Pretty much the headline. the func transactionHistory() needs to return the transaction location. This seems so rudimentary, yet it is missing from the docs. Unless I'm missing something, please add this feature or point me in the right direction. Alternatively, is there a way for my app to get notified of the transaction immediately as it happens? I have to get transactions historically which leaves me with no way to determine where they happened in the past.

Hello, I'm receiving an unknown error instead of the excluded credentials error when using the "Save on another device" option for Passkey creation. When creating the ASAuthorizationPlatformPublicKeyCredentialProvider request to pass to the ASAuthorizationController. The excludedCredentials property is used to add a list of credentials to exclude in the registration process. This is to prevent duplicate passkeys from being created if one already exists for the user. When trying to create a duplicate passkey using the same device, the ASAuthorizationControllerDelegate method authorizationController(controller, didCompleteWithError:) is called. The error received has localized description “At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator." When trying to create a duplicate passkey using the “Save on another device” option. The delegate method is called, but the error received has code 1000 ("com.apple.AuthenticationServices.AuthorizationError" - code: 1000). Which maps to the unknown error case in ASAuthorization error type.

Hi Apple Developer Support, I’m building a macOS app that acts as a default browser. I can confirm that I can set it correctly through System Settings → Default Web Browser. The app implements ASWebAuthenticationSessionWebBrowserSessionHandling to intercept Single Sign-On (SSO) flows. To handle requests, it presents SSO pages in a WKWebView embedded in a window that this app creates and owns - this works perfectly for the initial login flow. However, after I close my WebView window and then launch Safari or Chrome, any subsequent SSO requests open in the newly-launched browser instead of my custom browser, even though it remains selected as the default in System Settings. I’d appreciate any insight on why the system “hands off” to Safari/Chrome in this scenario, and how I can keep my app consistently intercepting all ASWebAuthenticationSession requests. Here are the steps that break down the issue: Launch & confirm that the custom default browser app is the default browser in System Settings → Default Web Browser. Trigger SSO (e.g., try to log in to Slack). App’s WKWebView appears, and the SSO UI works end-to-end. Close the WebView window (I have windowShouldClose callback where I cancel the pending session). Manually launch Safari or Chrome. Trigger SSO again. Observed behaviour: the login URL opens in Safari/Chrome. I am using macOS 15.3.2

Hi, I have a question about UIDevice identifierForVendor. I am distributing 3 apps using an enterprise account. All apps use the same developer account and certificates. The bundle IDs of the apps are as follows: com.abc.inhouse.mail com.abc.searchent com.abc.noteent In the Enterprise builds, apps 1 and 2 share the same identifierForVendor (IDFV). However, app 3 has a different IDFV value. According to Apple documentation, the IDFV is determined based on the bundle ID when distributing through Enterprise. Why does app 3 have a different IDFV? Are there any other factors besides the bundle ID that affect the IDFV in Enterprise builds? Please help me figure this out. Thank you for your time!

Our product includes a background sync process that synchronizes credentials between devices. We need to update ASCredentialIdentityStore when credentials are changed, we have noticed that the ASCredentialIdentityStore.shared.saveCredentialIdentities() fails to run when the device is locked. Is it possible to update ASCredentialIdentityStore when the device is locked?

I was testing an app with AppleSignIn with a Firebase backend and wanted to test account deletion functionality. I was unaware of needing to revoke the token with Apple before proceeding with account deletion. Now, when I try to create a new account with the same appleId email, the token passed to Firebase is invalid and the login fails. As such, I am blocked from testing my app with authenticated Apple users, so I'm trying to understand what the workaround is. Thanks in advance!

