Hello I work for a company which is not itself a carrier, however we develop applications on behalf of carriers (the relationship between us and several large household name US carriers has existed for many years). The applications that we develop typically need carrier and/or special entitlements, for example: com.apple.CommCenter.fine-grained/public-subscriber-info com.apple.developer.coretelephony.sim-inserted com.apple.developer.pushkit.unrestricted-voip com.apple.developer.usernotifications.filtering com.apple.developer.associated-domains Obtaining those entitlements for the carrier applications that are released to the App Store is itself not a problem as the customers apply for them and they are duly granted and applied to the applications. However, what is a problem is working around the strict Apple development and distribution requirements and limitations, and the consequences that has given that the apps don't belong to our Apple account but the customers. Typically, a customer would provide us a developer certificate and set of provisioning profiles, but they would keep the distribution certificate and do the TestFlight/App Store release themselves. There's two limitations that come into play here, the first is that we can't distribute the app to TestFlight and secondly, we can only install the customer's apps on hardware registered with their Apple account. Given how the limitation for that is 100 in total, and these are large companies, they just don't have slots available and hence we might have a single device on which their app can run. These are very severe limitations given the complex nature of the applications and the need to have several developers/testers involved, which isn't possible. To mitigate those limitations we have "mirror" versions of customers' apps, these are apps which are identical to the customer apps except they have bundle ids registered to our Apple account. This enables the apps to be developed by any number of developers and distributed via Testfight and hence to any number of testers. But the problem is, the functionality of the mirror apps is severely reduced due to the fact they don't have the entitlements of the customers' apps. To get to the point of the post - I would like to know if there any potential solutions to this? For example: could it be possible for our mirror applications to be granted required entitlements (given the relationships we have with the customers. I'm sure the customers could vouch for us as a company and the need for this) could the entitlements be granted if we switched the mirror apps over to an Enterprise account (as enterprise apps can't be released to the App Store)? any other technical options or suggestions? Thank you

I've followed the instructions to configure and launch a live caller id test service (https://swiftpackageindex.com/apple/live-caller-id-lookup-example/main/documentation/pirservice/testinginstructions) i.e. I've constructed a database, built and installed the PIRService etc. Additionally I have created a test app with a Live Caller ID Extension. The problem I'm facing is when turning on the Live Caller ID feature on an iPhone (the Settings|Apps|Phone|Call Blocking & Identification|Live CallerID Lookup switch) with iOS 18 Beta 4 is the phone logs: "The request timed out." UserInfo={NSLocalizedDescription=The request timed out., NSErrorFailingURLKey=http://MacBook-Pro.local:8080/.well-known/private-token-issuer-directory The configuration notes say: "When running things locally on your Mac, and your testing device is on the same network, then you can use mDNS to let the device find your Mac. Let’s assume that your Mac’s hostname is Tims-MacBook-Pro.local. Then we should use the following value for the URLs: http://Tims-Macbook-Pro.local:8080. Thanks to the mDNS protocol your device should be able to resolve your hostname to the actual IP address of your Mac and make the connection." My Mac hostname is "MacBook-Pro" therefore the Live Caller ID Extension is configured as: LiveCallerIDLookupExtensionContext( serviceURL: URL(string: "http://MacBook-Pro.local:8080")!, tokenIssuerURL: URL(string: "http://MacBook-Pro.local:8080")!, userTierToken: Data(base64Encoded: "BBBB")! ) And the service-config.json is configured as: { "issuerRequestUri": "http://MacBook-Pro.local:8080", "users": [ <snip> (I've also tried excluding the issuerRequestUri as the instructions say "This value can be omitted from the configuration. Setting this explicitly will not be required for devices using iOS 18.0 beta 4 or later.") And the PIR Service is started on the Mac as: PIRService --hostname 0.0.0.0 service-config.json And it starts and runs. The iPhone and Mac are on the same Wifi network and connected by usb cable. As far as I can tell, everything has been set up in accordance with the Testing Live Caller ID instructions, yet I get the error when attempting to enable the extension on the iPhone. Is there something missing/incorrectly configured?

