The 'unique' attribute is a really nice feature, BUT. In some of my apps, the unique identifier for an object is a combination of multiple attributes. (Example: a book title is not unique, but a combination of book title and author list is.) How do I model this with SwiftData? I cannot use @Attribute(.unique) on either the title OR the author list, but I want SwiftData to provide the same "insert or update" logic. Is this possible?

I added my first subscription to my app using StoreKit's SubscriptionStoreView. Everything worked as expected in the debug environment and also in TestFlight. So I submitted my app and subscriptions to App Store Connect, got everything Approved and released. After updating my app through App Store and checking the Subscription View, it just says "Subscription Unavailable. The subscription is unavailable in the current storefront." I waited around 3 days and still getting the same message. Now the very strange behavior starts. I went to App Store Connect, I made and edit to the subscription description, saved, removed the edit, saved, and submitted to review. 15 minutes later the subscriptions appear in my app and everything works as expected. After getting the edit approved, the Subscription View in my app again only showed the message "Subscription Unavailable. The subscription is unavailable in the current storefront." No user is able to see the subscriptions anymore, even though it worked as expected before the edit was approved. So I did the same as before. Again, make an edit to the subscription description, save, remove the edit, save, submit to review. 15 minutes later the subscriptions are again available in my app and it works as expected. This is definitely not the expected behavior and submitting the subscription edits every day is wasting the App Review Team's time as well as mine. I contacted Apple Developer Support but I didn't get any reply back (at least yet). I am not the only one experiencing this. I found a friend online who has the exact same issue, and is able to temporarily solve it by making an edit to the subscription description as well. So far it has been a huge headache, and we are losing customers this way. Please if anyone has experience with this problem, or has any suggestions, they will be greatly appreciated. Thank you so much, Tomas

As per the US state law including SB2420 in Texas. We are suppose to meet their compliance. We have following queries Could you please confirm whether the provided Declared Age Range API framework is available for sandbox testing How does the API respond for a region other than Texas

Issue After upgrading to Tahoe 26.2, print queues monitored by PaperCut no longer work. The print queue gets paused, and the jobs fail to print. This issue was discovered during our internal testing prior to the Tahoe 26.2 public release, and a growing number of our mutual customers have also reported it since then. Root cause This appears to be due to changes in the behavior of CUPS Sandbox restrictions, which prevent the backend (and filter) from reading/writing to the PaperCut install folder. Error messages From syslog. 2025-12-22 16:41:59.283761+1100 0x1daf61 Error 0x0 0 0 kernel: (Sandbox) Sandbox: papercut(5783) deny(1) file-write-data /Library/Printers/PaperCut/Print Provider/print-provider.log When trying to create a TCP socket from the PaperCut filter. 2025-12-15 19:50:08,403 ERROR: os_tcp_socket_create: getaddrinfo failed: nodename nor servname provided, or not known Technical details PaperCut implements print queue monitoring using a CUPS backend (and filter). CUPS backends and filters run in a security 'sandbox' which limits what they can do (such as file/folder access, create network sockets, and execute sub-processes, etc.). The PaperCut backend (and filter) relies on some of these operations, so to function correctly, our code updates /etc/cups/cups-files.conf with "Sandboxing relaxed". Until 26.2, this relaxed mode allowed us to read/write to PaperCut folders, create TCP sockets to communicate with the local PaperCut Application Server, and execute/kill sub-processes. As an alternative to the relaxed mode, we also tried "Sandboxing off", but that doesn't help either (from CUPS scheduler/conf.h). typedef enum { CUPSD_SANDBOXING_OFF, /* No sandboxing */ CUPSD_SANDBOXING_RELAXED, /* Relaxed sandboxing */ CUPSD_SANDBOXING_STRICT /* Strict sandboxing */ } cupsd_sandboxing_t; Test code We can provide a simplified version of our backend that demonstrates the issue if required Questions Has the CUPS sandbox relaxing changed? According to the CUPS man pages (cups-files.conf(5)), "Sandboxing relaxed" should still work as before. If this is the new intended behavior, what are the other options/directives we can use to relax the limitations on CUPS backends and filters?

