I am developing an app that can help users disable selected apps at a specified time, so that users can get away from their phones and enjoy real life. Here is my data structure: extension ActivityModel { @NSManaged public var id: UUID @NSManaged public var name: String @NSManaged public var weeks: Data @NSManaged public var weekDates: Data @NSManaged public var appTokens: Data } Among them, weeks is of [Bool] type, indicating which weeks from Sunday to Saturday are effective; weekDates is of [[Date,Date]] type, indicating the effective time period; appTokens is of Set type, indicating the selected apps。 At the beginning, I will open a main monitor: let deviceActivityCenter = DeviceActivityCenter() do{ try deviceActivityCenter.startMonitoring( DeviceActivityName(activityModel.id), during: DeviceActivitySchedule( intervalStart: DateComponents(hour: 0,minute: 0,second: 0), intervalEnd: DateComponents(hour: 23,minute: 59,second: 59), repeats: true ) ) }catch { return false } Since the time range may be different every day, I will start the sub-monitoring of the day every time the main monitoring starts： override func intervalDidStart(for activity: DeviceActivityName) { super.intervalDidStart(for: activity) if activity.rawValue.hasPrefix("Sub-") { ActivityModelManager.disableApps( Tools.getUUIDFromString(activity.rawValue) ) return } let weekIndex = Calendar.current.component(.weekday, from: .now) let weeks = ActivityModelManager.getWeeks(activity.rawValue) if weeks[weekIndex] { let weekDates = ActivityModelManager.getWeekDates(activity.rawValue) let deviceActivityCenter = DeviceActivityCenter() do{ try deviceActivityCenter.startMonitoring( DeviceActivityName("Sub-" + activityModel.id), during: DeviceActivitySchedule( intervalStart: getHourAndMinute(weekDates[weekIndex][0]), intervalEnd: getHourAndMinute(weekDates[weekIndex][1]), repeats: false ) ) }catch { return } }esle { return } } I will judge whether it is main monitoring or sub monitoring based on the different activity names. When the sub-monitor starts, I will get the bound application and then disable it: static func disableApps(_ id : UUID){ let appTokens = ActivityModelManager.getLimitAppById(id) let name = ManagedSettingsStore.Name(id.uuidString) let store = ManagedSettingsStore(named: name) store.shield.applications = appTokens return } When the child monitoring is finished, I resume the application: static func enableApps(_ id : UUID){ let name = ManagedSettingsStore.Name(id.uuidString) let store = ManagedSettingsStore(named: name) store.shield.applications = [] } The above is my code logic. When using DeviceActivityMonitorExtension, I found the following problems: intervalDidStart may be called multiple times, resulting in several sub-monitors being started. After a period of time, the monitoring is turned off. The static methods enableApps and disableApps are sometimes not called

Received entitlement access from Apple yesterday, but I'm getting this error when trying to check app authorization: FinanceKit/FinanceStore+FinancialDataAuthorization.swift:27: Fatal error: Process is not entitled Code of interest: import Foundation import FinanceKit @MainActor class FinanceService: ObservableObject { private let store = FinanceStore.shared @Published private(set) var authorizationStatus: AuthorizationStatus = .notDetermined @Published private(set) var accounts: [Account] = [] @Published private(set) var transactions: [Transaction] = [] @Published private(set) var balances: [AccountBalance] = [] @Published private(set) var wallet: Wallet = Wallet() // Authorization func requestAuthorization() async { do { authorizationStatus = try await store.requestAuthorization() } catch { // If there's an error requesting authorization, set to denied authorizationStatus = .denied print("Error requesting authorization: \(error)") } } func checkAuthorizationStatus() async { do { print("Checking authorization status") authorizationStatus = try await store.authorizationStatus() print("Authorization status: \(authorizationStatus)") } catch { // If there's an error checking status, assume not determined authorizationStatus = .notDetermined print("Error checking authorization status: \(error)") } } } What I've done/checked: Info.plist is set properly, with NSFinancialDataDescription AND NSFinanancialDataUsageDescription both set In my entitlements, key com.apple.developer.financekit is set to financial-data I have am targeting an actual device (min. 17.6) I've followed the instructions here: [https://developer.apple.com/forums/thread/757973] to no avail. Any ideas?

