We seem to be dealing with a weird issue where the clinical health records entitlement keeps on getting added into our final embedded.mobileprovision when we prepare a build for distribution. We seem to get this in the final package. <key>com.apple.developer.healthkit.access</key> <array> <string>health-records</string> </array> But in our projects entitlement file there is no reference to health records. Below is the raw values inside of this file. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>aps-environment</key> <string>development</string> <key>com.apple.developer.healthkit</key> <true/> <key>com.apple.developer.healthkit.access</key> <array/> <key>com.apple.security.application-groups</key> <array> <string>group.xxxxx</string> </array> </dict> </plist> And also in the project this isn't selected in the capabilities section either. Has anyone come across this issue before where Xcode automatically adds clinical records even though you haven't selected the checkbox.

All identifiers updated in summer 2020 has new value for keychain-access-groups - com.apple.token. What is its purpose? What can happen if this value will not be added to entitlements?

Some APIs seem to require entitlements for any use (sandboxed or not) but don't have any indication where we might sign up. The particular usage here is com.apple.vm.networking for vmnet, as it looks like we can't even get started in development without it.

test

Whenever I fresh install my app onto my device, it is not showing up in the Settings app. Even after trying to search it, nothing appears. I use location services and local network within my application so I need to be able to change those authorizations as it does not reliably prompt for those authorizations (I need always for location and that was removed, local network never prompts correctly). I have however seen my app appear in the settings app under privacy -> Location Services but not local network. Is this an issue with Apple or with my application? Should also be known that it does appear in settings on some devices.

I've been using CloudKit for my app recently and I'm trying to add support for a WatchOS app and I've enabled iCloud in capabilities and ticked the container I want to use but I get this error. CoreData: error: CoreData+CloudKit: -[NSCloudKitMirroringDelegate recoverFromPartialError:forStore:inMonitor:]block_invoke(1943): <NSCloudKitMirroringDelegate: 0x282430000>: Found unknown error as part of a partial failure: <CKError 0x28112d500: "Permission Failure" (10/2007); server message = "Invalid bundle ID for container"; uuid = ; container ID = "iCloud.Appname"> I tried creating a new container which worked for both the watch app and iOS app however I would like to use my original container since it has my old data

In my sandboxed MacOS app I want to access OSLogStore programmatically to fetch logs for multi-component application (app, libraries, deriver) for further analysis. According to the documentation, - https://developer.apple.com/documentation/oslog/oslogstore/3366102-local the app should have com.apple.logging.local-storeentitlement. I have added this entitlement "by hand" to the entitlement file as I I can't find a correspondent entry in the Xcode -> Sign & Capabilities interface. When I run the app, I get Unsatisfied entitlements: com.apple.logging.local-store error and the app doesn't start. If I remove the entitlement, the app can't get access to the logd subsystem. How can I add com.apple.logging.local-store to my app? Should I request this not visible via Xcode configuration UI from apple? Thanks!

When I try to add HealthKit capabilities to my app, I get the following signing errors: Communication with Apple failed. Your account does not have sufficient permissions to modify containers. Provisioning profile "iOS Team Provisioning Profile: com.domain.app" doesn't support the HealthKit capability. Provisioning profile "iOS Team Provisioning Profile: com.domain.app" doesn't include the com.apple.developer.healthkit and com.apple.developer.healthkit.access entitlements. In my developer account, the HK capability is enabled. And the entitlements needed are automatically generated by Xcode when I add HK capability, if I try to add them, it says they're already there. I have automatically managed signing selected. Clinical health records are not enabled for Health Kit. Common solutions like cleaning, derived data, and restarts don't help. Does anybody know what this is?

We have been searching for almost one year for answers as to why wkWebView using an Entitled Domain will allow Autofill with KeyChain to fill credentials, but will not trigger Autofill to store/save them. In other words, if users have previously stored credentials in Safari while visiting domain X, subsequent visited to wkWebView with entitled domain X will allow use of those credentials in wkWebView through the Autofill/Keychain dialogue. However, users cannot save/store credentials within wkWebView in Trusted domain X because the save dialogue is never triggered.

