My iphone freezes during the night, having the alarm not go off, me miss important things as I oversleep. And the phone needs to go thru hard reboot to get back to normal. It´s only been happening after I started using "Downtime". (An underdeveloped feature by Apple in the first place). I love locking my apps down nighttime for less screentime. Annoyingly it only happens once in a while, so I´m not able to link it directly to downtime consistently. I´m not developing an app right now so I´m steep ground with this post, but, with lack of sleep as this has messed up my sleep rythm several times, well I´m not able too anyway. I know ios well, and there isn´t much "to do" except having to always remember to turn off downtime (it doesn´t play well with shortcuts app either), but I hope someone from apple sees this and is able to push this bug into the right team as all reports I have seen goes on focus modes bugs, but not "downtime".

I'm getting Crashlytics crashes from some my users, deep in the Apple code: Crashed: AXSpeech EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x00000007ec54b360 0 libobjc.A.dylib 0x3c9c objc_retain_x8 + 16 1 AudioToolboxCore 0x99580 auoop::RenderPipeUser::~RenderPipeUser() + 112 2 AudioToolboxCore 0xe6090 -[AUAudioUnit_XPC internalDeallocateRenderResources] + 92 3 AVFAudio 0x90a0 AUInterfaceBaseV3::Uninitialize() + 60 4 AVFAudio 0x4cbe0 AVAudioEngineGraph::PerformCommand(AUGraphNodeBaseV3&, AVAudioEngineGraph::ENodeCommand, void*, unsigned int) const + 768 5 AVFAudio 0x56b0c AVAudioEngineGraph::_Uninitialize(NSError**) + 132 6 AVFAudio 0x7834 AVAudioEngineImpl::Stop(NSError**) + 388 7 AVFAudio 0x636c -[AVAudioEngine dealloc] + 52 8 TextToSpeech 0x30674 _TTSNameForVoiceInformation + 20864 9 libobjc.A.dylib 0x20a4 object_cxxDestructFromClass(objc_object*, objc_class*) + 116 10 libobjc.A.dylib 0x6e00 objc_destructInstance + 80 11 libobjc.A.dylib 0x104fc _objc_rootDealloc + 80 12 TextToSpeech 0x2d2f4 _TTSNameForVoiceInformation + 7680 13 TextToSpeech 0x496c TTSVocalizerCopyURLForFallbackResource + 8540 14 TextToSpeech 0x26094 TTSSpeechUnitTestingMode + 5548 15 libAXSpeechManager.dylib 0x108b0 -[AXSpeechManager .cxx_destruct] + 192 16 libobjc.A.dylib 0x20a4 object_cxxDestructFromClass(objc_object*, objc_class*) + 116 17 libobjc.A.dylib 0x6e00 objc_destructInstance + 80 18 libobjc.A.dylib 0x104fc _objc_rootDealloc + 80 19 libAXSpeechManager.dylib 0x5298 -[AXSpeechManager dealloc] + 268 20 Foundation 0x3b8a4 __NSThreadPerformPerform + 272 21 CoreFoundation 0xd3208 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 22 CoreFoundation 0xdf864 __CFRunLoopDoSource0 + 176 23 CoreFoundation 0x646c8 __CFRunLoopDoSources0 + 244 24 CoreFoundation 0x7a1c4 __CFRunLoopRun + 828 25 CoreFoundation 0x7f4dc CFRunLoopRunSpecific + 612 26 Foundation 0x420c4 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 27 libAXSpeechManager.dylib 0x13390 -[AXSpeechThread main] + 552 28 Foundation 0x5b634 __NSThread__start__ + 716 29 libsystem_pthread.dylib 0x16b8 _pthread_start + 148 30 libsystem_pthread.dylib 0xb88 thread_start + 8 It's most likely related to my use of AVSpeechSynthesizer. I do change some of the utterance fields, including the voice that's being used (which is set to a value from speechVoices()). UtilAudioIos_tts = AVSpeechSynthesizer() let utterance = AVSpeechUtterance utterance.voice = AVSpeechSynthesisVoice(identifier: voice.voiceCode) utterance.volume = volume utterance.pitchMultiplier = pitch utterance.rate = rate UtilAudioIos_tts!.speak(utterance) By coincidence or not, the following sometimes appears in the device log: 2023-05-30 20:35:29.948078+0100 <appname>[466:12882] [catalog] Unable to list voice folder and also, sometimes: 2023-05-30 20:37:35.345933+0100 <appname>[466:13298] [catalog] Query for com.apple.MobileAsset.VoiceServices.VoiceResources failed: 2 2023-05-30 20:37:35.360854+0100 rehearserfree[466:13433] [AXTTSCommon] MauiVocalizer: 11006 (Can't compile rule): regularExpression=\Oviedo(?=, (\x1b\\pause=\d+\\)?Florida)\b, message=unrecognized character follows \, characterPosition=1 2023-05-30 20:37:35.363163+0100 <appname>[466:13433] [AXTTSCommon] MauiVocalizer: 16038 (Resource load failed): component=ttt/re, uri=, contentType=application/x-vocalizer-rettt+text, lhError=88602000 2023-05-30 20:37:35.363182+0100 <appname>[466:13433] [AXTTSCommon] Error loading rules: 2147483648 All of these crashes have been on the various versions of iOS 16. Edit: I can't reproduce the crash myself - it's just some (not all) app users. The log entries above appear locally on my device (with no crash) but I can't see the logs of the users who have the crashes. Any idea what this might be caused by, or how to go about tracking the problem down?