Hello! I'm suddenly having some difficulty debugging a Flutter-based app. When I run an app from VS Code, it launches Xcode and builds & installs the app on an iPhone running 18.1. However, once the app is installed on the phone, it disappears and in Xcode, a dialog appears with: Failed to install embedded profile for : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.) However, when I look at the provisioning profile being used, it seems to have the correct entitlement: I've also tried enabling automatic signing (instead of the current manual signing using match), as well as generating an adhoc profile and re-adding the device UDID in developers.apple.com. None of these have worked. This issue appeared within the past day or so and was working fine yesterday with no code changes, so I've been stumped. All my certs are relatively new and were issued within the past few months. I've tried regenerating the provisioning profiles using match, but this gives the same thing. What's odd is that I can run the build and upload to testflight, then download and install the app just fine through there. But this obviously makes debugging an issue.

Hello everyone, I’ve been working on ways to implement stricter accountability systems for personal use, especially to prevent access to NSFW content in apps like Reddit and Twitter. The main challenge is that iOS sandboxing and privacy policies block apps from monitoring or interacting with other apps on the system. While Apple’s focus on privacy is important, there’s a clear need for an opt-in exception for accountability tools. These tools could be allowed enhanced permissions under stricter oversight to help users maintain accountability and integrity without compromising safety. Here are a few ideas I’ve been thinking about: 1. Vetted Apps with Enhanced Permissions: Allow trusted applications to bypass sandbox restrictions with user consent and close monitoring by Apple. 2. Improved Parental Controls: Add options to send notifications to moderators (like accountability partners) when restrictions are bypassed or disabled. 3. Custom Keyboard or API Access: Provide a framework for limited system-wide text monitoring for specific use cases, again with user consent. If anyone has ideas for how to address this within current policies—or suggestions for advocating for more flexibility—I’d appreciate the input. I’m curious how others have handled similar challenges or if there are better approaches I haven’t considered.

Quinn, in your post "App Groups: macOS vs iOS: Fight!", you mention that an app must meet at least one of four criteria to access an app group container without user intervention: Your app is deployed via the Mac App Store (A). Or via TestFlight when running on macOS 15.1 or later (B). Or the app group ID starts with your app’s Team ID (C). Or your app’s claim to the app group is authorised by a provisioning profile embedded in the app (D) [1]. Our app is distributed directly (Developer ID), so it doesn't meet the first two criteria. We already had the app group ID set up to match the iOS ID (without our Team ID) and changing it now would affect our users already-stored data, so criteria C isn't really an option either. That brings us to criteria D. We've added the App Groups Capability to our App ID on the Developer site and creating a Developer ID provisioning profile with this App ID. However, for some reason the App Group Capability is not included in the provisioning profile. How then do we go about satisfying criteria D ("your app’s claim to the app group is authorised by a provisioning profile embedded in the app (D)")? If this is impossible, how can we migrate our user's data away from the affected container?

Invalid entitlement for core nfc framework. The sdk version '18.2' and min OS version '14.0' are not compatible for the entitlement 'com.apple.developer.nfc.readersession.formats' because 'NDEF is disallowed'. Anyone knows what is the correct configuration SDK version and minimum iOS deployment target for NFC that has NDEF format?

I am working on a MacOS application in which I need System Extension along with some network extension capabilities. In order to distribute the app externally, I have to create a Developer ID application (provisioning profile) using the App ID that already has Network extension capability. I have followed this documentation to create the App ID and provisioning profiles: https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.developer.networking.networkextension?language=objc What I have: 2 App IDs (For app with network and system extension capability and for extension with only network extension capability) *2 Developer ID application (For both App and Extension) My App's entitlement file contains: <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>packet-tunnel-provider</string> </array> My system extension's entitlement file contains: <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>dns-proxy</string> </array> Both the targets now have the following error: Provisioning profile "StandaloneCSAExtension" doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement. Note: Instead of Developer ID application if I create a normal development provisioning profile with the same App ID, everything works perfectly fine, the only reason why we need to move to Developer ID application is because we need to distribute the app externally. Please help me if I have missed anything. Thanks in advance!

