Overview

To gain exclusive access to keyboard HID devices like Amazon Fire Bluetooth remote controls, my app has been installing a privileged helper tool with SMJobBless in the past. The app - which also has Accessibility permissions - then invoked and communicated with that helper tool through XPC. Now I'm looking into replacing that with a daemon installed through the newer SMAppService APIs, but running into a permission problem: If I try to exclusively open a keyboard HID device from the SMAppService-registered XPC service/daemon (which runs as root as seen in Activity Monitor), IOHIDDeviceOpen returns kIOReturnNotPermitted. I've spent many hours now trying to get it to work, but so far didn't find a solution. Could it be that XPC services registered as a daemon through SMAppService do not inherit the TCC permissions from the invoking process (here: Accessibility permissions) - and the exclusive IOHIDDeviceOpen therefore fails?

Hi, I have listed below the Feedbacks for Xcode 27, please have a look at it, considerable time was spent on filing these feedbacks, thanks! Environments All of them were tested on the environment: macOS 26.5.1 (25F80) Xcode 27.0 beta (27A5194q) Feedbacks FB23133706 (Git stage tab) FB23132869 (markdown - code block) FB23132403 (markdown - search) FB23078039 (stash - slow / unresponsive) FB23077930 (stash - allow multiselection) FB23055381 (Run destination - Clear recents) FB23041713 (SwiftUI preview - SwiftData) FB23033844 (Bundle ID) FB23033231 (Device Hub - sizes)

We have an Apple Watch app and companion iPhone app that we distribute via Enterprise Distribution using OTA manual installation. (We are on an Apple Enterprise Developer Team) With WatchOS 26.4 and earlier, the app would install fine on both the phone and the watch. However, after updating to WatchOS 26.5 (and iOS 26.5), the app will not install on the watch. It will install on the phone and we can trust the developer/run the phone app. However, when we go into the Apple Watch app on the phone and choose "Install" for the app, it tries to install for a minute and then returns an error "The app could not be installed at this time". We have tried the following remedies: Restarting both watch and phone, and reinstalling the app on phone Factory resetting both the watch and the phone, then reinstalling app Generating a new Distribution Certificate and new manual profiles for the app in Apple Developer Looking through console logs from both the phone and the watch Confirmed that we can install other (non-Enterprise) apps on the watch Try installing a basic example app (the default Xcode watch + companion app project) There does not seem to be anything obviously amiss about the app or its packaging, it seems to be something to do with the update to WatchOS 26.5. The closest related errors we have found seems to be these: appconduitd 0x16d43f000 -[ACXInstallQueue _onQueue_deQueueNextOperation]_block_invoke_3: Failed to install app .EnterpriseInstallTest.watchkitapp (p = Y, ui = Y) : Error Domain=ACXErrorDomain Code=8 "Failed to create socket" UserInfo={NSUnderlyingError=0xcf9138e10 {Error Domain=com.apple.identityservices.error Code=20 "Socket open timed out" UserInfo={NSLocalizedDescription=Socket open timed out}}, FunctionName=-[ACXServerInstallOperation _onQueue_prepForTransferAndInstall]_block_invoke, SourceFileLine=370, NSLocalizedDescription=Failed to create socket} appconduitd 0x16d89f000 -[ACXCompanionSyncConnection _installQueuedOrCompletedForWatchBundleID:companionAppBundleID:withName:userInitiated:withError:withCompletion:]_block_invoke: Failed to install app .EnterpriseInstallTest.watchkitapp : Error Domain=ACXErrorDomain Code=8 "Failed to create socket" UserInfo={NSUnderlyingError=0xcf9138e10 {Error Domain=com.apple.identityservices.error Code=20 "Socket open timed out" UserInfo={NSLocalizedDescription=Socket open timed out}}, FunctionName=-[ACXServerInstallOperation _onQueue_prepForTransferAndInstall]_block_invoke, SourceFileLine=370, NSLocalizedDescription=Failed to create socket}

