I should have said "resolve", not just "create". The use case here is a helper tool/process that's given a URL "target" (for example, through XPC) but something like (like your main app), so the user never actually selects files "for" it. In my current app, it turned out that I don't need bookmarks. But I have apps in development that will need bookmarks for both files and directories. I've seen some recent threads here involving bookmarks. I can't find the exact one, but I remember one in particular that discussed some complicated interactions between processes and bookmarks. In following these threads, bookmarks seem less and less straightforward. the issue here is purely a bug. The word "bug" is a bit of a value judgement. I think it might be better to refer to bugs as simply "behaviour". Apple might be able to differentiate between expected and unexpected behaviour. But for 3rd party developers, it's all just behaviour. The only thing that's important is that said behaviour is documented. Stepping back for a moment, what's your larger goal here? If you're specifically interacting with volumes then the other, often better, option is to move down a level in the system and use DiskArb, which ends up bypassing most of these issues. Currently, it's just a login item that checks volume free space. I had planned on using security-scoped bookmarks just because it seemed to be the standard way to persist URLs in a sandboxed app. I am using Disk Arbitration, as well as IOKit, but that's for collecting additional information about the location referred to by the URL, as a URL for an external volume is not reliable. That being said, I do need to use a URL as a starting point to see if it's the correct volume. bookmarking "/" isn't something you'd normally do anyway. I realize that now. But the issue here is that if I allow the end user to select a URL, which in the Mac App Store, I must do, then I need to handle the location selected, by any means necessary. "/System/Volumes/Data” -> How did you get this? Primarily this is for FSEvents. It's not related to the login item, any security-scoped bookmarks, or any persistence issues. I was poking around to learn more about this unexpected behaviour and this seems related. Basically, the open panel shouldn't be giving you any object you can't bookmark. Again, "shouldn't" is a value judgement. It's my job to write code that works properly with observed behaviour, expected or otherwise. Judgements are out of scope. Note that if you're getting file references from other sources (like navigating the hierarchy yourself), there are lots of objects that can't be bookmarked, but many of those are also in the category of "don't treat this like a file at all" (for example, the contents of /dev/). Exactly! Thankfully, I can't even navigate to /dev in an open panel. But what about other locations? Originally, this would have been a bigger problem. I've avoided that by restricting the user selection to whole volumes. I would prefer not to do this, but "/" is likely to be a popular choice, so I have to support it. If I allow arbitrary paths, then I have to handle both the unbookmarkable / and bookmarks. I might still do that, just not tonight. I would assume that you won't be able to restore access to a resource unless you have a security-scoped bookmark. Yes. That was my assumption too, leading to the catch-22. I think paths and bookmarks should be treated as fundamentally different concepts, not as replacements for each other. A path is a static reference to a precise location in the file system tree, while a bookmark is a persistent reference to an object on a particular file system. Which is why I'd prefer to use bookmarks. For example, a volume name collision can change the target of a path but has no effect on a bookmark. That was one of the reasons I wanted to use bookmarks in the first place. However, I don't think that guarantee is actually documented, so I had always intended to use data from Disk Arbitration and IOKit to double-check. But I think we're going in circles at this point. I wanted to get some clarification and I did. It's a bug new behaviour, which is likely to change in the future. But it's August 29, so macOS 26 is likely to ship with this new behaviour, so I'll need to handle it permanently, and any likely new behaviours. The internals, and public API, is far more complex than I had assumed. But I've learned some strategies to minimize the impact on my code.

Etresoft, I am not sure I follow, please explain. I'm not sure I follow your question either. It seems unrelated to your overall question. I've just been following this thread due to some similar confusion I've had with these APIs on macOS. If you have a URL to a document. You can use the UniformTypeIdentifiers API to get the rich(er) type information for the document. This gives you things like extension, MIME type, and the UTI (public.jpg, public.text, com.adobe.pdf, etc.) You referenced the Files app. The Files app will also give you something like "Pages document", which is another field that developers can specify when they create an exported document type. But then you're asking about apps specifically, so I'm not sure if this is what you're looking for. Apple considers installed apps to be privacy-sensitive. I've heard that there are some methods to get this information, but it puts your app, and you, personally, at risk. I wouldn't recommend going down that path. If you want to get a human-readable description of a document, which may include the app used to create it, the UniformTypeIdentifiers API should do that for you. If you're interested in inspecting other apps on iOS, you're on your own.