We have recently begun testing in our production environment and have been unable to push provision any cards, receiving a 500 error: default 11:15:59.136742-0300 PassbookUIService Response: https://pr-pod9-smp-device.apple.com:443/broker/v4/devices/SEID_NUMBER/cards 500 Time profile: 0.486102 seconds { x-conversation-id = "52463d9f488e428f829633a1518ea72d" Vary = "accept-language" Content-Type = "application/json" x-pod = "pr-pod9" x-keystone-correlationid = "058F11DE-839F-47AC-A623-741BF32CEA80" Date = "Thu, 16 Jan 2025 14:15:58 GMT" x-apay-service-response-details = "via_upstream" Content-Length = "81" x-envoy-upstream-service-time = "172" x-pod-region = "paymentpass.com.apple" } { statusCode = 500; statusMessage = "Broker Service Response exception"; } In 05/2024 we received an e-mail from applepayentitlementsapple.com confirming the granting of in-app provisioning entitlements for our production apps. We've already sent a feedback on Feedback Assistant. Here is the code to track: FB16344669. Also, we sent another e-mail to applepayentitlementsapple.com, Case-ID: 11317916, but we haven't received a reply yet. Can you help us? We are concerned, since our pre-certification starts on January 27th. Thanks in advance.

I have an in house application that I develop for my company. The application requires our corporate MDM profile is installed on the phone. I recently got a new phone and our corporate IT team installed the MDM profile and the Comp Portal application for me to manage our corporate applications. I installed the application through the Comp Portal. It crashes right away when I launch the application and I see this error message in the Console when connected to the phone: "SpringBoard Snapshot generation request for bundleID: com.mycompany.mygroup.appName rejected due to the app being denylisted." I see other errors from runningboardd about failing to spawn the job and SpringBoard Bootstrapping failed for &lt;FBApplicationProcess: 0x510affd80; app&lt;com.mycompany.mygroup.appName&gt;:&gt; with error: &lt;NSError: 0x301e60090; domain: RBSRequestErrorDomain; code: 5; "Launch failed."&gt; I can launch a development version of the application with no problem by connecting the USB cable from my machine to my device and running through XCode. Other people have no problems launching the application. I compared all the certificates in the management profile with another device where the application does not crash and there are identical. We checked a number of settings on the devices to see if there could be something preventing the application from running but found nothing. We reset all settings and deleted and reinstalled the application with rebooting to see if perhaps it was an incomplete installation. Our IT folks want to wipe the phone and start over but I have little confidence that will fix the issue since we don't know the root cause. I am concerned that one of my Stakeholders might have the same issue if they get a new device. This application worked fine on my old phone. Device: iPhone 16 Pro Max iOS version: 18.2.1 Any ideas on next steps to troubleshoot this issue? How can I figure out the cause of the denylisting?

Hello, I’m developing a sandboxed macOS app using Qt, which will be distributed via the Mac App Store. The app: Monitors the clipboard to store copied items. Overrides the paste function of the operating system via keyboard shortcuts. Modifies clipboard content, replacing what the user pastes with stored data. So, I have some questions: Can a sandboxed app continuously read and modify clipboard content? What entitlements are required? What permissions should I request from the user to ensure that my app works? Any guidance would be greatly appreciated! Thanks in advance! Beril Bayram

I'm building an app that uses the Screen Time API and DeviceActivityMonitoring Framework. It works when I run the simulator build on iPhone 16 but when I try to launch it on my own iPhone, I get these errors. Provisioning profile "iOS Team Provisioning Profile: Kanso- Digital-Wellness.Kanso-v2" doesn't include the com.apple.developer.device-activity.monitoring entitlement. KansoMonitorExtension 1 issue x Provisioning profile "iOS Team Provisioning Profile: Kanso-Digital-Wellness.Kanso-v2.KansoMonitorExtension" doesn't include the com.apple.developer.device-activity.monitoring en... Read something online that said a reboot would fix this, but I tried and no luck. Any ideas? I'm not very technical, so would pay someone to fix this for me :)

It's been two weeks since I submitted the MDM capability request form as our app requires an MDM to activate the DNS Proxy component. There's been zero emails about it, and I can't find anywhere to check the status on it. Does anyone have experience regarding the "MDM capability" request or is anyone from Apple able to provide some insight into what is expected?

