Since macOS 26.4 Beta 1, virtual HID devices created via DriverKit can no longer intercept key events from the built-in MacBook keyboard. External keyboards still work. This is confirmed and tracked here: https://github.com/pqrs-org/Karabiner-Elements/issues/4402 One possible lead (from LLM-assisted analysis of Apple's open-source IOHIDFamily code and cross-referencing community reports): macOS 26.4 Beta may have introduced or modified a security policy referred to as com.apple.iohid.protectedDeviceAccess, which could block IOHIDDeviceOpen for the Apple Internal Keyboard connected via SPI transport (AppleHIDTransportHIDDevice). This appears related to a "GamePolicy" check in IOHIDDeviceClass.m that gates whether processes can open HID devices. This has not been independently verified and may or may not be the root cause. This has far-reaching consequences. Karabiner-Elements alone has over 21,000 GitHub stars and is used by hundreds of thousands of macOS users for keyboard customization, accessibility workflows, ergonomic setups, and multilingual input. This change completely breaks its core functionality on any MacBook. Beyond Karabiner, this affects every developer building keyboard remapping, input customization, or accessibility tooling via DriverKit virtual HID devices — including commercial applications currently in development. I'd argue that the power and flexibility of keyboard customization on macOS is a genuine competitive advantage for the platform. Developers and power users choose Macs partly because tools like this exist. Restricting this capability would be detrimental to the ecosystem and to Apple's appeal among professional users. I'd like to understand: is this an intentional security change or a regression? If intentional, is there a migration path?

Hi, On macOS 26.4 Beta (25E5218f) （macOS Tahoe 26 Developer Beta ）, the network filter causes network failures or slowdowns. This manifests as Chrome failing to access websites, while Safari can access the same websites without issue. The affected websites can be pinged locally. My situation is similar to this situation.The same question link is: https://github.com/objective-see/LuLu/issues/836 Have you been paying attention to this issue? Hopefully, it can be fixed in the official release. Thank you.

From the Feb 24 news, I understand that for all Apple users in Brazil with iOS26.2 and newer, isEligibleForAgeFeatures will eventually return true. Brazil is a "nonregulated region", and developers will need to handle all three situations of ask first/always share/never share. Please correct me if I'm wrong above. A few questions follow on the eligibility check: What's the return value of IsEligibleForAgeFeatures for a Brazilian user who has NOT touched the age range feature at all, thus hasn't picked one of the three options? How can we test these cases? From the updated sandbox doc, there's more information on declined/approved, will those the same behaviors as a future Brazilian user? The doc used to say Texas, now it doesn't say any region. On which date will Apple START to return true for IsEligibleForAgeFeatures for Brazilian users? I cannot find the exact date anywhere. Will ALL of Brazil return true overnight, or is there some ramp up that developers need to be aware of? Thanks a lot for sharing the guidance, and thanks in advance for more guidance to come!

Hi all, I’m facing a device-specific issue in a live production iOS app distributed privately via the App Store . The app crashes immediately after login on one client’s iPhone, while the same account works fine on other devices. There’s no crash log generated in Analytics, and the app just pops to the home screen. Environment: App: Production app on App Store iOS version: 26.3 Devices: Only one device exhibits the crash; other iPhones work fine Login flow: App calls an API and writes the response to a local SQLite database immediately after login Distribution: App Store (Privately). The user is install via the redemption codes. Observations: All users on the problematic device crash immediately after login. The crash does not occur on any other devices, including the same iOS version. The client had already uninstalled and reinstalled the app via App Store cloud download, but the crash persisted. No crash log appears in Analytics or Xcode (process just terminates). Device restart had not been attempted before reinstall. App does not use Keychain tokens; local DB is only SQLite in the app sandbox. Hypotheses so far: Corrupted binary or cached app installation on that device SQLite database corruption or write failure Device-specific OS/environment issue (temp files, file locks, provisioning) iOS watchdog silently terminating the app during post-login DB write Language / region differences unlikely Questions: Is it possible for a device to retain a corrupted app binary or cached installation even after uninstall + cloud download reinstall from the App Store? Can uninstalling, restarting the device, and reinstalling guarantee a fresh binary and sandbox? Are there any known iOS behaviors where a local SQLite write could trigger an instant crash on one device only, without generating crash logs? Any other suggestions for diagnosing this device-specific post-login crash in a live production environment? Thanks in advance for any guidance — this issue is affecting a client’s live usage, and we’d like to understand the root cause and best way to resolve it safely.

