I'm a new developer who is looking to make my first app easier to manage on my end by staying in the Apple ecosystem. My ideal backend is just pure and simple CloudKit. This should help me cut down on costs and increase my security, or so I thought.
The more I looked into the issue of mobile app security --more specifically, preventing fraudulent access to backend APIs-- the more it seems like CloudKit is a disaster waiting to happen. While data in transit is encrypted and there's even end-to-end encryption for private DBs, securing an app's public DB in the presence of modified apps is a daunting, if not impossible task. My assumption is that a modified app cannot be trusted to make honest assertions about itself, the device, or its iCloud account, and can potentially lie its way into restricted areas of the DB. If an app is compromised, CloudKit queries from that app can be used to make malicious queries or even changes to the databases.
I'm hoping App Attest, even with its potentially circular logic, can at least make life harder for fraudsters, competitors, and vandals (when combined with other security measures like jailbreak, debugging, hooking, and tampering detections), but I have not found a single mention on how App Attest might be used to protect CloudKit. There doesn't even seem to be a verified way for me to build a third party server that can handle App Attest and then tell CloudKit to allow a user through (with all the security hazards a new developer faces when configuring an authentication server). The message seems to be: App Attest is important, but you can't use it with CloudKit, so build your own server.
Questions
Is my assumption that a compromised app can make malicious queries or changes to an app's CloudKit DB correct?
Can App Attest be made to protect a CloudKit public DB, with or without the involvement of a third-party server to handle attestations?
CloudKit
RSS for tagStore structured app and user data in iCloud containers that can be shared by all users of your app using CloudKit.
Posts under CloudKit tag
200 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
In Core Data, you can use a pinned query generation to make sure that your app is working from a consistent view of the data store. If you have CloudKit sync turned on, and new changes come in that invalidate relationships, your app won't see them right away as long as it's looking at a pinned query generation.
Since Swift Data doesn't yet support query generations, how do I deal with this issue in Swift Data apps?
For example, let's say I have an address book app. I open a particular contact, and then tap a control on the screen that opens a list of images for that contact. While looking at the images, CloudKit sync retrieves changes made by other devices, which have completely removed the parent contact.
How does my app know this has happened? Suppose the image browser screen needs to refer to the parent contact, or make changes to it, but the contact is no longer there because a background sync removed it.
I can't find the current costs for CloudKit. There used to be a pricing page, but I can't locate it now. Is there an official page that details the current costs for CloudKit?
Perhaps I should not be asking this here, but can anyone recommend a good learning resource/tutorial for a complete beginner for SwiftData and CloudKit?
Hello,
I had a WWDC Lab with two CloudKit engineers who asked me to file a "Feedback Request" for critical information regarding CloudKit. I've filed the FB and have also decided to post a forum post to increase my chances of having these critical questions answered. If allowed, I will also post responses to my FB here.
CKAssets
I would like to know how large assets attached to a CKAsset can get before being rejected by the system. If the figure differs for private and public databases, please also let me know.
CloudKit pricing information
There used to be pricing information available on the website, but there's basically no information now. This makes it hard to calibrate user upload limits for my app in order to avoid overage fees.
I'm not looking to game the system, (something this strange opaqueness is likely meant to prevent); I'm just looking to avoid a situation where competitors and vandals abuse my the content upload system so I get smacked by large bills out of nowhere. A rough figure of how many GB of data each active user adds to my app's CloudKit public database would suffice.
While we're at it, if I have two apps that share a public database (if that's possible), do the active user counts of both contribute to the public database's free threshold?
I have read and tried all the possible solutions available online, but still didn't get a result.
My multi-platform iOS/macOS app uses private databases in iCloud with Core Data. All works as expected when I build the app from Xcode to my multiple devices: data is being synced. But when I upload the app to TestFlight, data is not being synced.
This is what I have already tried:
In CloudKit Dashboard, I reset the schema and deployed schema changes from the development to production.
In Xcode project settings, in Targets, under Frameworks, Libraries... I added the CloudKit.framework, set as "do not embed".
In Xcode project settings, under Signing & Capabilities, all the CloudKit, Background fetch and Remote notifications checkboxes are enabled for both Debug and Release. They all point to the same correct iCloud container.
In Xcode project settings, under Build Settings, Code Signing Entitlements for both Debug and Release point to the same entitlements file.
