I have a macOS VPN app with a Network Extension (packet tunnel provider) distributed outside the App Store via Developer ID. Everything works perfectly when running from Xcode. After archiving and exporting for Developer ID distribution, the extension launches but immediately gets killed by nesessionmanager. The error: Signature check failed: code failed to satisfy specified code requirement(s) followed by: started with PID 0 status changed to disconnected, last stop reason Plugin failed What makes this interesting: the extension process does launch. AMFI approves it, taskgated-helper validates the provisioning profile and says allowing entitlement(s) due to provisioning profile, the sandbox is applied, PacketTunnelProvider is created — but then Apple's Security framework internally fails the designated requirement check and nesessionmanager kills the session. Key log sequence: taskgated-helper: Checking profile: Developer ID - MacOS WireGuardExtension taskgated-helper: allowing entitlement(s) for com.xx.xx.WireGuardNetworkExtension due to provisioning profile (isUPP: 1) WireGuardNetworkExtensionMac: AppSandbox request successful WireGuardNetworkExtensionMac: creating principle object: PacketTunnelProvider WireGuardNetworkExtensionMac: Signature check failed: code failed to satisfy specified code requirement(s) nesessionmanager: started with PID 0 error (null) nesessionmanager: status changed to disconnected, last stop reason Plugin failed Setup: macOS 15, Xcode 16 Developer ID Application certificate Manual code signing, Developer ID provisioning profiles with Network Extensions capability Extension in Contents/PlugIns/ (standard appex, not System Extension) Extension entitlement: packet-tunnel-provider-systemextension NSExtensionPointIdentifier: com.apple.networkextension.packet-tunnel codesign --verify --deep --strict PASSES on the exported app Hardened runtime enabled on all targets What I've verified: Both app and extension have matching TeamIdentifier Both are signed with the same Developer ID Application certificate The designated requirement correctly references the cert's OIDs The provisioning profiles are valid and taskgated-helper explicitly approves them No custom signature validation code exists in the extension — the "Signature check failed" comes from Apple's Security framework What I've tried (all produce the same error): Normal Xcode archive + export (Direct Distribution) Manual build + sign script (bypassing Xcode export entirely) Stripping all signatures and re-signing from scratch Different provisioning profiles (freshly generated) Comparison with official WireGuard app: I noticed the official WireGuard macOS app (which works with Developer ID) uses packet-tunnel-provider (without -systemextension suffix) in its entitlements. My app uses packet-tunnel-provider-systemextension. However, I cannot switch to the non-systemextension variant because the provisioning profiles from Apple Developer portal always include the -systemextension variants when "Network Extensions" capability is enabled, and AMFI rejects the mismatch. Questions: Is there a known issue with packet-tunnel-provider-systemextension entitlement + PlugIn-based Network Extension + Developer ID signing? Should the extension be using packet-tunnel-provider (without -systemextension) for Developer ID distribution? If so, how do I get a provisioning profile that allows it? The "Signature check failed" happens after taskgated-helper approves the profile — what additional code requirement check is the NE framework performing, and how can I satisfy it? Any guidance would be appreciated. I've exhausted all signing approaches I can think of.

We are implementing Apple Pay In-App Provisioning (EV_ECC_v2) for our EU app. The same codebase and encryption logic works successfully for our main app (different bundle ID and Adam ID), but the EU app consistently fails with HTTP 500. Environment: Entitlement: Granted (Case-ID: 18772317) Encryption scheme: EV_ECC_v2 Issue: During In-App Provisioning, the iOS app successfully obtains certificates, generates cryptographic material (encryptedCardData, activationData, ephemeralPublicKey), and POSTs to Apple's broker endpoint. The request fails at: Endpoint: POST /broker/v4/devices/{SEID}/cards Response: HTTP 500 with an HTML error page (not a JSON business error) <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>Apple</center> </body> </html> Key observations: Our main app (different bundle ID/Adam ID) uses identical encryption code, private keys, and key alias — and works correctly in production. Manual card provisioning through Apple Wallet on the same device succeeds. The entitlement com.apple.developer.payment-pass-provisioning is confirmed present in the provisioning profile (verified via codesign). The 500 response is HTML rather than JSON, suggesting the request is rejected at the gateway level before reaching Apple Pay business logic. What we've verified: Entitlement correctly configured in provisioning profile ephemeralPublicKey is in uncompressed format (65 bytes, starts with 0x04) encryptionVersion is EV_ECC_v2 No double Base64 encoding Question: Could you please check whether Adam ID 6745866031 has been correctly added to the server-side allow list for In-App Provisioning in the production environment? Given the HTML 500 (not JSON) and that the identical code works for our other app, we suspect this may be an allow list or account configuration issue rather than a cryptography error. I will follow up with a Feedback Assistant ID including sysdiagnose logs shortly, per the steps outlined in https://aninterestingwebsite.com/forums/thread/762893

