In my sandboxed MacOS app I want to access OSLogStore programmatically to fetch logs for multi-component application (app, libraries, deriver) for further analysis. According to the documentation, - https://developer.apple.com/documentation/oslog/oslogstore/3366102-local the app should have com.apple.logging.local-storeentitlement. I have added this entitlement "by hand" to the entitlement file as I I can't find a correspondent entry in the Xcode -> Sign & Capabilities interface. When I run the app, I get Unsatisfied entitlements: com.apple.logging.local-store error and the app doesn't start. If I remove the entitlement, the app can't get access to the logd subsystem. How can I add com.apple.logging.local-store to my app? Should I request this not visible via Xcode configuration UI from apple? Thanks!

General: DevForums tags: Code Signing, Signing Certificates, Provisioning Profiles, Entitlements Developer Account Help — This document is good in general but, in particular, the Reference section is chock-full of useful information, including the names and purposes of all certificate types issued by Apple Developer web site, tables of which capabilities are supported by which distribution models on iOS and macOS, and information on how to use managed capabilities. Developer > Support > Certificates covers some important policy issues Entitlements documentation TN3125 Inside Code Signing: Provisioning Profiles — This includes links to other technotes in the Inside Code Signing series. WWDC 2021 Session 10204 Distribute apps in Xcode with cloud signing Certificate Signing Requests Explained DevForums post --deep Considered Harmful DevForums post Don’t Run App Store Distribution-Signed Code DevForums post Resolving errSecInternalComponent errors during code signing DevForums post Finding a Capability’s Distribution Restrictions DevForums post Signing code with a hardware-based code-signing identity DevForums post Mac code signing: DevForums tag: Developer ID Creating distribution-signed code for macOS documentation Packaging Mac software for distribution documentation Placing Content in a Bundle documentation Embedding Nonstandard Code Structures in a Bundle documentation Embedding a Command-Line Tool in a Sandboxed App documentation Signing a Daemon with a Restricted Entitlement documentation Defining launch environment and library constraints documentation WWDC 2023 Session 10266 Protect your Mac app with environment constraints TN2206 macOS Code Signing In Depth archived technote — This doc has mostly been replaced by the other resources linked to here but it still contains a few unique tidbits and it’s a great historical reference. Manual Code Signing Example DevForums post The Care and Feeding of Developer ID DevForums post TestFlight, Provisioning Profiles, and the Mac App Store DevForums post For problems with notarisation, see Notarisation Resources. For problems with the trusted execution system, including Gatekeeper, see Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

Is there a way to get the new com.apple.developer.device-information.user-assigned-device-name entitlement to work with automatically managed signing, or is it required to change to manual signing to use this entitlement? Someone else had the same problem as me in this reply on another post: https://developer.apple.com/forums/thread/708275?answerId=730156022#730156022 but it was suggested they start a new thread but I don't think they started such a thread so I am. I was hoping, perhaps naively, that after getting approval for the entitlement and adding it to our entitlements file that it would "just work" but i'm getting the error: Provisioning profile "iOS Team Provisioning Profile: [redacted bundle id]" doesn't include the com.apple.developer.device-information.user-assigned-device-name entitlement. Really hoping to avoid having to manually manage signing or at least know for sure that it is unavoidable before I move to it.

The documentation for CarPlay (https://developer.apple.com/documentation/carplay/requesting_carplay_entitlements) tells you to disable automatic signing in the section titled "Import the CarPlay Provisioning Profile": Click All in the scope bar, and then deselect “Automatically manage signing”. There have also been other posts in the past about the inability to use automatic signing with CarPlay: https://developer.apple.com/forums/thread/63468 However in a recent post of mine (https://developer.apple.com/forums/thread/717429?login=true&page=1#732392022) I was instructed how to set it up so that I could use automatic signing for the new user-assigned-device-name entitlement and it worked so I thought "Can I do the same thing for CarPlay?" and it seems to be working so far. Is automatic signing with CarPlay now possible? We have been able to use automatic signing to archive successfully and run to real devices and verify that CarPlay is working. I'm crossing my fingers that we'll be able to submit and get the build approved and never have to touch manual signing again. Hopefully it works and the documentation is just out of date.