Hi Apple Network Team, Good day. Recently we are experiencing some issues that when iOS or iPad OS connected to a Wi-Fi with captive portal, iOS sometimes failed to launch the full captive portal website. Based on TCPDump and WLAN dump logs, when this failure happened, we only see web client on iOS queried AAAA and HTTPS DNS queries without A query. Not all the websites are supporting and being hosted on both IPv4 and IPv6 servers. Is there a know bug on iOS and iPad OS side including OS version >= 36.2.

Dears, We are developing an apple wallet extension. In the Non-ui extension, in the getPaymentPassEntry overriden function we have to return an object such as: ``PKIssuerProvisioningExtensionPaymentPassEntry(identifier: identifier, title: label, art: getEntryArt(image: uiImage), addRequestConfiguration: requestConfig)!`` What is not clear are the requirements for this "art" parameter. Somewhere in the FAQ it says that the art has to be an image of 1536 x 969 resolution, <4 MB, squared corners, no chip contacts, and so forth) but we set there images of any size and the extension displays them without any problem. Are those requirements (1536 x 969 resolution, and so on) only for the images that are displayed in the wallet only after the card has been added? In this case, are those images coming from the PNO directly and not coming from the function above which is in the wallet extension? Thanks,

Good afternoon all, I have a question about Live Activities, specifically ProgressView. Why are they so hard to customize? You can't even really, consistently make the bar a specific height in points. You can't provide any progress view style to make it richer and more dynamic. We want to build a progress bar that's built up of 3 components: a track with its value constant on 1.0 (the full progress) with a specific color, another track that's the actual progress from ProgressView(timerInterval:countsDown:), and some way to create a visual gap in between. The progress bar should also be bigger than the standard size from iOS, but that's also not possible. The corners become really ugly when you use the scaleEffect modifier. Please, if anyone has any ideas about customizing the ProgressView without me having to send push notifications to manually make sure the bar updates, comment down below.

I developed a cloud drive using fskit, but after mounting it, it did not appear in the Finder sidebar and the disk tool could not list it. How should I adapt? The mounting looks successful, and you can also open and see the fixed files I wrote in the code. I have also turned on the Finder sidebar settings function

Dear Apple Developer Support Team, I am writing to inquire about the process for obtaining approval for the following entitlement in my iOS/macOS app: <key>com.apple.developer.networking.networkextension</key> <array> <string>content-filter-provider</string> </array> Specifically, I would like guidance on: The steps required to submit a request for this entitlement. Any necessary documentation or justification that needs to be provided to Apple. Typical review timelines and approval criteria. Any restrictions or compliance requirements associated with this entitlement. Our app intends to implement a content filtering functionality to enhance network security and user safety. We want to ensure full compliance with Apple’s policies and guidelines. Could you please provide detailed instructions or point us to the relevant resources to initiate this approval process? Thank you for your assistance.