I am seeing an issue with NETransparentProxyProvider where the extension successfully transitions from sleep to wake, but stops receiving handleNewFlow(_:) calls. Only below two methods gets called, We don't apply rules in these methods: override func wake() override func sleep(completionHandler: @escaping () -> Void) This breaking complete proxy workflow as it stops intercepting traffics. We are not observing this issues always. FYI: com.apple.developer.endpoint-security.client is not present in .entitlement file. I am not sure adding this will help. Any possibilities nesessionmanager might fail to re-bind the traffic rules for this extensions? Any thing we can do to avoid this issues?

Hi everyone, I'm building an iOS app using Capacitor 6 with Swift Package Manager (SPM). I have a custom native plugin (AppleIAPPlugin) for StoreKit 2 In-App Purchases that lives in the App target (not as an SPM package). Despite compiling successfully, the JavaScript bridge throws: "AppleIAP" plugin is not implemented on ios Setup AppleIAPPlugin.swift: swift import Foundation import Capacitor import StoreKit @objc(AppleIAPPlugin) public class AppleIAPPlugin: CAPPlugin, CAPBridgedPlugin { public let identifier = "AppleIAPPlugin" public let jsName = "AppleIAP" public let pluginMethods: [CAPPluginMethod] = [ CAPPluginMethod(name: "getProducts", returnType: CAPPluginReturnPromise), CAPPluginMethod(name: "purchase", returnType: CAPPluginReturnPromise), CAPPluginMethod(name: "restorePurchases", returnType: CAPPluginReturnPromise), CAPPluginMethod(name: "getCurrentEntitlements", returnType: CAPPluginReturnPromise), CAPPluginMethod(name: "openManageSubscriptions", returnType: CAPPluginReturnPromise), ] @objc func getProducts(_ call: CAPPluginCall) { /* StoreKit 2 implementation */ } @objc func purchase(_ call: CAPPluginCall) { /* ... */ } // etc. } AppleIAPPlugin.m: objc #import <Foundation/Foundation.h> #import <Capacitor/Capacitor.h> CAP_PLUGIN(AppleIAPPlugin, "AppleIAP", CAP_PLUGIN_METHOD(getProducts, CAPPluginReturnPromise); CAP_PLUGIN_METHOD(purchase, CAPPluginReturnPromise); CAP_PLUGIN_METHOD(restorePurchases, CAPPluginReturnPromise); CAP_PLUGIN_METHOD(getCurrentEntitlements, CAPPluginReturnPromise); CAP_PLUGIN_METHOD(openManageSubscriptions, CAPPluginReturnPromise); ) MyBridgeViewController.swift (custom bridge to register the plugin): swift import UIKit import Capacitor class MyBridgeViewController: CAPBridgeViewController { override open func capacitorDidLoad() { bridge?.registerPluginType(AppleIAPPlugin.self) } } Main.storyboard points to MyBridgeViewController (module: App) instead of CAPBridgeViewController. TypeScript side: typescript import { registerPlugin } from "@capacitor/core"; export const AppleIAP = registerPlugin("AppleIAP"); What I've verified Both .swift and .m files are in the Xcode project's Compile Sources build phase nm on the compiled binary confirms OBJC_CLASS_$_AppleIAPPlugin symbol exists The build succeeds with zero errors Other SPM-based Capacitor plugins (Share, Media, NativeAudio) work fine — they have pluginMethods and jsName symbols in the binary; my custom plugin does NOT A bridging header (App-Bridging-Header.h) is configured with #import <Capacitor/Capacitor.h> What I've tried (all failed) .m file with CAP_PLUGIN macro only (no CAPBridgedPlugin in Swift) Added CAPBridgedPlugin protocol conformance to Swift class Created MyBridgeViewController subclass with registerPluginType() in capacitorDidLoad() Removed/added override public func load() method Added #import <Foundation/Foundation.h> to .m file Various bridging header configurations Multiple clean builds and derived data wipes Environment Xcode 16 Capacitor 6 (via SPM, binary xcframework) iOS 17+ deployment target Physical device testing (not simulator) Question How should a custom plugin in the App target be registered with Capacitor 6 when using SPM? The SPM-based plugins from node_modules get auto-discovered, but my custom plugin in the App target does not. Is there a step I'm missing to make registerPluginType() work, or should I structure my custom plugin as a local SPM package instead? Any guidance would be greatly appreciated.