In .entitlements file, CloudKit container identifier points to the correct container. iCloud Services set to CloudKit.
In .entitlements file, APS Environment for both iOS and macOS is set as "production".
In Core Data .xcdatamodeld file, under Configurations, I have a Default option, and it is being set to "Used with CloudKit."
Each time I upload new version to the TestFlight, I delete all the previous versions from all my devices, so development and production containers are not mixed up in any way.
I understand that I may be missing something. But after researching all the resources available online, I didn't find anything else to configure or to add in this setup. I want to point out again that data is not being synced only in TestFlight, and thus, possibly, after release. Whenever I build app directly to the device from Xcode, all works as expected.
I hope someone can help me.
I've been building an app with CKSyncEngine based off the documentation and sample code on GitHub. So far it's been working great, but I still have a number of questions I couldn't find the answer to I'd like to know before going into production. Here's a list in no particular order:
When sending changes, are you expected to always send the entire record or just the fields that changed? It's not clear there would even be a way to know the fields that changed since when we have to populate the CKRecord from our local record, we only know the id.
Likewise, when we get a record that changed on the server, do we always get a complete record even if only a single field changed?
Related to that, if a record has asset(s), is the complete asset also returned on every server change even if we already have a copy locally and it hasn't been modified?
If a record does have an asset, is the asset guaranteed to be downloaded and available at the asset.fileURL location by the time CKSyncEngine calls the delegate? If not, is there a way to know it's still downloading and when it will be available?
Is there a way to lazy load assets to avoid unnecessary data fetching?
If there is a failure during sync, for example if I fail to save just one record out of many, how do I recover from that? Is there a way to retry?
Related, is there a way to verify we're completely in sync with the server?
Is there any way to resync besides deleting the state serialization data and doing a complete sync again?
Can I use CKSyncEngine from the main app and the app extensions if they share a database and state serialization. For example, when adding an image from the share extension. Any caveats to that?
Sorry for all the questions, but I want to make sure this is as efficient and reliable as possible. I'm going to request a Lab as well, but it's the lab request form isn't working at the moment so I figured I'd post here in case it's easier to answer async.
Thanks!
– Zach
How did the issue (probably) occur?
The issue appeared in January 2024 after setting up a new Apple TV 4K (tvOS 16.X and updated to latest tvOS after setup) or a new Apple Watch Ultra 2 (watchOS 10.X and updated after setup). Both devices were set up using my personal iCloud and both were set up to use HomeKit. I suspect the issue is related to the creation of a new Home that was subsequently shared to a family member (see below).
How did I notice the issue?
From the week that followed, I noticed that my iPhone 15 Pro Max tends to get really hot in standby and that the battery drops significantly in the space of a couple standby hours. (Worst case I’ve experienced is about ~80% drop in 4 hours standby)
Apple Watch also has huge drops in battery life. Again, to give some perspective: I wear my AW for sleep tracking, sometimes AW will drop ~5% throughout the night, sometimes ~60% (and turn off if it was charged below 60%, making me lose my sleep tracking).
My iPad Pro occasionally loses ~30-50% charge over night in standby.
I went to the Battery section of the Settings app on my iPhone and iPad and could notice that about 50-75% of the time (over 24h that is), Home Accessories is running in the background. I could not confirm this on Apple Watch as the battery section of Settings does not show per app usage, however clear drops in battery percentage are noticeable from the graph.
What's the issue?
Seeing the issue arise on three of my four portable Apple devices, I decided to go check on my MacBook Pro M1 Max in Activity Monitor if the same behaviour was to be seen. I quickly realised that the Home Daemon (homed) is permanently running in background at (unusual) high usage. It is the top entry in CPU usage and Uptime.
Going into the Console app I can see that the homed daemon on macOS is throwing 3x-5x batches of the same 5 error messages each second. The errors are the following:
In the same Console app, connecting to my iPhone and my iPad, I can see the exact same errors occurring at approximately the same rate.
What is the issue in technical terms?
My CloudKit HomeKit config (com.apple.homekit.config) container is bricked and returns an internal server error
The homed/cloudd daemons do not have a backoff policy and retry fetching the CloudKit database instantly on failure. This leads to an infinite loop of network requests going out and draining my battery on all devices massively.
How did I try to solve the issue?