After building the sample and enabling the file system extension the mount command is freezing. Any tips how to diagnose that? The logs show the following: log stream --style compact --info --debug --predicate 'subsystem == "com.apple.FSKit" OR process CONTAINS[c] "samplecode"' Filtering the log data using "subsystem == "com.apple.FSKit" OR process CONTAINS[c] "samplecode"" Timestamp Ty Process[PID:TID] 2026-03-17 15:15:51.832 I mount[16111:d88caa] [com.apple.FSKit:default] FSClient setting up connection to fskitd 2026-03-17 15:15:51.833 Db fskitd[589:d88a5f] [com.apple.FSKit:default] -[liveFilesMountServiceDelegate listener:shouldAcceptNewConnection:]: start 2026-03-17 15:15:51.833 Df fskitd[589:d88a5f] [com.apple.FSKit:default] Incomming connection, entitled 0 2026-03-17 15:15:51.833 Db fskitd[589:d88a5f] [com.apple.FSKit:default] -[liveFilesMountServiceDelegate listener:shouldAcceptNewConnection:]: accepting connection 2026-03-17 15:15:51.833 Df fskitd[589:d88a5f] [com.apple.FSKit:default] Hello FSClient! entitlement no 2026-03-17 15:15:51.834 Df mount[16111:d88caa] [com.apple.FSKit:default] Setting remote protocol to all XPC 2026-03-17 15:15:51.834 Df fskitd[589:d88a5f] [com.apple.FSKit:default] About to get current agent for 501 2026-03-17 15:15:51.834 I fskitd[589:d88a5f] [com.apple.FSKit:default] About to call to fskit_agent 2026-03-17 15:15:51.835 I fskit_agent[10123:d877d9] [com.apple.FSKit:default] Getting extensions 2026-03-17 15:15:51.836 Db fskitd[589:d88a5f] [com.apple.FSKit:default] -[fskitdAgentManager currentExtensionForShortName:auditToken:replyHandler:]_block_invoke: Found extension for fsShortName () 2026-03-17 15:15:51.837 I fskitd[589:d88a5f] [com.apple.FSKit:default] Probe starting on 2026-03-17 15:15:51.837 Db fskitd[589:d87c31] [com.apple.FSKit:default] -[FSResourceManager getResourceState:]:found: 2026-03-17 15:15:51.837 Db fskitd[589:d87c31] [com.apple.FSKit:default] -[FSResourceManager addTaskUUID:resource:]:: Adding task () 2026-03-17 15:15:51.837 Df fskitd[589:d87c31] [com.apple.FSKit:default] About to get current agent for 501 2026-03-17 15:15:51.837 I fskitd[589:d87c31] [com.apple.FSKit:default] About to call to fskit_agent 2026-03-17 15:15:51.837 I fskit_agent[10123:d877d9] [com.apple.FSKit:default] Getting extensions 2026-03-17 15:15:51.838 Db fskitd[589:d87c31] [com.apple.FSKit:default] -[fskitdXPCServer getExtensionModuleFromID:forToken:]_block_invoke: Found extension , attrs 2026-03-17 15:15:51.838 Db fskitd[589:d87c31] [com.apple.FSKit:default] applyResource starting with resource kind 4