It seems as though requesting External Link Account Entitlement via the form is a bit of a black box. Is there a way to check on the status of our request? The app review team has informed me that they don't have any connection to the Account Entitlement teams so they unfortunately cannot help. Is there a way to check on our apps status or what we might need to change to have External Link Account Entitlement granted? Thanks

Hello, I am currently facing an issue with my iOS app and its associated Preview extension. I am trying to save a file to a shared container using App Groups, so that my main app can read the file. The code works perfectly on the iOS simulator, but when I run the app on a physical device I encounter a "You don't have permission to save the file" error. Here's the relevant code snippet: let appGroupIdentifier = "group.com.yourcompany.yourapp" func saveDataToSharedContainer(fileName: String, data: Data) -> Bool { guard let containerURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupIdentifier) else { print("Error: Unable to access the shared container.") return false } let fileURL = containerURL.appendingPathComponent(fileName) do { try data.write(to: fileURL, options: .atomic) print("Data saved to shared container successfully.") return true } catch { print("Error: Unable to save data to shared container. \(error)") return false } } I have already verified the following: App Groups capability is enabled for both the main app target and the extension target. The App Group identifier is consistent in both the main app target and the extension target, as well as in the Swift code. Provisioning profiles and signing certificates are up-to-date, and the issue persists after cleaning the project and resetting the provisioning profiles. Despite trying these steps, the issue remains unresolved. This error is reproducible in a new project with a Preview extension. I would greatly appreciate any insights or suggestions from the community to help me resolve this issue. Thank you in advance!

Following https://developer.apple.com/documentation/coremotion/accessing_submersion_data I'm trying to "just get it started". I have a provisioning profile with the Shallow Depth and Pressure active, I have set the com.apple.developer.submerged-depth-and-pressure to true in the entitlements file, and get no errors or warning when compiling and starting the app on my Apple Watch Ultra. When my view appears, I init the submersion manager with the following code: guard CMWaterSubmersionManager.waterSubmersionAvailable else { return } submersionManager = CMWaterSubmersionManager() submersionManager?.delegate = self Logger.shared.info("SubmersionManager initialized") I get the printout SubmersionManager initialized, but then I get: An error occurred: The operation couldn’t be completed. (CMErrorDomain error 110.) Googling this error tells me this error means: CMErrorNotEntitled And I cannot find WHY the app is not entitled.. I find no information that this entitlement is not publicly available or anything.

I've heard family controls request forms can take up to weeks and even months... I'm currently developing an app that requires the main target and also the app extension to both use Family Controls. Does this mean I need to request forms for both app bundles separately or just the main app? If I have to wait weeks or even months for both then that's a bit painful tbh. Is there a way to distribute to testflight without getting approved for the family controls entitlement? Thanks

