So i created an App and for some time it was working fine. The app has features to show pdf to users without logging in. I needed to upload all data to cloudkit on public database. I was not having knowledge that there are 2 mode being a noob in coding so after i saved all records in development mode in cloudkit when i published my app, i was not able to see them (Reason because live mode works in Production mode). So i need help now to transfer data from development mode to production mode or any app or code that can help me upload all data in production mode.

Hello, I am unable to figure out how I tell the FamilyActivityPicker whether it should show apps installed on my personal device (to be used with AuthorizationCenter.shared.requestAuthorization(for: .individual)) or apps installed on my child’s device (authenticated their phone via AuthorizationCenter.shared.requestAuthorization(for: .child)). Is there any parameter or SwiftUI modifier I need to apply? Otherwise, how does the user or the app know which token belongs to them and which token belongs to their child’s device? Radar: FB17020977 Thanks a lot for your help!

There is no official documentation specifying the exact criteria for determining a CLVisit. For example, if a user starts at a target location, will the following method be called? func locationManager(_ manager: CLLocationManager, didVisit visit: CLVisit) This did not work during my testing. It was only successfully triggered when starting from a distant location and arriving at the target point. It would be helpful to know the exact conditions, such as how long a user must stay at a location for it to be considered a visit. Are there any specific thresholds (e.g., minimum duration, distance moved) that determine when this method is triggered?

I've enjoyed using an existing app to connect over BLE to a camera which allows for photo transfer. For some reason though early on in iOS 18, it seems the bluetooth advertising name was corrupted. As a result, the camera no longer connects to the app. I've checked on another phone that the camera connects. I was wondering how to go about clearing the bluetooth cache or maybe specifically the BLE cache. The existing app developer is non responsive and I'm assuming the issue will never be fixed. I was planning on clearing the cache within my own personal unreleased app. Just wondering if there's any cache clearing API.

Good day We developed a simple swift code to make the device ringing when a certain type of notifications arrives from our backend. This is the code: let phoneNumber = CXHandle(type: .generic, value: (self.userInfoForPluginCall!["data"] as! [String:Any]) ["caller"] as! String) callUpdate.remoteHandle = phoneNumber let configuration = CXProviderConfiguration(localizedName: "Trec Conf") configuration.maximumCallGroups = 1 configuration.maximumCallsPerCallGroup = 1 configuration.supportsVideo = false configuration.supportedHandleTypes = [.generic] configuration.iconTemplateImageData = UIImage(named: "callkit-icon")?.pngData() let callProvider = CXProvider(configuration: configuration) callProvider.setDelegate(self, queue: nil) callProvider.reportNewIncomingCall(with: callUUID!, update: callUpdate, completion: {error in}) We are noticing some problems on the call screen: on certain devices (iOS 18.4RC) the normal call screen appears and the user can answer or decline the call, on other devices (iOS 18.3, especially with dynamic island) only a phone icon appears in the upper right corner and no possibility to answer or deny call. Any idea on why we are encountering that behavior? Thanks

I cannot test IAP using sandbox account that I logged on from settings, it keeps show my regular Apple ID when I try to test IAP from TestFlight This issue frustrate me and bunch of my colleagues, we cannot manage our subscription when sandbox account is default choosing Apple ID I've seen people complaining about this issue a lot Any help on resolving this issue would be really appreaciated

We have a NEFilterDataProvider extension that intercepts all TCP and UDP IPv4/6 traffic. At times just after wakeup from sleep, it causes internet access issues, such as showing "This site can't be reached" when opening websites. The traffic is not being dropped by the extension. According to the logs, the connection is being closed after approximately 4 minutes. During the issue, the flow logs are as follows: Flow 515129771 is connecting New flow: NEFlow type = stream, app = com.google.Chrome.helper... Detaching, ref count = 2 (logged after ~4 minutes) Sending close, how = 2 Removing from group 2, ref count = 2 Destroying, app tx 0, tunnel tx 0, tunnel rx 0 Closing reads, not closed by plugin Closing writes, not sending close Any suggestions on the possible cause and how to further debug it?