Hey Apple team, I'd love to see a native wind animation layer added to Apple Maps and MapKit. A built-in, system-level wind visualization — similar to the animated weather layers seen in third-party apps — would be an incredibly powerful tool for developers building weather, aviation, marine, outdoor recreation, and navigation apps. Having this baked natively into MapKit would mean smoother performance, better battery efficiency, and a consistent experience across iOS, iPadOS, and macOS — rather than every developer having to reinvent the wheel with custom particle systems or third-party SDKs. Please Apple — this would be a fantastic addition to the Maps ecosystem. 🌬️🗺️

This discussion is for iOS/iPadOS. I've written an NEAppProxyProvider network extension. I'd like to test it. I thought that using the "NETestAppMapping" dictionary was a way to get there, but when I try to instantiate an NEAppProxyProviderManager to try to install stuff, the console tells me "must be MDM managed" and I get nowhere. So can someone tell me, can I at least test the idea without needing to first get MDM going? I'd like to know if how I'm approaching the core problem even makes sense. My custom application needs to stream video, via the SRT protocol, to some place like youtube or castr. The problem is that in the environment we are in (big convention centers), our devices are on a LAN, but the connection from the LAN out to the rest of the world just sucks. Surprisingly, cellular has better performance. So I am trying to do the perverse thing of forcing traffix that is NOT local to go out over cellular. And traffic that is completely local (i.e. talking to a purely local server/other devices on the LAN) happens over ethernet. [To simplify things, wifi is not connected.] Is an app proxy the right tool for this? Is there any other tool? Unfortunately, I cannot rewrite the code to force everything through Apple's Network framework, which is the one place I know we can say "use cellular." [E.g. URLSession() has absolutely no way of forcing cellular, and even so, the low level streaming library I use is written with raw sockets, and its not feasible for me to rewrite it.] Any other suggestions of how to accomplish this "send non-local traffic to cellular, all local traffic out over ethernet" gratefully welcomed!

I've been working on an app. It uses iCloud syncing. 48 hours ago everything was working 100%. Make a change on the iPhone it immediately changed on the Mac. Change on the Mac, it immediately changed on the iPhone. I didn't work on it yesterday. I updated to iOS26.4 on the iPhone and 26.4 on the Mac yesterday instead. Today, I pull up the project again. I made NO changes to the code or settings. Make a change on the iPhone it immediately updates on the Mac. Make a change on the Mac, nothing happens on the iPhone. I've waited an hour, and the change never happens. If you leave the iPhone app, then return, it updates as it should. It appears that iCloud's silent notification is to being received by the iPhone. Anyone else having the issue? Is there something new with iOS 26.4 that needs to be adjusted to get this to work? Again, works flawlessly with the Mac, just not with the iPhone.