I’m trying to fix an issue with a pipeline that automatically distributes an app to the App Store (TestFlight). Unfortunately, universal links don’t work because the .entitlements file in the build doesn’t include the specified associated domains, even though they are defined. I’ve double-checked the certificates, provisioning profiles, and Xcode settings — everything seems correct. Therefore, I assume the issue lies in the build commands, which are as follows: Create Archive xcodebuild -workspace ios/ClientDomain.xcworkspace -scheme ClientDomain archive -sdk iphoneos -configuration ClientDomain -archivePath ios/ClientDomain.xcarchive CODE_SIGN_STYLE=Manual CODE_SIGN_IDENTITY="Apple Distribution: Company Name (XXXXXXXXXX)" PROVISIONING_PROFILE=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx CODE_SIGNING_ALLOWED=No Export Archive xcodebuild -exportArchive -archivePath ios/ClientDomain.xcarchive -exportPath ios -exportOptionsPlist ios/exportOptions.plist I also want to provide files I use, in order to make sure I don't have any mistakes: ClientDomain.entitlements &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;com.apple.developer.associated-domains&lt;/key&gt; &lt;array&gt; &lt;string&gt;applinks:www.site.com&lt;/string&gt; &lt;string&gt;webcredentials:www.site.com&lt;/string&gt; &lt;/array&gt; &lt;/dict&gt; &lt;/plist&gt; exportOptions.plist &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;destination&lt;/key&gt; &lt;string&gt;export&lt;/string&gt; &lt;key&gt;generateAppStoreInformation&lt;/key&gt; &lt;false/&gt; &lt;key&gt;manageAppVersionAndBuildNumber&lt;/key&gt; &lt;true/&gt; &lt;key&gt;method&lt;/key&gt; &lt;string&gt;app-store-connect&lt;/string&gt; &lt;key&gt;provisioningProfiles&lt;/key&gt; &lt;dict&gt; &lt;key&gt;com.bundle.app&lt;/key&gt; &lt;string&gt;xxxxx-xxxxx-xxxxx-xxxxx-xxxxx&lt;/string&gt; &lt;/dict&gt; &lt;key&gt;signingCertificate&lt;/key&gt; &lt;string&gt;Apple Distribution: Company Name (XXXXXXXXXX)&lt;/string&gt; &lt;key&gt;signingStyle&lt;/key&gt; &lt;string&gt;manual&lt;/string&gt; &lt;key&gt;stripSwiftSymbols&lt;/key&gt; &lt;true/&gt; &lt;key&gt;teamID&lt;/key&gt; &lt;string&gt;XXXXXXXXXX&lt;/string&gt; &lt;key&gt;testFlightInternalTestingOnly&lt;/key&gt; &lt;false/&gt; &lt;key&gt;uploadSymbols&lt;/key&gt; &lt;true/&gt; &lt;/dict&gt; &lt;/plist&gt; I'm curious, how people usually distribute their apps to App Store. What if I do something wrong?

We found that when we only set one App Category and one Traffic Category in Xcode entitlements, the built application will contain all App Categories and Traffic Categories in the embedded.mobileprovision file, is it expected? Entitlements file: &lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt; &lt;plist version="1.0"&gt; &lt;dict&gt; &lt;key&gt;com.apple.developer.networking.slicing.appcategory&lt;/key&gt; &lt;array&gt; &lt;string&gt;streaming-9001&lt;/string&gt; &lt;/array&gt; &lt;key&gt;com.apple.developer.networking.slicing.trafficcategory&lt;/key&gt; &lt;array&gt; &lt;string&gt;avstreaming-7&lt;/string&gt; &lt;/array&gt; &lt;/dict&gt; &lt;/plist&gt; embedded.mobileprovision: &lt;key&gt;Entitlements&lt;/key&gt; &lt;dict&gt; &lt;key&gt;com.apple.developer.networking.slicing.appcategory&lt;/key&gt; &lt;array&gt; &lt;string&gt;communication-9000&lt;/string&gt; &lt;string&gt;games-6014&lt;/string&gt; &lt;string&gt;streaming-9001&lt;/string&gt; &lt;/array&gt; &lt;key&gt;com.apple.developer.networking.slicing.trafficcategory&lt;/key&gt; &lt;array&gt; &lt;string&gt;defaultslice-1&lt;/string&gt; &lt;string&gt;video-2&lt;/string&gt; &lt;string&gt;background-3&lt;/string&gt; &lt;string&gt;voice-4&lt;/string&gt; &lt;string&gt;callsignaling-5&lt;/string&gt; &lt;string&gt;responsivedata-6&lt;/string&gt; &lt;string&gt;avstreaming-7&lt;/string&gt; &lt;string&gt;responsiveav-8&lt;/string&gt; &lt;/array&gt;

Hey, For some reason I see crashes for my iOS app related to CloudKit entitlements. The crash happens on start up and it says: "CKException - Application has malformed entitlements. Found value "*" for entitlement com.apple.developer.icloud-services, expected an array of strings" I have checked my entitlements of the same build on App Store Connect and it shows "com.apple.developer.icloud-services: ( "CloudKit" )" So I am not sure why users are having this issue. I haven't been able to reproduce it. Does anyone have any idea why this is happening? Thanks