Error 8 in the NEHotspotConfigurationError domain is .internal, aka NEHotspotConfigurationErrorInternal. This error typically indicates that something went wrong in some sort of expected way, but we decided not to surface the exact cause [1]. This has come up a bunch of times before on the forums, and I have various titbits to share. To start, I want to address some specific cases: You’ll see this error if your app isn’t signed with the com.apple.developer.networking.HotspotConfiguration entitlement. To fix this, use Xcode’s Signing & Capabilities editor to add the Hotspot capability to your app. Historically developers reported a situation where once they encountered the error it would show up consistently, but then it would go away on restarting the device. If you see behaviour like that, that’s definitely a bug and I encourage you to file it as such. I have more about filing such bugs in Filing a Wi-Fi Bug Report. Of course, you have to wait to reproduce the error again before you’ll be able to file that bug, because the act of restarting cleared the issue. I’ve seen reports where such problems only occur on a specific type of device, for example, on iPhone 16 but not on earlier or later iPhones. That’s definitely something that Apple should investigate, and I recommend that you file a bug about it. If the problem is being reported by your users but you can’t reproduce it yourself, consider the various suggestions in Using a Sysdiagnose Log to Debug a Hard-to-Reproduce Problem. Assuming you’re still here (-: the next step is to determine whether the problem is specific to NEHotspotConfigurationManager or not. Try joining the accessory’s network from Settings > Wi-Fi. Does that also have problems? If so, that’s not something we can help you with here on the forums. The focus of the Apple Developer Forums is primarily to help developers with the APIs in Apple’s various platform SDKs [2]. We’re not set up to help accessory developers with Wi-Fi issues. However, there are still things you can do, as I explain in Filing a Wi-Fi Bug Report. At this point you have an error that: Persists across restarts Happens with all Apple devices You can reproduce Only affects NEHotspotConfigurationManager If that’s correct then there are a couple of things you might look at: Coerce the error to an NSError and print that. Does it reveal anything interesting? Also check the underlying error property (NSUnderlyingErrorKey) for hints. When reproducing the error, monitor the system log for log entries in the com.apple.networkextension subsystem. Do those offer any clues? Note For lots of hints and tips about the system log, see Your Friend the System Log. And finally, if you have questions about this case, feel free to start a thread here on the forums and we’ll try to help you out. Put it in the App & System Services > Networking subtopic and tag it with Network Extension. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] There’s also the .unknown error. See this post for a brief summary of the difference. [2] And with Apple tools and some developer-oriented services. Revision History 2026-03-18 Added a missing entitlement bullet to the specific case list. 2026-03-17 First posted.

Hi, I'v got the error by using NEHotspotConfiguration to connect a wifi spot but get:NEHotspotConfigurationErrorDomain code=8. I hope to get the same result as when scanning the code with the system camera. A pop-up window will appear, and I just need to click "Join" to successfully connect. Here's the logs: [OneAppWifi][iOS] handleCheckWifiEnabled start (iOS 12+) [OneAppWifi][iOS] handleCheckWifiEnabled pathUpdateHandler status=satisfied [OneAppWifi][iOS] handleConnectWifi start, ssid=OPPO Find X6 Pro, pwd=len=16, authType=Optional("sae"), hidden=false [OneAppWifi][iOS] handleConnectWifi cancelPendingConnection before new request ssid=OPPO Find X6 Pro [OneAppWifi][iOS] cancelPendingConnection called, errorCode=nil, currentSsid=nil [OneAppWifi][iOS] cancelPendingConnection silent cancel, just clear pendingConnectResult [OneAppWifi][iOS] handleConnectWifi apply completion with error, domain=NEHotspotConfigurationErrorDomain, code=8, userInfo=["NSLocalizedDescription": internal error.] [OneAppWifi][iOS] resolveNEError NEHotspotConfigurationErrorDomain code=8 [OneAppWifi][iOS] resolveNEError systemConfiguration / internal, map to connection_failed [OneAppWifi][iOS] handleConnectWifi resolved as failure errorCode=Optional("connection_failed") for ssid=OPPO Find X6 Pro [OneAppWifi][iOS] firePendingResult value=["success": false, "errorCode": Optional("connection_failed")], currentSsid=Optional("OPPO Find X6 Pro")