Our team is in the process of updating our apps to comply with Texas's new state law. In order to minimize user confusion and provide the most ideal flow to access the app as possible, we have a few questions we would like answered. Summary of questions: Is isEligibleForAgeFeatures intended to be accurate and accessible before the user has accepted the Age Range permissions prompt? As other US states and/or other countries adopt a similar law going forward, will this instance variable cover those locations? Will the runtime crashes on isEligibleForAgeFeatures and other symbols in the DeclaredAgeRange framework be addressed in a future RC or in the official release? Details and Investigations: With regards to isEligibleForAgeFeatures, our team has noticed that this value is always false before the age range prompt has been accepted. This has been tested on the XCode RC 26.2 (17C48). Assuming the request needs to be accepted first, isEligibleForAgeFeatures does not get updated immediately when the user chooses to share their age range (updated to true, when our sandbox test account is a Texas resident). Only upon subsequent relaunches of the app does this return a value that reflects the sandbox user's location. Is isEligibleForAgeFeatures intended to be accurate and accessible before the user has accepted the Age Range permissions prompt? This leads to our follow-up question to clarify whether isEligibleForAgeFeatures explicitly correlates to a user in an affected legal jurisdiction–if future US states and/or other countries adopt a similar law going forward, will this instance variable cover those locations? Can we also get confirmation about whether the runtime crash on isEligibleForAgeFeatures and other symbols in the DeclaredAgeRange framework will be addressed in a future RC or in the official release? Thank you.

We are experiencing an issue with StoreKit in the sandbox environment. When performing an SKProductsRequest, some or all of the product identifiers we provide are returning in invalidProductIdentifiers of SKProductsResponse, even though all of them are valid and approved. This issue started occurring today and seems intermittent—occasionally, a previously failing product identifier works after one or two retries without any changes on our end. We have verified that: All product identifiers are correctly configured and approved in App Store Connect. There are no recent changes to our product configuration. The same identifiers have worked previously without issue. Could you please assist us in identifying the cause of this behavior or let us know if there is an ongoing issue affecting StoreKit sandbox services? Thank you for your support.

I am working on an app for a home automation device. If I were using HomeKit exclusively I could add custom services or custom characteristics on standard services and these things would all be reported to my app via HomeKit. There is sample code from Apple that demonstrates how to do this. When a Matter device is commissioned using HomeKit you might expect custom clusters and/or custom attributes in a standard cluster would be translated to appropriate HomeKit services and characteristics, but this doesn't appear to be the case. Is there a way to have HomeKit do this? If not it seems I would need to use Matter directly rather than via HomeKit to access custom features. But if I commission the device using Matter in my app then I understand a new fabric is created and the device would not show in the Home app. Maybe the user needs to commission the device twice, once with my custom app and once with the Home app? That seems like a poor user experience to me. Perhaps that is the price paid for using a cross-platform standard? Is there a better way to get the same level of customization using Matter that I am able to get using HomeKit?

Some of our users encounter an issue after updating their iPhone/iPad to iOS 17.5.1. The tokens passed in the Shield Configuration extension don't match the tokens they selected in my app using the FamilyPicker before updating to iOS 17.5.1. It seems the tokens changed for no reason. My app can't match the token from the ShieldConfigurationDataSource to any tokens stored on my end, causing my shield screens to turn blank. The same applies to tokens in the Device Activity Report extension. The only workaround I've found is to tell affected users to unselect and reselect apps and websites to block in my app. This gets them new tokens from the FamilyActivityPicker, which solves the issue. However, for some users, the bug reoccurs a few days later. Tokens seem to change again, causing the same issue in the Shield Configuration extension. I am not able to reproduce the issue on my test devices so I have no sysdiagnose to attach. However, this issue is affecting other screen time apps: https://developer.apple.com/forums/thread/732845 https://forums.developer.apple.com/forums/thread/756440 FB14082790 FB14111223 A change in iOS 17.5.1 must have triggered this behaviour. Could an Apple engineer give us any updates on this?

Aloha. Opening and closing VPN tunnels results in as many utun interfaces as the amount of times the tunnel has been opened. These interfaces stay present and seem to be removed only upon system reboot. We are using the NetworkExtension as a SystemExtension on macOS to create the virtual interfaces. Is this the normal behaviour. Has anybody else experienced this? utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::8038:c353:17cd:c422%utun0 prefixlen 64 scopeid 0xf nd6 options=201<PERFORMNUD,DAD> utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000 inet6 fe80::cfb6:1324:d7e9:5d5%utun1 prefixlen 64 scopeid 0x10 nd6 options=201<PERFORMNUD,DAD> utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> utun7: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> utun8: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>

Hello, I'm currently experiencing issues with IAP subscription setup. The following error appears: "Billing Problem, There was a problem with your subscription renewal. To resolve, turn on Allow Purchases & Renewals, or leave off to test failed in-app purchase attempts and subscription renewals." I'm testing with a sandbox account, and automatic subscription renewal is turned on in the sandbox settings. A notification screen appears at the OS level, and consequently, a DID_FAIL_TO_RENEW error occurs on our payment server. I cannot determine the cause at all, so I would appreciate your assistance in checking this issue.