We're experiencing crashes in our production iOS app related to Apple's DeviceCheck framework. The crash occurs in DCAnalytics internal performance tracking, affecting some specific versions of iOS 18 (18.4.1, 18.5.0). Crash Signature CoreFoundation: -[__NSDictionaryM setObject:forKeyedSubscript:] + 460 DeviceCheck: -[DCAnalytics sendPerformanceForCategory:eventType:] + 236 Observed Patterns Scenario 1 - Token Generation: Crashed: com.appQueue EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000000000010 DeviceCheck: -[DCDevice generateTokenWithCompletionHandler:] Thread: Background dispatch queue Scenario 2 - Support Check: Crashed: com.apple.main-thread EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000000000008 DeviceCheck: -[DCDevice _isSupportedReturningError:] DeviceCheck: -[DCDevice isSupported] Thread: Main thread Root Cause Analysis The DCAnalytics component within DeviceCheck attempts to insert a nil value into an NSMutableDictionary when recording performance metrics, indicating missing nil validation before dictionary operations. Reproduction Context Crashes occur during standard DeviceCheck API usage: Calling DCDevice.isSupported property Calling DCDevice.generateToken(completionHandler:) (triggered by Firebase App Check SDK) Both operations invoke internal analytics that fail with nil insertion attempts. Concurrency Considerations We've implemented sequential access guards around DeviceCheck token generation to prevent race conditions, yet crashes persist. This suggests the issue likely originates within the DeviceCheck framework's internal implementation rather than concurrent access from our application code. Note: Scenario 2 occurs through Firebase SDK's App Check integration, which internally uses DeviceCheck for attestation. Request Can Apple engineering confirm if this is a known issue with DeviceCheck's analytics subsystem? Is there a recommended workaround to disable DCAnalytics or ensure thread-safe DeviceCheck API usage? Any guidance on preventing these crashes would be appreciated.

Our service has ended and the app has been removed from the App store. This app supported Sign in with Apple, but even if I try to revoke the account from the iOS settings or account.apple.com on the web, but can't delete it and no error is displayed. Does anyone know the cause of this problem or have encountered it? I'm not sure if it's related, but this app was previously transferred from another organization.

While working with Platform SSO on macOS, I’m trying to better understand how the system handles cases where a user’s local account password becomes unsynchronized with their Identity Provider (IdP) password—for example, when the device is offline during a password change. My assumption is that macOS may store some form of persistent token during the Platform SSO user registration process (such as a certificate or similar credential), and that this token could allow the system to unlock the user’s login keychain even if the local password no longer matches the IdP password. I’m hoping to get clarification on the following: Does macOS actually use a persistent token to unlock the login keychain when the local account password is out of sync with the IdP password? If so, how is that mechanism designed to work? If such a capability exists, is it something developers can leverage to enable a true passwordless authentication experience at the login window and lock screen (i.e., avoiding the need for a local password fallback)? I’m trying to confirm what macOS officially supports so I can understand whether passwordless login is achievable using the persistent-token approach. Thanks in advance for any clarification.

I've come across strange behavior with the userID property on the returned credential from a passkey attestation. When performing a cross-device passkey assertion between iOS and Android by scanning the generated QR code on my iPhone with an Android device the returned credential object contains an empty userID. This does not happen when performing an on device or cross-device assertion using two iPhones. Is this expected behavior, or is there something I'm missing here? I couldn't find any more information on this in the documentation. iOS Version: 26.0.1, Android Version: 13

Hey everyone, I'm hitting a really frustrating issue with App Attest. My app was working perfectly with DCAppAttestService on October 12th, but starting October 13th it started failing with DCError Code 2 "Failed to fetch App UUID" at DCAppAttestController.m:153. The weird part is I didn't change any code - same implementation, same device, same everything. I've tried switching between development and production entitlement modes, re-registered my device in the Developer Portal, created fresh provisioning profiles with App Attest capability, and verified that my App ID has App Attest enabled. DCAppAttestService.isSupported returns true, so the device supports it. Has anyone else run into this? This is blocking my production launch and I'm not sure if it's something on my end or an Apple infrastructure issue.

I am running a service available on both an app and a web platform with "Sign In with Apple." Should I store the tokens separately, or should I overwrite them in a single storage location? When a user requests to sign out, should I revoke both the app and web tokens, or will revoking the app token automatically cover the web token as well?

AFAIU a new screen capture notification was added within the Control Center in Sequoia 15.2, see attached examples: My question is whether there is some way to suppress this notification preferably via an MDM configuration profile. See also https://discussions.apple.com/thread/255886645?sortBy=rank for more information. Thanks, Doron.