I want to track down which part of an app contacts a given domain listed in its App Privacy Report. Following the instructions given here I am able to capture a packet trace, but traffic to the domain in question is encrypted using QUIC. Is there a way to insert e.g. mitmproxy into the capture process in order to get hold of the SSLKEYLOGFILE so that I can decrypt the traffic?

I am investigating a connectivity issue reported by a user running latest iOS 26.4 Public Beta on an iPhone 17 Pro Max. Unfortunately, I am unable to reproduce this behavior on my end as I do not have access to an iPhone 17 Pro Max for testing, and my current devices do not exhibit the issue. However, the user's logs suggest a system-level networking issue : Symptoms: Flutter App (package dio): Requests fail with The connection errored: Failed host lookup: 'mydomain.com' Firebase SDK: Unable to fetch Firestore documents Duration: The outage is random, lasting between 5 to 15 minutes before self-resolving Scope: It affects both Wi-Fi and Cellular data By the way I found this report from another developer experiencing the exact same behavior: "I run a mobile app that has millions of users. As of 1-2 weeks ago, we started getting reports that the app isn't working (failing to connect). It then goes back to connecting anywhere between 5 to 15-20 mins later. Every single one of those users was running iOS 26.4 beta, and their phones ranged from iPhone 17 PRO Max to regular iPhone 17s, to iPhone 16 PROs and Maxs. The only other thing is that all these users also had Apple Private Relay enabled. During the time the app wasn't able to connect, other apps on their phones like YouTube, also failed to connect. The issue is persistent whether on Wifi or cellular, didn't matter. I upgraded my iPhone 16 PRO Max to iOS 26.4, and wasn't experiencing the issue. I enabled Private Relay - and a few mins later on my own phone, I couldnt connect on my own app, and YouTube/Gmail also were experincing issue. It self-resolved 5-10 mins later. But it kept happening throughout the day. I've tested Network reset, I've also re-installed the apps, both still continued to have those weird intermittent outages. I just updated the phone to the latest version that was released a day ago, so far I'm not experiencing it, but as you can imagine, this is such a weird behaviour that it's concerning for me that I can't figure out the exact way to replicate it." I asked the user to test with iCloud Private Relay disabled, and it immediately fixed the problem -> so maybe this suggests that it might be related to how Private Relay handles traffic or DNS resolution in this beta ? Are other developers seeing an increase in SocketException or host lookup failures on the 26.4 Beta? Is this a known regression related to Private Relay that is expected to be patched before the RC/Final release?

Dear Sir/Madam, Thank you for your support. I have reviewed the documentation for Local Push Connectivity (see URL below) and, following the instruction in the "Important" section to "Request this entitlement from the Entitlement Request Page," I completed the application process for this Entitlement on March 11, 2026. [Local push connectivity] https://developer.apple.com/documentation/networkextension/local-push-connectivity?language=objc#Supporting-APNs-and-local-push-connectivity-in-one-app Subsequently, on March 13, 2026, I received the following reply from Apple: Sub : Re: Requesting Network Extension App Push Entitlement From: Local Push Review Sent: Friday, March 13, 2026 4:09 AM Hi, Thank you for your interest in the Local Push Connectivity entitlement. Your entitlement request has been approved for: Team ID: NWKYYYYYYY Technical documentation on this API is available here: -(Omission) - Best Regards, Apple Developer Relations My understanding is that upon approval of this application, an "Entitlements" field should be added to the input fields for creating provisioning profiles. However, as of today(March 18, 2026), it has not yet been added. Will the Entitlements field be added if I simply wait? My account (Apple ID), which submitted the application, belongs to three Team IDs. For convenience, I will refer to them as Team ID SV3XXXXXXX, Team ID NWKYYYYYYY, and Team ID WEJZZZZZZZ. The application status for Entitlements for each Team ID is as follows: Team ID SV3XXXXXXX Entitlements: Present. Applied for Entitlements on February 6, 2021. (Received "Re: Requesting Network Extension App Push Entitlement" email on February 6, 2021) Team ID NWKYYYYYYY Entitlements: Not present. Applied for Entitlements on March 13, 2026. (Received "Re: Requesting Network Extension App Push Entitlement" email on March 13, 2026) Team ID WEJZZZZZZZ Entitlements: Present. No record (email) of applying for Entitlements. Because of this, I am concerned that the Entitlements applied for Team ID NWKYYYYYYY may have been mistakenly granted to Team ID WEJZZZZZZZ, and I am inquiring about this. Will the Entitlements field for Team ID NWKYYYYYYY be added if I simply wait? Thank you in advance.

