Apple has introduced the Wireless Insights Service Predictions capability in iOS 26. After prior alignment with Apple engineers, we are working to integrate this capability into the Douyin App, and intend to provide a TestFlight build for Apple engineers to validate and debug the integration. We have encountered a blocking issue with entitlement configuration: We use our Apple Developer Enterprise Program account to build and submit TestFlight builds. When we manually create and configure provisioning profiles via the Apple Developer Portal, the required entitlement key com.apple.developer.wireless-insights.service-predictions is not available for selection or inclusion in the profile's Entitlements. This completely blocks us from enabling, using, and validating the Wireless Insights Service Predictions capability. For comparison, when we use our Apple Developer Program individual account, the entitlement com.apple.developer.wireless-insights.service-predictions is fully available. It is automatically included in provisioning profiles generated for local debugging, and can also be manually added to custom provisioning profiles via the Apple Developer Portal without issues. We request assistance to resolve this entitlement access discrepancy for our Enterprise Program account, so that we can complete the integration and provide the TestFlight build for validation as planned.

I accidentally mis-copy-pasted when creating a new app identifier, and I can't create the correct one. I missed the leading "c" and I created An App ID with om.automaticduck.MyApp I deleted it, but now I can't create the correct one. The error says An attribute in the provided entity has invalid value An App ID with Identifier 'com.automaticduck.MyApp' is not available. Please enter a different string. Thank you for helping with what I need to do.

Unable to Verify App An internet connection is required to verify trust of the developer "Apple Development: John Doe (ABCXYZ123)". This app will not be available until verified. I've been getting this constantly over the last few weeks. It has been a real struggle to get anything done. Sometimes it goes away on its own after I try to launch the app a few times, but currently it's just staying down and I can't do any work. Apparently there were issues with some Apple server ppq.apple.com before. They seem to be back, because trying again right now: ping ppq.apple.com PING use1-ppq-ext-prod.apple.com (17.33.200.235): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 ^C --- use1-ppq-ext-prod.apple.com ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss ping apple.com PING apple.com (17.253.144.10): 56 data bytes 64 bytes from 17.253.144.10: icmp_seq=0 ttl=60 time=9.776 ms 64 bytes from 17.253.144.10: icmp_seq=1 ttl=60 time=8.726 ms ^C --- apple.com ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 8.726/9.251/9.776/0.525 ms This is incredibly disruptive. Surely there must be a way to disable this online verification? This is a development device that never leaves my desk and never installs any software except the things I build locally from my Mac (which I have trusted on the device).

I've successfully signed Unix apps manually in the past. Today (after signing the new agreement) I can get it to replace the existing signature but it says "rejected" when I check it. Here are the commands I'm using: michaelleahy@Michaels-Mini ~ % sudo codesign --force --deep --options runtime --sign "Developer ID Application: Bookup Corp. (6J8PUT****)” /Users/michaelleahy/Documents/theapp /Users/michaelleahy/Documents/theapp: replacing existing signature michaelleahy@Michaels-Mini ~ % spctl -a -vvvv -t install /Users/michaelleahy/Documents/theapp /Users/michaelleahy/Documents/theapp: rejected source=Unnotarized Developer ID origin=Developer ID Application: Bookup Corp. (6J8PUT****) Here is a command (issued right after the one above) showing an older signed app is accepted: michaelleahy@Michaels-Mini ~ % spctl -a -vvvv -t install /Users/michaelleahy/Documents/olderapp /Users/michaelleahy/Documents/olderapp: accepted source=Notarized Developer ID origin=Developer ID Application: Bookup Corp. (6J8PUT****) What might I be missing? Something changed since the last time I signed an app.

Hello, we are currently encountering a similar issue. We need to inject our capabilities into a third-party app by re-signing it (not a full re-signing process—just requiring the provisioning profile and certificate to match). However, this seems to affect the functionality of universal links. We've found that this issue only occurs on iOS 18. We noticed that when re-signing the app, the entitlements related to associated domains are changed to a wildcard: [Key] com.apple.developer.associated-domains [Value] [Array] [String] * However, this doesn’t cause any issues on iOS 17. Through further testing, we discovered that in order for universal links to work properly, we need to restore the original value of com.apple.developer.associated-domains and use a provisioning profile that matches the app's bundle ID. This means our previous re-signing approach using a certificate and provisioning profile from another bundle will no longer work. We’d like to ask: is this a new restriction introduced in iOS 18? If we manually restore the original com.apple.developer.associated-domains entitlement and use a provisioning profile that matches the app’s bundle ID, will universal links function correctly going forward?

we have organization account I'm the admin of team. and i have additional resources: Additional Resources Access to Reports Access to Certificates, Identifiers & Profiles. Access to Cloud Managed Distribution Certificate Create Apps Generate Individual API Keys Issues: i can't find my team certificate in Xcode I don't have access to https://developer.apple.com/account/resources/

