I have a renewing monthly subscription in my app and recently added upgrade possibilities to yearly and 6 month subscriptions. Those new subscriptions were reviewed, approved and published to App Store. I'm showing a modal for users in the app from where they can upgrade their subscription. Upgrading was tested with real devices on Sandbox and TestFlight. There has been successful purchases through the in app modal in production app, and directly upgrading from App Store. However, for some users there seems to happen a failed transaction with paymentCancelled error code during the upgrade. The IAP is still successful, their subscription is upgraded and they haven't voluntarily canceled the IAP. The localized description of the error is "Toimintoa ei voitu suorittaa. (Virhe 2 kohteessa SKErrorDomain.)" which translates to "The operation could not be completed. (Error 2 in SKErrorDomain.)" These users have various iPhones (iPhone 12 Pro, iPhone 14 Pro, iPhone 15 Pro, iPhone 16 Pro) with up to date iOS versions (>= 18.3.1). I'm receiving DID_CHANGE_RENEWAL_PREF (UPGRADE) server notification of these purchases on my server. I haven't been able to reproduce this error myself. Any ideas why StoreKit might fail the transaction with paymentCancelled error but still successfully upgrade the subscription?

When my app launches, it makes maybe 9 or so network requests to load initial data. It also reads some data from disc. Sporadically, I'm seeing an issue where some of the network requests succeed, but anything involving reading from disc does not load immediately. I'm able to move around in the app, tap buttons, swap tabs, swipe pages, so my main actor isn't stuck. Other data that don't involve disc reading / writing is also blank. About 2 minutes in, suddenly everything loads (both stuff from disc and stuff from the network), nearly instantly, the way it should have done when the app launched. Server logs show more initial network requests succeed than we can see data loaded in the app, and then about 2 minutes later, there's a flood of the rest of the requests which then succeed. The responses to some of these initial network requests cause us to make other network requests, and the sever sees some of those start right away. However, other consequences of these first requests are to touch the disc (to search for manually-cached data), and anything that is supposed to happen after that does not succeed until the 2 minute mark. But what bothers me is some things in the app which don't touch the disc also seem to have successful network requests. I'm seeing it on an iPhone 14Pro running iOS 18.2.1, with 607 GB of disc space available. When I take screenshots of the loading screens in my app during the apparent freeze, the clock in the screenshots are right - they reflect the clock at the moment I took the screenshot, but the EXIF data in all dozen or so images shows the exact second 2 minutes later when the server gets the resulting flood of network requests. Screenshots taken after the freeze is over have exif timestamps that match the screenshots, as short as 5 seconds after the freeze ends. The screenshot file names, though sequential, are out of order. for instance, some screenshots from 12:58 have file names numbered after screenshots taken at 12:59. but not all are out of order. This seems like disc contention has spread outside the app, and is impacting the system writing the images to disc. How do I diagnose a cause for this? How does disc contention affect the networking? I have caching turned off for my network requests. We only have a manual image cache, but I don't know how that would stall the display of data that should fetch and display without attempting to hit the image cache. This happens maybe a couple of times a day for some people, maybe once every couple of weeks for others, but of course, it never when we're trying to debug it.

We have a checkout page on which clients can configure the providers we've integrated with for each currency. One such provider is Stripe, with which we have already integrated ApplePay and host a merchant domain association file. Now, we're getting requests to support ApplePay with other providers. The issue is that we can't tell Apple to use a different path to domain association file for domain verification. And, replacing the existing domain association file seems like a hack, since I believe it's needed for domain re-verification. We're thinking of using subdomains for serving the domain association files for different providers. But, we have some questions on how ApplePay domain verification works to understand how we can solve our problem. Firstly, can we use subdomains for individual domain verification? If we already have example.com verified with Stripe, can we serve the domain association file for the other provider with provider.example.com and have the verification work? Secondly, let's say our domain is example.com, and we can use provider.example.com to serve the domain association file and verify the domain. Then on example.com/checkout, will using an iframe with provider.example.com/applepay to host the ApplePay button work? This thread suggests otherwise, but we want to confirm. Lastly, is the only way to make an ApplePay payment for provider.example.com to use that subdomain? So redirecting to provider.example.com/applepay would work? Thanks for your help!