We are currently experiencing an issue that occurs only on iPhone 17 models. In our app, after connecting to an external device, users can download multiple video files stored on the device. When downloading several videos consecutively, the device consistently stops receiving responses midway through the process. As a result, no response is returned, and the connection between the app and the device is eventually lost. This issue does not occur on any iPhone models prior to iPhone 17. It is reproducible across all iPhone 17 devices within our company. This is a critical issue, and we need urgent assistance. The main error logs show two patterns: • Connection loss • Timeout At the OS level, the only error codes we receive are: • -1005 (Network connection lost) • -1001 (Request timed out) Unfortunately, we are unable to obtain more detailed error information beyond these codes, which makes further debugging difficult. We have attached the relevant logs below. We would greatly appreciate any guidance on how to further investigate or resolve this issue. 310.0 / :: 81 % ::: 251.21481481481482 310.0 / :: 82 % ::: 254.23280423280423 310.0 / :: 83 % ::: 257.3820105820106 310.0 / :: 84 % ::: 260.4 KeepAlive SEND id=423F1336-6239-4B3B-9414-5A987D85D564 at=2026-02-24T12:56:43Z timeout=60.000000s current: D20-Q2-PLUS, ssid: D20-Q2-PLUS_136a63 KeepAlive SKIP (in-flight) tcp_output [C10.1.1:3] flags=[R.] seq=4017430266, ack=4146413113, win=2048 state=CLOSED rcv_nxt=4146413113, snd_una=4017429847 nw_read_request_report [C10] Receive failed with error "Operation timed out" nw_flow_add_write_request [C10 192.168.000.0:443 failed parent-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, uses wifi, LQM: good)] cannot accept write requests nw_write_request_report [C10] Send failed with error "Socket is not connected" Task <5BDBE621-329A-45E9-B236-9C173E92A41F>.<7> HTTP load failed, 361/0 bytes (error code: -1005 [4:-4]) Task <5BDBE621-329A-45E9-B236-9C173E92A41F>.<7> finished with error [-1005] Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={_kCFStreamErrorCodeKey=-4, NSUnderlyingError=0x13e632160 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x14cfe5a90 [0x201746068]>{length = 16, capacity = 16, bytes = 0x100201bbc0a86f010000000000000000}, _kCFStreamErrorCodeKey=-4, _kCFStreamErrorDomainKey=4}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <5BDBE621-329A-45E9-B236-9C173E92A41F>.<7>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <5BDBE621-329A-45E9-B236-9C173E92A41F>.<7>" ), NSLocalizedDescription=The network connection was lost., NSErrorFailingURLStringKey=https://192.168.000.0/keepalive, NSErrorFailingURLKey=https://192.168.000.0/keepalive, _kCFStreamErrorDomainKey=4} KeepAlive FAIL id=423F1336-6239-4B3B-9414-5A987D85D564 elapsed=29.203s status=-1 error=Optional(Alamofire.AFError.sessionTaskFailed(error: Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={_kCFStreamErrorCodeKey=-4, NSUnderlyingError=0x13e632160 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x14cfe5a90 [0x201746068]>{length = 16, capacity = 16, bytes = 0x100201bbc0a86f010000000000000000}, _kCFStreamErrorCodeKey=-4, _kCFStreamErrorDomainKey=4}}, ), NSLocalizedDescription=The network connection was lost., KeepAlive FAIL 1001 Log KeepAlive SEND id=FC433405-C1F7-47EF-AF9E-D12E67B071FA at=2026-02-24T12:22:38Z timeout=60.000000s current: D20-Q2-PLUS, ssid: VUEROID_D20-Q2-PLUS_136a63 KeepAlive FAIL id=FC433405-C1F7-47EF-AF9E-D12E67B071FA elapsed=7.834s status=-1 error=Optional(Alamofire.AFError.sessionTaskFailed(error: Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={_kCFStreamErrorCodeKey=60, NSUnderlyingError=0x135e612f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "(null)" UserInfo={_NSURLErrorNWPathKey=satisfied (Path is satisfied), viable, interface: en0[802.11], ipv4, dns, uses wifi, LQM: good, _kCFStreamErrorCodeKey=60, _kCFStreamErrorDomainKey=1}}, ), NSLocalizedDescription=The request timed out., NSErrorFailingURLKey=https://192.168.000.0/keepalive, _kCFStreamErrorDomainKey=1})) KeepAlive FAIL ignored count=1 error=Server error : Optional(Alamofire.AFError.sessionTaskFailed(error: Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={_kCFStreamErrorCodeKey=60, KeepAlive SEND id=A64AE4C0-28B4-41E3-AAC9-422C41D99D15 at=2026-02-24T12:22:58Z timeout=60.000000s KeepAlive FAIL id=110B96DA-4D88-45E0-B8F7-D0A9798593AE elapsed=43.605s status=-1 error=Optional(Alamofire.AFError.sessionTaskFailed(error: Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={_kCFStreamErrorCodeKey=-4, NSUnderlyingError=0x135e60f60 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x144dfee40 [0x201746068]>{length = 16, capacity = 16, bytes = 0x100201bbc0a86f010000000000000000}, _kCFStreamErrorCodeKey=-4, _kCFStreamErrorDomainKey=4}}, ), NSLocalizedDescription=The network connection was lost., NSErrorFailingURLStringKey=https://192.168.000.0/keepalive, NSErrorFailingURLKey=https://192.168.000.0/keepalive, _kCFStreamErrorDomainKey=4})) KeepAlive FAIL ignored count=2 error=Server error : Optional(Alamofire.AFError.sessionTaskFailed(error: Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={_kCFStreamErrorCodeKey=-4, NSUnderlyingError=0x135e60f60 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x144dfee40 [0x201746068]>{length = 16, capacity = 16, bytes = 0x100201bbc0a86f010000000000000000}, _kCFStreamErrorCodeKey=-4, _kCFStreamErrorDomainKey=4}}, Network type changed, hasWiFiInterface :false We are sending a keepalive request every 30 seconds to maintain the connection state with the device. Most of the issues occur during this keepalive process, and this is when the logs mentioned earlier are generated. Based on our debugging so far, the keepalive function itself is being called as expected. However, the execution appears to stall while waiting for a response from the device. After remaining in that state for some time, the session eventually ends with either a timeout or a connection loss error. We are use almofire 4.0.1. According to the firmware developer, when this issue occurs, there are no corresponding values or logs received on the device side. Therefore, we are currently investigating whether this might be related to a networking issue on the iPhone side. All other features are functioning normally. The problem occurs only when downloading VOD video files, and the reproduction rate is 100% under that condition.

