Team-scoped keys introduce the ability to restrict your token authentication keys to either development or production environments. Topic-specific keys in addition to environment isolation allow you to associate each key with a specific Bundle ID streamlining key management.
For detailed instructions on accessing these features, read our updated documentation on establishing a token-based connection to APNs.
Delve into the world of built-in app and system services available to developers. Discuss leveraging these services to enhance your app's functionality and user experience.
Selecting any option will automatically load the page
Post
Replies
Boosts
Views
Created
I'm trying to understand the terminology around forward vs backward references in CloudKit.
Say I have two record types:
User
LeaderboardScore (a score belongs to a user)
The score record stores a user reference:
score["user"] = CKRecord.Reference(
recordID: userRecordID,
action: .deleteSelf
)
So:
LeaderboardScore → User
The user record does not store any references to scores
From a data-model perspective:
Is this considered a forward reference (child → parent)?
Or a back reference, since the score is "pointing back" to its owner?
My use case is having leaderboard in my app and so i have created a user table to store all the users and a score table for saving the scores of each user of the app.
Hi!
My users have reported (and I have observed) a blank Live Activity where only a black capsule is shown in the dynamic island. When tapping that capsule, the app opens, but inside the capsule, nothing is shown. The Live Activity is created through the AlarmKit API like this:
let identifier = UUID()
Task {
do {
_ = try await AlarmManager.shared.schedule(
id: identifier,
configuration: .init(
countdownDuration: countdownDuration,
attributes: attributes,
stopIntent: CancelTimerIntent(),
secondaryIntent: RestartTimerIntent(),
sound: Settings.shared.systemAlarmToneEnabled ? .default : .named(Settings.shared.alarmTone[.loop].filename)
)
)
Log.debug("Alarm scheduled successfully: \(identifier.uuidString)")
} catch {
Log.error("Error scheduling alarm with id \(identifier.uuidString), error: \(error)")
}
}
I've read some other forum posts where developers reported the same issue:
https://developer.apple.com/forums/thread/807335
https://developer.apple.com/forums/thread/812006
I assume, it has something to do with state management. However, in my case, this only happens very rarely. I use the app on a daily basis and the issue with the blank live activity only occurs like once a month, so I cannot reproduce it.
I also have some logic to resume an existing alarm or snooze:
do {
for alarm in try AlarmManager.shared.alarms {
switch alarm.state {
case .paused:
try AlarmManager.shared.resume(id: alarm.id)
case .alerting:
try AlarmManager.shared.countdown(id: alarm.id)
default:
break
}
}
} catch {
Log.error("Error resuming alarm: \(error)")
}
Is there any way I can debug this issue properly?
I have checked the Device Logs and the Console in Xcode and didn't find any hints. Only one log made me a little suspicious, but I read that this might happen occasionally and may be ignored:
Couldn't read values in CFPrefsPlistSource<0x10ae0d080> (Domain: group.myappgroupidentifier User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: Yes): Using kCFPreferencesAnyUser with a container is only allowed for System Containers, detaching from cfprefsd
Any ideas on how I could proceed to find the cause of this empty (apparently crashed) Live Activity?
Topic:
App & System Services
SubTopic:
Widgets & Live Activities
I use MapKit and MKDirections for driving directions. The error "Directions Not Available" appears when the two points (A and B) are outside mainland China (e.g. Tokyo → Osaka). For routes inside China (e.g. Shanghai → Beijing), the same code works.
let req = MKDirections.Request()
req.source = MKMapItem(placemark: MKPlacemark(coordinate: origin))
req.destination = MKMapItem(placemark: MKPlacemark(coordinate: destination))
req.transportType = .automobile
MKDirections(request: req).calculate { response, error in
// Tokyo–Osaka (outside China): "Directions Not Available"
// Shanghai–Beijing (inside China): works
}
Questions:
Is MKDirections intended to support only routes within the device’s region (e.g. China)? When A/B are abroad, is "Directions Not Available" expected? Is this documented?