For Apple subscription payments, my server does not receive notifications for production environment payments, but it can receive notifications for sandbox payments at the same notification address.

I'd like to set the recordingYear in my Spotlight File Importer extension but the property is missing from CSSearchableItemAttributeSet e.g. in the resulting in mdls I'd like to see: kMDItemRecordingYear = 2008; This would allow me to search in Finder by the recording year criteria. There is a recordingDate property and I tried setting it to Date that only has a year but it didn't work. It just resulted in this: kMDItemRecordingDate = "2008-01-01 00:00:00 +0000";

Hi, I want to open an email message with AppleScript. Everything is working correctly, but in the Mail app, instead of focusing on targetMessage, it highlights the email after the target message. When I use: tell targetMessage to open the correct email opens in new window but the wrong email is highlighted in the Mail app list. tell application "Mail" activate set targetAccount to missing value repeat with anAccount in every account if name of anAccount is "AccountName" then set targetAccount to anAccount exit repeat end if end repeat if targetAccount is not missing value then set targetBox to missing value repeat with aBox in mailboxes of targetAccount if name of aBox is "MailboxName" then set targetBox to aBox exit repeat end if end repeat if targetBox is not missing value then set targetMessage to missing value set oneWeekAgo to (current date) - (7 * days) set filteredMessages to (every message of targetBox whose date received ≥ oneWeekAgo) repeat with aMessage in filteredMessages try if message id of aMessage is "MessageID" then set targetMessage to aMessage exit repeat end if end try end repeat if targetMessage is not missing value then if (count of message viewers) > 0 then set mailViewer to message viewer 1 else set mailViewer to make new message viewer end if tell mailViewer set selected mailboxes to {targetBox} delay 0.2 set selected messages to {targetMessage} end tell return "Found" else return "Message Not found" end if else return "Folder Not found" end if else return "Account Not found" end if end tell Why is this behavior happening?

Hi, I want to offer an auto-renewable subscription (e.g., $1/month) that grants users (10 document analyses per month), with the count resetting at the start of each billing cycle. -Unused analyses will not roll over to the next month- Additionally, any analyses generated while the subscription is active will remain accessible to the user permanently, even if they cancel the subscription. The paywall, app description, and metadata will clearly state that the subscription grants (10 document analyses per month with no rollover) We want this to be implemented as an auto-renewable subscription model, not as a consumable service or a token/credit system (which we want to avoid). Is this model acceptable under Apple’s guidelines, or would it be considered a token/credit system? Any insights or alternative suggestions would be appreciated.. Thanks

The Apple subscription production environment receives notifications, but the same notification address successfully receives them only for sandbox payments.

Hello everyone, I am currently developing a media playback app and want to achieve the following functionality: Display multiple media contents in the Now Playing control center, instead of just showing the currently playing one. Allow users to select and switch between different contents, such as videos, music, etc., from the control center. However, I have encountered some issues: Although I have integrated the Now Playing control center, it only displays the current media being played. I would like to display multiple selectable media contents (such as a video list, music list, etc.) in the control center, similar to what is done by some media player apps, and allow users to switch between them. I’ve tried the following methods: Using MPNowPlayingInfoCenter to update the current playing media information. Attempting to set MPNowPlayingInfoPropertyPlaybackQueueCount to show multiple items in the queue, but it doesn’t seem to work. Can anyone provide guidance on how to display multiple media contents in the Now Playing control center? Any experienced developers who could share their insights or suggestions would be greatly appreciated! Thank you very much for your help and feedback!

Hi Team, We’re encountering a device-specific issue with our SMS Message Filter extension. The extension works as expected on an iPhone 11 running iOS 16.6, but it does not trigger on an iPhone 12 Pro running iOS 16.7. Key Observations: The extension is implemented using ILMessageFilterExtension and calls messageFilterOffline(appGroupIdentifier:for:) from our shared library. The App Group is properly configured and accessible across the app and extension. The extension is enabled under Settings > Messages > Unknown & Spam. There are no crashes or error logs reported on the affected device. The issue is consistently reproducible — it works on one device but not the other. We’re wondering if this could be a regression or a device-specific behavior change introduced in iOS 16.7. Has anyone encountered similar inconsistencies in Message Filter extensions across different iOS versions or device models? Any guidance or suggestions would be greatly appreciated. Thanks in advance!