*** Error: ERROR: [ContentDelivery.Uploader] Validation failed (409) Invalid Provisioning Profile. The provisioning profile included in the com.baiyun-shuniu.scss bundle [Payload/HBuilder.app] is invalid. [Missing code-signing certificate]. A distribution provisioning profile should be used when uploading apps to App Store Connect. (ID: e21c7a63-520f-49c5-8298-9afa3aa14dd5) 2025-05-13 09:23:20.382 INFO: [ContentDelivery.Uploader]

Hi everyone, I'm following up on this post I made earlier about an issue I'm having with FamilyControls and the DeviceActivityMonitor extension not working for external TestFlight testers. To briefly recap: I have official Apple approval for the com.apple.developer.family-controls entitlement (distribution) The entitlement is added to both my main app and the DeviceActivityMonitor extension The App Group is correctly configured for both targets On internal TestFlight builds, everything works as expected: app blocking works, the extension runs, and selected apps are shielded. On external TestFlight builds, users get the Screen Time permission prompt, can select apps to block, but nothing is blocked. Since that post, I submitted a Code Level Support request, and Apple asked me to file a bug report via Feedback Assistant. I did that almost a month ago. The only reply I’ve received since is that they can’t give a timeframe or guarantee it will be resolved. I'm stuck in limbo with no updates and no fix. This feature is critical to my app and I cannot launch without it. I’ve reached out to other developers who use app blocking, and none of them have run into this issue. My setup seems correct, and Apple has not said otherwise. If anyone has experienced something similar, found a workaround, or knows how to get real movement on a bug report like this, I would really appreciate any help. It’s been weeks, and I just want to launch my app. Thanks so much.

I am distributing a macOS application outside the App Store using Developer ID and need to provide provisioning profiles to customers for installation during the package installation process. I have two questions: How can I package and provide the provisioning profile(s) so that the customer can install them easily during the application installation process? Are there any best practices or tools that could simplify this step? In my case, there are multiple provisioning profiles. Should I instruct the customer to install each profile individually, or is there a way to combine them and have them installed all at once? Any guidance on the best practices for this process would be greatly appreciated.

You can now easily request access to managed capabilities for your App IDs directly from the new Capability Requests tab in Certificates, Identifiers & Profiles > Identifiers. With this update, view available capabilities in one convenient location, check the status of your requested capabilities, and see any notes from Apple related to your requests. Learn more about capability requests.

Hi everyone, After I recently changed my Apple ID (iCloud) password, my Developer ID certificate stopped working for signing macOS apps. Symptoms: Signing fails with the Developer ID certificate that was previously working fine. I tried re-downloading the certificate from my Apple Developer account and importing it into the Keychain, but the issue persists. It seems that the Developer ID identity is no longer trusted or properly linked to my system since the password change. Attempts: Re-downloaded and installed the certificate from the developer portal. Verified that the private key is present and linked. Checked keychain access and code-signing identity — everything appears normal, but the signed apps are rejected or the signing process fails. Blocking issue: I am unable to delete or revoke the Developer ID certificate on my account (Apple Support says it's not possible). Also, I can't create a new one due to the certificate limit. Questions: Is it expected for a Developer ID certificate to become invalid after changing the Apple ID password? Is there a recommended way to refresh or restore the certificate trust on macOS? How can I invalidate the current certificate and generate a new one if I'm stuck? Any insights or official guidance would be really appreciated. Thanks in advance!