There is an issue with StoreKit. The line let products = try await StoreKit.Product.products(for: ids) doesn't always work correctly. Sometimes it returns an array with the correct data, and sometimes it returns an empty array. I'm passing the correct ids to products(for:). This problem only occurs when using the sandbox environment (in TestFlight builds). In the App Store version, everything works fine. StoreKit configuration is none. All IAPs are approved. Everything was working fine before this. The problem was discovered on May 1, 2025.

We had "Today widgets" that worked perfect for a long time. After introducing the new Widgets Extension we added a Widgets Bundle to our app. Now after every app update the old widgets disappear from "Today view" and can be bring back ONLY by rebooting the iPhone. Sometime when they disappear, in today view appears the first widget from the Widgets Bundle. I've tested other apps too and it happens every time to apps that support old and new widgets (Xiaomi Home app for example). Does anyone have a clue how to fix that?

I have a file that can not be removed. When I attempt rm -f /Applications/CrashPlan.app I get "Operation not permitted"Here is the scenario, CrashPlan.app was installed on the MacBook Pro (MacBookPro14,2) running 10.14.4. I found out it was an older version of CrashPlan so I downloaded the installer for the new version and ran it. The installed failed and left behind a file of size 0K.-rw-r--r--@ 1 root admin 0 Apr 11 11:43 CrashPlan.appI then tried to remove the 0K file in terminal with sudo rm -f /Applications/CrashPlan.app and that failed with operation not permitted. I then booted into Recovery mode and ran csrutil disable from terminal and rebooted.sudo rm -f /Applications/CrashPlan.app still failed with operation not permitted.I ran csrutil status in terminal to make sure that sip was disabled and got back: System Integrity Protection status: disabled.I tried booting into single user mode and mounted the drive and tried to rm from there and got the same result. So, from single user mode I did the following:mv /Applications /ApplicationsOLDmkdir /Applicationsmv /ApplicationsOLD/* /Applications/and got an error "Operation not permitted" for CrashPlan.apprebooted and was able to install the new version of CrashPlan, but now I have a folder /ApplicationsOLD that I can not get rid of.Any ideas?

Dove in and upgraded two Macs today to beta 1. Unfortunately, it appears L2TP VPN is broken or something changed in the way it works. I can longer get a connection to any VPN concentrator I used previously. I tested with Cisco Anyconnect SSL VPN client and can connect to the same concentrators (as they're configured to accept L2TP or SSL clients). I also tested from my phone running iOS 16 beta and it still works for the L2TP connections. The Mac not working with L2TP VPN ppp.log shows this Fri Jun 10 19:18:52 2022 : L2TP connecting to server 'IP removed' (IP removed)... Fri Jun 10 19:18:52 2022 : IPSec connection started Fri Jun 10 19:18:52 2022 : IPSec phase 1 client started Fri Jun 10 19:19:02 2022 : IPSec connection failed Connecting a Mac successfully on 12.4 the log shows Fri Jun 10 19:12:33 2022 : L2TP connecting to server 'IP removed' (IP removed)... Fri Jun 10 19:12:33 2022 : IPSec connection started Fri Jun 10 19:12:33 2022 : IPSec phase 1 client started Fri Jun 10 19:12:33 2022 : IPSec phase 1 server replied Fri Jun 10 19:12:34 2022 : IPSec phase 2 started Fri Jun 10 19:12:34 2022 : IPSec phase 2 established Fri Jun 10 19:12:34 2022 : IPSec connection established (and then a ton more lines of the entire process ending with client getting an IP that I won't bother posting) VPN wasn't high on my list of apps I was concerned about breaking with the beta. But, now that it is broke and I need it for work I'm kinda screwed myself. Anyway, if anyone knows a way to fix this please let me know.