I made a set of Siri Shortcuts in my app with the AppShortcutsProvider, and they each have a set of phrases. I can activate the shortcuts via Siri phrases or Spotlight search on iOS 18+, but not on iOS -17. I've checked the documentation and see that AppShortcutsProvider is supported from iOS 16+, so I don't understand why I can't view the shortcuts in Spotlight or activate them with Siri unless it's at least iOS 18. Any thoughts?

I'm sending push notifications to a notification extension, and within the extension setting the threadIdentifier to be the same. But I'm observing inconsistent grouping behaviour, and behaviour that changes over time. The general iPhone settings are to display notifications as a Stack, and the app settings are to show on lock screen, notification center and banners and the notification grouping is set to by app (changing it to automatic doesn't affect the behaviour below). Pushes are displayed on the lock screen grouped together, then if the device is roused and the screen swiped down to reveal the notification center then they are still grouped. So far so good. If the iphone is active then the notifications appear at the top of the screen, one by one, but in this case if there is a swipe down to reveal the notification center then the notifications are not grouped when displayed, but shown individually. But then if one waits a few minutes and then displays the notification center for a 2nd time, sometimes now they will be grouped, but sometimes not. Why are they not (always) being displayed as grouped in the notification center?

你好，有个问题想请教一下： 我们的app是一款与CGM实时血糖相关的app，app支持在后台通过蓝牙跟CGM血糖设备保持连接。 现在遇到一个问题： 首先，app在后台运行期间，蓝牙是开启状态的，跟CGM设备也是连接的状态。 某个时刻，监听到蓝牙的状态突然从 poweredOn 变为了 resetting ，然后蓝牙又恢复了，状态变为了 poweredOn 这时候，问题出现了：之前连接的那个CGM血糖设备一直无法扫描到了！！ 我想问一下： 什么情况下，蓝牙状态会变为resetting 蓝牙状态恢复为poweredOn后，之前连接的那个CGM血糖设备一直无法扫描到了，为什么？我要怎么做才能恢复，重新扫描到之前连接的这个设备？

IOS can record a key, a key video, but there is no key recording function, which is really bad👎Yeah, i hope you guys come on.💪

