Overview

This issue keeps cropping up on the forums and so I decided to write up a single post with all the details. If you have questions or comments: If you were referred here from an existing thread, reply on that thread. If not, feel free to start a new thread. Use whatever topic and subtopic is appropriate for your question, but also add the Entitlements tag so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Determining if an entitlement is real In recent months there’s been a spate of forums threads involving ‘hallucinated’ entitlements. This typically pans out as follows: The developer, or an agent working on behalf of the developer, changes their .entitlements file to claim an entitlement that’s not real. That is, the entitlement key is a value that is not, and never has been, supported in any way. Xcode’s code signing machinery tries to find or create a provisioning profile to authorise this claim. That’s impossible, because the entitlement isn’t a real entitlement. Xcode reports this as a code signing error. The developer misinterprets that error [1] in one of two ways: As a generic Xcode code signing failure, and so they start a forums thread asking about how to fix that problem. As an indication that the entitlement is managed — that is, requires authorisation from Apple to use — and so they start a forums thread asking how to request such authorisation. The fundamental problem is step 1. Once you start claiming entitlements that aren’t real, you’re on a path to confusion. Note If you’re curious about how provisioning profiles authorise entitlement claims, read TN3125 Inside Code Signing: Provisioning Profiles. There are a couple of ways to check whether an entitlement is real. My preferred option is to create a new test project and use Xcode’s Signing & Capabilities editor to add the corresponding capability to it. Then look at what Xcode did. You might find that Xcode claimed a different entitlement, or added an Info.plist key, or did nothing at all. IMPORTANT If you can’t find the correct capability in the Signing & Capabilities editor, it’s likely that this feature is available to all apps, that is, it’s not gated by an entitlement or anything else. Another thing you can do is search the documentation. The vast majority of real entitlements are documented in Bundle Resources > Entitlements. IMPORTANT When you search for documentation, focus on the Apple documentation. If, for example, you search the Apple Developer Forums, you might be mislead by other folks who are similarly confused. If you find that you’re mistakenly trying to claim a hallucinated entitlement, the fix is trivial: Remove it from your .entitlements file so that your app starts to build again. Then add the capability using Xcode’s Signing & Capabilities editor. This will do the right thing. If you continue to have problems, feel free to ask for help here on the forums. See the top of this post for advice on how to do that. [1] Xcode 26.2, currently being seeded as Release Candidate, is much better about this (r. 155327166). Give it a whirl! Commonly Hallucinated Entitlements This section lists some of the more commonly hallucinated entitlements: com.apple.developer.push-notifications — The correct entitlement is aps-environment (com.apple.developer.aps-environment on macOS), documented here. There’s also the remote-notification value in the UIBackgroundModes property. com.apple.developer.in-app-purchase — There’s no entitlement for in-app purchase. Rather, in-app purchase is available to all apps with an explicit App ID (as opposed to a wildcard App ID). com.apple.InAppPurchase — Likewise. com.apple.developer.storekit — Likewise. com.apple.developer.in-app-purchase.non-consumable — Likewise. com.apple.developer.in-app-purchase.subscription — Likewise. com.apple.developer.app-groups — The correct entitlement is com.apple.security.application-groups, documented here. And if you’re working on the Mac, see App Groups: macOS vs iOS: Working Towards Harmony. com.apple.developer.background-modes — Background modes are controlled by the UIBackgroundModes key in your Info.plist, documented here. UIBackgroundModes — See the previous point. com.apple.developer.voip-push-notification — There’s no entitlement for this. VoIP is gated by the voip value in the UIBackgroundModes property. com.apple.developer.family-controls.user-authorization — The correct entitlement is com.apple.developer.family-controls, documented here. IMPORTANT As explained in the docs, this entitlement is available to all developers during development but you must request authorisation for distribution. com.apple.developer.device-activity — The DeviceActivity framework has the same restrictions as Family Controls. com.apple.developer.managed-settings — If you’re trying to use the ManagedSettings framework, that has the same restrictions as Family Controls. If you’re trying to use the ManagedApp framework, that’s not gated by an entitlement. com.apple.developer.callkit.call-directory — There’s no entitlement for the Call Directory app extension feature. com.apple.developer.nearby-interaction — There’s no entitlement for the Nearby interaction framework. com.apple.developer.secure-enclave — On iOS and its child platforms, there’s no entitlement required to use the Secure Enclave. For macOS specifically, any program that has access to the data protection keychain also has access to the Secure Enclave [1]. See TN3137 On Mac keychain APIs and implementations for more about the data protection keychain. com.apple.developer.networking.configuration — If you’re trying to configure the Wi-Fi network on iOS, the correct entitlement is com.apple.developer.networking.HotspotConfiguration, documented here. com.apple.developer.musickit — There is no MusicKit capability. Rather, enable MusicKit via the App Services column in the App ID editor, accessible from Developer > Certificates, Identifiers, and Profiles > Identifiers. com.apple.mail.extension — Creating an app extension based on the MailKit framework does not require any specific entitlement. com.apple.security.accessibility — There’s no entitlement that gates access to the Accessibility APIs on macOS. Rather, this is controlled by the user in System Settings > Privacy & Security. Note that sandboxed apps can’t use these APIs. See the Review functionality that is incompatible with App Sandbox section of Protecting user data with App Sandbox. com.apple.developer.adservices — Using the AdServices framework does not require any specific entitlement. [1] While technically these are different features, they are closely associated and it turns out that, if you have access to the data protection keychain, you also have access to the SE. Revision History 2025-12-09 Updated the Xcode footnote to mention the improvements in Xcode 26.2rc. 2025-11-03 Added com.apple.developer.adservices to the common hallucinations list. 2025-10-30 Added com.apple.security.accessibility to the common hallucinations list. 2025-10-22 Added com.apple.mail.extension to the common hallucinations list. Also added two new in-app purchase hallucinations. 2025-09-26 Added com.apple.developer.musickit to the common hallucinations list. 2025-09-22 Added com.apple.developer.storekit to the common hallucinations list. 2025-09-05 Added com.apple.developer.device-activity to the common hallucinations list. 2025-09-02 First posted.