Hello, we're currently evaluating the side effects of transferring our app to a different Apple developer account. Our users use SIWA to sign in to our platform which uses Auth0. As I understand it, the identifiers provided by Apple will change, and as such Auth0 will not recognise them and treat them as new users. I've read conflicting documentation, reports, discussions, etc, so it would be great if I could get some clarification on the topic. Furthermore we're concerned about the Hide My Email functionality. A lot of our users use this feature. Will the relay email for each user change with the transfer? If so, does the 'old' relay email stop working as soon as the transfer happens? Thanks in advance!

Hi all, I've on high alert after hearing about the security concerns with npm. Full disclosure, I'm new to computer and network architecture, however, as someone who is on high alert for aplications exfiltrating data or poisioning my on-device machine learning models — I've seen some things I can't fully explain and I'm hoping the community can help. I ran the code odutil show all and I was wondering why certain node names are hidden in my system and when I use the directory utility, I can't use my computer login and password to authenticate to see the users? Am I being locked out of seeing my own system? I'm trying to dig to see if a root kit was installed on my device. Does anyone know what the users and groups in the directory utility are? Who is "nobody" and who is "Unknown user"? I'll probably have a lot more questions about this suspicious files I've seen on my device. Does anyone else's device download machine learning model payloads from the internet without notifying the user (even through a firewall, no startup applications?). I've also tried deleting applications I no longer need anymore and my "system" makes them re-appear.... what?

I added a feature to my app that retrieves only app settings (no personal data) from my API hosted on Cloudflare Workers. The app does not send, collect, track, or share any user data, and I do not store or process any personal information. Technical details such as IP address, user agent, and device information may be automatically transmitted as part of the internet protocol when the request is made, but my app does not log or use them. Cloudflare may collect this information. Question: Does this count as “data collection” for App Store Connect purposes, or can I select “No Data Collected”?

Script attachment enables advanced users to create powerful workflows that start in your app. NSUserScriptTask lets you implement script attachment even if your app is sandboxed. This post explains how to set that up. IMPORTANT Most sandboxed apps are sandboxed because they ship on the Mac App Store [1]. While I don’t work for App Review, and thus can’t make definitive statements on their behalf, I want to be clear that NSUserScriptTask is intended to be used to implement script attachment, not as a general-purpose sandbox bypass mechanism. If you have questions or comments, please put them in a new thread. Place it in the Privacy & Security > General subtopic, and tag it with App Sandbox. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] Most but not all. There are good reasons to sandbox your app even if you distribute it directly. See The Case for Sandboxing a Directly Distributed App. Implementing Script Attachment in a Sandboxed App Some apps support script attachment, that is, they allow a user to configure the app to run a script when a particular event occurs. For example: A productivity app might let a user automate repetitive tasks by configuring a toolbar button to run a script. A mail client might let a user add a script that processes incoming mail. When adding script attachment to your app, consider whether your scripting mechanism is internal or external: An internal script is one that only affects the state of the app. A user script is one that operates as the user, that is, it can change the state of other apps or the system as a whole. Supporting user scripts in a sandboxed app is a conundrum. The App Sandbox prevents your app from changing the state of other apps, but that’s exactly what your app needs to do to support user scripts. NSUserScriptTask resolves this conundrum. Use it to run scripts that the user has placed in your app’s Script folder. Because these scripts were specifically installed by the user, their presence indicates user intent and the system runs them outside of your app’s sandbox. Provide easy access to your app’s Script folder Your application’s Scripts folder is hidden within ~/Library. To make it easier for the user to add scripts, add a button or menu item that uses NSWorkspace to show it in the Finder: let scriptsDir = try FileManager.default.url(for: .applicationScriptsDirectory, in: .userDomainMask, appropriateFor: nil, create: true) NSWorkspace.shared.activateFileViewerSelecting([scriptsDir]) Enumerate the available scripts To show a list of scripts to the user, enumerate the Scripts folder: let scriptsDir = try FileManager.default.url(for: .applicationScriptsDirectory, in: .userDomainMask, appropriateFor: nil, create: true) let scriptURLs = try FileManager.default.contentsOfDirectory(at: scriptsDir, includingPropertiesForKeys: [.localizedNameKey]) let scriptNames = try scriptURLs.map { url in return try url.resourceValues(forKeys: [.localizedNameKey]).localizedName! } This uses .localizedNameKey to get the name to display to the user. This takes care of various edge cases, for example, it removes the file name extension if it’s hidden. Run a script To run a script, instantiate an NSUserScriptTask object and call its execute() method: let script = try NSUserScriptTask(url: url) try await script.execute() Run a script with arguments NSUserScriptTask has three subclasses that support additional functionality depending on the type of the script. Use the NSUserUnixTask subsclass to run a Unix script and: Supply command-line arguments. Connect pipes to stdin, stdout, and stderr. Get the termination status. Use the NSUserAppleScriptTask subclass to run an AppleScript, executing either the run handler or a custom Apple event. Use the NSUserAutomatorTask subclass to run an Automator workflow, supplying an optional input. To determine what type of script you have, try casting it to each of the subclasses: let script: NSUserScriptTask = … switch script { case let script as NSUserUnixTask: … use Unix-specific functionality … case let script as NSUserAppleScriptTask: … use AppleScript-specific functionality … case let script as NSUserAutomatorTask: … use Automatic-specific functionality … default: … use generic functionality … }