My client is using iCloud Mail with his custom domain and he communicated with many govt organizations which seem to all be using Barracuda Email Protection for their spam prevention. I have properly configured his SPF, DKIM & DMARC DNS records however his emails were still being rejected. (Email header below) I contacted Barracuda support with the email header and they replied saying that the emails were rejected becuase Apple Mail has missing PTR records. I have sent dozens of emails for testing and looking at all their headers I can see (ms-asmtp-me-k8s.p00.prod.me.com [17.57.154.37]) which does not have a PTR record. ----FULL EMAIL HEADER WITH 3RD PARTY DOMAINS REMOVED----- <recipient_email_address>: host d329469a.ess.barracudanetworks.com[209.222.82.255] said: 550 permanent failure for one or more recipients (recipient_email_address:blocked) (in reply to end of DATA command) Reporting-MTA: dns; p00-icloudmta-asmtp-us-west-3a-100-percent-10.p00-icloudmta-asmtp-vip.icloud-mail-production.svc.kube.us-west-3a.k8s.cloud.apple.com X-Postfix-Queue-ID: 8979C18013F8 X-Postfix-Sender: rfc822; sender_email_address Arrival-Date: Thu, 20 Mar 2025 12:30:05 +0000 (UTC) Final-Recipient: rfc822; @****** Original-Recipient: rfc822;recipient_email_address Action: failed Status: 5.0.0 Remote-MTA: dns; d329469a.ess.barracudanetworks.com Diagnostic-Code: smtp; 550 permanent failure for one or more recipients (recipient_email_address:blocked) Return-Path: <sender_email_address> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sender_domain; s=sig1; bh=CyUt/U7mIHwXB5OQctPjRH/OxLH7GsLR54JjGuRkj9Y=; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:To:x-icloud-hme; b=hwEbggsctiCRlMlEgovBTjB/0sPRCb2k+1wzHRZ2dZNrZdOqvFSNWU+Aki9Bl8nfv eEOoXz5qWxO2b2rEBl08lmRQ3hCyroayIn4keBRrgkxL1uu4zMTaDUHyau2vVnzC3h ZmwQtQxiu7QvTS/Sp8jjJ/niOPSzlfhphqMxnQAZi/jmJGcZPadT8K+7+PhRllVnI+ TElJarN1ORQu+CaPGhEs9/F7AIcjJNemnVg1cude7EUuO9va8ou49oFExWTLt7YSMl s+88hxxGu3GugD3eBnitzVo7s7/O9qkIbDUjk3w04/p/VOJ+35Mvi+v/zB9brpYwC1 B4dZP+AhwJDYA== Received: from smtpclient.apple (ms-asmtp-me-k8s.p00.prod.me.com [17.57.154.37]) by p00-icloudmta-asmtp-us-west-3a-100-percent-10.p00-icloudmta-asmtp-vip.icloud-mail-production.svc.kube.us-west-3a.k8s.cloud.apple.com (Postfix) with ESMTPSA id 8979C18013F8; Thu, 20 Mar 2025 12:30:05 +0000 (UTC) From: Marcel Brunel <sender_email_address> Message-Id: <2E8D69EA-FCA6-4F5D-9D42-22A955C073F6@sender_domain> Content-Type: multipart/alternative; boundary="Apple-Mail=_F9AC7D29-8520-4B25-9362-950CB20ADEC5" Mime-Version: 1.0 (Mac OS X Mail 16.0 (3826.400.131.1.6)) Subject: Re: [EXTERNAL] - Re: Brunel - 2024 taxes Date: Thu, 20 Mar 2025 07:29:27 -0500 In-Reply-To: <SA0PR18MB350300DE7274C018F66EEA24F2D82@SA0PR18MB3503_namprd18_prod_outlook_com> To: Troy Womack <recipient_email_address> References: <SA0PR18MB350314D0B88E283C5C8E1BB6F2DE2@SA0PR18MB3503_namprd18_prod_outlook_com> <9B337A3E-D373-48C5-816F-C1884BDA6F42@sender_domain> <SA0PR18MB350341A7172E8632D018A910F2D82@SA0PR18MB3503_namprd18_prod_outlook_com> <SA0PR18MB350300DE7274C018F66EEA24F2D82@SA0PR18MB3503_namprd18_prod_outlook_com> X-Mailer: Apple Mail (2.3826.400.131.1.6) X-Proofpoint-ORIG-GUID: uqebp2OIbPqBr3dYsAxdFVkCNbM5Cxyl X-Proofpoint-GUID: uqebp2OIbPqBr3dYsAxdFVkCNbM5Cxyl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1093,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-03-20_03,2025-03-19_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 clxscore=1030 suspectscore=0 mlxlogscore=999 mlxscore=0 phishscore=0 malwarescore=0 spamscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2503200077