When I download my provisioning profile I can't find the com.apple.developer.carplay-audio entitlement in it. Here's what I did: For our app identifier on Apple Developer Portal in "Additional Capabilities" I enabled "CarPlay Audio App (CarPlay framework)". After that I generated a provisioning profile and downloaded it. In the provisional profile info on Apple Developer Portal I can see "CarPlay Audio App (CarPlay framework)" in "Enabled Capabilities". When I import the downloaded profile in Xcode, I can't see the CarPlay entitlement there. After I added the "com.apple.developer.carplay-audio" entitlement to my .entitlements file, I'm getting the "Provisioning profile ... doesn't include the com.apple.developer.carplay-audio entitlement.". When I'm opening the profile in my text editor, I also can't find "carplay-audio" there. Is there a way to solve this problem?

General: DevForums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained DevForums post --deep Considered Harmful DevForums post Don’t Run App Store Distribution-Signed Code DevForums post Resolving errSecInternalComponent errors during code signing DevForums post Finding a Capability’s Distribution Restrictions DevForums post Signing code with a hardware-based code-signing identity DevForums post Mac code signing: DevForums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding Nonstandard Code Structures in a Bundle documentation Embedding a Command-Line Tool in a Sandboxed App documentation Signing a Daemon with a Restricted Entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example DevForums post The Care and Feeding of Developer ID DevForums post TestFlight, Provisioning Profiles, and the Mac App Store DevForums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi, I'm trying to integrate with Tap to Pay feature under Stripe. For this reason i need to add com.apple.developer.proximity-reader.payment.acceptance entitlement to my Identifier. I can see it under Provisioning Profile -> Enabled Capabilities. But after downloading this profile in Xcode I don't see this entitlement. What could be the reason for this discrapency?

Is there a way to get the new com.apple.developer.device-information.user-assigned-device-name entitlement to work with automatically managed signing, or is it required to change to manual signing to use this entitlement? Someone else had the same problem as me in this reply on another post: https://developer.apple.com/forums/thread/708275?answerId=730156022#730156022 but it was suggested they start a new thread but I don't think they started such a thread so I am. I was hoping, perhaps naively, that after getting approval for the entitlement and adding it to our entitlements file that it would "just work" but i'm getting the error: Provisioning profile "iOS Team Provisioning Profile: [redacted bundle id]" doesn't include the com.apple.developer.device-information.user-assigned-device-name entitlement. Really hoping to avoid having to manually manage signing or at least know for sure that it is unavoidable before I move to it.

The documentation for CarPlay (https://developer.apple.com/documentation/carplay/requesting_carplay_entitlements) tells you to disable automatic signing in the section titled "Import the CarPlay Provisioning Profile": Click All in the scope bar, and then deselect “Automatically manage signing”. There have also been other posts in the past about the inability to use automatic signing with CarPlay: https://developer.apple.com/forums/thread/63468 However in a recent post of mine (https://developer.apple.com/forums/thread/717429?login=true&page=1#732392022) I was instructed how to set it up so that I could use automatic signing for the new user-assigned-device-name entitlement and it worked so I thought "Can I do the same thing for CarPlay?" and it seems to be working so far. Is automatic signing with CarPlay now possible? We have been able to use automatic signing to archive successfully and run to real devices and verify that CarPlay is working. I'm crossing my fingers that we'll be able to submit and get the build approved and never have to touch manual signing again. Hopefully it works and the documentation is just out of date.

I have an app with the "Driving Task" CarPlay entitlement. When I ask for permission for notifications in CarPlay (UNAuthorizationOptionCarPlay), and I check "carPlaySetting" in the UNNotificationSettings after granting permission, it get a value "UNNotificationSettingNotSupported" (the setting is not available to your app). Is this a bug? It feels like one. The app shows distances to some locations, and provides warnings to the user when approaching those locations. It is common for my users to use it at the same time they use a navigation app and switch between the two apps. But when they have the navigation app in foreground, they ask why my app is not showing notifications when giving an audio warning. The notifications are not even shown on the screen of the iPhone, the screen is turned off in iPhone 14 Pro when connecting to CarPlay, and the screen does not turn on when the app is in background in CarPlay and tries to show a notification.

