I need to integrate BLE (Bluetooth Low Energy) functionality into an authorization plugin. Specifically, I want to use a beacon to send a notification to the user if the app is not running or has been killed. However, I’ve encountered a significant limitation: Core Bluetooth is not permitted to be used within authorization plugins, whereas the Multipeer Connectivity framework operates without issue which use WiFi. This has led me to a few questions: What are the fundamental differences in entitlements or restrictions between Core Bluetooth and the Multipeer Connectivity(WiFi) framework that could explain why Core Bluetooth is disallowed in authorization plugins? Are there specific technical or security concerns associated with Core Bluetooth that prevent its use in these contexts, while the Multipeer Connectivity framework is allowed? Given that Google’s Nearby Connections API can work within authorization plugins, could there be any similar approaches or best practices for implementing BLE functionality in scenarios involving authorization plugins? For reference, you can check Google’s Nearby Connections API here: Google Nearby Connections - https://developers.google.com/nearby/connections/swift/get-started Any insights or suggestions on how to overcome this limitation or alternative approaches to achieve the desired functionality would be greatly appreciated. Thank you in advance for your help!

I have applied for the app push provider permission in the Network Extension entitlement, but have not received a response yet. How long does it take to apply for authorization?

We have a sandboxed Final Cut Pro (FCP) workflow extension that needs to control FCP to export the current video project. When executing an AppleScript, we encounter the error: "System Events got an error: FCPExtension (Final Cut Pro) is not allowed assistive access." This occurs despite the container app having been granted automation and accessibility permissions by the user. What could be missing from the project to ensure the script runs without issues? AppleScript: shareDestination("Destination") on shareDestination(_dest) tell application "Final Cut Pro" activate end tell tell application "System Events" set frontmost of process "Final Cut Pro" to true tell process "Final Cut Pro" perform action "AXRaise" of (first window whose name contains "Final Cut Pro") click menu bar 1 tell menu bar 1 tell item 3 of menu bar items tell menu 1 tell menu item 12 tell menu 1 set menuItems to menu items whose title is (_dest & "…") if length of menuItems > 0 then set targetMenuItem to item 1 of menuItems if enabled of targetMenuItem then try click targetMenuItem on error errMsg number errNum error errMsg end try else error "Share destination is not enabled." & return & "Please try selecting an item in Final Cut Pro." end if else error "Share destination not found." end if end tell end tell end tell end tell end tell end tell end tell end shareDestination As soon as the script reaches set frontmost of process "Final Cut Pro" to true it launches the error.

We're developing an app for emergency forces for years now. The App is used by thousands of volunteer fire fighters and medical emergency response forces on a daily basis. We want to enable our app to be available in carplay too. The app offers details about an event the emergency staff gets alerted for and also offers routing to the location of the event. Does anybody know the prerequsities to get an app approved for being available and published for CarPlay? Regards Boxson

Hi, We made a MDM Capability request a few months ago and still haven't heard back. Is there a way to check what the status of the request is? Thanks, Dave

Hello, I'm doing some test and I dowload the sample from here https://developer.apple.com/documentation/networkextension/local_push_connectivity/receiving_voice_and_text_communications_on_a_local_network Everything works correctly and the phones are able to exchange messages without problems and the server sends pushes to the devices. Now I would like to modify the server so that, when it sends the push to the mobile device, it can change the sound or add other information as is possible when using APN. Now I would like to modify the server so that, when it sends the push to the mobile device, it can change the sound or add other information as is possible when using APN. Is there any way to send a payload like for APN? Thank's Omar