For cross-country or overseas routes (e.g. Tokyo–Osaka), what is the recommended approach—third-party routing API + drawing on MapKit?
Thanks.
I’m encountering a persistent issue with my Network Extension (specifically NEFilterDataProvider) and would really appreciate any insights.
The extension generally works as expected, but after some time — especially after sleep/wake cycles or network changes — a global network outage occurs. During this state, no network traffic works: pings fail, browsers can’t load pages, etc. As soon as I stop the extension (by disabling it in System Preferences), the network immediately recovers. If I re-enable it, the outage returns instantly.
I’ve also noticed that once this happens, the extension stops receiving callbacks like handleNewFlow(), and reinstalling the app or restarting the extension doesn’t help. The only thing that resolves the issue is rebooting the system. After reboot, the extension works fine again — until the problem reoccurs later.
I asked AI about this behavior, and it suggested the possibility that the kernel might have marked the extension as untrusted, causing the system to intentionally block all network traffic as a safety mechanism.
Has anyone experienced similar behavior with NEFilterDataProvider? Could there be a way to detect or prevent this state without rebooting? Is there any logging or diagnostic data I should collect when it happens again?
Any guidance or pointers would be greatly appreciated. Thanks in advance!
Hi,
I’m implementing ePassport reading in an iOS app using a third-party KYC identity verification SDK (the SDK handles the NFC logic internally).
Before adding any specific AID, the NFC session would start normally and iOS showed the system popup asking the user to hold the passport near the device. However, the passport was never read , the session just stayed there with no progress or data returned.
I then tried enabling the ICAO ePassport AID:
A0000002471001
After adding this, the build failed with the following signing error:
Provisioning profile "iOS Team Provisioning Profile: com.sandrotbilisi.DigitalCurrency" doesn't include the com.apple.developer.nfc.readersession.iso7816.select-identifiers entitlement.
Has anyone encountered this behavior when working with ePassports?
Do I need special entitlement approval from Apple for this AID?
Thank you.
Hi,
I’m building an iOS self accountability app using FamilyControls and DeviceActivity. I can show the user’s real Screen Time correctly inside a DeviceActivityReport extension on a real device, but I want to use that same daily total inside the main app for today’s log and leaderboard.
What I’m stuck on is getting that value back into the app. I tried App Groups, shared UserDefaults, a shared file in the app group container, and CFPreferences, but the report still only works as a display and the main app never receives the total.
Is there any Apple supported way to use the daily Screen Time total from a DeviceActivityReport extension inside the containing app, or is this intentionally display only?
Thanks.
An app build is uploaded using Xcode 26.3 RC and fully validated/provisioned/processed at AppStoreConnect that shows build is Complete/Ready to Test
Export compliance has been done
Internal testers have been added to internal testing group
Internal testers have accepted invite
App is visible with all details in Test Flight on testers' iPhones (running 26.3 final)
Internal testers tap App but Install button NEVER appears and testers get request for code to redeem app but invitation email does NOT include redeem code
Testers cannot download and install app
What is going on with TestFlight Apple?
Hi - Using storekit2 on ios26.2 and using presentOfferCodeRedeemSheet to allow users to leverage Offer Codes.
The codes work (sandbox and production), however on the confirmation view that shows Redeem Special Offer, while my App Icon is properly displayed up top, the associated product subscription image is missing and I see a grey App Store image/icon instead.
I do successfully see the associated subscription and pricing to the right. My subscription product images are already reviewed/approved and have been live for a number of weeks. I see this in Sandbox and Production (with a live customer sending me the phone screenshot).
PS, my product icons/logos all show up successfully during normal checkout in sandbox/production, this only occurs on Offer Code Redemption views.
Topic:
App & System Services
SubTopic:
StoreKit
I have a driver extending IOUserUSBSerial and I want the device to show up as /dev/tty.mycustombasename-123 and /dev/cu. respectively. How can I achieve that?