Hi Team, I want to retrieve the list of nearby Wi-Fi networks (SSIDs) directly inside the app. Currently, I can see the available Wi-Fi networks by going to Settings → Wi-Fi on the device, but I would like to access that scan list programmatically within my application. I am developing the app using the Angular Ionic platform. On Android, I am able to get the nearby Wi-Fi scan list using the npm package @capgo/capacitor-wifi (v8.1.8). However, on iOS, the scan results are not being returned. If anyone has experience with this or knows how to achieve Wi-Fi scanning on iOS in Ionic/Capacitor, please let me know. Thanks.

Hi Team, I want to retrieve the list of nearby Wi-Fi networks (SSIDs) directly inside the app. Currently, I can see the available Wi-Fi networks by going to Settings → Wi-Fi on the device, but I would like to access that scan list programmatically within my application. I am developing the app using the Angular Ionic platform. On Android, I am able to get the nearby Wi-Fi scan list using the npm package @capgo/capacitor-wifi (v8.1.8). However, on iOS, the scan results are not being returned. If anyone has experience with this or knows how to achieve Wi-Fi scanning on iOS in Ionic/Capacitor, please let me know. Thanks.

Hello, I have implemented a URL Filter using the sample provided here: Filtering Traffic by URL. I am also using an App Group to dynamically manage the Bloom filter and block list data. However, when I update my block list URLs and create a new Bloom filter plist in the App Group, the extension does not seem to use the updated Bloom filter even after the prefetch interval expires. Also for testing purpose can I keep this interval to 10 mins or below ?

The FindMy device is currently MFI certified, but we plan to support UWB ranging functionality in the Find My app, similar to AirTag. After searching for relevant information, I found the relevant UWB functions in this article "Nearby-Interaction-Accessory-Protocol-Specification-Release-R4", but we need to develop third-party applications ourselves. So how can we make it display distance and direction in the "Find My" app like AirTag does?

When printing image/photo files via AirPrint, selected finishing options (e.g., Punch) are not applied unless a preset is chosen. reproduction steps: Select an image on iOS Tap Print → choose printer/server Set Finishing Options → Punch Print Observed: Finishing options not applied IPP trace shows no finisher attributes in the request working scenario: Select any Preset (e.g., Color) before printing Finishing options are then included in IPP and applied Note: Issue does not occur when printing PDFs from iOS; finisher attributes are sent correctly. Is this expected AirPrint behavior for image jobs, or could this be a bug in how iOS constructs the IPP request for photos?

How do we get addPaymentPassViewController response for in app verification without calling that function ? Currently we have working in app provisioning but not in app verification. The apple docs say "The process of generating the cryptographic OTP value is the same as for generating activationData for In-App Provisioning.". How is it the same when in in app provisioning we have this button that returns all necessary info and for in app verification there is no clear way of recieving same info.

after doing all the steps as in The app version submission must be in the “Prepare for Submission” state There must be at least one IAP/subscription in the “Ready to Submit” state All banking & agreements must set up and in place I am still not seeing the In-App purchase and subscription in my iOS App Version page to add to my newest version slash build