Hello everyone, I’m developing a VoIP-based application that supports both standard VoIP calls and Push-To-Talk (PTT) calls. The app does not use the unrestricted-voip entitlement since it’s not publicly documented or communicated as a standard by Apple. Previously, I handled PTT calls using CallKit after receiving PushKit notifications, but I’m now migrating PTT functionality to the PushToTalk Framework while keeping CallKit for standard VoIP calls. I’m facing a few challenges that I’d like help with: Handling Incoming Push-To-Talk Calls When the App Is Closed and the Device Is Locked I considered continuing to use PushKit notifications to alert users via CallKit and using CallKit until the user brings the app into the foreground, at which point I’d switch to the PushToTalk Framework. While this could technically work, the user experience is not ideal. Are there any recommended approaches for handling PTT calls in this state? Handling Incoming PTT Calls When the App Is in the Background According to Apple documentation, I cannot join a PTT session unless my app is in the foreground. However, in practical scenarios, we often receive incoming PTT calls while the app is in the background. What’s the best solution for this situation? It feels odd to show notifications or use CallKit until the app is foregrounded. Conflict Between Ongoing PushToTalk Call and Incoming Cellular Call Currently, if there’s an ongoing PushToTalk call using the PTT framework and a cellular call comes in, if I receive a PTT transmission and call requestBeginTransmission, the cellular call is ended. I can handle this within my app, but is this expected behavior? Is this the intended conflict management for concurrent PTT and cellular calls? Lastly, a broader question: when will the unrestricted-voip entitlement stop working? I’m contemplating using this entitlement to handle incoming PTT calls without CallKit, but I’m concerned about its longevity. Some apps have been using it for messaging and other features for over four years, and it’s still functional for them. Any guidance or insights on these points would be greatly appreciated! Thanks in advance!

I’m building an app extension for Final Cut Pro. It includes a main app that doesn't perform any actions, an extension that handles the code execution, and an export app responsible for uploading the exported file. To assist the user, I’ve added an upload button that triggers an AppleScript. This script exports the current project and then uploads it. The AppleScript simply selects the share option and the appropriate share destination. However, the issue arises when I click the upload button: the app asks the user to grant Automation permission, allowing it to control Final Cut Pro and System Events. After granting this permission, the script proceeds to the AppleScript, but an error occurs, stating: System Events got an error: APP is not allowed assistive access. Is there a permission I'm missing?

I am in the process of creating a multiplatform app with a shared code base using swiftUI for iOS and mac. This app has a widget extension target for both iOS and mac and a helper app for mac only. I am trying to share data and userdefaults between the main app and the widget extension for ios, and for the mac share data between the main app, widget extension and the helper app. I have setup an app group container to share data between all targets. However this is only working on iOS. The app group capability is not extended to macOS. I have been researching for weeks now and all the answers I can find are for if the macOS were a different target, which would entail me having the macos group container prefixed with my team identifier. With a multiplatform app, the main app simply won't let me prefix the group container with my team identifier. Which unfortunately xcode prevents me from doing for a multiplatform app. I have no idea of how to solve this issue and any help will be appreciated.