I have some questions related to MPAN. What is the format of an MPAN? Is it the same as DPAN? Is it PAN preserving format? Is a Cryptogram required and if yes, what kind of cryptogram? Is it the same format as DPAN? Thanks in Advance!

Right now, I am scanning for specific BLE peripherals with my iPad app, using this: [self.cbCentralManager scanForPeripheralsWithServices:serviceUUIDsToScanFor options:@{CBCentralManagerScanOptionAllowDuplicatesKey:@YES}]; I have the "CBCentralManagerScanOptionAllowDuplicatesKey" set true because I need to be able to detect when a peripheral is no longer advertising, so I capture each "didDiscoverPeripheral" callback and set a 3-second timer that notifies the user that that peripheral is no longer in range if another didDiscoverPeripheral hasn't been received in that time. The peripherals all advertise at 100ms intervals. What's weird is that if I leave the scan on for a long time, the advertising packets slow down, and eventually one of those timers times out, around about one or two minutes for the first instance, and then every 10-20 seconds after that. I've checked with ATS for all the BLE traffic, and there are indeed > 3-second gaps in the advertising packets that the iPad sees, so it's not my code introducing the gap. Is there some reason long-running scans should not be done on iPadOS (both 18 and 26.1 used)? I've tested out switching my scan to "stopScan" and restart it every 10 seconds, and that seems to have resolved the issue, but it's unclear why that would matter (and that does not seem like an appropriate use of the stop and start scans). Thanks!

I'm working on an editor for Bevy games and wanted the following workflow: Launch the game process Host a Metal view for the game's render target Use an XPC service to transfer an MTLSharedTextureHandle Keep the connection for editor/game communication and hot reload As such I created the following editor service: public let XPCEditorServiceName = "org.bevy.editor" public enum XPCEditorMessage: Codable { case ping } public enum XPCEditorReply: Codable { case pong } extension XPCListener { static let bevy = try! XPCListener(service: XPCEditorServiceName) { request in request.accept(XPCEditorService.init) } } struct XPCEditorService: XPCPeerHandler { let session: XPCSession private func handle(_ message: XPCEditorMessage) -> XPCEditorReply? { switch message { case .ping: return .pong } } func handleIncomingRequest(_ message: XPCReceivedMessage) -> (any Encodable)? { do { return handle(try message.decode()) } catch { return nil } } func handleCancellation(error: XPCRichError) { print(error) } } and I initialize it in my app's App initializer: // Launch the XPC service print(XPCListener.bevy) I wanted to test this using an executable target with the following main.swift: let session = try XPCSession(xpcService: XPCEditorServiceName) let response: XPCEditorReply = try session.sendSync(XPCEditorMessage.ping) print("Connected to editor!") The editor prints Listener<org.bevy.editor>(Active) but the game fails with Underlying connection was invalidated. Reason: Connection init failed at lookup with error 3 - No such process What am I doing wrong? PS. Would also appreciate an example of sending & rendering the MTLSharedTextureHandle both in editor & game.