On iOS 26.3.1, deviceactivityd produces zero log output and never wakes a DeviceActivityMonitor extension at the scheduled time, even when the schedule is successfully registered. The extension's intervalDidStart(for:) method is never called. Steps to Reproduce: Create an app with a DeviceActivityMonitor extension subclass Add the com.apple.developer.family-controls entitlement to both the main app and extension targets Add a shared App Group entitlement to both targets In the main app, call: let center = DeviceActivityCenter() center.stopMonitoring([.myActivity]) let schedule = DeviceActivitySchedule( intervalStart: DateComponents(hour: 17, minute: 30), intervalEnd: DateComponents(hour: 17, minute: 45), repeats: true ) try center.startMonitoring(.myActivity, during: schedule) Verify registration succeeds: DeviceActivityCenter().activities.contains(.myActivity) returns true Background the app completely and wait for the intervalStart time (5:30 PM in this example) Expected Result: intervalDidStart(for:) is called in the extension process at 5:30 PM. ManagedSettings shields are applied without any user interaction. Actual Result: intervalDidStart(for:) is never called. No extension process is launched. Filtering Console.app for deviceactivityd on the device returns 0 messages — the daemon produces no logs whatsoever despite an active registered schedule. Shields are never applied. Additional Evidence: Third-party apps using DeviceActivity (e.g. Prayer Lock) successfully apply shields at scheduled times on the same device and OS version, confirming the framework is not universally broken Filtering Console.app for the app's bundle ID at the trigger time shows the main app process applying shields via a UNCalendarNotificationTrigger fallback — but no extension process activity DeviceActivityCenter().activities correctly lists the registered activity before and after the trigger time, confirming the schedule registration API is functional Environment: iOS 26.3.1 Physical device (required for FamilyControls) Development-signed build with com.apple.developer.family-controls entitlement provisioned App Group shared between main app and extension targets

I've encountered an issue where we need multiple domain associations with separate Apple Pay implementations. Briefly, we have a /.well-known/apple-developer-merchantid-domain-association already setup with Stripe, and now we need another, different version of the file to get setup with FreedomPay. FreedomPay insists this file represents a three-way relationship between all parties and I have no reason to disbelieve them. I'm wondering if anyone has encountered this or if there is a standard procedure. I'm currently trying to find documentation on the exact way Apple Pay verification interacts with this file to see if we can produce it dynamically.

Similar Issue to FB13556935: On iOS 26.3.1, deviceactivityd produces zero log output and never wakes a DeviceActivityMonitor extension at the scheduled time, even when the schedule is successfully registered. The extension's intervalDidStart(for:) method is never called. Steps to Reproduce: Create an app with a DeviceActivityMonitor extension subclass Add the com.apple.developer.family-controls entitlement to both the main app and extension targets Add a shared App Group entitlement to both targets In the main app, call: let center = DeviceActivityCenter() center.stopMonitoring([.myActivity]) let schedule = DeviceActivitySchedule( intervalStart: DateComponents(hour: 17, minute: 30), intervalEnd: DateComponents(hour: 17, minute: 45), repeats: true ) try center.startMonitoring(.myActivity, during: schedule) Verify registration succeeds: DeviceActivityCenter().activities.contains(.myActivity) returns true Background the app completely and wait for the intervalStart time (5:30 PM in this example) Expected Result: intervalDidStart(for:) is called in the extension process at 5:30 PM. ManagedSettings shields are applied without any user interaction. Actual Result: intervalDidStart(for:) is never called. No extension process is launched. Filtering Console.app for deviceactivityd on the device returns 0 messages — the daemon produces no logs whatsoever despite an active registered schedule. Shields are never applied. Additional Evidence: Third-party apps using DeviceActivity (e.g. Prayer Lock) successfully apply shields at scheduled times on the same device and OS version, confirming the framework is not universally broken Filtering Console.app for the app's bundle ID at the trigger time shows the main app process applying shields via a UNCalendarNotificationTrigger fallback — but no extension process activity DeviceActivityCenter().activities correctly lists the registered activity before and after the trigger time, confirming the schedule registration API is functional Environment: iOS 26.3.1 Physical device (required for FamilyControls) Development-signed build with com.apple.developer.family-controls entitlement provisioned App Group shared between main app and extension targets

Hello! I have app (macos and iPadOS platforms) with empbedded DEXT. The DEXT executable runs fine on both platforms (ver 26.2). Trying to execute from iPad App code: let sysExtWs = OSSystemExtensionsWorkspace.shared let sysExts = try sysExtWs.systemExtensions(forApplicationWithBundleID: appBudleId) but always getting OSSystemExtensionError.Code.missingEntitlement error. Which entitlement am I missing? Thank You!

