Last year I used the iOS Distribution Managed Certificate (Enterprise Program) to sign an App and to distribute it internally. The Cert is still valid until May 2026. But its associated Provisiong Profile (which is not visible in the Apple Portal, but within Xcode when you export your archive) expired last week. Until then it was impossible for me to somehow force renew the profile and that lead to the fact that my app was not usable for a day, because the renewal was done after the expiration of the old one. Whats the whole point of the managed signing if can't influence the provisioning update. To be clear: I don't speak about the certificate - just about the profile. Or am I using it wrong?

Hello all, My question is, how to get APP (specialized in make SOPs for industrial users) that has already been listed outside of mainland China to be listed on apple store of mainland China? Can I simply refile it to cover China mainland with existing apple developer account or do I have to create a new local apple developer account to start the listing process? Your advise and help will be highly appreciated. Thank you, Link

Is the possibility of programmatically recovering the enrolled email address associated with an iPad. We are currently working on a project that requires us to retrieve this information for our enrolled devices. Could you please provide guidance or documentation on how we can achieve this programmatically? Specifically, we are interested in any APIs or frameworks that Apple provides for this purpose, as well as any necessary permissions or configurations that need to be in place.

Unable to distribute the App via Intune, When tried to install the App on Intune enrolled device. Gets error: Unable to install “App Name”. This app cannot be installed because its integrity could not be verified. Verified Bundle ID is getting updated and Sign-in shows successful. Mac OS Build - 13.7.2 (22H313) XCode Version: 15.1 (15C65) Provisioning Profile renewed this week Distribution Certificate Valid till 2027

Apologies if this has been asked before, but I am struggling to understand what our options are for app distribution for a new (to our company) use case. Note: we have both an Enterprise account as well as a standard App Store account. We are developing an Apple Vision app for a client company. We need to be able to distribute the app to people within our company as well as within the client company for testing. Once that is complete, we need to be able to distribute the app to a select group of employees in the client company. The client company does not have an MDM, so we originally thought to distribute the app using TestFlight. But that is not available with our Enterprise account. Is this something we can manage with a Business account since the devices involved would belong to our client company instead of ours? Is there a different solution to this workflow within the existing tools provided by Apple? Or is the only option to help the client set up an MDM/set up our own MDM to manage client devices for this?

I am checking the response of DeviceInformation Command to collect network information from iPad. On iPad(iPad Pro 11, M4) devices that use WiFi without inserting Usim or Esim, network values ​​such as CurrentMCC and ICCID are received in response to the DeviceInformation command. cf.)Even though it may be garbage value, I blurred the unique information just in case. <key>ServiceSubscriptions</key> <array> <dict> <key>CarrierSettingsVersion</key> <string>61.0</string> <key>CurrentCarrierNetwork</key> <string></string> <key>CurrentMCC</key> <string>450</string> <key>CurrentMNC</key> <string>08</string> <key>EID</key> <string>blah blah</string> <key>ICCID</key> <string>blah balh</string> <key>IMEI</key> <string>blah blah</string> <key>IsDataPreferred</key> <true/> <key>IsRoaming</key> <true/> <key>IsVoicePreferred</key> <false/> <key>Label</key> <string>Provisioning</string> <key>LabelID</key> <string>00000000-0000-0000-0000-000000000000</string> <key>PhoneNumber</key> <string></string> <key>Slot</key> <string>CTSubscriptionSlotOne</string> <key>SubscriberCarrierNetwork</key> <string>iPad</string> </dict> </array> This is a bit weird. If I collect the same information from an iPhone(iPhone 15 Pro Max) that only uses wifi and does not use Usim or Esim, it does not respond with values ​​like ICCID, CurrentMCC, etc. <key>ServiceSubscriptions</key> <array> <dict> <key>IMEI</key> <string>blah blah</string> <key>Slot</key> <string>CTSubscriptionSlotOne</string> </dict> <dict> <key>EID</key> <string>blah blah</string> <key>IMEI</key> <string>blah blah</string> <key>Slot</key> <string>CTSubscriptionSlotTwo</string> </dict> </array> I'm confused by the network information collected. Is there a reason why the collected network information of iPad and iPhone are different?