I am implementing a custom migration, and facing an issue while implementing a WAL checkpointing. Here is the code for WAL checkpointing func forceWALCheckpointingForStore(at storeURL: URL, model: NSManagedObjectModel) throws { let persistentStoreCoordinator = NSPersistentStoreCoordinator(managedObjectModel: model) let options = [NSSQLitePragmasOption: ["journal_mode": "DELETE"]] let store = try persistentStoreCoordinator.addPersistentStore(type: .sqlite, at: storeURL, options: options) try persistentStoreCoordinator.remove(store) } When the coordinator tries to add the store I am getting the following error fault: Store opened without NSPersistentHistoryTrackingKey but previously had been opened with NSPersistentHistoryTrackingKey - Forcing into Read Only mode store My questions are Is it really necessary to force WAL checkpointing before migration? I am expecting NSMigrationManager to handle it internally. I am assuming this because the migrateStore function asks for the sourceType where I am passing StoreType.sqlite If checkpointing is required, then how do I address the original issue Note: Since my app supports macOS 13, I am not able to use the newly introduced Staged migrations. There is similar question on Stackoverflow that remains unanswered. https://stackoverflow.com/q/69131577/1311902

I'm trying to iterate through a USB device but the iterator is always empty or contains only the matched interface: Single interface in Iterator This happens when my driver matches against the interface. Because I need to use 2 interfaces (control and cdc), I try to open the IOUSBHostDevice (copied from the interface) and iterate through the rest, but I only get the interface my dext matched with. Empty Iterator I decided to match against USB communication devices, thinking things would be different. However, this time the interface iterator is completely empty (provider is IOUSBHostDevice). Here's a snippet of my code before iterating with IOUSBHostDevice->CopyInterface(): // teardown the configured interfaces. result = device->SetConfiguration(ivars->Config, true); __Require_noErr_Action(result, _failure_Out, ELOG("IOUSBHostDevice::SetConfiguration failed 0x%x", result)); // open usb device result = device->Open(this, 0, 0); __Require_noErr_Action(result, _failure_Out, ELOG("Failed to open IOUSBHostDevice")); // Get interface iterator result = device->CreateInterfaceIterator(&iterRef); __Require_noErr_Action(result, _failure_Out, ELOG("IOUSBHostDevice::CreateInterfaceIterator failed failed: 0x%x", result));

There is no official documentation specifying the exact criteria for determining a CLVisit. For example, if a user starts at a target location, will the following method be called? func locationManager(_ manager: CLLocationManager, didVisit visit: CLVisit) This did not work during my testing. It was only successfully triggered when starting from a distant location and arriving at the target point. It would be helpful to know the exact conditions, such as how long a user must stay at a location for it to be considered a visit. Are there any specific thresholds (e.g., minimum duration, distance moved) that determine when this method is triggered?

I am able to get location in for ground and back ground but Now I need to get location when user killed app.

Good morning, I'm encountering reliability issues with DDC/CI communication when using USB-C connection. Initially using ddc-hi (which uses this package), I ran into several issues that I've partially resolved but still need help addressing. Environment OS: macOS Display Connection: USB-C for _ in 1 ... (numOfRetryAttemps ?? 4) + 1 { for _ in 1 ... max((numOfWriteCycles ?? 2) + 0, 1) { usleep(writeSleepTime ?? 10000) success = IOAVServiceWriteI2C(service, UInt32(ARM64_DDC_7BIT_ADDRESS), UInt32(dataAddress), &packet, UInt32(packet.count)) == 0 } if !reply.isEmpty { usleep(readSleepTime ?? 50000) if IOAVServiceReadI2C(service, UInt32(ARM64_DDC_7BIT_ADDRESS), 0, &reply, UInt32(reply.count)) == 0 { success = self.checksum(chk: 0x50, data: &reply, start: 0, end: reply.count - 2) == reply[reply.count - 1] } } if success { return success } usleep(retrySleepTime ?? 20000) } The result from IOAVServiceReadI2C is not reliable in some cases. Do we have any other API to get VCP code from monitor like Intel version done. The previous APIs weren’t working anymore on the M1 GPU, the IOFramebuffer was now an IOMobileFramebuffer and the IOI2C* functions weren’t doing anything.