Hi, I'm struggling with SwiftData and the components for migration and could really use some guidance. My specific questions are Is it possible to go from an unversioned schema to a versioned schema? Do all @Model classes need to be converted? Is there one VersionedSchema for the entire app that handles all models or one VersionedSchema per model? What is the relationship, if any, between the models given to ModelContainer in a [Schema] and the models in the VersionedSchema in a [any PersistentModel.Type] I have an app in the AppStore. I use SwiftData and have four @Models defined. I was not aware of VersionedSchema when I started, so they are unversioned. I want to update the model and am trying to convert to a VersionedSchema. I've tried various things and can't even get into the migration plan yet. All posts and tutorials that I've come across only deal with one Model, and create a VersionedSchema for that model. I've tried to switch the one Model I want to update, as well as switching them all. Of course I get different errors depending on what configuration I try. It seems like I should have one VersionedSchema for the app since there is the static var models: [any PersistentModel.Type] property. Yet the tutorials I've seen create a TypeNameSchemaV1 to go with the @Model TypeName. Which is correct? An AppNameSchemaV1 which defines four models, or four TypeNameSchemaV1? Any help will be much appreciated

I am using SwiftData for storage and have a view that uses the @Query property wrapper with a sort descriptor that points to a relationship on a model. In a release build on device running iOS 18.3, the app crashes. This is the line that crashes: @Query(sort: \Item.info.endDate, order: .reverse) private var items: [Item] Item has a relationship to ItemInfo, which is where the endDate property is defined. This code works in debug and on a simulator. In the project referenced here: https://github.com/lepolt/swiftdata-crash, change the scheme build configuration to “Release” and run on device. The app will crash. Using Xcode Version 16.2 (16C5032a) iPhone 12, iOS 18.3 (22D60)

~5% of our users when downloading the iOS application from the Apple Store for the first time are unable to enrol a Passkey and experience an error saying the application is not associated with [DOMAIN]. The error message thrown by the iOS credentials API is "The operation couldn't be completed. Application with identifier [APPID] is not associated with domain [DOMAIN]" We have raised this via the developer support portal with case id: 102315543678 Question: Why does the AASA file fail to fetch on app install and is there anything that can be done to force the app to fetch the file? Can this bug be looked at urgently as it is impacting security critical functionality? Other Debugging Observations We have confirmed that our AASA file is correctly formatted and hosted on the Apple CDN. Under normal circumstances the association is created on install and Passkey enrolment works as intended. We have observed that when customers uninstall/reinstall the app this often, but not always, resolves the issue. We also know this issue can resolve itself overtime without any intervention. We have ruled out network (e.g VPN) issues and have reproduced the issue across a number of different network configurations. We have ruled out the Keychain provider and have reproduced it across a variety of different providers and combinations of. We observed this across multiple versions of the iOS operating system and iPhone hardware including the latest hardware and iOS version.

Hi, Having an issue on one mac using Xcode 16.3 and simulator 18.4. macSO 15.4 We are checking for bonjour: authorizationBrowser = NWBrowser(for: .bonjour(type: "_bonjour._tcp", domain: nil), using: parameters) authorizationBrowser?.stateUpdateHandler = { [weak self] newState in switch newState { ... } } However at the command line we get the error: nw_browser_fail_on_dns_error_locked [B1] nw_browser_dns_service_browse_callback failed: PolicyDenied(-65570) Any idea why this is happening? or what this error means? Thanks Antz

I created an APNs Auth Key in the Apple Developer portal and downloaded it successfully once. Later, due to some issues, I revoked that key. After that, I created a new APNs Auth Key. The download button appears, but when I click it, I get the message: "Auth Key can only be downloaded once. This auth key has already been downloaded." This is incorrect because: The key is newly created in my account. I have tried multiple browsers (Safari, Chrome), private/incognito mode, and even a different laptop. I have no other active APNs Auth Keys in my account. Without this .p8 file, I cannot configure push notifications for my iOS app (using Firebase Cloud Messaging). This is blocking my production release. Has anyone else experienced this? Is there a way to reset or force a fresh APNs Auth Key when this happens?

I've read several topics on cancelling subscriptions in sandbox environment, but it seems to me that it could not be applied to TestFlight. I can cancel sandbox subscriptions through Settings > App Store > Sandbox account But since TestFlight does not use sandbox account I cannot cancel a sub from there. Also, TF purchase does not appear in the list of regular subscriptions (Settings > Profile > Media & Purchases). So my question is: is there any way to manually cancel auto-renewable subscription bought in TestFlight build of the app?