With iOS 18 there are now five ways for a caller to be blocked/silenced: the caller can be blocked via the Live Caller ID extension the caller can be blocked via the Call Kit extension the caller can be blocked via Block Caller via the call history recents the call could be silenced via Silence Junk Callers the call could be silenced via Silence Unknown Callers These are all totally separate and there's no way of reconciling all of them and presenting a holistic overview and management system to the user. Call blocking applications have no way of knowing which numbers will be blocked by 3) or silenced by 4) or 5), or even of determining 4) and 5) are enabled. And iOS doesn't indicate to users what will be blocked by 1) or 2). Currently users have no way of knowing what's been blocked/silenced where. Neither via call blocking apps nor via the OS. From users' perspectives its a confusing and frustrating mess. If the OS exposed which numbers have been blocked via 3) to applications and exposed if Silence Unknown Callers and Silence Junk Callers are enabled then call blocking applications could present a unified way for users to see and manage what's going on with their device holistically.

If an app has a Live Caller ID Lookup extension and the lookup server indicates that a caller is identified and not blocked, then if the user wished to locally block that number they can do so either via the iPhone call block button, or via the app's Call Extension block list. However there's apparently no way for the user to do the inverse. i.e. if Live Caller Id Lookup indicated that a number should be blocked, then how could a user indicate they don't want that number blocked for them? If they added it to the Call Extension as an identified number, but live lookup is saying the number should be blocked, then what does the OS do? Give priority to the blocking instruction from the live lookup server, or give priority to the fact its in the Call Extension's Identified list?

If using Xcode beta 16 beta 4, a target type of Contact Provider Extension is created, then the auto-generated template code has errors right off the bat. Compiler be like what in the dickens is this?: class ContactProviderExtension: ContactProviderExtension

I've got a custom run script build phase in my Xcode iOS project, however I want it to run before the items in the Target Dependencies section get built. So I added a Pre-Actions phase to the target's build scheme and pasted the contents there. However, during a build, there's no way to see if the stuff in the pre action is successful or not. It's possible to put echo statements into a run script build phase which is useful to print values such as file paths etc. but these don't work when part of a scheme pre action. Also if I deliberately put garbage into the scheme pre action, then I can see Xcode is still running the pre action, but as its full of garbage it should fail, but Xcode doesn't report any errors anywhere. So, is there any way to see and confirm if a scheme pre-action was successful or not, or to output logging statements from it to verify values its using are as expected?

I'm getting Sandbox:rsync.samba deny errors trying to build an app using Xcode 16 betas. There's lots of info on this on google, and the solution everybody used to fix it is to change the Xcode build setting User Script Sandboxing from NO to YES. However this doesn't exist with Xcode 16. Does it have a replacement?

Our company is going to develop an iOS library of functionality for inclusion in several apps, some of the apps will be developed in-house and some externally. When the library is included in external apps the source code shouldn't be visible. When the library is included in internal apps, having the option to view and step through the code within the library will be invaluable for debugging. How could I set things up so that two forms of the library can be easily generated - one exposing source code and the other not. Ideally they should be capable of being incorporated within the apps in the same manner regardless of if the source code is expose or not Is that possible? I looked at Swift Packages, but it seems its for distribution of source code only, and its not possible to hide the source code. However, conversely, a framework only contains binary and no source code. Is there any other option?

I'm experimenting with creating a Framework and have noticed a difference when dragging and dropping/or adding it into a project. If I create a brand new app and add the Framework then Xcode automatically creates a "Frameworks, Libraries, and Embedded" section within the app settings general section. The framework gets added with a default embed setting of Do Not Embed, which can be changed to Embed & Sign or Embed without Signing. However, I have an existing app which doesn't already contain a "Frameworks, Libraries, and Embedded section" section, if I add the framework to that app then Xcode is NOT creating a "Frameworks, Libraries, and Embedded section", instead it is adding the framework to the existing "Link Libraries with Binary" section. However this section does not have the embed box that a "Frameworks, Libraries, and Embedded" section has. Why is there this difference? And how can you choose whether to sign or not the framework if its been added by Xcode to the "Link Binary With Libraries" section rather than the "Frameworks, Libraries, and Embedded" section. I am finding that when Xcode adds the framework to the "Link Binary With Libraries" section and the app is run then there are run time errors about the framework not being able to be found, this does not occur when it gets added to the "Frameworks, Libraries, and Embedded" section. Is it possible to there explicitly create a "Frameworks, Libraries, and Embedded" section? I can't find one, nor can I get Xcode to create one, it keeps insisting on adding the Framework to "Link Binary With Libraries", which results in the app not running.