All these measures were unsuccessful:
Restarting all devices
All devices are on the latest version
Deleting the Home app where possible
Turning off Home, Keychain and iCloud Drive in iCloud settings
Signing out of iCloud and signing in again
Using the HomeKit Reset mobileconfig profile where possible (http://appldnld.apple.com/iOSProfiles/HomeKitReset.mobileconfig)
Use the previously mentioned reset profile in combination with a HomeKit Architecture downgrade (http://appldnld.apple.com/iOSProfiles/KeepLegacyHome.mobileconfig)
On macOS, delete ~/Library/HomeKit
Sending sysdiags using the Feedback Assistant (FB13529370, still open)
Manually revoking all (pending and accepted) home invitations and deleting all homes from the Home app
Removing all Apple TVs and HomePods from my iCloud account
Reseting and repairing Apple Watch
Disabled Advanced Data Protection on iCloud
Logging out of all my devices’ iCloud, use the reset profile, wait 20min, login to iCloud, the issue reappears in the console (while no other devices are logged in)
Changing Apple ID password and choose to log out all devices, log in again into a single device, use the reset profile, wait 20min, and the issue reappears in the console
To be absolutely sure it is an iCloud issue and not a local misconfiguration (that could be solved by resetting all my devices), I took an older iPhone 12 Pro and set it up as a new device with no apps/account/data, just a blank installation of iOS. As one would expect, the issue is not present and the Console app does not show any errors. As soon as I log into my iCloud account, the Home daemon homed throws the same 5 errors over and over and the battery draining issue magically appears.
This confirms my theory that it is indeed an iCloud issue on the server-side and not a client-side issue. Reseting my devices would not help fix the issue as demonstrated by a blank iOS installation on a separate iPhone 12 Pro getting the same error just by logging into my iCloud account.
I’ve had an Apple Support case for over five months, it has been (unsuccessfully) escalated twice to engineering. While many basic troubleshooting steps have been taken, nothing helped. Also, while the Apple Support agent is really trying their best to help me, they understand the symptoms of the problem but not the root cause which I tried explaining multiple times. Essentially we’re sticking to the Apple Support instructions they have, and doing basic diagnostics and battery troubleshooting even though I technically understand and can explain the issue to a CloudKit engineer.
We even proceeded to do a fresh install of macOS on a separate volume and took diagnostics before and after login in with my Apple ID. They were able to confirm that there is indeed a massive battery drain issue related to my account.
The case is still open but is currently leading nowhere, I'm just told to keep my devices updated...
How Apple can fix the issue:
Investigating the internal server error and fixing the record(s) or the CoreData entity that is throwing the problem
Implementing a client-side backoff policy for internal server errors coming from iCloud.
Quite trivially by reseting my com.apple.homekit.config container
Also worth mentioning:
I don’t use a VPN or any Proxy
I’m fine with losing all my HomeKit-related data on my iCloud account. At this point I just want the issue to disappear and to have useable battery life on all my devices. I’m giving my consent to the immediate and irrevocable deletion of all my past and present HomeKit-related data.
I was hoping for an update of SwiftData which adopted the use of shared and public CloudKit containers, in the same way it does for the private CloudKit container.
So firstly, a big request to any Apple devs reading, for this to be a thing!
Secondly, what would be a sensible way of adding a shared container in CloudKit to an existing app that is already using SwiftData?
Would it be possible to use the new DataStore method to manage CloudKit syncing with a public or shared container?
Hello, I’m upgrading my app from Core Data to SwiftData. Due to my old setup the Core Data store has an explicitly name like „Something.sqlite“, because it was defined via NSPersistentContainer(name: "Something") before switching to SwiftData.
Now my goal is to migrate the Core Data stack to SwiftData, while moving it to an App Group (for Widget support) as well as enable iCloud sync via CloudKit.
Working Migration without App Group & CloudKit
I’ve managed to get my migration running without migrating it to an App Group and CloudKit support like so:
@main
struct MyAppName: App {
let container: ModelContainer
init() {
// Legacy placement of the Core Data file.
let dataUrl = URL.applicationSupportDirectory.appending(path: "Something.sqlite")
do {
// Create SwiftData container with migration and custom URL pointing to legacy Core Data file
container = try ModelContainer(
for: Foo.self, Bar.self,
migrationPlan: MigrationPlan.self,
configurations: ModelConfiguration(url: dataUrl))
} catch {
fatalError("Failed to initialize model container.")