This week I’m handling a DTS incident from a developer who wants to escalate privileges in their app. This is a tricky problem. Over the years I’ve explained aspects of this both here on DevForums and in numerous DTS incidents. Rather than do that again, I figured I’d collect my thoughts into one place and share them here. If you have questions or comments, please start a new thread with an appropriate tag (Service Management or XPC are the most likely candidates here) in the App & System Services > Core OS topic area. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" BSD Privilege Escalation on macOS macOS has multiple privilege models. Some of these were inherited from its ancestor platforms. For example, Mach messages has a capability-based privilege model. Others were introduced by Apple to address specific user scenarios. For example, macOS 10.14 and later have mandatory access control (MAC), as discussed in On File System Permissions. One of the most important privilege models is the one inherited from BSD. This is the classic users and groups model. Many subsystems within macOS, especially those with a BSD heritage, use this model. For example, a packet tracing tool must open a BPF device, /dev/bpf*, and that requires root privileges. Specifically, the process that calls open must have an effective user ID of 0, that is, the root user. That process is said to be running as root, and escalating BSD privileges is the act of getting code to run as root. IMPORTANT Escalating privileges does not bypass all privilege restrictions. For example, MAC applies to all processes, including those running as root. Indeed, running as root can make things harder because TCC will not display UI when a launchd daemon trips over a MAC restriction. Escalating privileges on macOS is not straightforward. There are many different ways to do this, each with its own pros and cons. The best approach depends on your specific circumstances. Note If you find operations where a root privilege restriction doesn’t make sense, feel free to file a bug requesting that it be lifted. This is not without precedent. For example, in macOS 10.2 (yes, back in 2002!) we made it possible to implement ICMP (ping) without root privileges. And in macOS 10.14 we removed the restriction on binding to low-number ports (r. 17427890). Nice! Decide on One-Shot vs Ongoing Privileges To start, decide whether you want one-shot or ongoing privileges. For one-shot privileges, the user authorises the operation, you perform it, and that’s that. For example, if you’re creating an un-installer for your product, one-shot privileges make sense because, once it’s done, your code is no longer present on the user’s system. In contrast, for ongoing privileges the user authorises the installation of a launchd daemon. This code always runs as root and thus can perform privileged operations at any time. Folks often ask for one-shot privileges but really need ongoing privileges. A classic example of this is a custom installer. In many cases installation isn’t a one-shot operation. Rather, the installer includes a software update mechanism that needs ongoing privileges. If that’s the case, there’s no point dealing with one-shot privileges at all. Just get ongoing privileges and treat your initial operation as a special case within that. Keep in mind that you can convert one-shot privileges to ongoing privileges by installing a launchd daemon. Just Because You Can, Doesn’t Mean You Should Ongoing privileges represent an obvious security risk. Your daemon can perform an operation, but how does it know whether it should perform that operation? There are two common ways to authorise operations: Authorise the user Authorise the client To authorise the user, use Authorization Services. For a specific example of this, look at the EvenBetterAuthorizationSample sample code. Note This sample hasn’t been updated in a while (sorry!) and it’s ironic that one of the things it demonstrates, opening a low-number port, no longer requires root privileges. However, the core concepts demonstrated by the sample are still valid. The packet trace example from above is a situation where authorising the user with Authorization Services makes perfect sense. By default you might want your privileged helper tool to allow any user to run a packet trace. However, your code might be running on a Mac in a managed environment, where the site admin wants to restrict this to just admin users, or just a specific group of users. A custom authorisation right gives the site admin the flexibility to configure authorisation exactly as they want. Authorising the client is a relatively new idea. It assumes that some process is using XPC to request that the daemon perform a privileged operation. In that case, the daemon can use XPC facilities to ensure that only certain processes can make such a request. Doing this securely is a challenge. For specific API advice, see this post. WARNING This authorisation is based on the code signature of the process’s main executable. If the process loads plug-ins [1], the daemon can’t tell the difference between a request coming from the main executable and a request coming from a plug-in. [1] I’m talking in-process plug-ins here. Plug-ins that run in their own process, such as those managed by ExtensionKit, aren’t a concern. Choose an Approach There are (at least) seven different ways to run with root privileges on macOS: A setuid-root executable The sudo command-line tool The authopen command-line tool AppleScript’s do shell script command, passing true to the administrator privileges parameter The osascript command-line tool to run an AppleScript The AuthorizationExecuteWithPrivileges routine, deprecated since macOS 10.7 The