PNO: VISA Please help to tell the reason for error. Thanks a lot. Attached is the log for your investigation Apple Push Log.txt

Hello, I need to develop a Network Extension (Transparent Proxy) that sends data to the host application for analysis. Network Extension - XPC client Host application - XPC service I am trying to implement it with XPC. However, when attempting to connect, I see the following error in the system logs on client side. [0x1015a2050] failed to do a bootstrap look-up: xpc_error=[3: No such process] I assume the problem occurs because the Network Extension cannot find the registered XPC service. On the service side, I see the following message in the logs: 2026-02-24 13:15:36.419345+0300 localhost fgstnehost[58884]: (libxpc.dylib) [com.apple.xpc:connection] [0x100bdee70] activating connection: mach=true listener=true peer=false name=TEAM_ID.group.app_id.netfilter.xpc Entitlements Network Extension: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider-systemextension</string> </array> <key>com.apple.security.application-groups</key> <array> <string>TEAM_ID.group.app_id.netfilter</string> </array> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.xpc.mach-lookup.global-name</key> <array> <string>TEAM_ID.group.app_id.netfilter.xpc</string> </array> </dict> </plist> Entitlements host application: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider-systemextension</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.security.application-groups</key> <array> <string>TEAM_ID.group.app_id.netfilter</string> </array> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.xpc.mach-service.name</key> <array> <string>TEAM_ID.group.app_id.netfilter.xpc</string> </array> </dict> </plist> Server.m @interface XPCServer () @property (nonatomic, strong) NSXPCListener *listener; @end @implementation XPCServer - (instancetype) init { self = [super init]; if (self != nil) { _listener = [[NSXPCListener alloc] initWithMachServiceName: XPC_SERVICE_ID]; _listener.delegate = self; } return self; } - (void) start { [self.listener resume]; } - (BOOL) listener:(NSXPCListener *) listener shouldAcceptNewConnection:(NSXPCConnection *) newConnection { return YES; } @end Client.m @interface XPCClient () @property (nonatomic, strong) NSXPCConnection *connection; @end @implementation XPCClient - (void) connect { self.connection = [[NSXPCConnection alloc] initWithMachServiceName: XPC_SERVICE_ID options: NSXPCConnectionPrivileged]; self.connection.invalidationHandler = ^{ [[OSLogger sharedInstance] error: "XPCClient: connection can not be formed or the connection has terminated and may not be re-established"]; }; self.connection.interruptionHandler = ^{ [[OSLogger sharedInstance] error: "XPCClient: the remote process exits or crashes"]; }; [self.connection resume]; } @end What could be the root cause of this issue? Are there any recommendations for implementing IPC between a Network Extension and aß Host Application? Thank you in advance.

Hi everyone, I’m implementing Live Activities in my iOS app and encountering an issue when starting a Live Activity via an APNS push. The Live Activity card appears on the Lock Screen / Dynamic Island for a moment, then immediately disappears. In the console, I see the following error: Content load failed: unable to find or unarchive file for key: [com.meituan.imeituan-beta::com.meituan.imeituan-beta.liveactivity:Attributes type: SAKUniversalReminderAttributes:6DBCC2DC-E613-48F5-B97F-3EF72AA0877B]:[w:fix-374.00-h:dyn-64.00-160.00-cr:23.5-s:1.0.fam:medium]. The session may still produce one shortly. Error: Using url file:///private/var/mobile/Containers/Data/PluginKitPlugin/04F7B437-3C41-4823-8559-42E18F82B283/SystemData/com.apple.chrono/activities/6DBCC2DC-E613-48F5-B97F-3EF72AA0877B-w:fix-374.00-h:dyn-64.00-160.00-cr:23.5-s:1.0.fam:medium.activity-archive ... Error Domain=NSCocoaErrorDomain Code=4 "文件“6DBCC2DC-E613-48F5-B97F-3EF72AA0877B-w/fix-374.00-h/dyn-64.00-160.00-cr/23.5-s/1.0.fam/medium.activity-archive”不存在。" UserInfo={NSFilePath=/private/var/mobile/Containers/Data/PluginKitPlugin/04F7B437-3C41-4823-8559-42E18F82B283/SystemData/com.apple.chrono/activities/6DBCC2DC-E613-48F5-B97F-3EF72AA0877B-w:fix-374.00-h:dyn-64.00-160.00-cr:23.5-s:1.0.fam:medium.activity-archive, NSUnderlyingError=0x712b56820 {Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"}<…> The Live Activity is started by sending an APNS payload with the necessary content-state and attributes. I’ve verified that the attributes and content state types match the ones defined in the app, and the app is built with the correct entitlements.This happens on my iPhone 17 Pro device. Has anyone encountered a similar issue? Could it be related to the archive file not being written correctly by the system, or perhaps a mismatch in the activity attributes? Any guidance on debugging or resolving this would be greatly appreciated. Thank you!