I originally posted here & was referred to post in developer forumsn. https://discussions.apple.com/thread/256036430?login=true&sortBy=rank&answerId=261319559022 There has to be someone else out here that's gone through this. I've tried everything I can think of, forums, reddit, Microsoft documentation.... just can't find any clear cut method of doing this. I'm working on an InTune Mobile App Protection Policy. I know there are going to be some VPs out there asking why they can't use native iOS Apps, especially Apple Calendar, Contacts & Mail. I have not been able to get anywhere, I always end up with this error. Things I've tried: Allow sync of native apps with work account Putting in app exemptions (But I don't truly know if I know if I have the right values for this and there's no simple way of getting it from what I've seen. Having to download app to PC, finding config files, finding specific values.... that people say are hit or miss). Allow data transfer of ALL Apps What am I missing here? I'm pretty much giving up and just going to say sorry, you can't use Native apps.. Period! Anyone have any experience with this, especially for Mail, Calendar & Contacts? Thank you for anyone that can offer advice on this.

Hi, Is there a method to hide individual items in System Settings that is not Deprecated? It needs some of the settings set and hidden for the end user. I found the DisabledSystemSettings key however it is marked as Deprecated and does not include all the new items, especially those related to Apple Intelligence. Is there any method other than “Restrictions” that does not hide and only set individual settings ? It needs to hide items in system settings :)

We'd like to determine if there is a configuration declaration that is active on a device as part of a predicate. The current logic (based on the WWDC 22 session) is: SUBQUERY(@status(management.declarations.configurations), $declaration, ($declaration.@key(identifier) == "com.abc.declarationname" AND $declaration.@key(active) == true)).@count == 1 The goal is that if the declaration is active, then a predicate should evaluate to true. This query does not appear to be working. Should we be able to use @status(management.declarations.activations) in a predicate? If so, what are we missing to attempt to determine if the declaration is active? If I search the existing status objects that are sent from the device, it is showing as active in the status channel.

Hey all, how long does bank account validation take typically? I have everything else in my paid agreement approved and showing active except the bank account. It says 24 hours but it has been over 3 days and there has been no progress.

VPP API v2 returns 9609 "Unable to find the registered user." when I disassociate assets from an existing user. Repro step: 1. Create user POST https://vpp.itunes.apple.com/mdm/v2/users/create { "users": [ { "clientUserId": "client-1", "managedAppleId": "valid managed apple id" } ] } => user is associated 2. Retire user POST https://vpp.itunes.apple.com/mdm/v2/users/retire { "users": [ { "clientUserId": "client-1" } ] } => user is retired 3. Recreate user with the same clientUserId POST https://vpp.itunes.apple.com/mdm/v2/users/create { "users": [ { "clientUserId": "client-1", "managedAppleId": "valid managed apple id" } ] } => user is associated 4. Associate asset POST https://vpp.itunes.apple.com/mdm/v2/assets/associate { "assets": [ { "adamId": "408709785" } ], "clientUserIds": [ "client-1" ] } => asset associated 5. Disassociate asset POST https://vpp.itunes.apple.com/mdm/v2/assets/disassociate { "assets": [ { "adamId": "408709785" } ], "clientUserIds": [ "client-1" ] } => {"errorNumber":9609,"errorMessage":"Unable to find the registered user."} Notes associate API works fine with the same payload. disassociate work with v1 API.