Hello! I'm working with universal links in my app and have configured the /.well-known/apple-app-site-association file. Currently, I use the paths array in this file to define URL routing rules. However, I’m struggling to find up-to-date documentation on the pattern syntax supported by the paths field. "paths": [ "/page/*", "NOT /page/*/subpage" ] Could someone clarify: Is the paths array still officially supported, or is it deprecated in favor of the newer components dictionary (as referenced here https://developer.apple.com/documentation/bundleresources/applinks/details-swift.dictionary/components-swift.dictionary)? If paths is still valid, where can I find documentation for its pattern-matching capabilities? I want to ensure my implementation aligns with Apple’s current best practices. Thank you!

Hi all, we are a Software company located in the EU. Or focus is building solutions for closed-loop fuel cards. To allow our customers to move to "virtual" closed-loop cards, we would like to request a HCE Entitlement. When filling the HCE entitlement form non of the provided Use Cases seemed to cover our case. In addition I'm unsure if AID Prefixes are mandatory for the closed-loop use case our App is meant for. I would like to avoid starting an HCE entitlement process with incorrect parameters and delay the overall process due to this. Thanks for any insights / feedback in advance.

Hi, I am experiencing an issue with in-app subscriptions in my React Native application known-singles, using the react-native-iap library. When a user subscribes to a plan, the transaction executes successfully, and a receipt is returned. However, the transaction remains in a pending state indefinitely and does not update. Additionally, the transaction amount is not deposited into my bank account, even though all banking details are correctly set up in App Store Connect. We have thoroughly debugged the issue on our end but could not identify the cause. TestFlight transactions complete successfully, but real purchases remain stuck in pending status. Here are the relevant details of our implementation: React Native version: 0.60.4 react-native-iap version: 4.2.2 Could you please assist in resolving this issue? Any guidance on why transactions are not being completed and why payouts are not being processed would be greatly appreciated. Looking forward to your support.

Hello developers! I am working with a team of North Carolina State University researchers to create an app or program that can retrieve real-time traffic events, such as hazards, road closures, and road construction alerts, in a similar manner to the Apple Maps app, but with the added functionality of collecting them over a historical period given a start and end date. I'm looking through the MapKit documentation, but there doesn't appear to be any functions exposing granular traffic data (i.e. road hazards), just travel times and level of congestion. Could anyone point me in the right direction? Is what I'm looking to do even possible using just Apple data?

We are on a .NET ecommerce site hosted on AWS on a windows 2012R2 server. We have apple pay for the web integrated on the site and the certificates (merchant id and apple pay) were set to expire shortly. We created a new merchant id and apple pay cert, however we are now stuck as the new merchant ID certificate doesn't appear to be working although the old one did. Note there have been no code changes. Basically the apple pay process is failing on the merchant validation. Here are the steps we took: Created a CSR in Keychain Access Generated a Merchant ID cert in the Apple Developer account with that CSR. Imported the Merchant ID cert back into Keychain Access and exported as a p12 file the cert and the private key used to generate the CSR. Imported the p12 file into Windows 2012 R2. I can see in our debugging that the new certificate is being loaded but a SSL/TSL connection couldn't be made. So it seems there is an issue with the cert. Has anyone encountered this? I'm out of ideas at this point and under a lot of pressure from management to fix what was supposed to be a routine maintenance issue. If anyone has any ideas, that would be greatly appreciated.

Hi, I'm developing a bluetooth peripheral. During factory reset I generate a new IRK and drop any bond information it has. When I then try to bond again with the device iOS returns bonding failed with 0x08 (unspecified reason). I assume that iOS somehow still thinks my reset device is the same as the device it has already bonded with. What information about the device is it using to draw this conclusion? Bonding works if I remove the "pre-reset" peripheral from the iOS list of bluetooth devices. Regards