Hi everyone, I have a SwiftUI app using CKQuerySubscription on the public database for social notifications (friend requests, recommendations, etc.). Push notifications work perfectly in the Development environment but never fire in Production (TestFlight). Setup: iOS 26.4, Xcode 26, Swift 6 Container: public database, CKQuerySubscription with .firesOnRecordCreation 5 subscriptions verified via CKDatabase.allSubscriptions() registerForRemoteNotifications() called unconditionally on every launch Valid APNS device token received in didRegisterForRemoteNotificationsWithDeviceToken Push Notifications + Background Modes (Remote notifications) capabilities enabled What works: All 5 subscriptions create successfully in Production Records are saved and queryable (in-app CloudKit fetches return them immediately) APNS production push works — tested via Xcode Push Notifications Console with the same device token, notification appeared instantly Everything works perfectly in the Development environment (subscriptions fire, push arrives) What doesn't work: When a record is created that matches a subscription predicate, no APNS push is ever delivered in Production Tested with records created from the app (device to device) and from CloudKit Dashboard — neither triggers push Tried: fresh subscription IDs, minimal NotificationInfo (just alertBody), stripped shouldSendContentAvailable, created an APNs key, toggled Push capability in Xcode, re-deployed schema from dev to prod Additional finding: One of my record types (CompletionNotification) was returning BAD_REQUEST when creating a subscription in Production, despite working in Development. Re-deploying the development schema to production (which reported "no changes") fixed the subscription creation. This suggests the production environment had inconsistent subscription state for that record type, possibly from the type being auto-created by a record save before formal schema deployment. I suspect a similar issue may be affecting the subscription-to-APNS pipeline for all my record types — the subscriptions exist and predicates match, but the production environment isn't wiring them to APNS delivery. Subscription creation code (simplified): let subscription = CKQuerySubscription( recordType: "FriendRequest", predicate: NSPredicate(format: "receiverID == %@ AND status == %@", userID, "pending"), subscriptionID: "fr-sub-v3", options: [.firesOnRecordCreation] ) let info = CKSubscription.NotificationInfo() info.titleLocalizationKey = "Friend Request" info.alertLocalizationKey = "FRIEND_REQUEST_BODY" info.alertLocalizationArgs = ["senderUsername"] info.soundName = "default" info.shouldBadge = true info.desiredKeys = ["senderUsername", "senderID"] info.category = "FRIEND_REQUEST" subscription.notificationInfo = info try await database.save(subscription) Has anyone encountered this? Is there a way to "reset" the subscription-to-APNS pipeline for a production container? I'd really appreciate any guidance on how to resolve and get my push notifications back to normal. Many thanks, Dimitar - LaterRex

Hello, I got Purchase Error Couldn’t communicate with a helper application. when button 'Buy Pro' clicked in my app it uses storekit subscription created (correct id in configuration.storekit) got this error in console: Purchase did not return a transaction: Error Domain=ASDErrorDomain Code=5115 "Received failure in response from Xcode" UserInfo={NSDebugDescription=Received failure in response from Xcode, NSUnderlyingError=0xc5bc1c510 {Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service created from an endpoint was invalidated from this process." UserInfo={AMSDescription=An unknown error occurred. Please try again., AMSURL=http://localhost:49913/WebObjects/MZBuy.woa/wa/inAppBuy, NSDebugDescription=The connection to service created from an endpoint was invalidated from this process., AMSStatusCode=200, AMSServerPayload={ "app-list" = ( Thx for any help : )

We are developing an app which allows users to generate a HSBC virtual card using Mastercard API and add this card to an apple wallet. Staging test was passed successfully, but we are stuck in a production test phase. T&C is not even visible, 'Card is not added' is popped on a screen before that. User taps “Add to Apple Wallet” → we present PKAddPaymentPassViewController → they tap Next → after a few seconds the flow fails with "Set Up Later" alert. FB22332303 (MCDeanPortal app: In-App Provisioning Production Test fails) Thank you

In my Notification Service Extension I'm doing two things in parallel inside didReceive(_:withContentHandler:): Downloading and attaching a rich media image (the standard content modification work) Firing a separate analytics POST request (fire-and-forget I don't wait for its response) Once the image is ready, I call contentHandler(modifiedContent). The notification renders correctly. What I've observed (via Proxyman) is that the analytics POST request completes successfully after contentHandler has already been called. My question: Why does this network request complete? Is it because: (a) The extension process is guaranteed to stay alive for the full 30-second budget, even after contentHandler is called so my URLSession task continues executing during the remaining time? (b) The extension process loses CPU time after contentHandler but remains in memory for process reuse and the request completes at the socket/OS level without my completion handler ever firing? (c) Something else entirely? I'd like to understand the documented behaviour so I can decide whether it's safe to rely on fire-and-forget network requests completing after contentHandler, or whether I need to ensure the request finishes before calling contentHandler.