I am testing my app in iOS 26.4 beta and emojis are rendering as squares with ? in the middle . I tested a very simple Text("👾") and I get the same results. It is working fine in 26.3.
Topic:
App & System Services
SubTopic:
General
I am writing a DriverKit driver for the first that uses the USBSerialDriverKit. The driver its purpose is to expose the device as serial interface (/dev/cu.tetra-pei0 or something like this). My problem: I don't see any logs from that driver in the console and I tried like 40 different approaches and checked everything. The last message I see is that the driver get successfully added to the system it is in the list of active and enabled system driver extensions but when I plug the device in none of my logs appear and it doesn't show up in ioreg. So without my driver the target device looks like this:
+-o TETRA PEI interface@02120000 <class IOUSBHostDevice, id 0x10000297d, registered, matched, active, busy 0 (13 ms), retain 30>
| {
| "sessionID" = 268696051410
| "USBSpeed" = 3
| "UsbLinkSpeed" = 480000000
| "idProduct" = 36886
| "iManufacturer" = 1
| "bDeviceClass" = 0
| "IOPowerManagement" = {"PowerOverrideOn"=Yes,"DevicePowerState"=2,"CurrentPowerState"=2,"CapabilityFlags"=32768,"MaxPowerState"=2,"DriverPowerState"=0}
| "bcdDevice" = 9238
| "bMaxPacketSize0" = 64
| "iProduct" = 2
| "iSerialNumber" = 0
| "bNumConfigurations" = 1
| "UsbDeviceSignature" = <ad0c16901624000000ff0000>
| "USB Product Name" = "TETRA PEI interface"
| "locationID" = 34734080
| "bDeviceSubClass" = 0
| "bcdUSB" = 512
| "USB Address" = 6
| "kUSBCurrentConfiguration" = 1
| "IOCFPlugInTypes" = {"9dc7b780-9ec0-11d4-a54f-000a27052861"="IOUSBHostFamily.kext/Contents/PlugIns/IOUSBLib.bundle"}
| "UsbPowerSinkAllocation" = 500
| "bDeviceProtocol" = 0
| "USBPortType" = 0
| "IOServiceDEXTEntitlements" = (("com.apple.developer.driverkit.transport.usb"))
| "USB Vendor Name" = "Motorola Solutions, Inc."
| "Device Speed" = 2
| "idVendor" = 3245
| "kUSBProductString" = "TETRA PEI interface"
| "kUSBAddress" = 6
| "kUSBVendorString" = "Motorola Solutions, Inc."
| }
|
+-o AppleUSBHostCompositeDevice <class AppleUSBHostCompositeDevice, id 0x100002982, !registered, !matched, active, busy 0, retain 5>
| {
| "IOProbeScore" = 50000
| "CFBundleIdentifier" = "com.apple.driver.usb.AppleUSBHostCompositeDevice"
| "IOProviderClass" = "IOUSBHostDevice"
| "IOClass" = "AppleUSBHostCompositeDevice"
| "IOPersonalityPublisher" = "com.apple.driver.usb.AppleUSBHostCompositeDevice"
| "bDeviceSubClass" = 0
| "CFBundleIdentifierKernel" = "com.apple.driver.usb.AppleUSBHostCompositeDevice"
| "IOMatchedAtBoot" = Yes
| "IOMatchCategory" = "IODefaultMatchCategory"
| "IOPrimaryDriverTerminateOptions" = Yes
| "bDeviceClass" = 0
| }
|
+-o lghub_agent <class AppleUSBHostDeviceUserClient, id 0x100002983, !registered, !matched, active, busy 0, retain 7>
| {
| "IOUserClientCreator" = "pid 1438, lghub_agent"
| "IOUserClientDefaultLocking" = Yes
| }
|
+-o IOUSBHostInterface@0 <class IOUSBHostInterface, id 0x100002986, registered, matched, active, busy 0 (5 ms), retain 9>
| | {
| | "USBPortType" = 0
| | "IOCFPlugInTypes" = {"2d9786c6-9ef3-11d4-ad51-000a27052861"="IOUSBHostFamily.kext/Contents/PlugIns/IOUSBLib.bundle"}
| | "USB Vendor Name" = "Motorola Solutions, Inc."