}
}
var body: some Scene {
WindowGroup {
ContentView()
}
.modelContainer(container)
}
}
How To Migrate to App Group & CloudKit?
I’ve already tried to use the ModelConfiguration with a name, but it seems to only look for a .store file and thus doesn’t copy over the Core Data contents.
let fullSchema = Schema([Foo.self, Bar.self])
let configuration = ModelConfiguration("Something", schema: fullSchema)
Can someone help me how to do this migration or point me into the right direction? I can’t find anything relating this kind of migration …
Hi, I've been working on an app that - so far - has only had to deal with offline data store.
The usage is fairly simple: the user picks their favourite tv shows and networks, and they get persisted with SwiftData with all the correct relationships.
Now, I would like to migrate the local storage of the users to a private CloudKit db, but every time I upgrade the app, the data seems to disappear completely.
This is the snippet evolved through the attempt of migrating the data:
Current Production code
public static func makeModelContainer() -> ModelContainer {
do {
let processRequiresInMemory = ProcessInfo.processInfo.arguments.contains("inMemoryDatabasePreferred")
let modelConfiguration = ModelConfiguration(
isStoredInMemoryOnly: processRequiresInMemory,
groupContainer: .automatic,
cloudKitDatabase: .none
)
let modelContainer = try ModelContainer(
for: Country.self,
Episode.self,
Movie.self,
Season.self,
Show.self,
Network.self,
NetworkSubscription.self,
migrationPlan: AppModelMigrationPlan.self,
configurations: modelConfiguration
)
return modelContainer
} catch {
fatalError("Could not initialize model container")
}
}
Testing CloudKit enabled
public static func makeModelContainer() -> ModelContainer {
do {
let processRequiresInMemory = ProcessInfo.processInfo.arguments.contains("inMemoryDatabasePreferred")
let modelConfiguration = ModelConfiguration(
"synced",
isStoredInMemoryOnly: processRequiresInMemory,
groupContainer: .automatic,
cloudKitDatabase: .automatic
)
let modelContainer = try ModelContainer(
for: Country.self,
Episode.self,
Movie.self,
Season.self,
Show.self,
Network.self,
NetworkSubscription.self,
migrationPlan: AppModelMigrationPlan.self,
configurations: modelConfiguration
)
return modelContainer
} catch {
fatalError("Could not initialize model container")
}
}
}
The differences, which I don't understand fully because I could not find documentation, are:
ModelContainer(...) -> ModelContainer("synced", ...)
cloudKitDatabase, from none to automatic.
I have the feeling that changing the name of the configuration also changes some reference to the db itself, but if I were not to change the name, the app would have crashed because unable to migrate.
What's the best approach to take here?
I'm attempting to save a CKQuerySubscription in production, in the public database, but I'm seeing the following error:
Failed to create CloudKit subscription for Encounter: <CKError 0x3038f66a0: "Invalid Arguments" (12/2006); server message = "attempting to create a subscription in a production container"; op = 093C69242BCC1B0A; uuid = D6E49665-6B8A-4F16-BBD8-B188A4E71F70; container ID = "iCloud.com...">
This is the query’s predicate: NSPredicate(format: "users CONTAINS %@", user.recordID), and the same subscription works perfectly fine in the development CloudKit environment. I have a queryable index on the users field in both environments. Also, I have saved a TRUEPREDICATE CKQuerySubscription in production, and that works perfectly. Does anyone know what I could be missing here?
sample code
let modelConfiguration = ModelConfiguration()
// 1. create mom
guard let mom = NSManagedObjectModel.makeManagedObjectModel(for: [Attachment.self]) else {
fatalError("====> makeManagedObjectModel error")
}
// 2. create description with config url and setting
let description = NSPersistentStoreDescription(url: modelConfiguration.url);
description.shouldAddStoreAsynchronously = false;
container = NSPersistentCloudKitContainer(name: "swiftDataCloudTest", managedObjectModel: mom);
container.persistentStoreDescriptions = [description]
// 3. get modelContainer
let modelContainer = try! ModelContainer(for: Attachment.self, configurations: self.modelConfiguration)
this code works fine on MacOS(14.4.1) and previous iOS 17.x.(iOS 17.2 is OK)
but on iOS 17.5, the app crashes with message
A Core Data error occurred." UserInfo={NSLocalizedFailureReason=Unable to find a configuration named 'default' in the specified managed object model
how can I fix these?