Device Details: MBP M2 Pro AND MBP M3 Pro macOS 26.3 (25D125) Xcode Version 26.3, 26.2, 26.1 (I reinstalled all 3 of these after the macOS update) BUG: Xcode hangs indefinitely when performing Source Control operations (Pull or Push) on a Git repository that uses SSH authentication. The same repository works correctly when performing the equivalent Git operations from the Terminal using the Git CLI. The issue appears to be specific to Xcode’s internal Source Control integration. When the operation is triggered from Xcode, the UI shows a spinning progress indicator and never completes. Terminal Git commands (git fetch, git pull, git push) complete normally using the same SSH key and repository. A hang sample taken during the issue shows the Xcode main thread blocked in Source Control authentication and fingerprint handling code paths, including: IDESourceControlUIHandler IDESourceControlFingerprintManager handleAuthenticationFailure showFingerprintAlertOnWindow This suggests Xcode may be waiting on a Source Control authentication or host fingerprint UI flow that never resolves. SSH connectivity itself is functioning correctly: ssh -T git@bitbucket.org and ssh -T git@github.com both authenticate successfully. git ls-remote, git fetch, git pull, and git push all work correctly from Terminal. No Source Control accounts are configured in Xcode Preferences. Authentication relies entirely on SSH keys. Steps to Reproduce Configure an SSH key for Git access (e.g., Bitbucket or GitHub) and confirm it works via Terminal. Clone or open an existing Git repository that uses SSH (git@host:repo.git). Open the project/workspace in Xcode. In Xcode, attempt a Source Control operation such as: Source Control → Pull Source Control → Push Observe that Xcode displays a spinning progress indicator and does not complete the operation. Logs available on this Feedback Assist ID: FB22146913

QuickLookAR shares the actual USDZ model instead of the original website URL — critical copyright and data leak issue on iOS 26 Since iOS 26, QuickLookAR (or ARQuickLookPreviewItem) no longer preserves the original web URL when sharing a model. Instead of sending the link to the hosted file, the system directly shares the actual USDZ model file with the recipient. This is a critical regression and a severe breach of intellectual property protection, as it exposes proprietary 3D models that must never be distributed outside of the controlled web environment. In earlier iOS versions (tested up to iOS 18), QuickLookAR correctly handled sharing — the share sheet would send the website link where the model is hosted, not the file itself. Starting with iOS 26, this behavior has changed and completely breaks the intended secure flow for AR experiences. Our project relies on allowing users to view models in AR via QuickLook, without ever transferring the underlying 3D assets. Now, the share operation forces full file sharing, giving end users unrestricted access to the model file, which can be copied, rehosted, or reverse-engineered. This issue critically affects production environments and prevents us from deploying our AR-based solutions. Implement a standard QuickLookAR preview with a USDZ file hosted on your web server (e.g., via ARQuickLookPreviewItem). 2. Open the AR view on iOS 26. 3. Tap the Share icon from QuickLookAR. 4. Send via any messenger (Telegram, WhatsApp, etc.). 5. Observe that the actual .usdz model is sent instead of the original website URL. ⸻ Expected behavior: QuickLookAR should share only the original URL (as in iOS 17–18), not the file itself. This ensures that intellectual property and licensed 3D models remain protected and controlled by the content owner. ⸻ Actual behavior: QuickLookAR shares the entire USDZ file, leaking the model content outside of the intended environment. ⸻ Impact: • Violation of copyright and confidential data policies • Loss of control over proprietary 3D assets • Breaking change for all existing web-based AR integrations • Critical blocker for AR production deployment ⸻ Environment: • iOS 26.0 and 26.1 (tested on iPhone 14, iPhone 15) • Safari + QuickLookAR integration • Works correctly on iOS 17 / iOS 18 ⸻ Notes: This regression appears to have been introduced in the latest iOS 26 system handling of QuickLookAR sharing. Please escalate this issue to the ARKit / QuickLook engineering team as it directly affects compliance, IP protection, and usability of AR features across production applications. Additional Notes / Verification: Please test this behavior yourself using the CheckAR test model on my website: https://admixreality.com/ios26/ • If the login page appears, click “Check AR” and then “View in Your Space”. • On iOS 18 and earlier, sharing correctly sends the website URL. • On iOS 26, sharing sends the actual USDZ model file. This clearly demonstrates the regression and the security/IP issue.

We noticed that in older OS versions the accessory picker would consistently display a peripheral's advertised friendly name on top of displaying information from the matching display item. While in newer OS versions we would mostly only see the name from the display item. Is there a way to configure this?