BTW, is there no way to get a more meaningful app name on iOS, like the Files app itself is showing other than this bundleID form? Are you starting from a document? You should be able to get the UTI of a document. If you ask for the localizedDescription, that might be what you're looking for.

If you wanted to create a process that created bookmarks but didn't present open/save panels (for example, as a helper process), then you could use it. The only time I imagine this could be executed would be if a helper resolved a bookmark and found it stale. Don't know how I could test that, but I guess this means "com.apple.security.files.bookmarks.app-scope" actually is required. Thanks for the insight. In concrete terms, a bookmark created directly to "/" (hard-coded path) will be able to read "/" (the top level) but will NOT be able to read "/Users/". However, a bookmark created from an open panel WILL be able to read "/Users/". My issue here is the type of bookmark. I cannot create a security-scoped bookmark to / from an open panel. That's what I meant about being lucky. For this app, in this instance, I don't need to read /Users. I just want the size and free space on the volume itself. The app is currently working just by creating whole-volume URLs from the path. Originally, I thought I would need security-scoped URLs. Then they didn't work. Then I figured out I didn't need them at all. But I would still prefer to code defensively. On the Mac, start returning "false" generally means that you don't have access to the file, which generally means you're doing something wrong. That is not the focus of my question here. I think I've seen it return false, and noted it in passing, but didn't have any problems. It could have been on iOS. I have a large cross-platform project on temporary hiatus. That project is where I adopted the practice of checking the result of start. My general advice here is to treat any URL you receive from the system as a "magic" object. In practice, I generally convert it to a bookmark, then resolve the bookmark again, and use that new URL*, discarding the original ("magic") URL. *This ensures that the rest of my app is ALWAYS working with "a URL that came from a bookmark", instead of a "split" flow. But converting certain "magic" URLs always fails, therefore a "split" flow is unavoidable. the better option here is to create your own class which "handles" access to that object and "owns" both the bookmark and any URL. If it has problems, then it just resolves the bookmark again. Yes. That's what I'm going to do, in order to manage this split flow. Your advice makes a lot of sense, especially for this issue. When I get a URL from the system, convert it to a bookmark. First try a security-scoped bookmark. But if that fails (as it will for / and /System/Volumes/Data), then try a standard bookmark, and if that fails just use the path. Then resolve that "persisted resource" to my own URL and use that. I think a better approach than wrapping the URL is just to create a "URLResource" object that will contain a type enum and data. It will handle security-scoped bookmarks, regular bookmarks, and absolute strings. It'll still be sendable too.

It's probably related to whatever you are doing with adguard and vaultwarden. I don't know what any of that is, but when I search for your domain, it shows up on a couple of Github domain lists. I also don't know what those domain lists are for. But if you're going to play around with anything even remotely related to "security", you should do that on a burner site. Otherwise, you effectively turn your site into a burner site. There is no differentiation on the internet between legal/illegal, safe or malicious. It's the internet. It's all illegal and malicious, unless proven otherwise. Google and others work hard to hide that from regular folks. But if you fall through the cracks, even by accident, it's your problem to solve. Nobody's going to help. This is a developer support forum. It's a place for questions about SwiftUI, APIs, NSURLSession, etc. You can ask anything you want, but if you're asking about something that isn't developer related, you probably won't get any answer. I can tell you that there is no escalation process. The modern world runs on scripts and automated flows. If you ever need personal support, for any reason, you're in deep trouble. And I'm talking about situations where you've paid money for a service, over several years. Even with that kind of established relationship, trivial support requests that require human intervention will take weeks at best. At even the slightest hiccup, entirely unrelated to you, you'll be dropped and forgotten, and they might even keep your money. The internet's not for the faint of heart.

An update: I thought it would be enlightening to write a simple demonstration app. I did that and learned a few things. Apple documentation describes two entitlements that are required for security scoped bookmarks. This document is strange. For one thing, the URL is under video applications. And it's ancient, referring to changes in macOS 10.7.3. It's also wrong. The entitlement "com.apple.security.files.bookmarks.app-scope" is not necessary and has no effect. More importantly, the entitlement "com.apple.security.files.bookmarks.document-scope" is required for security scoped bookmarks with document scope. You'll get an error if you attempt to use them without this entitlement. Unfortunately, they also don't work at all. The entitlement error is straightforward and tells you that you need the entitlement. But then, when you provide it, all attempts fail with error 256 "Item URL disallowed by security policy". It does seem to be modifying the metadata of the reference URL, but then it just doesn't work. That's too bad. I prefer to have data where I can see it. As far as security-scoped bookmarks and URLs, it's just really complicated now. It's impossible to create security-scoped bookmarks for certain URLs. I've only found two paths that are guaranteed failures: / and /System/Volumes/Data. These are kinda the same thing, but also kinda not. Unfortunately, if you allow the end user to select a directory, there's nothing stopping them from selecting these two locations. My recommendation is to wrap a URL in a class that can manage both the start/stopAccessingSecurityScopedResource and when creating a security scoped bookmark, fall back to a standard bookmark (or just an absolute string) on failure and hope that's useable after restart. Maybe this is just a bug in macOS 26 and it'll be fixed before launch. But even if this happens, this is obviously an API that's at risk for breakage.