| | "bcdDevice" = 9238
| | "USBSpeed" = 3
| | "idProduct" = 36886
| | "IOServiceDEXTEntitlements" = (("com.apple.developer.driverkit.transport.usb"))
| | "bInterfaceSubClass" = 0
| | "bConfigurationValue" = 1
| | "locationID" = 34734080
| | "USB Product Name" = "TETRA PEI interface"
| | "bInterfaceProtocol" = 0
| | "iInterface" = 0
| | "bAlternateSetting" = 0
| | "idVendor" = 3245
| | "bInterfaceNumber" = 0
| | "bInterfaceClass" = 255
| | "bNumEndpoints" = 2
| | }
| |
| +-o lghub_agent <class AppleUSBHostInterfaceUserClient, id 0x100002988, !registered, !matched, active, busy 0, retain 6>
| {
| "UsbUserClientBufferStatistics" = {"IOMemoryDescriptor"=0,"IOBufferMemoryDescriptor"=0,"IOSubMemoryDescriptor"=0}
| "IOUserClientCreator" = "pid 1438, lghub_agent"
| "UsbUserClientBufferAllocations" = {"Bytes"=0,"Descriptors"=0}
| "IOUserClientDefaultLocking" = Yes
| }
|
+-o IOUSBHostInterface@1 <class IOUSBHostInterface, id 0x100002987, registered, matched, active, busy 0 (5 ms), retain 9>
| {
| "USBPortType" = 0
| "IOCFPlugInTypes" = {"2d9786c6-9ef3-11d4-ad51-000a27052861"="IOUSBHostFamily.kext/Contents/PlugIns/IOUSBLib.bundle"}
| "USB Vendor Name" = "Motorola Solutions, Inc."
| "bcdDevice" = 9238
| "USBSpeed" = 3
| "idProduct" = 36886
| "IOServiceDEXTEntitlements" = (("com.apple.developer.driverkit.transport.usb"))
| "bInterfaceSubClass" = 0
| "bConfigurationValue" = 1
| "locationID" = 34734080
| "USB Product Name" = "TETRA PEI interface"
| "bInterfaceProtocol" = 0
| "iInterface" = 0
| "bAlternateSetting" = 0
| "idVendor" = 3245
| "bInterfaceNumber" = 1
| "bInterfaceClass" = 255
| "bNumEndpoints" = 2
| }
|
+-o lghub_agent <class AppleUSBHostInterfaceUserClient, id 0x10000298a, !registered, !matched, active, busy 0, retain 6>
{
"UsbUserClientBufferStatistics" = {"IOMemoryDescriptor"=0,"IOBufferMemoryDescriptor"=0,"IOSubMemoryDescriptor"=0}
"IOUserClientCreator" = "pid 1438, lghub_agent"
"UsbUserClientBufferAllocations" = {"Bytes"=0,"Descriptors"=0}
"IOUserClientDefaultLocking" = Yes
}
more details in my comment.
Hi everyone,
I’m having an issue with App Store Connect regarding the production release of my app.
I submitted my app and contacted App Store Connect support because I haven’t received any verification or confirmation to proceed with the production release, but I still haven’t received any response.
It has been over two weeks since I first contacted them. According to Apple’s documentation, support responses usually take around 48 hours, so I’m a bit concerned.
My app is currently not moving forward to production, and I don’t see any clear indication of what is missing or if additional action is required from my side. I’ve checked App Store Connect notifications and my email (including spam), but there’s nothing.
Has anyone experienced a similar situation recently?
