token：eb3b63ab94b136f6d25a86d48bb4b7ff20377e393f137cb4f43b17560112bf51 msgId：67d4c88d-61b1-4f51-df0b-2efa022fd672 机型：iPhone7 系统：iOS 15.8.3 问题描述：后端服务器调用苹果提供的pushKit推送API且已成功返回上述msgId，客户端App也已经实现对应的CallKit方法reportNewIncomingCall，但没有收到对应的推送，这是什么原因呢？

We are implementing Apple Pay In-App Provisioning (EV_ECC_v2) for our EU app. The same codebase and encryption logic works successfully for our main app (different bundle ID and Adam ID), but the EU app consistently fails with HTTP 500. Environment: Entitlement: Granted (Case-ID: 18772317) Encryption scheme: EV_ECC_v2 Issue: During In-App Provisioning, the iOS app successfully obtains certificates, generates cryptographic material (encryptedCardData, activationData, ephemeralPublicKey), and POSTs to Apple's broker endpoint. The request fails at: Endpoint: POST /broker/v4/devices/{SEID}/cards Response: HTTP 500 with an HTML error page (not a JSON business error) <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> Key observations: Our main app (different bundle ID/Adam ID) uses identical encryption code, private keys, and key alias — and works correctly in production. Manual card provisioning through Apple Wallet on the same device succeeds. The entitlement com.apple.developer.payment-pass-provisioning is confirmed present in the provisioning profile (verified via codesign). The 500 response is HTML rather than JSON, suggesting the request is rejected at the gateway level before reaching Apple Pay business logic. What we've verified: Entitlement correctly configured in provisioning profile ephemeralPublicKey is in uncompressed format (65 bytes, starts with 0x04) encryptionVersion is EV_ECC_v2 No double Base64 encoding Question: Could you please check whether Adam ID 6745866031 has been correctly added to the server-side allow list for In-App Provisioning in the production environment? Given the HTML 500 (not JSON) and that the identical code works for our other app, we suspect this may be an allow list or account configuration issue rather than a cryptography error. I will follow up with a Feedback Assistant ID including sysdiagnose logs shortly, per the steps outlined in https://developer.apple.com/forums/thread/762893

Since upgrading to Xcode 26 beta 4 and using the iOS 26 simulator for testing our app, we've stopped being able to receive device tokens for the simulator from the development APNS environment. The APNS environment is able to return meta device information (e.g. model, type, manufacturer) but there are no device tokens present. When running the same app using the iOS 18.5 simulator, we are able to register the device with the same APNS environment and receive a valid device token.

Hi, we are developing a screen time management app. The app locks the device after it was used for specified amount of time. After updating to iOS 26.2, we noticed a huge issue: the events started to fire (reach the threshold) in the DeviceActivityMonitorExtension prematurely, almost immediately after scheduling. The only solution we've found is to delete the app and reboot the device, but the effect is not lasting long and this does not always help. Before updating to iOS 26, events also used to sometimes fire prematurely, but rescheduling the event often helped. Now the rescheduling happens almost every second and the events keep reaching the threshold prematurely. Can you suggest any workarounds for this issue?