Hi! I'm trying to move from CoreMedio I/O DAL Plug-In to CoreMedia I/O camera extensions, announced in macOS 12.3. I created a test extension, placed it inside my app bundle into Contents/Library/SystemExtensions and signed with codesigning certificate. But when I try to install my extension from inside my app, using this code (Swift): func installDriver() { guard let extensionIdentifer = DriverInstaller.extensionBundle().bundleIdentifier else { return } let activationReq = OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: extensionIdentifer, queue: .main) activationReq.delegate = self OSSystemExtensionManager.shared.submitRequest(activationReq) } I'm getting an error: OSSystemExtensionErrorDomain error 8: Code Signature Invalid which is rather generic. Can anybody tell me what I am doing wrong? Or at least propose some steps to find it out? I'm posting here entitlements and codesign output for my extension and containing application for further information. Executable=../Contents/Library/SystemExtensions/com..RoomDevice.Extension.systemextension/Contents/MacOS/com..RoomDevice.Extension [Dict] [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] 893K7MTL2H. com.. [Key] com.apple.security.device.camera [Value] [Bool] true Executable=**********/Contents/MacOS/***** [Dict] [Key] com.apple.application-identifier [Value] [String] 893K7MTL2H.com..RoomDevice [Key] com.apple.developer.system-extension.install [Value] [Bool] true [Key] com.apple.developer.team-identifier [Value] [String] 893K7MTL2H [Key] com.apple.security.application-groups [Value] [Array] [String] 893K7MTL2H. com..******** Executable=***/Contents/MacOS/**** Identifier=com..RoomDevice Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=1345 flags=0x10000(runtime) hashes=31+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=3584714367d59119b462d0f830247d27ff1fbace CandidateCDHashFull sha256=3584714367d59119b462d0f830247d27ff1fbace53419d69abaa658fbb7a4f12 Hash choices=sha256 CMSDigest=3584714367d59119b462d0f830247d27ff1fbace53419d69abaa658fbb7a4f12 CMSDigestType=2 Launch Constraints: None CDHash=3584714367d59119b462d0f830247d27ff1fbace Signature size=4688 Authority=Developer ID Application: ****************(893K7MTL2H) Authority=Developer ID Certification Authority Authority=Apple Root CA Signed Time=01-Sep-2023 at 12:00:09 PM Info.plist entries=22 TeamIdentifier=893K7MTL2H Runtime Version=13.3.0 Sealed Resources version=2 rules=13 files=6 Internal requirements count=1 size=216 Executable=/Contents/Library/SystemExtensions/com.*****.RoomDevice.Extension.systemextension/Contents/MacOS/com..RoomDevice.Extension Identifier=com.******.RoomDevice.Extension Format=bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=3627 flags=0x10000(runtime) hashes=102+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=70580825016b7e262fb15c280ba380ad4e871bc1 CandidateCDHashFull sha256=70580825016b7e262fb15c280ba380ad4e871bc108951adb8cd474d652567f4f Hash choices=sha256 CMSDigest=70580825016b7e262fb15c280ba380ad4e871bc108951adb8cd474d652567f4f CMSDigestType=2 Launch Constraints: None CDHash=70580825016b7e262fb15c280ba380ad4e871bc1 Signature size=4688 Authority=Developer ID Application: ************ Ltd. (893K7MTL2H) Authority=Developer ID Certification Authority Authority=Apple Root CA Signed Time=01-Sep-2023 at 12:00:05 PM Info.plist entries=22 TeamIdentifier=893K7MTL2H Runtime Version=13.3.0 Sealed Resources version=2 rules=13 files=0 Internal requirements count=1 size=224 Please anyone help. Thanks in advance!

Hello, What is the key for In-App Purchases entitlement I can add to my app.entitlements file in my project, so that I can autonomously enable the In-App Purchase capability? I have searched far a wide for this, however, it's unclear where it can be located. I know I can enable this capability manually by opening Xcode -> Selecting the "Signing & Capabilities" tab -> selecting "+ Capability" -> selecting "In-App Purchase" capability. However, this is not really an ideal solution for adding the capability to my app, especially when automated processes for building, testing, distributing via CI/CD are integrated. It would beneficial to be able to reference some documentation or resources for enabling capabilities (or any other build settings) autonomously in a project as opposed to having to manually click my way through enabling them. Looking forward to hearing back. Thanks!

Hi, We applied for Tap to Pay on iPhone entitlement and were approved, but on distribution support it's only showing Development. We can build and debug Tap to Pay on development, but unable to build release. We opened ticket with Apple support but they were saying it was configured correctly. I attached screenshot of our developer account entitlement for Tap to Pay. It clearly said Development only.