Is there a recommended way to escalate this issue (specific support category, phone call, or another process)?
Any help or advice would be greatly appreciated.
Thank you!
Topic:
App & System Services
SubTopic:
General
I have submitted a new update on February 9th and it's still waiting for review. I will go crazy. There is no way to reach developer support as well. Can someone suggest me what should I do?
I emailed, I applied for expedit review but there is no follow up.
Hello Apple Support Team,
We are seeing a production crash on iOS 26 devices that appears to originate from Apple system frameworks rather than application code.
1. Crash Details
OS Version: iOS 26.x
App built with: Xcode 16
Devices: Multiple models (not device-specific)
Exception Type: SIGSEGV SEGV_ACCERR
Fault Address: 0x0000000000000100
Crashed Thread: 4 (network background queue)
Crash trace summary:
Last Exception :
0 libobjc.A.dylib _objc_release_x8 + 8
1 libboringssl.dylib _nw_protocol_boringssl_deallocate_options + 92
2 Network 0x000000019695207c 0x00000001968dc000 + 483452
3 libswiftCore.dylib __swift_release_dealloc + 56
4 libswiftCore.dylib bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1> >::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 152
5 Network 0x0000000196951f6c 0x00000001968dc000 + 483180
6 Network 0x0000000196952000 0x00000001968dc000 + 483328
7 libswiftCore.dylib __swift_release_dealloc + 56
8 libswiftCore.dylib bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1> >::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 152
9 libswiftCore.dylib void multiPayloadEnumFN<&handleRefCountsDestroy>(swift::TargetMetadata<swift::InProcess> const*, swift::LayoutStringReader1&, unsigned long&, unsigned char*) + 248
10 libswiftCore.dylib swift::swift_cvw_arrayDestroy(swift::OpaqueValue*, unsigned long, unsigned long, swift::TargetMetadata<swift::InProcess> const*) + 1172
11 libswiftCore.dylib _$sSp12deinitialize5countSvSi_tF + 40
12 CollectionsInternal ___swift_instantiateGenericMetadata + 1236
13 CollectionsInternal ___swift_instantiateGenericMetadata + 388
14 CollectionsInternal ___swift_instantiateGenericMetadata + 1044
15 libswiftCore.dylib __swift_release_dealloc + 56
16 libswiftCore.dylib bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1> >::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 152
17 Network 0x000000019695f9fc 0x00000001968dc000 + 539132
18 Network 0x000000019695f9bc 0x00000001968dc000 + 539068
19 libswiftCore.dylib __swift_release_dealloc + 56
20 libswiftCore.dylib bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1> >::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 152
21 libswiftCore.dylib swift_cvw_destroyImpl(swift::OpaqueValue*, swift::TargetMetadata<swift::InProcess> const*) + 212
22 Network 0x0000000196def5d8 0x00000001968dc000 + 5322200
23 Network 0x0000000196ded130 0x00000001968dc000 + 5312816
24 libswiftCore.dylib __swift_release_dealloc + 56
25 libswiftCore.dylib bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1> >::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 152
26 Network 0x000000019695fde0 0x00000001968dc000 + 540128
27 libobjc.A.dylib object_cxxDestructFromClass(objc_object*, objc_class*) + 116
28 libobjc.A.dylib objc_destructInstance_nonnull_realized(objc_object*) + 76
29 libobjc.A.dylib __objc_rootDealloc + 72
30 Network 0x000000019695f99c 0x00000001968dc000 + 539036
31 Network 0x000000019695fae4 0x00000001968dc000 + 539364
32 Network 0x0000000196b078b8 0x00000001968dc000 + 2275512
33 libobjc.A.dylib object_cxxDestructFromClass(objc_object*, objc_class*) + 116
34 libobjc.A.dylib objc_destructInstance_nonnull_realized(objc_object*) + 76
35 libobjc.A.dylib __objc_rootDealloc + 72