I have an Electron app built for macOS, and it was distributed via 'Developer ID' for years, it worked well and I was able to access the photos in the system Photos library. Surely I already have the 'NSPhotoLibraryUsageDescription' key in Info.plist. Recently we are trying to publish this app to Mac App Store, so I have to turn on the sandbox, after that the app starts giving XPC errors while accessing the Photos library. The errors look like: PHAuthorizationStatus: Authorized CoreData: XPC: sendMessage: failed #0 CoreData: XPC: Unable to sendMessage: to server ... CoreData: XPC: sendMessage: failed #7 CoreData: XPC: Unable to connect to server with options { NSPersistentHistoryTrackingKey = 1; NSXPCStoreServerEndpointFactory = "<PLXPCPhotoLibraryStoreEndpointFactory: 0x7fc67e8af370>"; skipModelCheck = 1; } CoreData: XPC: Unable to load metadata: Error Domain=NSCocoaErrorDomain Code=134060 "A Core Data error occurred." UserInfo={Problem=Unable to send to server; failed after 8 attempts.} CoreData: fault: Unable to create token NSXPCConnection. NSXPCStoreServerEndpointFactory 0x7fc67e8af370 -newEndpoint returned nil CoreData: error: Failed to create NSXPCConnection It seems the app could detect the current PHAuthorizationStatus which is Authorized, but it can't fetch the photos from the Photos library (using PhotoKit). I learned from here that I could look for errors from the sandboxd daemon, so I did that, here is what I saw: Sandbox: Picture Keeper(32625) deny(1) mach-lookup com.apple.photos.service Violation: deny(1) mach-lookup com.apple.photos.service Process: Picture Keeper [32625] Path: /Applications/Picture Keeper.app/Contents/MacOS/Picture Keeper Load Address: 0x103bd3000 Identifier: com.simplifieditproducts.picturekeepermas Version: 4575 (4.5.75) Code Type: x86_64 (Native) Parent Process: Picture Keeper [1] Responsible: /Applications/Picture Keeper.app/Contents/MacOS/Picture Keeper User ID: 501 Date/Time: 2024-08-26 16:16:14.645 EDT OS Version: macOS 14.5 (23F79) Release Type: User Report Version: 8 MetaData: {"process_path":["Users","Kevin","Projects","Electron","picturekeeper-electron","dist","picturekeeper","mas-dev","Picture Keeper.app","Contents","MacOS","Picture Keeper"],"apple-internal":false,"primary-filter":"global-name","policy-description":"Sandbox","flags":5,"platform-policy":false,"build":"macOS 14.5 (23F79)","process-path":"\/Applications\/Picture Keeper.app\/Contents\/MacOS\/Picture Keeper","responsible-process-path":"\/Applications\/Picture Keeper.app\/Contents\/MacOS\/Picture Keeper","primary-filter-value":"com.apple.photos.service","platform_binary":"no","responsible-process-signing-id":"com.simplifieditproducts.picturekeepermas","hardware":"Mac","target":"com.apple.photos.service","action":"deny","mach_namespace":1,"checker-pid":1,"container":"\/Users\/Kevin\/Library\/Containers\/com.simplifieditproducts.picturekeepermas\/Data","binary-in-trust-cache":false,"team-id":"LU744924UY","process":"Picture Keeper","global-name":"com.apple.photos.service","platform-binary":false,"pid":32625,"summary":"deny(1) mach-lookup com.apple.photos.service","checker":"launchd","responsible-process-team-id":"xxxxx","operation":"mach-lookup","normalized_target":["com.apple.photos.service"],"errno":1,"uid":501,"profile-flags":0,"profile-in-collection":false,"sandbox_checker":"launchd","signing-id":"com.simplifieditproducts.picturekeepermas","release-type":"User"} I believe I already have the necessary entitlements for the Photos library, see: codesign -d --entitlements - /Applications/Picture\ Keeper.app/Contents/MacOS/Picture\ Keeper [Dict] [Key] com.apple.application-identifier [Value] [String] xxxx.com.simplifieditproducts.picturekeepermas [Key] com.apple.developer.team-identifier [Value] [String] xxxx [Key] com.apple.security.app-sandbox [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] xxxx.com.simplifieditproducts.picturekeepermas [Key] com.apple.security.assets.movies.read-only [Value] [Bool] true [Key] com.apple.security.assets.music.read-only [Value] [Bool] true [Key] com.apple.security.assets.pictures.read-write [Value] [Bool] true [Key] com.apple.security.cs.allow-dyld-environment-variables [Value] [Bool] true [Key] com.apple.security.cs.allow-jit [Value] [Bool] true [Key] com.apple.security.cs.allow-unsigned-executable-memory [Value] [Bool] true [Key] com.apple.security.cs.disable-executable-page-protection [Value] [Bool] true [Key] com.apple.security.cs.disable-library-validation [Value] [Bool] true [Key] com.apple.security.device.usb [Value] [Bool] true [Key] com.apple.security.files.bookmarks.app-scope [Value] [Bool] true [Key] com.apple.security.files.bookmarks.document-scope [Value] [Bool] true [Key] com.apple.security.files.downloads.read-only [Value] [Bool] true [Key] com.apple.security.files.user-selected.read-write [Value] [Bool] true [Key] com.apple.security.network.client [Value] [Bool] true [Key] com.apple.security.network.server [Value] [Bool] true [Key] com.apple.security.personal-information.location [Value] [Bool] true [Key] com.apple.security.personal-information.photos-library [Value] [Bool] true By the way, the Photos library related code was built into a .node file (which is a dylib), and it will be loaded by the main executable during runtime. Anything I missed? Thank you!