SMJobSubmit routine targeting the kSMDomainSystemLaunchd domain, deprecated since macOS 10.10 The SMJobBless routine, deprecated since macOS 13 An installer package (.pkg) The SMAppService class, a much-needed enhancement to the Service Management framework introduced in macOS 13 Note There’s one additional approach: The privileged file operation feature in NSWorkspace. I’ve not listed it here because it doesn’t let you run arbitrary code with root privileges. It does, however, have one critical benefit: It’s supported in sandboxed apps. See this post for a bunch of hints and tips. To choose between them: Do not use a setuid-root executable. Ever. It’s that simple! Doing that is creating a security vulnerability looking for an attacker to exploit it. If you’re working interactively on the command line, use sudo, authopen, and osascript as you see fit. IMPORTANT These are not appropriate to use as API. Specifically, while it may be possible to invoke sudo programmatically under some circumstances, by the time you’re done you’ll have code that’s way more complicated than the alternatives. If you’re building an ad hoc solution to distribute to a limited audience, and you need one-shot privileges, use either AuthorizationExecuteWithPrivileges or AppleScript. While AuthorizationExecuteWithPrivileges still works, it’s been deprecated for many years. Do not use it in a widely distributed product. The AppleScript approach works great from AppleScript, but you can also use it from a shell script, using osascript, and from native code, using NSAppleScript. See the code snippet later in this post. If you need one-shot privileges in a widely distributed product, consider using SMJobSubmit. While this is officially deprecated, it’s used by the very popular Sparkle update framework, and thus it’s unlikely to break without warning. If you only need escalated privileges to install your product, consider using an installer package. That’s by far the easiest solution to this problem. Keep in mind that an installer package can install a launchd daemon and thereby gain ongoing privileges. If you need ongoing privileges but don’t want to ship an installer package, use SMAppService. If you need to deploy to older systems, use SMJobBless. For instructions on using SMAppService, see Updating helper executables from earlier versions of macOS. For a comprehensive example of how to use SMJobBless, see the EvenBetterAuthorizationSample sample code. For the simplest possible example, see the SMJobBless sample code. That has a Python script to help you debug your setup. Unfortunately this hasn’t been updated in a while; see this thread for more. Hints and Tips I’m sure I’ll think of more of these as time goes by but, for the moment, let’s start with the big one… Do not run GUI code as root. In some cases you can make this work but it’s not supported. Moreover, it’s not safe. The GUI frameworks are huge, and thus have a huge attack surface. If you run GUI code as root, you are opening yourself up to security vulnerabilities. Appendix: Running an AppleScript from Native Code Below is an example of running a shell script with elevated privileges using NSAppleScript. WARNING This is not meant to be the final word in privilege escalation. Before using this, work through the steps above to see if it’s the right option for you. Hint It probably isn’t! let url: URL = … file URL for the script to execute … let script = NSAppleScript(source: """ on open (filePath) if class of filePath is not text then error "Expected a single file path argument." end if set shellScript to "exec " & quoted form of filePath do shell script shellScript with administrator privileges end open """)! // Create the Apple event. let event = NSAppleEventDescriptor( eventClass: AEEventClass(kCoreEventClass), eventID: AEEventID(kAEOpenDocuments), targetDescriptor: nil, returnID: AEReturnID(kAutoGenerateReturnID), transactionID: AETransactionID(kAnyTransactionID) ) // Set up the direct object parameter to be a single string holding the // path to our script. let parameters = NSAppleEventDescriptor(string: url.path) event.setDescriptor(parameters, forKeyword: AEKeyword(keyDirectObject)) // The `as NSAppleEventDescriptor?` is required due to a bug in the // nullability annotation on this method’s result (r. 38702068). var error: NSDictionary? = nil guard let result = script.executeAppleEvent(event, error: &error) as NSAppleEventDescriptor? else { let code = (error?[NSAppleScript.errorNumber] as? Int) ?? 1 let message = (error?[NSAppleScript.errorMessage] as? String) ?? "-" throw NSError(domain: "ShellScript", code: code, userInfo: nil) } let scriptResult = result.stringValue ?? "" Revision History 2025-03-24 Added info about authopen and osascript. 2024-11-15 Added info about SMJobSubmit. Made other minor editorial changes. 2024-07-29 Added a reference to the NSWorkspace privileged file operation feature. Made other minor editorial changes. 2022-06-22 First posted.

Hi everyone! I'm trying to get the total sleep time for a given day, but users report that there's a difference between what my app reports and what the Apple Health app reports. In particular, we're off by 2 minutes less on average. What we're doing is: Get all the samples that are either core, deep, rem or unspecified Cut-off time at 3 PM previous day Merge overlapping intervals Add all the remaining intervals For debugging purposes I'm storing and sending all the raw samples to a server, and I have run tests and I don't find anything wrong. It looks like the number we come up with is correct according to our own rules. I wonder, how is Apple adding up all the samples to arrive at a number that's slightly off to our number. Any insight would be appreciated. Thanks.