Mounting NFS to the application's own container directory using NetFSMountURLSync failed. Mounted to /Users/li/Library/Containers/com.xxxxx.navm.MyNavm/Data/Documents/NFSMount Do sandbox applications not allow mounting NFS cloud storage? code: // 1. NFS 服务器 URL（指定 NFSv3） let urlString = "nfs://192.168.64.4/seaweed?vers=3&resvport&nolocks&locallocks&soft&intr&timeo=600" guard let nfsURL = URL(string: urlString) else { os_log("❌ 无效的 URL: %@", log: netfsLog, type: .error, urlString) return } // 2. 挂载点（必须在沙盒容器内） let fileManager = FileManager.default guard let documentsURL = fileManager.urls(for: .documentDirectory, in: .userDomainMask).first else { os_log("❌ 无法获取 Documents 目录", log: netfsLog, type: .error) return } let mountPointURL = documentsURL.appendingPathComponent("NFSMount", isDirectory: true) // 创建挂载点目录 do { try fileManager.createDirectory(at: mountPointURL, withIntermediateDirectories: true, attributes: nil) os_log("✅ 挂载点目录已准备: %@", log: netfsLog, type: .info, mountPointURL.path) } catch { os_log("❌ 创建挂载点目录失败: %@", log: netfsLog, type: .error, error.localizedDescription) return } // 3. 挂载选项（使用 NSMutableDictionary 以匹配 CFMutableDictionary） let mountOptions = NSMutableDictionary() // 如果需要，可以添加选项，例如： // mountOptions[kNetFSNoUserAuthenticationKey as String] = true // 4. 调用 NetFSMountURLSync var mountPoints: Unmanaged<CFArray>? = nil let status = NetFSMountURLSync( nfsURL as CFURL, mountPointURL as CFURL, nil, // user nil, // password nil, // open_options mountOptions, // 直接传递 NSMutableDictionary，自动桥接为 CFMutableDictionary &mountPoints ) log: 0 sandboxd: (TCC) [com.apple.TCC:cache] REMOVE: (kTCCServiceSystemPolicyAppData, <Credential (0x7ed0b4230) | Audit Token, 42834.109774/501>) 2026-03-03 21:38:27.656702+0800 0x2de8d8 Info 0x867e9d 408 0 sandboxd: (TCC) [com.apple.TCC:cache] SET: (kTCCServiceSystemPolicyAppData, <Credential (0x7ed0b4230) | Audit Token, 42834.109774/501>) -> <Authorization Record (0x7ecca8180) | Service: kTCCServiceSystemPolicyAppData, AuthRight: Unknown, Reason: None, Version: 1, Session pid: 42832, Session pid version: 109769, Boot UUID: 7DDB03FC-132C-4E56-BA65-5C858D2CC8DD, > 2026-03-03 21:38:27.656753+0800 0x2de8d8 Default 0x867e9d 408 0 sandboxd: (libxpc.dylib) [com.apple.xpc:connection] [0x7ecc88640] invalidated after the last release of the connection object 2026-03-03 21:38:27.656772+0800 0x2de8d8 Debug 0x867e9b 408 0 sandboxd: (TCC) [com.apple.TCC:access] disposing: 0x7ecc3aa80(OS_tcc_message_options) 2026-03-03 21:38:27.656779+0800 0x2de8d8 Debug 0x867e9b 408 0 sandboxd: (TCC) [com.apple.TCC:access] disposing: 0x7ecc44820(OS_tcc_server) 2026-03-03 21:38:27.656788+0800 0x2de8d8 Info 0x867e9b 408 0 sandboxd: [com.apple.sandbox:sandcastle] kTCCServiceSystemPolicyAppData would require prompt by TCC for mount_nfs