I'm the IT Admin in my company. We use Microsoft Intune, which is a Mobile Device Management tool, to manage our devices and apps. I created an app protection policy, restricting the data can only be shared between the allowed apps. For example, if our user want to copy the content in Outlook for iOS to WeChat or personal memo, the action will be blocked. However, may be it's too strict, here is the scenario that we need to hadle: A user selected the content in the Outlook for iOS mail, and wanted to use the "translate" function to do translation. Before the app protection policy was deployed, he can do the translation successfully. And now, it's blocked. Therefore, we need to find a way to exempt the app "Translate" so that users can do the translation successfully. We put the value "com.apple.Translate"(this is a package ID listed in the official document of Apple) to the exemption, but it's not working. May I know what is the correct "value" for the iOS native Translate APP? I need to put this value to our app protection policy to exempt Translate app. Thank you so much.

can you make a profit with the seed program

Hi there, I am trying to create an IPsec policy for remote access for iOS devices. Is the full updated list with all the settings, which are supported? I could only find this article: https://support.apple.com/de-de/guide/deployment/depdf31db478/web But I am sure it's not updated: Authentication Algorithms: HMAC-MD5 or HMAC-SHA1. Same for DH Groups 2-5

We’re looking for best practices to remotely update iOS apps that are deployed in Single App Mode (SAM) or Autonomous Single App Mode (ASAM), managed through MDM. Imagine a typical use case: an iPad installed as a self-service kiosk at an airport restaurant. We need to update the app periodically without: Displaying any prompts to the user Relying on the user to approve or initiate the update (since the device is unattended) Sending technicians onsite, as many devices are in remote locations MDM providers have stated, “This is how Apple handles it,” without offering a workable solution. We’re hoping someone here has experience or suggestions for: Seamless or silent app updates in SAM/ASAM Update workflows that avoid interruptions or user interaction Any proven strategies or automation options under MDM supervision Any insight or documented approaches would be greatly appreciated. Thank you!

I'm writing to point out a potential structural error in an example of the DeclarativeManagement command. This could cause significant confusion for developers implementing the MDM protocol. The standard structure for a server-to-device MDM command requires CommandUUID and the Command dictionary to be siblings under the top-level dictionary. The CommandUUID serves as a top-level identifier for the entire command envelope. This is the correct, expected structure: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Command</key> <dict> <key>Command</key> <dict> <key>RequestType</key> <string>DeclarativeManagement</string> </dict> </dict> <key>CommandUUID</key> <string>0001_DeclarativeManagement</string> </dict> </plist> This is an example of the incorrect structure I've seen: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Command</key> <dict> <key>CommandUUID</key> <string>0001_DeclarativeManagement</string> <key>Command</key> <dict> <key>RequestType</key> <string>DeclarativeManagement</string> </dict> </dict> </dict> </plist>

Hello We have devices setup with in ABM and managed with Intune. Having only ever setup shared iPad's, we have a new request with managing iPhone's. The customer wants the iPhone's managed, but users enabled to purchase apps for the app store using their own credit card (or Apple ID) These are not BYOD devices and federated sign is not an option at this time. Can this be done with example User affinity profiles? Many thanks

Hi Team, As per this documentation Handling NotNow Status Responses | Apple Developer Documentation, the last command that is delivered to the device on a connection should be the one that the device reported NotNow so that the device will automatically retry when it is ready to consume commands. Our question is it possible to have a fixed command which we can try at the end once all commands are tried and if device has reported NotNow for any of the commands. E.g. If there were 3 commands delivered to the device one by one SSO profile (com.apple.sso ) was delivered and device reported NotNow VPN profile (com.apple.vpn.managed) was delivered and the device reported NotNow DeviceInformation command was delivered and the device reported Acknowledged. As there were NotNow responses earlier, can we try a certificate profile(com.apple.security.pkcs1), with a dummy certificate payload, to ensure that the last command delivered to the device in this connection is responded with NotNow. Questions: Can we use a fixed command e.g. certificate profile(com.apple.security.pkcs1) as in above example to ensure the last command delivered to the device has NotNow response. Or is it better to try one of the commands which the device reported NotNow earlier. As in above example should we try the SSO or VPN profile at step 4 instead of the certificate profile? Following up to above, when a device reports NotNow for any profile installation command, can we say it will always report NotNow for certificate profile(com.apple.security.pkcs1) as well for all iOS and MacOS devices?