Hi everyone, I'm experiencing an issue with APNs server notifications where I receive a 404 error when trying to validate the signedPayload from Apple's notification. Below is a sanitized version of my code: class ServerNotificationAppleController extends Controller { // URL for StoreKit keys (Sandbox environment) private $storeKitKeysUrl = 'https://api.storekit-sandbox.itunes.apple.com/inApps/v1/keys'; public function handleNotification(Request $request) { \Log::info($request); $signedPayload = $request->input('signedPayload'); if (!$signedPayload) { return response()->json(['error' => 'signedPayload not provided'], 400); } // Step 1: Create your JWT token (token creation logic can be in a separate service) $jwtToken = $this->generateAppleJWT(); // Step 2: Send a request to the StoreKit keys endpoint $response = Http::withHeaders([ 'Authorization' => 'Bearer ' . $jwtToken, ])->get($this->storeKitKeysUrl); Log::info('Apple Keys Status:', ['status' => $response->status()]); Log::info('Apple Keys Body:', ['body' => $response->body()]); if ($response->status() !== 200) { return response()->json(['error' => "Apple public keys couldn't be retrieved"], 401); } $keysData = $response->json(); // Step 3: Validate the signedPayload $validatedPayload = $this->validateSignedPayload($signedPayload, $keysData); if (!$validatedPayload) { return response()->json(['error' => 'Invalid signedPayload'], 400); } // Process the validated data as needed Log::info("Apple Purchase Data:", (array)$validatedPayload); return response()->json(['message' => 'Notification processed successfully'], 200); } private function generateAppleJWT() { // API key details (replace placeholders with actual values) $keyId = config('services.apple.key_id'); // e.g., <YOUR_KEY_ID> $issuerId = config('services.apple.issuer_id'); // e.g., <YOUR_ISSUER_ID> $privateKey = file_get_contents(storage_path(config('services.apple.private_key'))); // Set current UTC time and expiration time (20 minutes later) $nowUtc = Carbon::now('UTC'); $expirationUtc = $nowUtc->copy()->addMinutes(20); // Create the payload with UTC timestamps $payload = [ 'iss' => $issuerId, 'iat' => $nowUtc->timestamp, 'exp' => $expirationUtc->timestamp, 'aud' => 'appstoreconnect-v1', 'bid' => 'com.example.app', // Replace with your Bundle ID if necessary ]; // Generate the JWT token return JWT::encode($payload, $privateKey, 'ES256', $keyId); } private function validateSignedPayload($signedPayload, $keysData) { try { $jwkKeys = JWK::parseKeySet($keysData); return JWT::decode($signedPayload, $jwkKeys, ['RS256']); } catch (\Exception $e) { Log::error("Apple Purchase Validation Error: " . $e->getMessage()); return null; } } } I’m particularly puzzled by the fact that I receive a 404 error when trying to retrieve the public keys from the StoreKit keys endpoint. Has anyone encountered this issue or can provide insight into what might be causing the error? Any help or suggestions would be greatly appreciated. Thanks!

Hi everyone, I’m developing a screen-time and focus app that uses Apple’s Family Controls framework to block distracting apps and reward users through a gamified experience. Apple approved Family Controls (Distribution) for the main app identifier, but they did not approve the required extension target (which implements DeviceActivityMonitor, required for the framework to function). Because of this, I can’t archive or upload the app to TestFlight — and I’ve been stuck in limbo for over 2 months. This is severely delaying my launch. The app works perfectly, but I can’t release it because the extension wasn’t included in the entitlement approval. Has anyone else run into this with Family Controls? Is there any known way to escalate or fast-track approval for additional app IDs or targets? Would really appreciate any help, advice, or hacks. 🙏 Thanks, Enzer

I'm learning XPC by inspecting the GitHub Copilot project. I figured out that the schema works as follows: The host app with a UI to manage settings A Service Extension that controls the Xcode Editor A communication bridge cli app that connects the first two As far as I understand an app appears in the Accessibility Permission when it calls the next method: let key = kAXTrustedCheckOptionPrompt.takeRetainedValue() as NSString AXIsProcessTrustedWithOptions([key: true] as CFDictionary) This method is only called by the Service Extension. However, when I run a release build from the /Application folder (where launch agents point to), there are two records appearing in the Accessibility Permission list: The host app The needed Service Extension I compared all metadata files from Copilot with my copy line-by-line, but still can't figure out why the host app record appears in the Accessibility Permission, since the host app does not call the AXIsProcessTrustedWithOptions() method at all. Could you give me any clue to help me wrap my head around it?

I am developing a React Native app for a health monitoring device that connects via Bluetooth and streams live data on iOS. To ensure the uniqueness of the device, I initially planned to use the MAC address. However, I discovered that iOS does not provide access to the original MAC address due to privacy restrictions. Is there an alternative approach to uniquely identifying a Bluetooth device in iOS? I need a reliable way to distinguish devices while maintaining secure and stable connections. Any insights or best practices on handling this in iOS would be greatly appreciated. Looking forward to hearing your suggestions! If anyone has experience with handling Bluetooth device uniqueness on iOS, please share your insights. Thank you!

What is the version policy for the Apple Pay SDK Javascript ? The documentation refers to this link : https://applepay.cdn-apple.com/jsapi/1.latest/apple-pay-sdk.js The future updates will overrride the file on that link ? Is there a way to be notified of any changes ? We are using a previous version named v1 : https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js What are the risks not using changing to the lastesdt link ? Thank you for your help.