Platform: macOS 26.3.1, M5 Pro MacBook Pro Framework: CoreWLAN Affected applications: NetViews, Air Tool 2, and our own tooling — appears to be specific to the new Wi-Fi 7 hardware Hardware Card Type: chip id: 0x11 api 1.2 firmware [Rev 72.11.260 N1B1 devFused=0] phy [17.1.17.0], core80211 [324.10.260 N1_silicon_b] Firmware: Jan 27 2026 21:18:32 version XBS_BUILD_TAG GIT_DESCRIBE FWID chip id: 0x11 api 1.2 firmware [Rev 72.11.260 N1B1 devFused=0] phy [17.1.17.0], core80211 [324.10.260 N1_silicon_b] Driver: IO80211_driverkit-1540.16 "IO80211_driverkit-1540.16" Jan 27 2026 Background Both issues described below were working correctly on macOS 26 with previous-generation hardware. The regression is specific to the Wi-Fi 7 card shipping in the M5 Pro MacBook Pro. This is not an OS regression — it is a hardware/driver/firmware compatibility issue with the new card under macOS 26. Issue 1: disassociate() + tcpdump/Wireshark -I no longer enters monitor mode Previously, the standard approach of calling disassociate() and then launching tcpdump -i en0 -I or Wireshark -i en0 -I -k would successfully put the interface into monitor mode. On the M5 Pro Wi-Fi 7 card, this no longer works. The capture tool launches but the interface either stays in station mode or enters mode 0 - where there is no connection, but still not able to be a monitor radio. This is the primary regression affecting third-party wireless tools. Issue 2: setWLANChannel reports success but the radio only retunes once As a workaround for Issue 1, we use the built-in Wireless Diagnostics → Sniffer tool to establish monitor mode (which works fairly reliably on this hardware). Once the interface is in monitor mode via that path, we attempt to change the channel using setWLANChannel: let iface = CWWiFiClient.shared().interface(withName: "en0")! let target = iface.supportedWLANChannels()! .first { $0.channelNumber == 6 && $0.channelWidth == .width20MHz }! try iface.setWLANChannel(target) The first call succeeds (eg: channel 48 -> 6) the radio actually tunes to the requested channel and Wireshark captures frames there. Any subsequent call (eg: channel 48 -> 6 -> 1) shows the same apparent success - no error thrown, wlanChannel() updates to reflect the new channel - but the radio does not retune. Wireshark continues capturing on the first changed channel. We have tested with disassociate() and interface power cycling between attempts — neither resets the ability to retune the radio. What we have ruled out Timing: delays between calls make no difference Competing processes holding the interface wlanChannel() returning a stale cache value — it updates correctly, but diverges from actual hardware state after the first channel change Key data point: Wireless Diagnostics Sniffer works The built-in Wireless Diagnostics → Sniffer tool successfully puts the interface into monitor mode on this hardware. This confirms the card and driver are capable - the issue is that the capability is no longer reachable via CoreWLAN or via tcpdump/Wireshark's -I flag. Wireless Diagnostics Sniffer does not support live channel changes, so it cannot serve as a full workaround. The questions Is there a supported path for third-party apps to enter monitor mode on the new Wi-Fi 7 hardware on macOS 26? What is the correct mechanism for changing channels while in monitor mode - is setWLANChannel expected to retune the radio on subsequent calls, or is there a different API intended for this? The fact that Wireless Diagnostics accomplishes both (albeit, not live) confirms the hardware and driver are fully capable - we are looking for the sanctioned equivalent for third-party tools.

I'm developing a macOS security tool using NEFilterDataProvider as a system extension. On macOS 26 beta (25E241), sysextd consistently rejects my extension with: sysextd: no policy, cannot allow apps outside /Applications Configuration: App installed in /Applications/ Signed with Developer ID Application (693DSH8GN5) Entitlement: com.apple.developer.networking.networkextension = content-filter-provider com.apple.developer.system-extension.install = true Developer Mode enabled on test machine Comparison with Little Snitch: Little Snitch runs correctly on the same machine. Key differences I found: Little Snitch uses content-filter-provider-systemextension instead of content-filter-provider Little Snitch has com.apple.security.app-sandbox = false Both signed with Developer ID Application When I switch to content-filter-provider-systemextension, Xcode rejects every provisioning profile because none match that entitlement value, and the Developer Portal doesn't expose fine-grained control over the Network Extensions array values. Questions Is content-filter-provider-systemextension the correct entitlement for system extensions on macOS 26? How should the provisioning profile be configured to support it? Is there a known sysextd issue on macOS 26 beta causing this regardless of configuration? Is there - somewhere! - a guide on how to build such an extension? Thanks in advance for your help.

Hello! currently I got a massive issue after upgrading all 10.000 Macs from macOS 26.3 to 26.3.1 or 26.4 and running some programs/apps on it which are currently not running because we need to read out the Hardware UUID. After the Update to macOS 26.3.1 and 26.4 the Terminal for the command system_profiler SPHardwareDataType is return an additional line: % system_profiler SPHardwareDataType 2026-03-25 11:28:17.939 system_profiler[73588:434733] hw.cpufamily: 0x1b588bb3 Hardware: bevor the Update the response was: %system_profiler SPHardwareDataType Hardware: Why I am getting this extra line "2026-03-25 11:28:17.939 system_profiler[73588:434733] hw.cpufamily: 0x1b588bb3" with a timestamp and system_profilder + hw.cpufamily as response? How can I disable this? Also the difference is with the command: system_profiler -json SPHardwareDataType Above version macOS 26.3.1 I will get an percentage sign in the Output - this is not a valid json! ...(shorten)    }   ] }%   on macOS version 26.3 and lower the response is: ...(shorten)      }   ] }