Hello! currently I got a massive issue after upgrading all 10.000 Macs from macOS 26.3 to 26.3.1 or 26.4 and running some programs/apps on it which are currently not running because we need to read out the Hardware UUID. After the Update to macOS 26.3.1 and 26.4 the Terminal for the command system_profiler SPHardwareDataType is return an additional line: % system_profiler SPHardwareDataType 2026-03-25 11:28:17.939 system_profiler[73588:434733] hw.cpufamily: 0x1b588bb3 Hardware: bevor the Update the response was: %system_profiler SPHardwareDataType Hardware: Why I am getting this extra line "2026-03-25 11:28:17.939 system_profiler[73588:434733] hw.cpufamily: 0x1b588bb3" with a timestamp and system_profilder + hw.cpufamily as response? How can I disable this? Also the difference is with the command: system_profiler -json SPHardwareDataType Above version macOS 26.3.1 I will get an percentage sign in the Output - this is not a valid json! ...(shorten)    }   ] }%   on macOS version 26.3 and lower the response is: ...(shorten)      }   ] }

Test File attachment README.txt

Currently I have an app which is completely free for all the users, I might have future versions where I will introduce paid version, where I will surely use Apple IAP and Revenue CAT. How should I clarify this to App store? Should I tell only what I am doing today, or also tell what I will do in future and keep Apple IAP in my conversation?

token：eb3b63ab94b136f6d25a86d48bb4b7ff20377e393f137cb4f43b17560112bf51 msgId：67d4c88d-61b1-4f51-df0b-2efa022fd672 机型：iPhone7 系统：iOS 15.8.3 问题描述：后端服务器调用苹果提供的pushKit推送API且已成功返回上述msgId，客户端App也已经实现对应的CallKit方法reportNewIncomingCall，但没有收到对应的推送，这是什么原因呢？

[FB22327481] We are observing a rare issue where alarms scheduled using AlarmKit occasionally fire exactly at 12:00 AM, even though the alarm was scheduled for a different time. This issue happens only for a very small number of users (for example, 1–2 users per several thousand per day), but multiple reports confirm that the alarm goes off exactly at midnight. We also found that other developers are experiencing the same issue: https://aninterestingwebsite.com/forums/thread/815714 Observed behavior For a small number of users: Alarm fires at exactly 00:00 (midnight) This happens even when the scheduled alarm time is something like 7:30 AM Happens rarely Hard to reproduce internally Appears to happen only on real devices in production Additional notes We are using AlarmKit fixed schedules (not relative) Dates passed to AlarmKit are correct at scheduling time We do not intentionally create midnight alarms Issue seems random Question Are there any known limitations or edge cases with AlarmKit fixed schedules that could cause alarms to fire at midnight? For example: Invalid date fallback? Schedule expiration fallback? Time zone changes? Background refresh timing? Maximum schedule window? Any guidance would be appreciated, as this is affecting real users but is difficult to reproduce.

Issue: after going through configuration steps for app clips, when I scan my QR code, my app clip does not appear, instead safari attempts to open the url as a web page. note: my aasa endpoint is never even getting called when scanning the QR code. Setup: App uninstalled in accordance with Apple Documentation "Users don’t install App Clips, and App Clips don’t appear on the Home Screen. Similarly, testers don’t install the beta version of your App Clip" testflight installed in accordance with Apple Documentation My app's Build 1.51.9 (1) uploaded and greenlit in testflight. My apple email is added as an internal tester is the same as my Apple ID for the device used. I have provided an aasa for the path: .well-known/apple-app-site-association. Here is my full url: https://akin-server-side-staging.onrender.com/.well-known/apple-app-site-association. { "appclips": { "apps": [ "8PJ28P9ZZ8.com.ElevatedUnderdogs.akin1.Clip" ] }, "applinks": { "details": [ { "components": [ { "/": "/appClips/referral/venueToUser" } ], "appIDs": [ "8PJ28P9ZZ8.com.ElevatedUnderdogs.akin1" ] } ] } } Here are my entitlements for my parent target: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>aps-environment</key> <string>development</string> <key>com.apple.developer.applesignin</key> <array> <string>Default</string> </array> <key>com.apple.developer.associated-domains</key> <array> <string>applinks:akin-server-side.onrender.com</string> <string>applinks:akin-server-side-staging.onrender.com</string> <string>appclips:akin-server-side-staging.onrender.com</string> <string>appclips:akin-server-side.onrender.com</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.com.ElevatedUnderdogs.akin1</string> </array> </dict> </plist> Here are the entitlements for my app clip target: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.associated-domains</key> <array> <string>applinks:akin-server-side-staging.onrender.com</string> <string>applinks:akin-server-side.onrender.com</string> </array> <key>com.apple.developer.parent-application-identifiers</key> <array> <string>$(AppIdentifierPrefix)com.ElevatedUnderdogs.akin1</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.com.ElevatedUnderdogs.akin1</string> </array> </dict> </plist> On App Store Connect in the Testflight section for this project and build: Build 1.51.9 (1), Test Information -> App Clip Invocations I have the following: copy pasted for convenience: "no variables":"https://akin-server-side-staging.onrender.com/appClips/referral/venueToUser", "Jeff referral":"https://akin-server-side-staging.onrender.com/appClips/referral/venueToUser?venueID=ChIJVaPxJnCej4ARyxiB9Tt2tG8&referrerName=Jeff" Here is the QR code I attempted to scan, https://akin-server-side-staging.onrender.com/appClips/referral/venueToUser?venueID=ChIJVaPxJnCej4ARyxiB9Tt2tG8&referrerName=Jeff