We are integrating Apple Pay In-App Provisioning in our banking application using an external SDK. The provisioning flow works on the iOS Simulator (mock sheet appears), but fails on real devices via TestFlight with the error: internalInconsistency: "PKAddPaymentPassViewController can not be created" Environment: Xcode 16 iOS 18 Real device: iPhone (tested via TestFlight / Distribution build) Card network: Mastercard What we've verified: com.apple.developer.payment-pass-provisioning entitlement is set to YES in our .entitlements file The entitlement is confirmed present in our Development provisioning profile via security cms -D -i embedded.mobileprovision | grep payment-pass → returns <true/> PKAddPaymentPassViewController.canAddPaymentPass() returns true on the device The card is NOT already in Apple Wallet (0 local/remote Secure Element passes) All provisioning data is present and valid (encryptedPayload, authorizationCode, primaryAccountSuffix, cardholderName) The external SDK is configured successfully at app launch Diagnostic logs from TestFlight build: canAddPaymentPass: true Local SE passes: 0 Remote SE passes: 0 suffix: 6165 name: [redacted] encryptedPayload length: 1130 authCode length: 514 scheme: Mastercard Card already in Wallet: false Error: internalInconsistency("PKAddPaymentPassViewController can not be created") Testing matrix: Environment Result Simulator Mock sheet appears (not a real test) Device + Debugger attached PKAddPaymentPassViewController error Device + Debugger detached (Dev build) SDK error 903: "device environment unsafe" TestFlight (Distribution) PKAddPaymentPassViewController cannot be created Questions: Can PKAddPaymentPassViewController fail to be created even when canAddPaymentPass() returns true? What other conditions could cause this? Is there a way to verify that the Distribution provisioning profile correctly includes the payment-pass-provisioning entitlement after it has been approved by Apple? Are there any additional Apple Pay entitlements or configurations (e.g., Wallet merchant setup, pass type identifiers) required beyond com.apple.developer.payment-pass-provisioning for In-App Provisioning to work? Does regenerating the Distribution provisioning profile on Apple Developer Portal resolve cases where entitlements were added after the profile was originally created? Any guidance would be greatly appreciated. Thank you.

Dear Apple Carrier Relations / Engineering Team, I am writing to you from MKSmart, a leading smart card and digital security solution provider. We have successfully deployed our SM-DP+ (Subscription Management Data Preparation+) system, which is fully compliant with GSMA standards. Furthermore, MKSmart has officially achieved the GSMA SAS-SM (Security Accreditation Scheme for Subscription Management) certification. Currently, we are facing technical difficulties when attempting to download eSIM profiles onto iPhone devices. The download process fails, and we believe our SM-DP+ server address (FQDN) or Root Certificates may not yet be whitelisted or recognized by Apple’s ecosystem. To ensure a seamless experience for our customers on iOS devices, we would like to request your guidance on the following: Onboarding Process: What are the formal steps for MKSmart to have our SM-DP+ server recognized and trusted by Apple devices? Whitelisting: How can we submit our SM-DP+ FQDN and Root Certificates for Apple’s review and inclusion in the trusted list? Carrier Bundle: Does MKSmart need to coordinate with specific carrier partners to update the Carrier Bundle, or is there a direct integration path for our infrastructure? We have attached our GSMA SAS-SM certification and technical specifications for your reference. We are ready to provide any additional documentation or perform interoperability testing as required. We look forward to your guidance and a successful collaboration. Best regards, Nguyen Do Khanh Software Engineer MKSmart Joint Stock Company https:\mksmart.com.vn