Issue: after going through configuration steps for app clips, when I scan my QR code, my app clip does not appear, instead safari attempts to open the url as a web page. note: my aasa endpoint is never even getting called when scanning the QR code. Setup: App uninstalled in accordance with Apple Documentation "Users don’t install App Clips, and App Clips don’t appear on the Home Screen. Similarly, testers don’t install the beta version of your App Clip" testflight installed in accordance with Apple Documentation My app's Build 1.51.9 (1) uploaded and greenlit in testflight. My apple email is added as an internal tester is the same as my Apple ID for the device used. I have provided an aasa for the path: .well-known/apple-app-site-association. Here is my full url: https://akin-server-side-staging.onrender.com/.well-known/apple-app-site-association. { "appclips": { "apps": [ "8PJ28P9ZZ8.com.ElevatedUnderdogs.akin1.Clip" ] }, "applinks": { "details": [ { "components": [ { "/": "/appClips/referral/venueToUser" } ], "appIDs": [ "8PJ28P9ZZ8.com.ElevatedUnderdogs.akin1" ] } ] } } Here are my entitlements for my parent target: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>aps-environment</key> <string>development</string> <key>com.apple.developer.applesignin</key> <array> <string>Default</string> </array> <key>com.apple.developer.associated-domains</key> <array> <string>applinks:akin-server-side.onrender.com</string> <string>applinks:akin-server-side-staging.onrender.com</string> <string>appclips:akin-server-side-staging.onrender.com</string> <string>appclips:akin-server-side.onrender.com</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.com.ElevatedUnderdogs.akin1</string> </array> </dict> </plist> Here are the entitlements for my app clip target: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.associated-domains</key> <array> <string>applinks:akin-server-side-staging.onrender.com</string> <string>applinks:akin-server-side.onrender.com</string> </array> <key>com.apple.developer.parent-application-identifiers</key> <array> <string>$(AppIdentifierPrefix)com.ElevatedUnderdogs.akin1</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.com.ElevatedUnderdogs.akin1</string> </array> </dict> </plist> On App Store Connect in the Testflight section for this project and build: Build 1.51.9 (1), Test Information -> App Clip Invocations I have the following: copy pasted for convenience: "no variables":"https://akin-server-side-staging.onrender.com/appClips/referral/venueToUser", "Jeff referral":"https://akin-server-side-staging.onrender.com/appClips/referral/venueToUser?venueID=ChIJVaPxJnCej4ARyxiB9Tt2tG8&referrerName=Jeff" Here is the QR code I attempted to scan, https://akin-server-side-staging.onrender.com/appClips/referral/venueToUser?venueID=ChIJVaPxJnCej4ARyxiB9Tt2tG8&referrerName=Jeff

Trying to use IOLog to print out a message from a dext. When I try to use IOLog, I get , though I did not or thought I did not tag it as private. I have tried to update the info.plist file for the dext according to https://developer.apple.com/forums/thread/705810, but that has not helped, or perhaps I am not defining it correctly since it's a dext. Anyone else had this issue, and how did you fix it?

Hello, I got Purchase Error Couldn’t communicate with a helper application. when button 'Buy Pro' clicked in my app it uses storekit subscription created (correct id in configuration.storekit) got this error in console: Purchase did not return a transaction: Error Domain=ASDErrorDomain Code=5115 "Received failure in response from Xcode" UserInfo={NSDebugDescription=Received failure in response from Xcode, NSUnderlyingError=0xc5bc1c510 {Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service created from an endpoint was invalidated from this process." UserInfo={AMSDescription=An unknown error occurred. Please try again., AMSURL=http://localhost:49913/WebObjects/MZBuy.woa/wa/inAppBuy, NSDebugDescription=The connection to service created from an endpoint was invalidated from this process., AMSStatusCode=200, AMSServerPayload={ "app-list" = ( Thx for any help : )