I want to write a CryptoTokenKit plugin to be used to unlock FileVault. I understand macOS already provides such a plugin for a PIV smart card https://support.apple.com/en-mz/guide/deployment/dep806850525/web Perfect. I want to do the same for a non-PIV smart card. So I have to provide my own CryptoTokenKit plugin. I already implemented a smart card plugin TKSmartCardToken. I can use it so pair the user with the smart card and use the smart card to login (except for the 1st login when the disk is still encrypted). As far as I understand for preboot I need to provide a "persistent token" https://support.apple.com/en-mz/guide/deployment/dep4e2622249/web From Xcode I created an empty application, and added a "Persistent Token Extension" (instead of a "Smart Card Token Extension"). After built I can see my new token in the output of "pluginkit -m -p com.apple.ctk-tokens". My questions: how and when is my plugin loaded? I added calls to os_log_error() in all the empty methods created by the Xcode template but I do not find my log messages in the console Apple provides a sample code for an old (2016) PIV token in https://aninterestingwebsite.com/library/archive/samplecode/PIVToken/Introduction/Intro.html Is the source code of the PIV token used at pre-boot also available? Thanks

I'd like to create a small helper app for new students do read/write User default settings. Since it was not possible using the UserDefaults class I decided to use the "/usr/bin/defaults". Unfortuntely it seems not to return anything. Debug output shows "Got data: 0 bytes" Here is a sample code: import SwiftUI func readDefaults(domain : String, key :String) -> String { let cmdPath = "/usr/bin/defaults" //let cmdPath = "/bin/ls" let cmd = Process() let pipe = Pipe() cmd.standardOutput = pipe cmd.standardError = pipe cmd.executableURL = URL(fileURLWithPath: cmdPath, isDirectory: false, relativeTo: nil) cmd.arguments = ["read", domain, key] //cmd.arguments = ["/", "/Library"] print("Shell command: \(cmdPath) \(cmd.arguments?.joined(separator: " ") ?? "")") var d : Data? do { try cmd.run() d = pipe.fileHandleForReading.readDataToEndOfFile() cmd.waitUntilExit() } catch let e as NSError { return "ERROR \(e.code): \(e.localizedDescription)" } catch { return "ERROR: call failed!" } // get pipe output and write is to stdout guard let d else { return "ERROR: Can't get pipe output from command!" } print("Got data: \(d)") if let s = String(data: d, encoding: String.Encoding.utf8) { print("Got result: \(s)") return s } else { return "ERROR: No output from pipe." } } struct ContentView: View { let foo = readDefaults(domain: "com.apple.Finder", key: "ShowHardDrivesOnDesktop") var body: some View { VStack { Text("ShowHardDrivesOnDesktop: \(foo.description)") } .padding() } } #Preview { ContentView() } This code works well e.g. for "ls" when the comments are changed for cmdPath and cmd.arguments. What do I miss in order to get it working with defaults?

Hello, iOS 26.4 has new APIs which is great. This brings new capability and updated permissions "flow". However as soon as we add the "Family Controls App and Website Usage" capability, then anyone on iOS 26.4 and above can either only approve full access or no access at all. (https://aninterestingwebsite.com/documentation/familycontrols/authorizationstatus/approvedwithdataaccess) The previous permission is impossible to obtain. Am I missing something? Is this intended behavior? We can imagine a situation where the user doesn't want to give full access (perhaps because the permissions screen says the app is able to see usage - which is not correct) but they still want to approve Screen Time permissions so the app can apply shields and what not. Thanks.