Is there any planned enhancement in Declarative Device Management (DDM) to support enforceable software update maintenance windows for macOS and iPadOS in education environments? With 1000+ devices, it is not feasible to guarantee all devices are updated outside school hours. Some devices will inevitably be powered off during deadlines, then later turned on during the school day, triggering updates and a 60-minute install/reboot countdown. This results in devices updating during lessons, which disrupts teaching and is exactly what we need to avoid. Ideally, updates should only be allowed to install and reboot once a device is inside an approved maintenance window, regardless of when it becomes available or comes back online. Feedback has been provided via MDM account.

Hello, I am unable to configure Sign in with Apple on my developer account. Whenever I try to: Enable/disable the Sign in with Apple capability in my App ID, or Configure a Service ID for web authentication, the portal does not save my changes. In the browser developer console, I consistently see this error: Request URL: https://developer.apple.com/services-account/v1/bundleIds/XXXXXXXX Request Method: PATCH Status Code: 501 Not Implemented This happens across all browsers (Safari, Chrome, Incognito) and even after clearing cache. It affects my entire account, not just one App ID. I have already tried: Creating a new Service ID → still fails. Creating a new App ID → still fails. Re-enabling the capability → save does not work. Different browsers and devices → same result. Has anyone else experienced this issue, and is there a known fix? Or is this something that Apple Developer Support needs to resolve at the account level?

Hello, everyone! I've discovered a bug similar to libstdc++/115939 in GCC. This bug exists for a while. Did someone face it too? I'd be glad to accept any advise. Thank you in advance!

Is the memoryLimit option mentioned in WWDC26 session 305 the same option as CIContextOption.memoryTarget? The session says the default memory target on iOS is 256 MB. What is the default memoryTarget on macOS? Also, the session recommends the Extended Virtual Addressing entitlement for interactive RAW editing. That entitlement does not appear to be available for macOS, so does Core Image automatically use a larger intermediate cache budget on macOS? Should memoryTarget be used only for export contexts, or can/should it also be tuned for interactive editing contexts with cacheIntermediates enabled? Thanks!

Hi, can someone help me, I can not find any button to accept this license agreement. I am Account Holder, and after clicking to account link, it redirects to my developer account. I accepted it in my developer account, but when I come back to Apple Store Connect, this agreement is still there, and no accept button for me in Action column.

Hello! Some colleagues and work on Jujutsu, a version control system compatible with git, and I think we've uncovered a potential lock contention bug in either APFS or the Darwin kernel. There are four contributing factors to us thinking this is related to APFS or the Kernel: jj's testsuite uses nextest, a test runner for Rust that spawns each individual test as a separate process. The testsuite slowed down by a factor of ~5x on macOS after jj started using fsync. The slowdown increases as additional cores are allocated. A similar slowdown did not occur on ext4. Similar performance issues were reported in the past by a former Mercurial maintainer: https://gregoryszorc.com/blog/2018/10/29/global-kernel-locks-in-apfs/. My friend and colleague André has measured the test suite on an M3 Ultra with both a ramdisk and a traditional SSD and produced this graph: (The most thorough writeup is the discussion on this pull request.) I know I should file a feedback/bug report, but before I do, I'm struggling with profiling and finding kernel/APFS frames in my profiles so that I can properly attribute the cause of this apparent lock contention. Naively, I ran xctrace record --template 'Time Profiler' --output output.trace --launch /Users/dbarsky/.cargo/bin/cargo-nextest nextest run, and while that detected all processes spawned by nextest, it didn't record all processes as part of the same inspectable profile and didn't really show any frames from the kernel/APFS—I had to select individual processes. So I don't waste people's time and so that I can point a frame/smoking gun in the right system, how can I can use instruments to profile where the kernel and/or APFS are spending its time? Do I need to disable SIP?