Validation failed Missing app icon. Include a large app icon as a 1024 by 1024 pixel PNG for the 'Any Appearance' image well in the asset catalog of apps built for iOS or iPadOS. Without this icon, apps can't be submitted for review. For details, visit: https://developer.apple.com/documentation/xcode/configuring-your-app-icon. (ID: 525f6327-6859-4ae7-977b-7951423127a6) getting this error while archive and validation then validation failed and got this error But in my xcode each icon is present and when i build the app then in simulator or a real phone the icon is present but while archive and validation then validation failed also i have tried a lot solution but unable to resolve this.

I’ve been building iOS apps since 2011, took a 4-year break, returned with two new apps, and it feels like organic visibility and indexing have changed drastically compared to earlier releases. Has anyone else noticed slower indexing, fewer automatic mentions, and almost zero organic traction—has discovery changed, or is it just saturation?

During internal testing, we observed the following behavior and would appreciate clarification on whether it is expected and supported in production environments. When generating an elliptic-curve cryptographic key pair using "kSecAttrTokenIDSecureEnclave", and explicitly specifying a "kSecAttrAccessGroup", we found that cryptographic operations (specifically encryption and decryption) could be successfully performed using this key pair from two distinct applications. Both applications had the Keychain Sharing capability enabled and were signed with the same provisioning profile identity. Given the documented security properties of Secure Enclave, backed keys, namely that private key material is protected by hardware and access is strictly constrained by design, we would like to confirm whether the ability for multiple applications (sharing the same keychain access group and signing identity) to perform cryptographic operations with the same Secure Enclave–backed key is expected behavior on iOS. Specifically, we are seeking confirmation on: Whether this behavior is intentional and supported in production. Whether the Secure Enclave enforces access control primarily at the application-identifier (App ID) level rather than the individual app bundle level in this scenario. Whether there are any documented limitations or guarantees regarding cross-application usage of Secure Enclave keys when keychain sharing is configured. Any guidance or references to official documentation clarifying this behavior would be greatly appreciated.

I integrated Apple Pay on the web following the documentation, and verified that the payment works successfully in the sandbox environment using Safari on iOS and Mac. Later, I launched the Apple Pay payment code on a third-party web page that supports Apple Pay, and scanned the code with the camera of an eligible iOS device. The camera then displayed the Apple Pay button; after tapping it, a brief pop-up message saying ‘Service Unavailable’ appeared, and then it closed automatically. How can I troubleshoot and resolve this issue?

在已经上架的App，新增In-app Purchase，6小时后正在审核,一周过去了，还是In Review,没有收到结果，发邮件询问，让继续等待，正常都是48小时有结果的,,不知道遇到什么问题， 如何去解决这个问题呢？ 挺焦虑的....... On the already listed App, I added "In-App Purchase". It was under Review 6 hours later. A week has passed and it's still "In Review". I haven't received the result yet. I sent an email to inquire and asked to keep waiting. Normally, there is a result within 48 hours. I don't know what problem I encountered and how to solve it. Quite anxious....... Quite anxious.......