My development certificate is configured with SensitiveContentAnalysis, and this configuration has also been added to xcode. Error after running: MAD request(1) returns error: Error Domain=NSOSStatusErrorDomain Code=-18 "User Safety either not entitled for client or not enabled" UserInfo={NSLocalizedDescription=User Safety either not entitled for client or not enabled}

Electron app builded successfully with electron forge and @electron/osx-sign. But it crash when startup and get crash log below: Time Awake Since Boot: 320000 seconds Time Since Wake: 9200 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000002, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Trace/BPT trap: 5 Termination Reason: Namespace SIGNAL, Code 0x5 Terminating Process: exc handler [95916] Thread 0 Crashed:: Dispatch queue: com.apple.main-thread if I use custom entitlements, it shows: Time Awake Since Boot: 310000 seconds Time Since Wake: 8600 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Illegal instruction: 4 Termination Reason: Namespace SIGNAL, Code 0x4 Terminating Process: exc handler [93221] Application Specific Information: dyld: launch, running initializers /usr/lib/libSystem.B.dylib Could not set sandbox profile data: Operation not permitted (1) Application Specific Signatures: SYSCALL_SET_PROFILE here is entitlement: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.network.server</key> <true/> <key>com.apple.security.network.client</key> <true/> </dict> </plist> inherit entitlement: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.inherit</key> <true/> </dict> </plist> what can I do to resolve it?

Problem I am trying to send out a broadcast using NWConnection and then listen for responses using NWListener on port 50913. Although the broadcast is sent out correctly (= no error is thrown upon sending), I only get responses to my broadcast from what I suppose are the network interfaces of my own MacBook. In other words, it seems like the broadcast is never really submitted to the network. Context I don't have in-depth knowledge about the behavior of UDP which is why I am confused about this behavior. I've been reading online about this and couldn't find anything really related to the behavior I am experiencing. I've also looked at this developer forums entry and implemented the broadcast accordingly. The response from @meaton does not suggest that broadcasts are not supported by NWConnection (which is what I thought to be the culprit initially), and I am not getting the error they are talking about in their post, but a behavior that is entirely different. Does anyone know what is wrong with my implementation? Code final public class BroadcastDiscoveryEngine { private let logger: Logger = Logger.init(for: BroadcastDiscoveryEngine.self) private let broadcastConnection: NWConnection private let broadcastResponseListener: NWListener private let responseParser: BroadcastResponseParser = BroadcastResponseParser() private var discoveryContinuation: AsyncStream&lt;Discovery&gt;.Continuation? = nil init() throws { let parameters = NWParameters.udp parameters.allowLocalEndpointReuse = true parameters.allowFastOpen = true parameters.includePeerToPeer = true broadcastConnection = NWConnection(host: .ipv4(.broadcast), port: .init(integerLiteral: 50913), using: parameters) broadcastResponseListener = try NWListener(using: parameters, on: 50913) } func startBroadcast(continuation: AsyncStream&lt;Discovery&gt;.Continuation) { discoveryContinuation = continuation broadcastConnection.stateUpdateHandler = handleBroadcastConnectionStateUpdate(state:) broadcastConnection.start(queue: .global(qos: .default)) startBroadcastListener() } func stopBroadcast() { broadcastConnection.cancel() broadcastResponseListener.cancel() } private func sendBroadcastMessage() { broadcastConnection.send(content: "my_broadcast_message".data(using: .utf8), completion: .contentProcessed({ error in if let error = error { self.logger.error("Sending broadcast message failed with error: \(error.debugDescription, privacy: .public)") self.broadcastConnection.cancel() self.broadcastResponseListener.cancel() } self.logger.info("Broadcast message sent.") })) } private func handleBroadcastConnectionStateUpdate(state: NWConnection.State) { switch state { // shortened other cases since only logging occurs case .ready: logger.info("Broadcast connection established, ready to send and receive data.") sendBroadcastMessage() } } } extension BroadcastDiscoveryEngine { private func startBroadcastListener() { broadcastResponseListener.stateUpdateHandler = handleBroadcastResponseListenerStateUpdate(state:) broadcastResponseListener.newConnectionHandler = handleIncomingConnection(connection:) broadcastResponseListener.start(queue: .global(qos: .default)) } private func handleBroadcastResponseListenerStateUpdate(state: NWListener.State) { switch state { // shortened cases since only logging occurs } } private func handleIncomingConnection(connection: NWConnection) { connection.stateUpdateHandler = { state in self.handleIncomingConnectionStateUpdate(connection: connection, state: state) } connection.start(queue: .global(qos: .default)) } private func handleIncomingConnectionStateUpdate(connection: NWConnection, state: NWConnection.State) { switch state { // shortened other cases since only logging occurs case .ready: logger.info("Incoming connection (\(connection.debugDescription, privacy: .public) established, ready to send and receive data.") connection.receiveMessage { content, contentContext, isComplete, error in self.receiveBroadcastResponse(connection: connection, content: content, contentContext: contentContext, isComplete: isComplete, error: error) } } } private func receiveBroadcastResponse(connection: NWConnection, content: Data?, contentContext: NWConnection.ContentContext?, isComplete: Bool, error: NWError?) { // shortened: handles parsing accordingly and then cancels connection connection.cancel() } }