I received an email from Apple saying the app is using: NSPrivacyAccessedAPICategoryDiskSpace NSPrivacyAccessedAPICategoryFileTimestamp NSPrivacyAccessedAPICategorySystemBootTime I'm not directly calling (afaik) any API that might be involved in getting the disk space, file timestamp, nor system boot time, so presumably these are indirectly originating in a pod whose api I'm using. However I have about 100 pods in the app, how can I know which one these are originating from? (100 seems a lot, but its a React Native app and that alone pulls in dozens and dozens of pods implicitly in addition those specified explicitly in a pod file) I can try and update all the pods to the latest version, but if the offending pod(s) hasn't added a manifest file, then I have no way of knowing which one it is - therefore I can neither contact them to ask when they will release a new version, nor can I attempt to try and remove the pod, because I just don't know which one might be causing the manifest warning. So what are we supposed to do in this situation?

I've got an app which has a notification service extension (and has had so for a few years). I noticed that the pushes were getting delivered directly to the user for a handset, and in the log could see a SpringBoard error saying Error Domain=PluginKit Code=4 RBSLanchRequest error trying to launch plugin Error Domain=RBSRequestErrorDomain Code=5 Launch failed ErrorDomain=NSPOSIXErrorDomain Code=111 Unknown error:111 I rebooted the phone and it started working as expected. But it's worrisome this happened, and it's not the first time I've seen it either. Observed with iOS 17.3.1

I don't follow the section in the wwdv video on http3 https://developer.apple.com/videos/play/wwdc2021/10094/ From about 07.00 onwards for a couple of minutes, the presenter says URLSession won't use http3 unless the server advertises it. Then he uses instruments to show the app is using http2 - BUT the server is advertising http3. Then he says the fact the server advertised http3 will be remembered for future sessions. Why does the app use http2 for the first session even though the server advertised http3? Does that mean the first time any app connects to a http3 server it'll actually be http2 and only http3 for subsequent connections?

I've installed the same developer certificate onto three different Macs. When viewed in the keychain (or in Xcode) on one Mac it says its revoked, on another it says its not trusted, but on a third there's no issue reported. How could there be a difference between the three Macs? (Both Macs have the date/time set to be the same). Can 3rd party software, VPNs etc. interfere in this at all?

An app is hanging randomly on app launch, after looking into it, it appears it's hanging on a call to UNUserNotificationCenter.current() calls. I say this because there's logging and the sometimes the last line logged is prior to a call to UNUserNotificationCenter() I have a hang log (.ips file) rom the iPhone and at the bottom it says this. I presume blockingThreadInfo is talking about the thread being blocked, and it identifies the topBlockingProcess as user notifications. "blockingThreadInfo" : { "topBlockingProcess" : "usernotificationsd", The following is the code, why would this code cause a hang? The problem occurs when there's lots of notifications that have been posted i.e. something like 100. [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(appBecameActive) name: UIApplicationDidBecomeActiveNotification object:nil]; @objc func appBecameActive() { method1() method2() } @objc func method1() { UNUserNotificationCenter.current().getDeliveredNotifications { notifications in if SettingsManager.isProductionFinalBuild() == false { // Log notification center contents for notification in notifications { let title = notification.request.content.title let targetId = notification.request.content.targetContentIdentifier let threadId = notification.request.content.threadIdentifier let categoryIdentifer = notification.request.content.categoryIdentifier let identifier = notification.request.identifier let info = notification.request.content.userInfo Logger.trace("Previously delivered notification: title: \(title) identifier: \(identifier) threadId: \(threadId) category: \(categoryIdentifer) target id: \(String(describing: targetId)) userInfo: \(info)") } let matchchingNotifications = notifications.filter({ $0.request.identifier == kMdnAccountNotFoundNotificationIdentifier }) UNUserNotificationCenter.current().removeDeliveredNotifications(withIdentifiers: [kMdnAccountNotFoundNotificationIdentifier]) } } func method2() { UNUserNotificationCenter.current().removePendingNotificationRequests(withIdentifiers: [Constants.kWhatsNewNotificationIdentifier]) UNUserNotificationCenter.current().removeDeliveredNotifications(withIdentifiers: [Constants.kWhatsNewNotificationIdentifier]) }

If I try to run Instrument's logger for an app downloaded from TestFlight it says "Permission to debug app name was denied". "Recover Suggestion: The app must be debuggable and signed with 'get-task-allow'. How do you make the app debuggable? (I tried creating an archive with the scheme set to Debug, but after uploading that to TestFlight, it doesn't appear. So presumably its not possible to upload an app built with debug scheme builds to TF?). Therefore how can I make a TF build debuggable?, and how to sign it with get-task-allow? Does it have to be a developer distribution .ipa rather than a TestFlight build to enable Instruments/Logger to run it?