Hello Developers, We are encountering a consistent Kernel Panic issue on an iPhone device after sending a "Clear Passcode" command via our MDM solution. We're looking for insights or confirmation if others have experienced similar behavior. Device & Environment Details: Device: iPhone13,2 (iPhone 12 Pro) OS Version: iPhone OS 18.3.2 (Build 22D82) (Please note this appears to be a future/beta build identifier) Action Triggering Panic: Sending MDM ClearPasscode command. Roots Installed: 0 (Device is not jailbroken) Incident ID: 4B41C0AE-EE93-4051-BEE4-AB98438C10F0 Panic Log Summary: The kernel panic log clearly indicates the issue originates from the Secure Enclave Processor (SEP). The key panic string is: panic(cpu 3 caller 0xfffffff02357bc1c): SEP Panic: :sks /sks : 0x1000b15fc 0x0003ad60 0x0003ad44 0x100028698 0x10002cae4 0x10002a908 0x10002bc10 0x100045330 [hgggrhlvs] Panic app vers: 1827.80.10 Panic app UUID: 4C066E88-EB93-33C3-BCA7-C5F5474831CC ... Root task vers: AppleSEPOS-2772.80.2 Root task UUID: A39D6C5D-D07D-33EE-85A3-9105A8D93CE2 ... sks /sks 0x329cc/0x326e0/0x1314131413141314 ert/BOOT Use code with caution. The SEP Panic and reference to :sks /sks strongly suggest an issue within the Secure Key Store subsystem of the SEP. The panic occurred on CPU core 3. The kernel backtrace points to the com.apple.driver.AppleSEPManager kernel extension as the immediate caller in the main kernel that initiated the panic process after receiving the signal from the SEP. Analysis/Interpretation: Based on the log, it appears that the MDM ClearPasscode command, which necessarily interacts with the SEP's Secure Key Store via the AppleSEPManager driver, triggered an internal fault or bug within the SEP firmware (AppleSEPOS). This SEP-level panic subsequently caused the main iOS kernel to panic. Questions: Has anyone else encountered similar SEP panics, specifically involving the SKS subsystem, particularly after issuing MDM commands like ClearPasscode on iOS 18.x builds (especially 18.3.2 / 22D82)? Is this a known issue in this specific iOS/SEP firmware version? Are there any suggested workarounds for clearing passcodes via MDM on affected devices/OS versions, or any further diagnostic steps recommended? We appreciate any insights or shared experiences the community might have on this issue. Thank you.

The Center for Innovation in Education created a reading program designed to teach every single child to read, regardless of any supposed difficulty in learning. The Center conducted a ten-year study of its Reading Program’s effectiveness. Over those ten years, the Center placed 2,048 Reading Program kits in classrooms across America. More than 300,000 children took part in the Center’s study. Results: The Reading Program taught every single child to read in every single classroom, every single year, regardless of any child’s supposed reading readiness - including dyslexic, autistic, and even Down syndrome children. No failures then or in any of the many years that have followed. Despite the Program’s success, educational publishers refused to publish it. Their refusals will be explained and hopefully counteracted in a book that is scheduled to be published in 2026. In response to publishers’ refusal to make the program available, the Center made it available as a free download from its website. The Center also made its program available as 14 free iPad apps. While the apps can be searched for individually by their unique names, since the apps are interrelated and meant to complement one another, the first keyword assigned to all 14 apps was the same. That same keyword is still in its first position for every app. The first keyword listed for each of the 14 apps is the word “Dekodiphukan”. That meant-to-be hard-to-read search word has worked well every year since the apps were introduced. However, in June of this year, that search term could find only 1 of the 14 apps. We reported this problem to Apple Support on June 26th. It is now November, and the problem remains unresolved. The only response we receive each time we ask for an update on the resolution of this problem the answer every time is: Reported search issues of this type require extensive review by Apple to determine whether it is valid and to confirm the appropriate action. There is no other response. No update has ever been sent to us. There is no phone number I can find to call. It was suggested to me by someone I spoke with in a different department at Apple Developers that I post my problem on the Developer Forum, in hopes that someone here can provide a suggestion for a way around this problem. Parents and teachers wishing to use our Reading Program with their children should not have to enter 14 different names to access our Reading Program.