:
"SpringBoard Snapshot generation request for bundleID: com.mycompany.mygroup.appName rejected due to the app being denylisted."
I see other errors from runningboardd about failing to spawn the job and SpringBoard Bootstrapping failed for <FBApplicationProcess: 0x510affd80; app<com.mycompany.mygroup.appName>:> with error: <NSError: 0x301e60090; domain: RBSRequestErrorDomain; code: 5; "Launch failed.">
I can launch a development version of the application with no problem by connecting the USB cable from my machine to my device and running through XCode.
Other people have no problems launching the application. I compared all the certificates in the management profile with another device where the application does not crash and there are identical.
We checked a number of settings on the devices to see if there could be something preventing the application from running but found nothing.
We reset all settings and deleted and reinstalled the application with rebooting to see if perhaps it was an incomplete installation. Our IT folks want to wipe the phone and start over but I have little confidence that will fix the issue since we don't know the root cause.
I am concerned that one of my Stakeholders might have the same issue if they get a new device. This application worked fine on my old phone.
Device: iPhone 16 Pro Max
iOS version: 18.2.1
Any ideas on next steps to troubleshoot this issue?
How can I figure out the cause of the denylisting?
Managed iOS/iPad devices are struck with no network under below conditions
Enrolling a Supervised iOS device
Send InstallProfile command with AppLock payload (https://developer.apple.com/documentation/devicemanagement/applock)
Now when the above managed device loses network connection with MDM server due to unknown network issues - the device is out of contact with MDM server and device is locked.
Since such AppLock payload installed devices are placed in remote locations, it becomes difficult for Admins to recover such devices with no network connectivity. The devices have to be brought in from remote location and recover them.
Under such conditions, it would be better to allow the end user to change the Network configuration manually to reconnect the device with MDM server.
This option can also be allowed only when the device can’t ping MDM server.
It would often be useful to deactivate horizontal scrolling, especially for number sheets.
So I have customized these 2 files.
But no success. Nothing happens. Scrolling is still possible in both directions. Vertically and horizontally.
Does anyone have an ingenious idea?
Is a student from a postgraduate course eligible to participate in the Apple Swift Student Challenge?
Is there or will there be an update to the depsim and vppsim simulator tools? The current version is significantly out-of-date in terms of features and fails to start due to the developer not being verified (ironically).
Unable to distribute the App via Intune, When tried to install the App on Intune enrolled device.
Gets error: Unable to install “App Name”.
This app cannot be installed because its integrity could not be verified.
Verified Bundle ID is getting updated and Sign-in shows successful.
Mac OS Build - 13.7.2 (22H313)
XCode Version: 15.1 (15C65)
Provisioning Profile renewed this week
Distribution Certificate Valid till 2027
I have a in-house delivered app, I updated certificates and delivered the app before expiring, inviting users to update. after certificates expiration people who did not update now must remove the app loosing personal data, and download it again, but app crashes.
I know that since iOS 18 in order to trust again an in-house identity, restart is required. What I need to know, is if there is some documentation where is explained the following:
if I remove the only app delivered by in-house enterprise profile I have on a customer device, via home, long time tap gesture, "remove the app" then I install again the app, the profile reappears under "VPN and device management" and results already as "trusted"
instead if I remove the app directly from settings > VPN and device management, when I re-install the app VPN and device management reappears and developer/app is not trusted, in it asks me to trust again the developer and during the operation, restarts the device, asks me device code and so on.
so, my final question is:
since it is clear to me that there is a difference between two removal methods, where is this logic described? Is it only present for in-house distribution?