36 Network 0x0000000196b07658 0x00000001968dc000 + 2274904
37 Network 0x00000001968e51d4 nw_queue_context_async_if_needed + 92
38 Network 0x0000000197686ea0 0x00000001968dc000 + 14331552
39 libswiftCore.dylib swift::swift_cvw_arrayDestroy(swift::OpaqueValue*, unsigned long, unsigned long, swift::TargetMetadata<swift::InProcess> const*) + 436
40 libswiftCore.dylib _$sSp12deinitialize5countSvSi_tF + 40
41 CollectionsInternal ___swift_instantiateGenericMetadata + 1236
42 CollectionsInternal ___swift_instantiateGenericMetadata + 388
43 CollectionsInternal ___swift_instantiateGenericMetadata + 1044
44 libswiftCore.dylib __swift_release_dealloc + 56
45 libswiftCore.dylib bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1> >::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 152
46 Network 0x000000019694a010 0x00000001968dc000 + 450576
47 libobjc.A.dylib object_cxxDestructFromClass(objc_object*, objc_class*) + 116
48 libobjc.A.dylib objc_destructInstance_nonnull_realized(objc_object*) + 76
49 libobjc.A.dylib __objc_rootDealloc + 72
50 Network 0x0000000196a330e0 0x00000001968dc000 + 1405152
51 Network 0x00000001974378e0 0x00000001968dc000 + 11909344
52 Network 0x0000000196a17178 0x00000001968dc000 + 1290616
53 libdispatch.dylib __dispatch_call_block_and_release + 32
54 libdispatch.dylib __dispatch_client_callout + 16
55 libdispatch.dylib _dispatch_workloop_invoke.cold.4 + 32
56 libdispatch.dylib __dispatch_workloop_invoke + 1980
57 libdispatch.dylib __dispatch_root_queue_drain_deferred_wlh + 292
58 libdispatch.dylib __dispatch_workloop_worker_thread + 692
59 libsystem_pthread.dylib __pthread_wqthread + 292
------
Exception Type: SIGSEGV SEGV_ACCERR
Exception Codes: fault addr: 0x0000000000000100
Crashed Thread: 4
2. Behavior & Context
The crash occurs during normal HTTPS networking using standard URLSession (no direct usage of Network.framework nor boringssl APIs).
It appears to be triggered during QUIC connection establishment or TLS fallback.
The stack trace contains no application code frames — all symbols are from system libraries.
The crash strongly indicates double-free, over-release, or dangling pointer inside nw_protocol_boringssl_options deallocation.
3. Questions for Apple
Is this a known issue in iOS 26 within Network.framework / boringssl related to nw_protocol_boringssl_deallocate_options?
What is the root cause of the over‑release / invalid objc_release in this path?
Is there a workaround we can implement from the app side (e.g., disabling QUIC, adjusting TLS settings, or queue configuration)?
Do you have a target iOS version or patch where this issue will be fixed?
We can provide full crash logs and additional metrics upon request.
4. Additional Information
Developed using Swift 5, with a deployment target of iOS 12+.
Thank you for your support.
Topic:
App & System Services
SubTopic:
Networking
Dear Apple Developer Technical Support,
I am currently developing a macOS network filtering solution using NetworkExtension with NEFilterDataProvider.
During implementation of the handleOutboundData logic, we are using the following verdict:
NEFilterNewFlowVerdict.filterDataVerdict(
withFilterInbound: true,
peekInboundBytes: InboundPeekBytes,
filterOutbound: true,
peekOutboundBytes: OutboundPeekBytes
)
However, we have encountered an issue when SMB traffic is involved.
When SMB protocol communication occurs, the network connection occasionally becomes unresponsive or appears to stall when peekOutboundBytes is set to a large value.
Through testing, we observed the following behavior:
On some systems, reducing the peekOutboundBytes value allows SMB communication to proceed normally.
On other systems, even relatively small values can still cause the SMB connection to stall.