Hello, I am trying to distribute an app that is using the Enterprise entitlements for Vision OS. It is failing to upload to Test Flight because it says I have not the entitlements for the provisioning. This does not happen when deployed directly from Xcode. I can deploy to the headset and ha Is there anything I can do about it ? Part of the log below: 2025-01-10 17:02:06 +0000 Provisioning profile "iOS Team Store Provisioning Profile: com.appmr2.3d-Playbook" failed qualification checks: Profile doesn't support Main Camera Access and Passthrough in Screen Capture. Profile doesn't include the com.apple.developer.arkit.main-camera-access.allow and com.apple.developer.screen-capture.include-passthrough entitlements. 2025-01-10 17:02:06 +0000 2025-01-10 17:02:06 +0000 IDEProvisioningRepair(3d-Playbook.app): 2025-01-10 17:02:06 +0000 IDEProvisioningRepair(3d-Playbook.app): Using account <DVTAppleIDBasedDeveloperAccount: 0x600003cba400; username=''> for repair Thanks, Andres

I have the same problem as this question: https://developer.apple.com/forums/thread/757605 "That indicates you’re using a unique App ID prefix. This is a legacy feature that’s not supported on macOS." Mine is a macOS App distributed in 2021, that now needs an update. It has always been under Xcode automatically managed signing with a Team. (Still have the project files from 2021: automatic) Now validating a new version gives me that error : Invalid Provisioning Profile. The provisioning profile included in the bundle com.*** [***.pkg/Payload/***.app] is invalid. [Invalid 'com.apple.application-identifier' entitlement value.] For more information, visit the macOS Developer Portal. (ID: ***) And even re-validating the old archive from 2021 gives me this error. I have looked at my Apple Id's on "Certificates, Identifiers & Profiles", and I can indeed see that this app has an "App ID Prefix" that is not my Team, but something I don't recognise. I can not make a new App ID Configuration for the bundle id I have been using: "An App ID with Identifier 'com..appname' is not available. Please enter a different string." Removing the existing App ID Config does not work either: The App ID '.com..' appears to be in use by the App Store, so it can not be removed at this time. So, I'm a bit stuck. (Help!)

hey everyone.!! In one of my macOS projects I am trying to fetch the files and folders available on "Desktop" and "Document" folder and trying to showing it on collection view inside the my project, but when I try to fetch the files and folder of desktop and document, I am not able to fetch it. But if i try it by setting the entitlements False, I am able to fetch it. If any have face the similar issue, or have an alternative it please suggest. NOTE:- I have tried implementing it using NSOpenPanel and it works, but it lowers the user experience.

I've made an MacOS app with Unity Cloud Build and I want to sign and distribute it using App Store Connect. I download the compiled .app file and use codesign to sign all the appropriate files. I also use an entitlements file when I sign the runtime binary. I used the command codesign -d --entitlements on the resulting .app file to confirm that com.apple.security.app-sandbox is set to true, which it is. But when I use productbuild to create the .pkg file and upload it using Transporter, I get an e-mail from App Store Connect saying that "ITMS-90296: App sandbox not enabled" I don't know how to further debug this... Does anyone have any pointers on how to fix this? Note: it has to be doable either via the Unity Editor, Unity Build Cloud or the MacOS CLI... Codesign showing that app-sandbox is enabled: The error from App Store Connect:

I've got a Flutter app that is a “reader” app. The External Link Account Entitlement has already been requested and granted. It is already added as an Additional Capability to the App ID. The com.apple.developer.storekit.external-link.account entitlement is already present in the .entitlements file. Also SKExternalLinkAccount key is added to the Info.plist file with the correct URL. ExternalLinkAccount.open() is invoked via a MethodChannel call handler and things work perfectly in debug mode. The modal appears as expected and opens the link in the external browser. Xcode archive is also sucessful and the entitlement seems to be in place when inspecting the app with: codesign -d --entitlements :- ./path/to/app But when trying to distribute the app via Xcode the entitlement disappears. Other entitlements are not affected by this issue, eg.: com.apple.developer.associated-domains for universal links. This happens with automatically managed singing and a manually selected provisioning profile as well. When inspecting the latter in Xcode the necessary capability and entitlement is included. But when distributing to App Store Connect the entitlement disappears with both recommended and custom settings. I ran flutter clean mulitple times. What am I missing here?