Hello everyone, We noticed that iOS 16 devices no longer have access to user-assigned device name and, after digging in the forums, found out the information to request the entitlement. https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_device-information_user-assigned-device-name We've submitted the request back in Oct, received a Case-ID number, but nothing after that... Tried emailing them back in Nov (privacy-entitlement at apple dot com), but never heard back... Has anyone successfully requested and received the entitlement? Any hints/tips on how to get it? Appreciate your help

Hi, We need to use silent notifications in our app, even when the user kills the app. We requested Apple to get a NSE Filtering Entitlement on December 02, 2022 with follow-up number: 814879299 But after nearly 2 months, we still haven't got a response. So we also sent a TSI (Technical Support Incident) on January 09, 2023 with follow-up number: 817249684. DTS (Developer Technical Support) said that we need to use this specific entitlement and he has no involvement in the entitlement request process. We need a quick response for the NSE Filtering Entitlement because our business depends on Apple's response. @Apple, is it possible to get an estimation date for the response? @iOS_developers, how long have you been waiting for that permission?

Hello, I'm responsible for several apps within my company. We tried to apply for the user-assigned device name entitlement, but again we didn't get the approval: "Thank you for your interest in the user-assigned device name entitlement. We are unable to approve your request at this time." We use in our app the bluetooth connect and want to show the user in the vehicles the device name. Currently it's just "iPhone". Does somebody know how I can contact Apple to fix this? I chose this answers: Will your app display the user assigned device name to the user? No Will your app use the device name solely for functionality in a way that the user can easily see and understand? Yes Will your app functionality support interaction between multiple devices operated by the same user? Yes Will your app share the device name with any service providers or third parties other than a cloud hosting service provider? No Would be great to get any feedback with this. Thanks a lot.

Hello, I am currently facing an issue with my iOS app and its associated Preview extension. I am trying to save a file to a shared container using App Groups, so that my main app can read the file. The code works perfectly on the iOS simulator, but when I run the app on a physical device I encounter a "You don't have permission to save the file" error. Here's the relevant code snippet: let appGroupIdentifier = "group.com.yourcompany.yourapp" func saveDataToSharedContainer(fileName: String, data: Data) -> Bool { guard let containerURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupIdentifier) else { print("Error: Unable to access the shared container.") return false } let fileURL = containerURL.appendingPathComponent(fileName) do { try data.write(to: fileURL, options: .atomic) print("Data saved to shared container successfully.") return true } catch { print("Error: Unable to save data to shared container. \(error)") return false } } I have already verified the following: App Groups capability is enabled for both the main app target and the extension target. The App Group identifier is consistent in both the main app target and the extension target, as well as in the Swift code. Provisioning profiles and signing certificates are up-to-date, and the issue persists after cleaning the project and resetting the provisioning profiles. Despite trying these steps, the issue remains unresolved. This error is reproducible in a new project with a Preview extension. I would greatly appreciate any insights or suggestions from the community to help me resolve this issue. Thank you in advance!

Hi, I'm building an app for iPhone, iPad and Mac (Mac Catalyst). Unfortunately when I'm adding Family Controls capability to project I'm unable to run Mac Catalyst version of app. Everything is compiling, it fails when run and shows "Could not launch App" Launch Service error IDELaunchErrorDomain: code 20 RBSRequestErrorDomain: code 5 NSPOSIXErrorDomain: code 153 iOS version work without any problems and Screen Time releated Api too. My minimum deployment target is iOS 15. Our permission for Family Controls to distribute in AppStore is currently processing but I guess it shouldn't has influence as I'm running debug. Best, Marcin