When I called the setTabBarHidden method and passed in false, I found in the KVO callback of the tabBar.isHidden property that the value of newValue was true. Why are the values of the two different? Is this a bug? Here is the debug stack.

Hello, can't find a better Forum and after all this is Apple Support here? Seems starting with iOS 26.2 RC2 our Newsletter is no longer rendered 'responsive' so with unuseable small font. Anybody any suggestion? Or maybe @apple fix the bug? Where would I even start to debug this? I don't have any iphone at hand so i only got screenshots from users. Our where can i contact the actual apple support? correct: invalid:

Hello, About 7-8 months ago, I received an e-mail stating that my apple developer account would be deleted after 30 days, and my account was deleted after 30 days. I tried to contact many times, I got hopeful each time, but the Apple team never gave a full explanation. They always responded saying they would be interested, but it never came to fruition. In fact, I was most excited when I received the following e-mail: Hello Oğuzcan, My name is Joel, and I’m a senior Advisor with Developer Support. Your case has been given to me for further handling, and I’m happy to follow up with you today. I understand that you have initiated a conversation in our developer forums. Please, provide us more information and show us the email that you received, so we will assist your better. Please, reply to the received email for obtaining more information as the appropriate team will be able to assist you better. Please, reply to this email if you have further questions. Have a great day. Best Regards, Joel Developer Support I was very hopeful when I read that he was a Senior Advisor. This e-mail came on July 28, 18:17, today is December 8, 2025. I'm giving up hope now, my account won't be opened again. My members ask why there are no iOS versions of my applications, this is very difficult for me. Does anyone have any recommendations? I filled out forms and created requests many times.

I have an iOS and iPadOS app that also runs on macOS Catalyst. The user is able to view their subscription using the SubscriptionStoreView with two SubscriptionOptionGroups. The documentation does not mention these are supported on macOS Catalyst and the app crashes when attempting to show the SubscriptionStoreView on macOS Catalyst. If not supported, how can the user manage their subscription on macOS?

I noticed, that even though my AutoFill Credential Provider Extension works with Safari for both Passwords and Passkeys, it doesn't work in context menus inside arbitrary textfields, meanwhile the same is true for the Apple Passwords app. This is a great hit to AutoFill productivity, as my extension is unable to fill textfields by just going to the context menu and clicking AutoFill > Passwords.. Is this a feature only available to Apple via private APIs, or is this something I can interface with? I checked and the Passwords app does use some undocumented but non-private entitlements: [Key] com.apple.authentication-services.access-credential-identities [Value] [Bool] true I also checked the responsible executable for some hints (AutoFillPanelService) however found nothing that would lead me to believe this is a public extension point. Another idea I had was trying to use a macOS Service for this, however Services in the "General" category won't show up in any context menu, only in the Application's Main Menu.

I just got a warning about age rating questions. It says that: "If you don’t answer these questions by January 31, 2026, you won’t be able to submit app updates in App Store Connect". Hope someone can clarify what this actually means. Let's say I forget to answer these questions for one of my apps before this date: Will I be unable to submit updates in general, i.e. for all my apps? Will this app be blocked forever or will I be able to submit a new version once I have answered them?

When updating an existing advanced app clip experience, the change doesn't actually apply. It shows the correct image in the UI, but when you use the app clip it shows the old image. Looking into it more, the status has "UPDATE_SUBMITTED". Seems related to this issue (https://developer.apple.com/forums/thread/810544) and this issue (https://developer.apple.com/forums/thread/810351).

Hello, I am developing a macOS menu bar window-management utility (similar in functionality to Magnet / Rectangle) that relies on the Accessibility (AXUIElement) API to move and resize windows and on global hotkeys. I am facing a consistent issue when App Sandbox is enabled. Summary: App Sandbox enabled Hardened Runtime enabled Apple Events entitlement enabled NSAccessibilityDescription present in Info.plist AXIsProcessTrustedWithOptions is called with prompt enabled Observed behavior: When App Sandbox is enabled, the Accessibility permission prompt never appears. The app cannot be manually added in System Settings → Privacy & Security → Accessibility. AXIsProcessTrusted always returns false. As a result, window snapping does not work. When App Sandbox is disabled: The Accessibility prompt appears correctly. The app functions as expected. This behavior occurs both: In local builds In TestFlight builds My questions: Is this expected behavior for sandboxed macOS apps that rely on Accessibility APIs? Are window-management utilities expected to ship without App Sandbox enabled? Is there any supported entitlement or configuration that allows a sandboxed app to request Accessibility permission? Thank you for any clarification.