I'm writing an app that uses on-device voice to text for recognising scientific terms. It works fine on my phone but now in beta my first tester cannot make it work. All the permission requests are working: p&s Mic and Speech Recognition are both now enabled on the target device where the user granted the app permission. Is there something else I'm missing? Incidentally, both my phone, the target phone and my XCode are fully up to date. Thanks.

We have a cross platform App available on Mac, iOS & soon tvOS. We are adding a new App Group to be used by this app. We also have a as yet unpublished future Mac Catalyst app that will need access to the App Group. The Apple docs suggest prefixing app groups on Mac with the team ID but not on other platforms. We would like to avoid prefixing with the team ID because: my understanding is that Mac Catalyst apps don't use the team ID and we would like to support that use case to communicate between our current cross platform app and the future catalyst app. Having a single code base but different group container IDs per platform means a bunch of extra conditional logic in the project we would rather avoid. So with that context our aim is to have an app group that is named consistently across platforms and meets sandboxing requirements for App Store distribution. However when developing using the non-team prefixed app group name on macOS Sequioa I see the following alert every time I launch the app. I have the App Group listed correctly in the entitlements file and if I change the app group name on macOS from group.com.example to (TEAMID).com.example then it works as expected so I think the rest of the setup is correct. Looking at the Sequoia Beta release notes it states: Specifically, the app must use FileManager to get the app group container path and meet one of the following requirements: the app is deployed through Mac App Store; the app group identifier is prefixed with the app’s Team ID; or the app group identifier is authorised by a provisioning profile embedded within the app. I am using Xcode managed signing and looking at the provisioning profiles I can see that the iOS one includes the app group but the macOS one does not. I assume that if I could somehow get the app group correctly add to the macOS provisioning profile then all would be good. But I am now stuck on how to get the app group added to the macOS provisioning profile. It seems whatever I try Xcode does not want to add it. Presumably this is because it expects you to instead use a team ID prefixed app group which would not need to be added. Is there any magic I can do to make this work with automatic signing? If not then how would I go about setting it up manually and is that the best solution?

Dear Apple Developer Support Team, We are seeking a solution that would allow us to include the CarPlay entitlement while distributing our app using an enterprise profile. Could you please provide guidance on how we might achieve this? Are there any alternative approaches or considerations that could help us navigate this limitation? Your expertise and advice would be greatly appreciated as we work to ensure our app meets the needs of our users while complying with Apple’s guidelines. Thank you for your time and support.

I'm trying to install from Xcode (15.4) to my physical device but I get the following error: Failed to install embedded profile for : 0xe800801f (Attempted to install a Beta profile without the proper entitlement.) The project was successfully building previously, but after encountering an issue while implementing Infobip (a 3rd party library for push notifications) where we weren't getting notifications sent from the Infobip dashboard, we had to change Provisioning Profile to one with a production setup for the aps-environment (given that the suggestion from the Infobip support team was to ensure that the provisioning profile and environment match). Note that it was development before. After downloading the new Provisioning Profile onto Xcode, the project fails to build now with the error mentioned above. I don't know what to do now, and I'm stuck.

Hi! I develop my own NFC reader as a sole proprietor. I would like to get the Apple VAS and Apple Access Pass certificates for my reader. How can I do that? Should I apply for Apple’s MFi program or it’s just for bigger organizations/companies? Are there any way? Thank you! Daniel

Hi, I'm trying to get a smart card reader to run with Xcode. I set up the com.apple.security.smartcard entitlement in the .entitlements file and added it in Bild Settings -> Code Signing Entitlements. But when I run: codesign -d --entitlements - Path/to/App, nothing smart card related shows up. Also the TKSmartCardSlotManager.default isn't nil, but .slotNames are. Do I have to install some drivers manually? Please help.