Filing this for engineering visibility and to ask whether the observed behavior matches expected M5 Pro DCP architecture. FB22701284 contains full sysdiagnose and supporting data. Hardware Configuration MacBook Pro 16-inch (Mac17,8) M5 Pro chip, 18-core CPU 64GB unified memory (highest M5 Pro memory tier) 1TB SSD macOS Tahoe 26.4.1 (build 25E253) AppleDCP-1041.100.97~429-t605xdcp.RELEASE Display Configuration Two identical LG UltraGear 27GM950B monitors: 27" Mini LED panels, native 5120x2880 DisplayPort 2.1 UHBR20 (80 Gbps capable) 165Hz native refresh, HDR-capable Connection topology (all third-party display software removed for clean test): Mac TB5 port 1 → Silkland DP80 USB-C cable (VESA-certified) → Monitor #1 USB-C input Mac TB5 port 2 → Silkland DP80 USB-C cable (VESA-certified) → Monitor #2 USB-C input DisplayLink Manager fully uninstalled No dock, no MST hub, no signal converters Apple Specification Context Per the MacBook Pro user guide, M5 Pro supports dual displays at 5K@120Hz (support.apple.com/guide/macbook-pro/apd8cdd74f57/mac), with the documented instruction to "connect the display with the highest resolution first." Observed Behavior Solo connection (either monitor) Either monitor in isolation: 5120x2880 @ 144Hz, Maximum Source Bandwidth 27,400 Mbps, 10-bit, HDR enabled. Dual connection (BetterDisplay 4.3.3 diagnostic) Monitor on dispext0@B0000000: 5120x2880 @ 144Hz, Maximum Source Bandwidth: 27,400 Mbps, HDR enabled Monitor on dispext1@90000000: Degraded from native 5K, Maximum Source Bandwidth: 13,700 Mbps, HDR disabled The 27,400/13,700 split is deterministic and follows connection order. Hardware substitution (cables, ports, monitor positions) confirmed the allocation follows position in connection order, not specific hardware. Each monitor achieves full 27,400 Mbps when solo. Per-pipe budget structure exposed in BetterDisplay 4.3.3 Recent BetterDisplay versions expose allocation limits in display reports: Allocation limits - horizontal: 3360, 3840 pixels HiDPI (6720, 7680 pixels LoDPI) Allocation limits - vertical: 2304 pixels HiDPI (4608 pixels LoDPI) This matches the per-sub-pipe budget structure documented in third-party M5 Max DCP firmware analysis, where M5 Max shows MaxSrcRectWidthForPipe = (6720, 7680, 7680, 7680). M5 Pro appears to expose only two values (6720, 7680). WindowServer assertion failure WindowServer crash on 2026-05-16 with assertion failure in the function calculating per-pipe maximum source rectangle widths: Thread 16 Crashed: com.apple.coreanimation.render-server CA::WindowServer::AppleDisplay::max_src_rect_width_by_pipes(unsigned char) const + 92 CA::WindowServer::AppleDisplay::max_src_rect_pixels() const + 60 CA::WindowServer::Server::get_display_info() + 1812 Exception: EXC_CRASH (SIGABRT), Abort trap 6. This is the same function third-party DCP firmware analysis identifies as governing the per-sub-pipe budget calculation. Reference to Existing Thread Apple CoreOS DTS Engineer Kevin Elliott in thread 814201 (https://developer.apple.com/forums/thread/814201) described M5 MacBook Pro display architecture: "Driving the display at 240Hz require both of the two display 'pipes' and the system ends up allocating both pipes to the first monitor it discovers. That prevents it from lighting up the second monitor, as there isn't currently any way for software to shift allocations of display pipes between machines." That thread addressed a single-display 4K@240Hz scenario where the second display failed to initialize. The underlying allocation mechanism (first-come-first-served pipe assignment, no dynamic reallocation) appears consistent with the dual-display configuration I'm observing, with the manifestation differing (both displays initialize but the second is bandwidth-constrained rather than absent). Specific Technical Questions Is the 27,400/13,700 Mbps asymmetric allocation observed on dual 5K configurations the expected manifestation of the two-pipe architecture described in thread 814201, or a distinct allocation policy specific to dual-display scenarios? The advertised dual 5K@120Hz capability requires approximately 28 Gbps per stream. The observed allocation appears insufficient to drive both displays at this specification simultaneously. Is there a configuration approach that allows both displays to receive adequate bandwidth allocation? Multiple sources document that M5 Max has more display engine output channels than M5 Pro. Is the architectural difference between M5 Pro and M5 Max sub-pipe count (per the BetterDisplay allocation limits and third-party firmware analysis) the underlying explanation for the differential dual-display capability? The WindowServer assertion failure in max_src_rect_width_by_pipes() — is this a known edge case for dual high-bandwidth display configurations on M5 Pro, or should this be filed as a separate issue from the bandwidth allocation behavior? Supporting Data Available BetterDisplay 4.3.3 diagnostic reports for both monitors WindowServer crash report (2026-05-16) ioreg output showing DCP unit assignments sysdiagnose attached to FB22701284 Happy to provide additional FB tickets with focused diagnostic captures if specific data would help engineering investigation.