This behavior appears inconsistent across different macOS environments.
Because of this, we would like to clarify the following:
Is there a documented or recommended maximum value for peekOutboundBytes when using NEFilterNewFlowVerdict.filterDataVerdict?
Are there any internal limits or constraints within NetworkExtension that could cause SMB traffic to stall when the peek buffer size is too large?
Are there best practices for selecting appropriate peekInboundBytes / peekOutboundBytes values when filtering high-throughput protocols such as SMB?
If necessary, we can provide additional information such as macOS version, test environment details, and logs.
Thank you for your assistance.
Best regards,
sangho
We began storing our users' appTransactionID as a quick lookup identifier for purchase history as it is back-dated and consistent between installs and can be signed by Apple.
We've read through both the Storekit documentation and the app transfer documentation, but wanted to verify that a users appTransactionID remains consistent after an app has been transferred from one Apple developer account to another (assuming they have the proper shared secret info)? Basically, would the new developer team be seeing the same appTransactionID our current team sees for an existing user post-transfer?
Topic:
App & System Services
SubTopic:
StoreKit
We use AppShortcutsProvider with a parameterized App Shortcut. One of the entities has a dynamic display title (e.g. "Everyone is searching: {keyword}") that comes from UserDefaults and is returned in EntityQuery.suggestedEntities() and entities(for:).
When we change the keyword and call updateAppShortcutParameters(), the Shortcuts app updates and shows the new title.
In Spotlight (Siri Suggestions), the displayed title stays on the old value (e.g. still shows "Everyone is searching: 456" after we switched to "123").
On tap, the shortcut runs with the new value (123), so the execution is correct; only the displayed title in Spotlight is stale.
Question: Is this expected? Is there any API or recommended approach to invalidate or refresh the Spotlight suggestion so the displayed title matches the current parameter, or should we avoid dynamic titles for the first suggestion for better UX?
I have several macOS applications that use CloudKit. I need to test and finds out what happens when the user signs out of their iCloud account. That's because the application may lose data after signing out and then signing in again. Every time I do that, it'll take 15, 20 minutes... I don't time it, but it takes quite a gigantic time to sign out as the spinner keeps rolling. Why does it take so long to just sign out? This sign out effect is untestable because it takes a long time to sign out of an iCloud account and then make changes to the code and then test again. In case you need to know, my system version is Sequoia 15.7.
aka MKLocalSearch.Request in Swift.
Today my users reported that our address auto-complete functionality was returning strange results. We narrowed the issue down to pointOfInterestFilter being set. Sample code below:
MKLocalSearchRequest *request = [[MKLocalSearchRequest alloc] init];
request.region = self.region;
request.naturalLanguageQuery = addressString;
request.resultTypes = MKLocalSearchResultTypeAddress;
request.pointOfInterestFilter = [MKPointOfInterestFilter filterIncludingAllCategories];
That last line is the problem. When I stopped setting request.pointOfInterestFilter the MKLocalSearch started working as it always had.
To further hammer home the point, with request.pointOfInterestFilter unset I set resultTypes to MKLocalSearchCompleterResultTypePointOfInterest (aka .pointOfInterest) and the issue returned.
It seems Apple made a change on their backend recently such that pointOfInterestFilter now overrides resultTypes.
I'm building a macOS network monitor using NEFilterDataProvider as a system extension, distributed with Developer ID signing. On macOS 26.3 (Tahoe), sysextd consistently rejects the activation request with "no policy, cannot allow apps outside /Applications" — despite the app being in /Applications and passing every verification check.
I'm aware of the known Xcode NE signing bug (r. 108838909) and have followed the manual signing process from Exporting a Developer ID Network Extension. I've also tried both xcodebuild build and xcodebuild archive workflows — identical failure.