The Numbers.app reopens the last edited document when the app launches. If the document was moved to another folder in the Files.app while the app was not running, Numbers.app correctly tracks the file and reopens it. However, if the document was deleted in the Files.app and moved to Recently Deleted, Numbers.app does not reopen the document when the app launches. Question : How does Numbers.app detect that a document has been moved to Recently Deleted? Can third-party apps implement the same behavior? What I tested : If a file is moved while the app is not running, resolving a bookmark successfully tracks the moved file. Files that are deleted via the Files.app appear in Recently Deleted, but those files are actually moved to the following directories: iCloud Drive /var/mobile/Library/Mobile Documents/.Trash/ On My iPad /var/mobile/Containers/Shared/AppGroup/{UUID}/File Provider Storage/.Trash/ App sandbox Documents directory ([On My iPad]/[Any App]) /var/mobile/Containers/Data/Application/{UUID}/Documents/.Trash/ When resolving the bookmark after deletion, the bookmark still resolves successfully and returns the new file URL inside the .Trash directory. I tried the following checks on the resolved URL: Checking file existence Checking read/write accessibility Inspecting bookmark resolution results Using APIs related to NSTrashDirectory See https://developer.apple.com/forums/thread/813329#813329021 All of these behaved the same as when the file was moved to a normal directory. None of these checks allowed me to detect that the file had been deleted. Additional experiment: I suspected that the app might simply check whether the path contains ".Trash", so I performed the following experiment. If a .numbers file is moved to /var/mobile/Containers/Data/Application/{UUID}/Documents/.Trash/ then The file appears in Recently Deleted in Files.app Numbers.app does not reopen the document when the app launches However, if the same file is moved to Documents/Trash Documents/.Trashed Documents/Any Folder/.Trash then The file does not appear in Recently Deleted in Files Numbers does reopen the document when launched This suggests that Numbers.app is not simply checking whether the path contains ".Trash".

Hi Everyone, We are currently migrating a mature legacy KEXT to DriverKit for our PCIe SCSI storage controller (connected via Thunderbolt 3). During the DEXT load sequence, we have observed that the system automatically triggers a power state transition from State 0 (Off) to State 2 (On). However, this process results in a Kernel Panic due to a timeout after approximately 21 seconds. We have verified that our implementation of Start_Impl, UserInitializeController_Impl, and SetPowerState_Impl executes extremely fast, with a total execution time of less than one second. Specifically, SetPowerState_Impl returns kIOReturnSuccess immediately upon being called. Furthermore, our current Info.plist does not contain any IOPowerManagement dictionary or related keys. Despite the fast execution and the absence of explicit power management declarations in the plist, the kernel power management state machine (IOServicePM) still generates a 21-second timeout, leading to the following panic: Panic Log: panic(cpu 7 caller 0xfffffe0020be8fec): MySCSIDriver::setPowerState(0xfffffe2fb1a65c00 : 0xfffffe0020bfed88, 0 -> 2) timed out after 21257 ms @IOServicePM.cpp:5609 com.example.driver.dext: ( id: com.example.driver.dext; path: /Library/SystemExtensions/[UUID]/com.example.driver.dext; state: loaded ) Note on Previous Discussion: I would like to express my gratitude to Kevin from Apple DTS for the helpful discussion regarding the implementation of BundleParallelTask on the forums. Since then, we have shifted our development focus toward completing the overall management ecosystem, delivering a comprehensive operational interface for users, and handling specific user environments and behaviors. Our current priority is ensuring system stability—specifically resolving these Thunderbolt-related power management issues (sleep/wake)—to prepare the product for upcoming testing. I remain very grateful for the guidance provided on batch task optimization and intend to resume those optimizations once this critical stability baseline is secured. Technical Guidance Needed for PM Migration In our legacy KEXT, we utilized PMinit(), registerPowerDriver(), and joinPMtree() to precisely control the timing of power management registration. In transitioning to the DriverKit SDK, we have not found clear guidance on several key points: Standardized Migration Path: What is the recommended way to implement equivalent power management initialization (formerly PMinit) within a DriverKit subclass? In DriverKit, how should we replicate the behavior of manually calling registerPowerDriver and joinPMtree to ensure the driver is only monitored once the hardware is ready? Implicit Power Registration: Why does the system enforce a setPowerState(0 -> 2) transition on a subclass of IOUserSCSIParallelInterfaceController even when no IOPowerManagement dictionary is defined in the Info.plist? Is this a default behavior of the SCSI or PCI transport framework? Thunderbolt Specifics: Are there specific power proxying requirements or configurations for PCIe devices over Thunderbolt to avoid conflicts with the default IOPCIFamily power policies? Best Regards, Charles

Hello, I’m honestly trying to understand what’s going on with the Family Controls API review process. I submitted my entitlement request on March 5, and as of today (March 19), there has been zero response. I also opened a support ticket on March 16, and that hasn’t received any response either. What’s confusing is that updates to another app on the same developer account were approved within days so clearly the account is in good standing and active. At this point, it feels like there’s no visibility into what’s happening: Is the request under review? Is it waiting for additional information? Or is it just sitting in a queue indefinitely? I understand that Family Controls is a sensitive API, but a two-week silence with no status or communication makes it very difficult to plan or ship features. For those who’ve gone through this: How long did your approval actually take? Did you receive any communication during the process? Is there any reliable way to get visibility or speed this up? Right now, this is blocking a feature we’ve invested significant time building, and the lack of feedback is the most frustrating part. Would really appreciate any insights.