We asked for and received confirmation that we have received the Critical alert entitlement. I have also tested it in development build with a development profile and it worked. However when we try to send an update to test flight to test in release mode on our device, we get the following error: The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.usernotifications.critical-alerts' NSLocalizedFailureReason = "Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.usernotifications.critical-alerts' in our app. SUnderlyingError = "Error Domain=IrisAPI Code=-19241 "Asset validation failed" UserInfo={status=409, detail=Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. The bundle contains a key that is not included in the provisioning profile: 'com.apple.developer.usernotifications.critical-alerts in our app code=STATE_ERROR.VALIDATION_ERROR.90163, title=Asset validation failed we added the following entitlement to the entitlements.plist file: com.apple.developer.usernotifications.critical-alerts

I have a driving task app and am trying to show a CPActionSheetTemplate or a CPAlertTemplate. Both of these are crashing showing: Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: 'Unsupported object <CPActionSheetTemplate: 0x6000030319e0> <identifier: C744031B-99F6-4999-AF19-6ED43140502B, userInfo: (null), tabTitle: (null), tabImage: (null), showsTabBadge: 0> passed to pushTemplate:animated:completion:. Allowed classes: {( CPSearchTemplate, CPNowPlayingTemplate, CPPointOfInterestTemplate, CPListTemplate, CPInformationTemplate, CPContactTemplate, CPGridTemplate, CPMapTemplate )}' This is very strange, because in the docs all app types are allowed to show ActionSheets and Alerts. Why is this crashing?

Hello all! I'm having problems with capacitor built to iOS. The audio plays correctly (.wav files/ sound effect triggered in a game), but the debugger pops the error: Error acquiring assertion: <Error Domain=RBSServiceErrorDomain Code=1 "(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)" UserInfo={NSLocalizedFailureReason=(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)}> I've added the entitlements for: Audio, AirPlay, and Picture in Picture Background fetch Remote notifications Background processing Help is appreciated!

I can't find the webpage to request access to parts of iOS that are restricted from Developers. It's more than entitlements. It's to access actual hardware, specifically the lightning port. I need to be able to send signals to the right pins or what-not. What is that called when a developer makes that request? Or where is that on Apple's Developer website? I logged in with the wrong Apple ID. I'm ShinehahGnolaum.

I encountered this in Apple's doc: Users must grant permission for your app to access their music data. Add the NSAppleMusicUsageDescription key to your app’s Info.plist file Info.plist is no longer generated as part of Xcode projects. Do we add a key like this to the app's .entitlements file instead?

Case-ID: 4977264 I am writing to inquire about the status of my location push service extension entitlement, which I submitted a consent form for on November 16, 2023., It has been 50 days with no response from Apple since I submitted, Can anyone help regarding the entitlement and why Apple takes time to approve OR is there any specific reason to deny entitlement? Thanks in advance.