I am developing a macOS application that depends on noticing when the user's computer switches WiFi association, and the SSID determines specific actions. I am currently testing on Tahoe and found that using CoreWLAN can even get notifications and discover the actual SSID inside an app, as long as the app is signed with a real certificate and a corresponding profile is installed on my development machine. The app, however, installs and launches a launchctl agent, which will always be running and hence the component to discover changes and act upon them. Although app and agent both have their own bundle identifier, both configured in the portal, the agent always received a redacted SSID (nil), while the app does not. The only app entitlement currently is "com.apple.security.get-task-allow = true", which I don't think has anything to do with this. The agent has: com.apple.application-identifier com.apple.developer.team-identifier com.apple.security.get-task-allow com.apple.security.personal-information.location Both have asked for permission, and both have location services enabled in system settings. The agent runs as an LSUIElement=1, headless/background configuration. So, am I missing something, a step, or is there a fundamental restriction on an agent that makes this an impossible task? (Right now, it runs a shortcut to discover the name, but requires the user to create it, and it has side effects I'd rather not see, like the flashing indicator in the menu bar)

Hello, I am a Bluetooth Engineer at Google investigating an interoperability bug between an Android device and AirPods 4. When requesting an L2CAP connection (with PSM = AVDTP) to the AirPods during SDP service discovery, The AirPods L2CAP layer incorrectly responds with a "refused - no resources available" status followed by a Pending status and a Success status. This violates the specification, which says that the request has been fully rejected after the refused status and should not receive followup responses. I suspect the "no resources available" response is a bug. This prevents A2DP from working with the AirPods. This bug does not exist with AirPods 2 firmware. Here is a packet capture: 1602 1969-12-31 16:07:04.805261 0.062473 localhost () Apple_6b:db:09 (AirPods) L2CAP 17 Sent Connection Request (AVDTP, SCID: 0x22c6) 1603 1969-12-31 16:07:04.810953 0.005692 controller host HCI_EVT 8 Rcvd Number of Completed Packets 1604 1969-12-31 16:07:04.811078 0.000125 Apple_6b:db:09 (AirPods) localhost () SDP 27 Rcvd Service Search Attribute Request : Device Information: [Bluetooth Profile Descriptor List 0x0009] 1605 1969-12-31 16:07:04.821249 0.010171 localhost () Apple_6b:db:09 (AirPods) SDP 19 Sent Service Search Attribute Response 1606 1969-12-31 16:07:04.876396 0.055147 controller host HCI_EVT 8 Rcvd Number of Completed Packets 1607 1969-12-31 16:07:04.876464 0.000068 Apple_6b:db:09 (AirPods) localhost () L2CAP 21 Rcvd Connection Response - Refused - no resources available (SCID: 0x22c6) 1608 1969-12-31 16:07:04.942539 0.066075 Apple_6b:db:09 (AirPods) localhost () SDP 41 Rcvd Service Search Attribute Request : Unknown: [Bluetooth Profile Descriptor List 0x0009] 1609 1969-12-31 16:07:04.951052 0.008513 localhost () Apple_6b:db:09 (AirPods) SDP 19 Sent Service Search Attribute Response 1610 1969-12-31 16:07:05.010605 0.059553 controller host HCI_EVT 8 Rcvd Number of Completed Packets 1611 1969-12-31 16:07:05.080593 0.069988 Apple_6b:db:09 (AirPods) localhost () SDP 27 Rcvd Service Search Attribute Request : GATT: [Bluetooth Profile Descriptor List 0x0009] 1612 1969-12-31 16:07:05.087636 0.007043 localhost () Apple_6b:db:09 (AirPods) SDP 19 Sent Service Search Attribute Response 1613 1969-12-31 16:07:05.209417 0.121781 controller host HCI_EVT 8 Rcvd Number of Completed Packets 1614 1969-12-31 16:07:05.279491 0.070074 Apple_6b:db:09 (AirPods) localhost () L2CAP 21 Rcvd Connection Response - Pending (SCID: 0x22c6) 1615 1969-12-31 16:07:05.280731 0.001240 Apple_6b:db:09 (AirPods) localhost () L2CAP 21 Rcvd Connection Response - Success (SCID: 0x22c6, DCID: 0x0406) Please file this bug with the AirPods Bluetooth team.