Recently I started getting emails from AppStoreConnect when I submit new builds The email states:
ITMS-90863: Macs with Apple silicon support issue - The app links with libraries that aren’t present in macOS: /usr/lib/swift/libswiftCloudKit.dylib
I can run this app on apple silicon from TestFlight or directly from Xcode and it runs just fine including all iCloud functions. This app has been using iCloud for several years now.
So my question is: Should I just ignore the email or do I need to change something to bring this app into compliance?
When query, no record returned:
but using fetch, can see the record, while in a strange status: "Record not found"
I am currently working on an app that utilizes SwiftData, and I am planning to integrate CloudKit. My current challenge involves managing a Day object that gets inserted when the date changes to track daily progress. Additionally, I want to prompt users to create a username during the app's onboarding process. I am concerned that this could lead to synchronization issues, such as duplicate entries for the same day or multiple user accounts being created. I assume blocking the app until everything is synced from CloudKit is not a practical solution. Does anyone have any recommendations on how to handle this?
Furthermore, I would like to implement a community feature where users can post content. I noticed that CloudKit offers a public database. Is this database suitable for such a feature, or would I need to develop a separate backend to support it?
I have a native SwiftUI Mac app which is based off my iOS app and includes Core Data with iCloud sync. As per my understanding, when a user makes a change on one of the devices a remote notification is sent to the others. I have a widget which displays information from Core Data and the remote notification makes the widget update its information on the next timeline refresh without the user having to open the app manually.
My question is, if an app is closed on macOS so it's not even running in the Dock, do remote notifications work? This page says "the delegate receives this message when the application is running and a remote notification arrives for it". Does that mean the app won't receive remote CloudKit notifications when closed on macOS?
Hello,
im trying to parse a JSON Request into a Swift Data Model. The specific bug happens with the nutriscore.
It works perfectly fine if I do my request and Decode or Encode the Model directly. But when im trying to add it to the Database the field is empty.
Somehow when im iterating through each product (my model) and console log it, it works. But only if there is one product in my database. sometimes when im adding another product, it somehow deletes(?) all nutriscores and the console log prints "nil" for all products. even for the product it worked before.
This right here is the way I insert into my database which should be perfectly fine. And the printing works also perfectly fine and it always displays the correct nutriscore
func dataScanner(_ dataScanner: DataScannerViewController, didAdd addedItems: [RecognizedItem], allItems: [RecognizedItem]) {
for item in addedItems {
if case let .barcode(barcode) = item {
performAPIRequest(with: barcode.payloadStringValue!) { result in
switch result {
case .success(let product):
...
var descriptor: FetchDescriptor<Product> {
var descriptor = FetchDescriptor<Product>(
predicate: #Predicate { $0.code == product.code }
)
descriptor.fetchLimit = 1
return descriptor
}
var products: [Product] = []
products = try! self.parent.context.fetch(descriptor)
print(product.nutriscore ?? "no nutri"); //WORKS PERFECTLY FINE!!
if let existingProduct = products.first {
existingProduct.amount! += 1
existingProduct.lastScannedAt = Date()
} else {
self.parent.context.insert(product)
}
self.processMeals()
case .failure(let error):
print("Error: \(error)")
}
}
}
}
}
This has to be a SwiftData Bug, or why doesn't it work
Is there any good framework that can ease process of syncing strings, structs, bools across devices using icloud.
Currently app doesn't use any cloud functionality.
Any help will be greatly appreciated.
Done this model:
@Model
public final class Category: Codable {
var nom: String = ""
@Relationship(deleteRule: .cascade, inverse: \Property.category)
var properties: [Property]?
}
How to create #predicate to search text in like…
let predicate = #Predicate<Category> { category in
searchText.isEmpty || category.nom.localizedStandardContains(searchText) ||
category.properties.contains {
$0.nom.localizedStandardContains(searchText)
}
}
without this error:
SQLCore dispatchRequest: exception handling request: <NSSQLCountRequestContext: 0x6000038dc620>, to-many key not allowed here with userInfo of (null)