The sample code uses a static variable of the PeripheralViewController class to account for congestion in the BLE stack - which is frowned upon by the Swift 6 compiler. Why does this variable need to be static in the first place?

Suppose there is a key in the keychain that is protected by an ACL which specifies .userPresence as its access control - is it possible to prevent the user from being prompted to authenticate with biometrics and to force authentication via the device passcode instead?

I have been bitten by this repeatedly so I am finally going to ask: Is there a way to infer an error from its localizedDescription only? It sometimes happens that a user reaches out for support with just a localized error message, but no error code or error domain and it is really hard to correctly guess what the non-localized description may have been in order to search for it. For example I know from experience that "Der eingegebene Benutzername oder das Passwort ist ungültig." is the German localization of "The user name or passphrase you entered is not correct." which in turn is errSecAuthFailed (aka. -25293). It would be really helpful to be able to just look this up somewhere...

I am trying to implement BLE communication between installations of an iOS app and I am following Transferring Data Between Bluetooth Low Energy Devices since the data I need to transfer exceeds the 512 byte limit for attribute values. I already have this working based on an older version of the app, however after I integrated with the mainline of development I am getting CBATTErrorRequestNotSupported which seems to be caused by OSStatus 65535 (which is kBluetoothSDPErrorCodeReservedEnd, but that is documented to not even be present on iOS). So it seems that a change on our end is causing these errors, but I am completely stumped as to what change that might be. Is anyone able to enlighten me?

After the XPC Updates from last year I am trying to understand what is possible with XPC on iOS. The documentation for XPCSession states it is available, but none of its initializers is. So how is one supposed to use it?

Is there a way for an app to interact with the new iOS 18 feature "Locked/Hidden Apps"? In our apps we prompt our users for biometric authentication ourselves and found that locking an app seems to interfere with that.

I noticed that the numbers given for the individual states do not add up; i.e. if I add everything other than "Received by APNs" I get what amounts to ~95% of that. Is that expected? And if so what happened to the remaining 5%?

I recently re-read Performing manual server trust authentication and noticed that it does not mention having to call SecTrustEvaluate (or its replacements) in client code (anymore). Is that implicitly taken care of by ATS?

If on iOS an app protects a keychain item with an access control list that specifies .biometryCurrentSet in its SecAccessControlCreateFlags the app loses access to the item if the set of currently enrolled fingers (for Touch ID) or the currently enrolled user (for Face ID) changes - which corresponds to a change of the evaluatedPolicyDomainState. We have users reporting loss of such items even though - as they assure us - they have not touched (no pun intended) anything under "[Touch|Face] ID & Code" in Preferences.app. Is there another reason why an app may lose access to such items?

The (archived) Local and Remote Notifications Programming Guide contains the following: To support a background update notification, make sure that the payload’s aps dictionary includes the content-available key with a value of 1. If there are user-visible updates that go along with the background update, you can set the alert, sound, or badge keys in the aps dictionary, as appropriate. The current documentation however reads: To send a background notification, create a remote notification with an aps dictionary that includes only the content-available key, as shown in the sample code below. You may include custom keys in the payload, but the aps dictionary must not contain any keys that would trigger user interactions. What caused this change and why is no longer supported to send additional keys (e.g. an alert dictionary) in the aps dictionary of a background notification?

Our app creates ECDSA signatures by calling SecKeyCreateSignature() using a private key that is protected by the secure enclave. On iOS 17 beta our backend rejects some of those signatures as invalid while on previous iOS versions everything is fine. Did anything change in the security framework in iOS 17 that I missed in the release notes or the API diffs?

If a host is pinned by specifying its SPKI fingerprint under NSAppTransportSecurity > NSPinnedDomains > <hostname> > NSPinnedLeafIdentities and pinning fails the following errors are raised: Error Domain=NSURLErrorDomain, Code=-1200 (i.e. NSURLErrorSecureConnectionFailed) Error Domain=kCFErrorDomainCFNetwork, Code=-1200 (i.e. kCFURLErrorSecureConnectionFailed) _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802 (i.e. errSSLFatalAlert) The topmost error's UserInfo dictionary contains a NSLocalizedRecoverySuggestion of "Would you like to connect to the server anyway?". How would I go about doing so given that urlSession(_:task:didReceive:completionHandler:)has already been called at this point?

We are seeing crashes lately that seem to be caused by PAC, but we are not yet building for the arm64e architecture as advertised here. Is it likely that adopting that architecture will alleviate these crashes?

The unified logging system on iOS can allegedly be configured by means of configuration profiles (as alluded to e.g. here), but documentation as to how to do that seems to be scarce. I am especially interested in whether it is possible to create a profile that auto-expires after a predefined time period (as the one for use with Apple Pay available here does). Can anyone point me in the right direction?

Is there an API to create a .logarchive file from the contents of e.g. a OSLogStore?