This has been an ongoing problem in Apple's Developer forums and the Apple Support Community. These two forums seem to share a lot of code. And apparently, they even share releases. These kinds of problems started on both forums in July. Then both were fixed. Now both forums are having the same problems again.

First of all, WGS84 is a world geodetic system (WGS). It's complicated. Coordinates in MapKit are just basic latitude and longitude. Internally, they are represented as map points in the web mercator system (EPSG:3857), not WGS84. But none of that really matters for your question. Maps in China must use the government-mandated coordinate system which automatically applies obfuscation. So, yes, it is wrong. But it's supposed to be wrong. You don't need to worry about that or try to simulate it. And definitely don't worry much about obvious edge cases like Hong Kong.

You need to create a help book. Here is the documentation. It is very old, but it still works mostly. In modern versions of macOS, help will open using the standalone "Tips" app. In older systems, the help will be integrated into your app. A help book is nothing more than a bundle of localized HTML resources and assets. It is a little tricky to get it integrated into an app, but no more so than anything else Apple does. And since it is a stand-alone bundle, you can view the help documents using Apple's default help viewer, an external web browser, or your own integrated help display. I recommend against using anchors, however. That seems to be one help feature that was broken a few years ago. Instead, break your help up into smaller pages. And if you're working in iOS, you re-use all the same content and architecture. iOS doesn't have the same kind of help architecture, but you can easily display your help content in a web view.

But whatever you decide, make a point to save that response from "Framework Engineer". I had no idea it was possible to do either of those two things.

Contact who? You haven't said who the developer is. However, this is a technical support forum for developers, not for end users. You would get much better responses if you posted in the Apple Support Community. However, even there, you'll need to provide more information. What developer is this? What app is this? Please don't just say the name of the app. App names are 100% meaningless. You must provide a link to the app. Also, where did you buy the app? Did you buy it from an Apple App Store? Or from somewhere else? You should have your receipt and it will clearly say that. I can tell you have developers respond to e-mails 100% of the time. Even if they don't respond, that's a meaningful response. It means they don't care, they've gone out of business, or they've just abandoned that app. This is very common.

[quote='852581022, Nickkk, /thread/795994?answerId=852581022#852581022, /profile/Nickkk'] I didn't say that. [/quote] You were relaying what the end user told you. Obviously the end user's experience was more important than the fact that it worked on your machine. From what I understand, this was a change made to macOS 15.4. I think that Apple changed this behaviour again in 15.6. I could reproduce the problem on a 15.4 VM, but I can't on 15.6, at least on my developer machine. A VM is a good way to test software from an end-user's perspective. But I don't think you need to install Xcode on it to test this. Also, modern VMs on Apple Silicon do not have full access to Apple ID services. Some things work and some things don't. But regardless, always download Xcode directly from the developer site. Never use the App Store.

[quote='848905022, Nickkk, /thread/795994?answerId=852443022#852443022, /profile/Nickkk'] It does. [/quote] Well, for whatever reason, it doesn't seem to be working. Your original description of the problem, 'choosing in the Finder "File > Open With > Other", then selecting my app and enabling "Always open with"' very specifically describes an app that doesn't advertise support for that file extension. If it did, then it would have shown up in the top-level list, not in "Other". And, by extension, you wouldn't be getting that malware warning either.

Does your app explicitly advertise support for this file type in imported file types? A recent change to macOS started requiring this explicit support.

It's the same thing. A table view reuses all cell views. It simply takes some time to draw these user interface elements. You have to leverage the tools you have and the material conditions of the user interface. Chances are, the window is going to be too small to show all those views. So you only show what fits on the screen. Table views and collection views are optimized to do this. Then, when the user wants to see more, they can scroll. Any newly revealed portion of the view is going to have less content than the full thing, so this newly revealed content can be drawn in real time. If you're really living on the edge, there are even ways to cache overflows that that scrolling is smoother.