Hello everyone, I’ve been working on ways to implement stricter accountability systems for personal use, especially to prevent access to NSFW content in apps like Reddit and Twitter. The main challenge is that iOS sandboxing and privacy policies block apps from monitoring or interacting with other apps on the system. While Apple’s focus on privacy is important, there’s a clear need for an opt-in exception for accountability tools. These tools could be allowed enhanced permissions under stricter oversight to help users maintain accountability and integrity without compromising safety. Here are a few ideas I’ve been thinking about: 1. Vetted Apps with Enhanced Permissions: Allow trusted applications to bypass sandbox restrictions with user consent and close monitoring by Apple. 2. Improved Parental Controls: Add options to send notifications to moderators (like accountability partners) when restrictions are bypassed or disabled. 3. Custom Keyboard or API Access: Provide a framework for limited system-wide text monitoring for specific use cases, again with user consent. If anyone has ideas for how to address this within current policies—or suggestions for advocating for more flexibility—I’d appreciate the input. I’m curious how others have handled similar challenges or if there are better approaches I haven’t considered.

Hello I am wondering how and if it even is possible to grab the amount of times a user has opened a specific app. Of course these apps will be selected for tracking by the user through the FamilyControls API, but is it possible to then list those selected apps and their amount of openings? I know Screen Time API is very strict with giving developers control of this information outside of just displaying a view so I don't know if this is possible. I saw that DeviceActivityData.ApplicationActivity has a value called "numberOfPickups" but I'm not sure how to access that value and display it in my app. Thank you

We are experiencing a significant issue with macOS security alerts that began on July 9th, at approximately 4:40 AM UTC. This alert is incorrectly identifying output files from our snippet tests as malware, causing these files to be blocked and moved to the Trash. This is completely disrupting our automated testing workflows. Issue Description: Alert: We are seeing the "Malware Blocked and Moved to Trash" popup window. Affected Files: The security alert triggers when attempting to execute .par files generated as outputs from our snippet tests. These .par files are unique to each individual test run; they are not a single, static tool. System-Wide Impact: This issue is impacting multiple macOS hosts across our testing infrastructure. Timeline: The issue began abruptly on July 9th, at approximately 4:40 AM UTC. Before that time, our tests were functioning correctly. macOS Versions: The problem is occurring on hosts running both macOS 14.x and 15.x. Experimental Host: Even after upgrading an experimental host to macOS 15.6 beta 2, the issue persisted. Local execution: The issue can be reproduced locally. Observations: The security system is consistently flagging these snippet test output files as malware. Since each test generates a new .par file, and this issue is impacting all generated files, the root cause doesn't appear to be specific to the code within the .par files themselves. This issue is impacting all the snippet tests, making us believe that the root cause is not related to our code. The sudden and widespread nature of the issue strongly suggests a change in a security database or rule, rather than a change in our testing code. Questions: Could a recent update to the XProtect database be the cause of this false positive? Are there any known issues or recent changes in macOS security mechanisms that could cause this kind of widespread and sudden impact? What is the recommended way to diagnose and resolve this kind of false positive? We appreciate any guidance or assistance you can provide. Thank you.