I've encountered an issue where we need multiple domain associations with separate Apple Pay implementations. Briefly, we have a /.well-known/apple-developer-merchantid-domain-association already setup with Stripe, and now we need another, different version of the file to get setup with FreedomPay. FreedomPay insists this file represents a three-way relationship between all parties and I have no reason to disbelieve them. I'm wondering if anyone has encountered this or if there is a standard procedure. I'm currently trying to find documentation on the exact way Apple Pay verification interacts with this file to see if we can produce it dynamically.

In my Notification Service Extension I'm doing two things in parallel inside didReceive(_:withContentHandler:): Downloading and attaching a rich media image (the standard content modification work) Firing a separate analytics POST request (fire-and-forget I don't wait for its response) Once the image is ready, I call contentHandler(modifiedContent). The notification renders correctly. What I've observed (via Proxyman) is that the analytics POST request completes successfully after contentHandler has already been called. My question: Why does this network request complete? Is it because: (a) The extension process is guaranteed to stay alive for the full 30-second budget, even after contentHandler is called so my URLSession task continues executing during the remaining time? (b) The extension process loses CPU time after contentHandler but remains in memory for process reuse and the request completes at the socket/OS level without my completion handler ever firing? (c) Something else entirely? I'd like to understand the documented behaviour so I can decide whether it's safe to rely on fire-and-forget network requests completing after contentHandler, or whether I need to ensure the request finishes before calling contentHandler.

Hi community. It's my first time trying WatchConnectivity kit. When I attempt to send ApplicationContext from phone, my debug print indicates that updateApplicationContext is working correctly. However, I'm having trouble receiving it form the paired watch simulator as nothing is shown on that end. Here are the code for the Phone Extension:     func sendDataToWatch(data: String) {         state.append(data)         do {             NSLog("sent by phone")             try WCSession.default.updateApplicationContext(["currentstate": state])         }         catch {             print(error)         }     } Here are the code for watch: func session(_ session: WCSession, didReceiveApplicationContext applicationContext: [String: Any]) {         print("Hello")         if let getState = applicationContext["currentstate"] as? [String]{             print("\(getState)")             self.state = getState[0]         }     } Any suggestion would be appreciated!

Based on https://developer.apple.com/documentation/networkextension/nednssettings/searchdomains , we expect the values mentioned in searchDomains to be appended to a single label DNS query. However, we are not seeing this behavior. We have a packetTunnelProvider VPN, where we set searchDomains to a dns suffix (for ex: test.com) and we set matchDomains to applications and suffix (for ex: abc.com and test.com) . When a user tries to access https://myapp , we expect to see a DNS query packet for myapp.test.com . However, this is not happening when matchDomainsNoSearch is set to true. https://developer.apple.com/documentation/networkextension/nednssettings/matchdomainsnosearch When matchDomainsNoSearch is set to false, we see dns queries for myapp.test.com and myapp.abc.com. What is the expected behavior of searchDomains?

We are developing an app which allows users to generate a HSBC virtual card using Mastercard API and add this card to an apple wallet. Staging test was passed successfully, but we are stuck in a production test phase. T&C is not even visible, 'Card is not added' is popped on a screen before that. User taps “Add to Apple Wallet” → we present PKAddPaymentPassViewController → they tap Next → after a few seconds the flow fails with "Set Up Later" alert. FB22332303 (MCDeanPortal app: In-App Provisioning Production Test fails) Thank you

https://developer.apple.com/documentation/DeclaredAgeRange/AgeRangeService/isEligibleForAgeFeatures returns a bool. I assume that means that it will return True for the states where their laws are in effect. The TX law and the UT/LA/AZ laws have different requirements though: TX requires the app verify the user's age on every app launch. These other states require the app verify the user's age "no more than once during each 12-month period" A future law (Brazil maybe?) might do something else. How can we determine if the user is eligible for the TX versus other state requirements?

A screen time app I'm making has started telling users that their limit was reached even when they're far below their limit for the day (sometimes even at 0 minutes for the day). This issue only started happening after upgrading my software to iOS 26.2. Is this happening to anyone else? If so how have you found any solutions or does anyone know of any changes that could be causing this? Any help would be appreciated.