One of my apps, Default Folder X, is an unconventional user of screen recording (and now ScreenCaptureKit). Part of its functionality is to add navigation controls to the Open and Save dialogs of other applications. It does this via the Accessibility API, and because of the limitations of that API, it sometimes has to actually pop up a menu in the target app's file dialog. To hide this from the user, it takes a screenshot of the Open or Save dialog and displays it in front of the dialog as a façade while it does its menu manipulation. Here's an example without the use of a captured image: https://www.stclairsoft.com/blog/wp-content/uploads/2024/08/EmptyFolderBehindTheCurtain.mov And an example with the façade: https://www.stclairsoft.com/blog/wp-content/uploads/2024/08/EmptyFolderWithScreenshot.mov This use case prevents me from using SCContentSharingPicker, as it's not a user-driven screen capture. Moreover, Sequoia b5's weekly screen recording reminders are popping up while the user is interacting with an Open or Save dialog, severely impacting his / her workflow. It appears that the Persistent Content Capture entitlement may prevent Sequoia from putting up the weekly warnings, though there's no documentation of the entitlement other than it being listed here: https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_persistent-content-capture. So my questions: Is that what the Persistent Content Capture entitlement does? Where is the form to request this entitlement? Without the entitlement, I can't see continuing the use of screen captures. And eliminating that will compromise the UI in my app in the way I've described above. It will also make Default Folder X unable to tailor its UI to match the Open and Save dialogs of the app it's enhancing (there's no API for it to use to get the light / dark mode of the window of another app, so it currently captures an image of the target file dialog to determine its UI mode). Thanks - Jon

I’m seeing an error message when trying to upload/validate my Archive. “Provisioning Profile failed qualification. ”
Profile Doesn’t match the entitlement’s file’s value for com.app.developer.networking.entitlement.

 My app uses Local Push Connectivity (NEAppPushProvider) and requires the App Push Provider entitlement. My profiles are set to include the Local Push Connectivity entitlement instead of Default. I don’t (cant’t?) automatically manage signing because of this. My provisioning profiles are set to use the Local Push Connectivity entitlement instead of default. 

 My entitlement files for each target have 
com.apple.developer.networking.networkextension app-push-provider This is my first upload since upgrading Xcode to 15. And My first upload since I updated my profiles. This was working for years, but I think either I rebuilt my profile wrong or something has changed on Apple’s end ( Xcode, reqs etc). I’ve double/triple checked everything and rebuilt my profiles over. I’m stuck.

Every topic I can find online about this entitlement error suggests I don't have the correct entitlements on. I do in fact have the correct entitlements enabled, but xcode doesn't seem to recognize them. dev@dev-MacBook-Pro Debug-appletvos % codesign -d --entitlements - ProductName.app Executable=/Users/dev/Library/Developer/Xcode/DerivedData/ProductName-cmaicvialhhqtnbvmwehlympuxua/Build/Products/Debug-appletvos/ProductName.app/ProductName [Dict] [Key] application-identifier [Value] [String] <teamID>.Company.ProductName [Key] com.apple.developer.associated-domains [Value] [Array] [String] webcredentials:<api_url> [Key] com.apple.developer.team-identifier [Value] [String] <teamID> [Key] com.apple.developer.user-management [Value] [Array] [String] get-current-user [Key] com.apple.developer.weatherkit [Value] [Bool] true [Key] com.apple.security.application-groups [Value] [Array] [String] group.Company.ProductName [Key] get-task-allow [Value] [Bool] true [Key] keychain-access-groups [Value] [Array] [String] <teamID>.com.Company.ProductName [String] <teamID>.Company.ProductName OSStatus error:[-34018] Internal error when a required entitlement isn't present, client has neither application-identifier nor keychain-access-groups entitlements. I am unsure about the application-identifier part, as this isn't even an option in the entitlements, and keychain sharing was already turned on. These errors stop my app from launching. A few days ago this wasn't an issue. Now after launching xcode again this suddenly becomes an issue out of nowhere. Platform: tvOS simulator runtime and Apple TV 4k (3rd generation) Target version: 18.0 Development Hardware: macbook pro m2 max Development Software: macos Sonoma 14.5

I am working on mac app development which will be distributed outside the App Store. I added the network extension capability to my project and created a bundle id and provisioning profile with the same feature. When I configured the provisioning profile using Xcode (manual signing), it was configured fine. But when I added the packet tunnel capability to my network extension, it started giving me an error. I have created a Developer ID Application Certificate and use it when creating a provisioning profile. I have followed steps mentioned here for doing same: Distribute outside the Mac App Store (macOS), Network Extensions Entitlement Is this any Xcode bug or am I missing something? Please check screenshot below for error.