Hey all, Running into an issue with a WeatherKit. Whenever I make a WeatherKit API call, I get this error: Details: { domain: WeatherDaemon.WDSClientErrors, localizedDescription: invalidAuthorization: 401, underlyingError: Unknown, code: 3 } This only happens when calling via the Swift package: swift WeatherService.shared.weather(for: location).currentWeather When I was calling the WeatherKit REST API directly from Dart, everything worked fine. So far I’ve: Enabled WeatherKit in the Apple Developer account Added the WeatherKit capability to the app Refreshed provisioning profiles Installed the app fresh on device/simulator Has anyone seen this specific invalidAuthorization: 401 from WeatherDaemon.WDSClientErrors when using WeatherService in Swift, and know what might be missing or misconfigured?

I'm using python 3.9.6, tensorflow 2.20.0, tensorflow-metal 1.2.0, and when I try to run import tensorflow as tf It gives Traceback (most recent call last): File "/Users/haoduoyu/Code/demo.py", line 1, in <module> import tensorflow as tf File "/Users/haoduoyu/Code/test/lib/python3.9/site-packages/tensorflow/__init__.py", line 438, in <module> _ll.load_library(_plugin_dir) File "/Users/haoduoyu/Code/test/lib/python3.9/site-packages/tensorflow/python/framework/load_library.py", line 151, in load_library py_tf.TF_LoadLibrary(lib) tensorflow.python.framework.errors_impl.NotFoundError: dlopen(/Users/haoduoyu/Code/test/lib/python3.9/site-packages/tensorflow-plugins/libmetal_plugin.dylib, 0x0006): Library not loaded: @rpath/_pywrap_tensorflow_internal.so Referenced from: <8B62586B-B082-3113-93AB-FD766A9960AE> /Users/haoduoyu/Code/test/lib/python3.9/site-packages/tensorflow-plugins/libmetal_plugin.dylib Reason: tried: '/Users/haoduoyu/Code/test/lib/python3.9/site-packages/tensorflow-plugins/../_solib_darwin_arm64/_U@local_Uconfig_Utf_S_S_C_Upywrap_Utensorflow_Uinternal___Uexternal_Slocal_Uconfig_Utf/_pywrap_tensorflow_internal.so' (no such file), '/Users/haoduoyu/Code/test/lib/python3.9/site-packages/tensorflow-plugins/../_solib_darwin_arm64/_U@local_Uconfig_Utf_S_S_C_Upywrap_Utensorflow_Uinternal___Uexternal_Slocal_Uconfig_Utf/_pywrap_tensorflow_internal.so' (no such file) As long as I uninstall tensorflow-metal, nothing goes wrong. How can I fix this problem?

Hi all, I've been working on some personal programming projects and have gotten into using the Apple Music API. I'm currently looking to get a list of recent songs using the /v1/me/recent/played/tracks endpoint and it's working well. However, I know there are some songs I've listened to multiple times in a row, and those are not showing up as unique tracks when querying this endpoint. I'm only seeing a list of the different songs I've listened to lately, not a true list of the most recent plays on my account. Is this intended behavior or am I going about something incorrectly here? My query is using that endpoint & specifying the types to be only [songs]. Thanks in advance for any ideas or insight.

Not sure if this has been reported or not. I have found with several virtualization applications a bug in the running VM counter. After running multiple macOS vms or when shutting down and bringing up one macOS vm multiple times you will get the error that too many vm's are running. Even though all of them are shutdown and the applications closed at the time. The only solution I have found is to reboot the computer. This started with macOS Tahoe 26 and so far has remained through 26.1. Hopefully reported and fixed in 26.2.

Hi, I am trying to submit a revised/updated file for apple approval, and when I click the send for review, a message pops up, "Agreement Update" All my agreements are UP TO DATE, I click OK, and nothing happens...anyone experiencing the same or who has a fix? Thanks

Frustrated developer here. I’ve been dealing with Apple developers via telephone and have been submitting a case a week for the last four weeks with the same response “The developers are reviewing your application“. How long does it take to review an application? It’s weird because I started the same process with Google at the same time and they are now reviewing my app for publishing.