Environment
macOS
26.3 (25D125), SIP enabled
Xcode
26.3 (17C529)
Hardware
Apple M2 Pro
Certificate
Developer ID Application (issued Jan 30, 2026 — 27 days old)
MDM/Profiles
None installed
Signing & Verification (all pass)
$ spctl -a -vv /Applications/Chakshu.app
/Applications/Chakshu.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: ROBIN SHARMA (R65679C4F3)
$ codesign --verify --deep --strict -vv /Applications/Chakshu.app
/Applications/Chakshu.app: valid on disk
/Applications/Chakshu.app: satisfies its Designated Requirement
$ xcrun stapler validate /Applications/Chakshu.app
The validate action worked!
App signing:
Authority=Developer ID Application: ROBIN SHARMA (R65679C4F3)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
TeamIdentifier=R65679C4F3
Runtime Version=26.2.0
Notarization Ticket=stapled
App entitlements:
com.apple.application-identifier = R65679C4F3.dev.indrasvat.chakshu
com.apple.developer.team-identifier = R65679C4F3
com.apple.developer.system-extension.install = true
com.apple.developer.networking.networkextension = [content-filter-provider-systemextension]
keychain-access-groups = [R65679C4F3.*]
Extension signing: Same Developer ID authority, same team, same timestamp. Extension entitlements match (minus system-extension.install). Developer ID provisioning profiles are embedded in both app and extension.
What sysextd logs
Captured Feb 26, 2026 from log stream --predicate 'process == "sysextd"':
sysextd [com.apple.sx:XPC] client activation request for dev.indrasvat.chakshu.filter
sysextd attempting to realize extension with identifier dev.indrasvat.chakshu.filter
sysextd (Security) SecKeyVerifySignature ← pass (×2)
sysextd (Security) SecTrustEvaluateIfNecessary ← pass (×2)
sysextd [com.apple.xpc:connection] activating connection: name=com.apple.CodeSigningHelper
sysextd [com.apple.xpc:connection] invalidated after the last release
sysextd no policy, cannot allow apps outside /Applications
sysextd [com.apple.sx:XPC] client connection invalidated
Signature and trust evaluation pass. CodeSigningHelper completes. Then the policy check fails. The app receives OSSystemExtensionError code 4 (extensionNotFound).
What I've tried and ruled out
Build process:
Approach
Result
xcodebuild build -configuration Release + manual re-sign
Same failure
xcodebuild archive + export from archive + manual re-sign (per thread/737894)
Same failure
Minimal hand-crafted Xcode project (no xcodegen, trivial code)
Same failure
Both workflows follow Quinn's process exactly: build with Apple Development → copy app → embed Developer ID provisioning profiles → re-sign inside-out (extension first, then app) with -systemextension suffix entitlements → notarize → staple → install to /Applications.
System-level checks:
Rebooting — no change
Killing sysextd — no change
Removing com.apple.quarantine xattr — no change
chown root:wheel on app bundle — no change
lsregister -r (reset Launch Services) — no change
Waiting 27 days for certificate propagation — no change
Reinstalling via Finder drag-to-Applications — no change
No MDM or configuration profiles installed
/Library/SystemExtensions/db.plist shows extensionPolicies: [] (empty)
Key observation
Pre-existing network extensions activated before macOS 26 work fine on this machine. For example, Tailscale's NEPacketTunnelProvider shows state: activated_enabled in the system extensions database — it was activated on a prior macOS version and is still running. Only new system extension activations fail.
I've seen similar Tahoe-specific reports from LuLu (same NEFilterDataProvider type, Developer ID distribution):
LuLu #825
LuLu #831
Questions
Is this a known regression in macOS 26's sysextd policy evaluation for new Developer ID system extension activations?
sysextd's policy check fails after all signature and trust evaluation succeeds. Is there a separate trust/policy path that sysextd consults beyond what spctl, codesign, and CodeSigningHelper verify?
Is there anything else I should be checking?
I have a sysdiagnose captured immediately after the failure, a minimal reproducer project, and full raw sysextd logs available on request.