I have a UGreen NAS. My app can read the contents of a folder on the NAS from macOS, but it cannot read the contents of a folder from iOS. I bring up a UIDocumentPickerViewController(forOpeningContentTypes: [UTType.folder], asCopy: false). I can pick a folder on the iPad’s internal storage, and successfully enumerate its contents. On the UGreen, I can pick a folder, but the content enumeration always returns zero items (no errors). Enumeration of the UGreen works from macOS. It also works on the iPad when connecting to a Mac mini, or a Synology NAS. . Files.app is able to view the UGreen folder and its contents. Oddly, my app cannot enumerate the contents, but it IS able to write a file to that UGreen folder. Since Files.app can enumerate and I can write to the UGreen folder (and I can enumerate contents on other servers) - how can I get the enumeration to work? Feedback is FB22955130

Calling contactAccessPicker results in a blank sheet and a jetsam error, rather than the expected contact picker, using Apple’s sample code, only on device with iOS 26.2.1. This is happening on a iPhone 17 Pro Max running 26.2.1, and not on a simulator. I’m running Apple's sample project Accessing a person’s contact data using Contacts and ContactsUI Steps: Run the sample app on device running iOS 26.2.1. Use the flow to authorize .limited access with 1 contact: Tap request access, Continue, Select Contacts. Select a contact, Continue, Allow Selected Contact. This all works as expected. Tap the add contact button in the toolbar to add a second contact. Expected: This should show the Contact Access Picker UI. Actual: Sheet is shown with no contents. See screenshot of actual results on iOS device running 26.2.1. Reported as FB21812568 I see a similar (same?) error reported for 26.1. It seems strange that the feature is completely broken for multiple point releases. Is anyone else seeing this or are the two of us running into the same rare edge case? Expected Outcome, seen on simulator running 26.2 Actual outcome, seen on device running 26.2.1

Has anyone managed to get Copilot working using the new ACP integration in Xcode 26.6 and Xcode 27 beta? I have tried setting it up using the path to the copilot binary as instructed and the flags --acp --stdio but Xcode just displays a "Your request couldn't be completed" error: JSON-RPC global stream failed: The operation couldn’t be completed. (IDEIntelligenceProtocol.JSONRPCElement.Error error 1.) I am running the latest version of copilot cli and it works in many other IDEs.

Are there issues with Testflight Beta Review process? My app (minor version update) has been sitting in waiting for review for a over 24 hours where previously it would take a few hours.

Hello, I'm developing a gambling blocker app that uses NEFilterDataProvider. My app was approved on the App Store, but the core feature doesn't work for end users. I have the content-filter-provider entitlement. Issue 1 — saveToPreferences() fails in distribution builds In dev builds (Xcode direct install), NEFilterManager.saveToPreferences() works fine — iOS shows a permission dialog and the filter is registered. In distribution builds (TestFlight/App Store), it fails immediately: NEFilterErrorDomain code 5 — Operation not permitted Console log from nehelper: "Creating a content filter configuration is only allowed through profile in production version" Issue 2 — .mobileconfig profile requires MDM Following the Console hint, I tried a .mobileconfig profile with com.apple.webcontent-filter payload (ContentFilterUUID, FilterType: Plugin, PluginBundleID). On an unsupervised consumer iPhone (iOS 18.5), installation fails: Profile Installation Failed — MDM required Question: What is the correct mechanism to activate a NEFilterDataProvider on a consumer (non-MDM) iPhone in a distribution build? Is there a specific entitlement or approval process I'm missing? (DTS Case-ID: 20087732)

I find the inspector, file navigator, issue navigator, etc. all hard to read. Is there a way to increase the size of these texts without changing all of the text on my machine?

I cannot file a ticket or ask them to call me. All options end with error. Do you have similar problems? What should I do? Apple is not helping me at all.