Hello everyone, I'm facing a critical build issue related to Family Controls entitlements and would appreciate any insights or help from the community or Apple engineers. My Goal: I am trying to build and run my app on a physical device to test my DeviceActivityMonitor and ShieldConfigurationExtension. I have already been approved for the Family Controls (Development) entitlement. The Problem: When I try to build, Xcode fails with the following errors, preventing me from testing: For my DeviceActivityMonitor target: Provisioning profile "..." doesn't include the com.apple.developer.deviceactivity entitlement. For my SOSAppShieldExtension target: Provisioning profile "..." doesn't include the com.apple.developer.screen-time-api entitlement. The Core Evidence: This seems to be a server-side issue with how the provisioning profiles are generated. I have used the security cms -D -i command to inspect the downloaded .mobileprovision files. The inspection reveals that the profiles do contain the parent com.apple.developer.family-controls entitlement. However, they are missing the required child entitlements: The profile for my monitor extension is missing com.apple.developer.deviceactivity. The profile for my shield extension is missing com.apple.developer.screen-time-api. Troubleshooting Steps I've Already Taken: I believe I have exhausted all possible client-side fixes. Here is what I have tried over the past few days: Confirmed Approval: I am fully approved for the Family Controls (Development) entitlement. Enabled Capabilities: The "Family Controls" capability is checked and enabled for all three relevant App IDs (main app, monitor extension, shield extension) on the developer portal. Profile Regeneration: I have deleted and regenerated all provisioning profiles for all targets multiple times. Forcing a Server Refresh: I have toggled the "Family Controls" capability off, saved, and then toggled it back on and saved again for each App ID. Creating New Identifiers: I created a brand new, clean App ID for the DeviceActivityMonitor extension (com.sosapp.ios.devicemonitor) and created a new profile for it, but the error persists. Xcode Configuration: I am using manual signing in Xcode and have double-checked that each target is pointing to the correct, newly downloaded provisioning profile. I have also cleaned the build folder and deleted Derived Data multiple times. My Question: Given that my account is approved and the capability is enabled, but the generated profiles are provably missing the necessary child entitlements, this points directly to a bug in the profile generation service on Apple's backend. Has anyone else experienced this specific issue where the parent entitlement is present but the required child entitlements are missing? Is there a known workaround, or can an Apple engineer please investigate the profile generation for my Team ID? Any help would be greatly appreciated. Thank you!

I'm working on an app that needs access to device activity. When I add device activity entitlement, I'm getting Provisioning profile "..." doesn't include the com.apple.developer.deviceactivity entitlement. This is failing for both, the main app and the extension, and both have entitlements added. It is not clear how to add it to the profile, the provisioning profile is created/managed by XCode. When I remove the entitlement, I can build my app but it won't be able to use device activity data I reached out to Developer Support, and they sent me here. What is the right way to add device activity entitlement? I'm also seeing another issue with XCode Cloud builds. When I remove device activity entitlement. I can build my app w/o any issue, and I can also install it directly on my iPhone. However, XCode Cloud builds fail wit Run command: 'xcodebuild -exportArchive -archivePath /Volumes/workspace/tmp/d41fc2f1-4f39-4906-8941-112488e75f6c.xcarchive -exportPath /Volumes/workspace/adhocexport -exportOptionsPlist /Volumes/workspace/ci/ad-hoc-exportoptions.plist '-DVTPortalRequest.Endpoint=http://172.16.68.193:8089' -DVTProvisioningIsManaged=YES -IDEDistributionLogDirectory=/Volumes/workspace/tmp/ad-hoc-export-archive-logs -DVTSkipCertificateValidityCheck=YES -DVTServicesLogLevel=3' I suspect that it could be related to my app having DeviceActivityExtension but no device activity entitlement is present. Thanks, Peter.

Hello, when building and signing my application in a Github actions workflow, I am facing an issue on the latest version of xCode (16.4). This issue is resolved by downgrading to 16.3. My CI/CD pipeline is running headless and installing provisioning profile to ~/Library/MobileDevice/Provisioning Profiles.

I have 14 total devices, from way back. I am currently in a financial bind and can't renew just yet. BUT I am at past my time to reset the device list back to zero. But the screen to do that is behind the paid account. Catch 22 Can we fix it? As it stands I must email tech support, but this is a bug so I posted

I tried to create a new IOS provisioning profile and re-apply it to the app using Xcode to build it, but I got into trouble. The build is good, but it bounces when running the app. I would appreciate it if you could let me know what to do.

Anyone know how long it takes to get Apple to respond to a request for provisioning for endpoint security?

I added a new device and it's not recognizing the device model. This causes a message saying "Unable to verify" when signing an app. Has anyone else encountered this issue? This only happens with this one device, not others.

I have added an in-app purchase function into my app, and have enabled in-app purchase profile in developer portal(it's on by default and is marked gray in developer portal, I don't know if that's how it supposed to look like). I have issued the agreements and tried signing the app both manually and automatically, but neither of that worked. App can be built successfully in simulator but does not show the simulation window, but cannot build on real device or archive. Errors: Missing com.apple.developer.in-app-purchase, com.apple.developer.in-app-purchase.non-consumable, and com.apple.developer.in-app-purchase.subscription entitlements. Automatic signing failed Xcode failed to provision this target.

Hi, I am developing a iOS app with Packet Tunnel Provider Network Extension. I manage signing manually. I created a distribution provisioning profile. Then when I archive and click "validate" I get this error: Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, value 'url-filter-provider' for key 'com.apple.developer.networking.networkextension' So I run security cms -D -i profiles/vpn_distribution.mobileprovision and I see there <key>Entitlements</key> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>packet-tunnel-provider</string> <string>dns-proxy</string> <string>dns-settings</string> <string>relay</string> <string>url-filter-provider</string> <string>hotspot-provider</string> </array> Where are those coming from. My entitlement file has <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.my-app-group</string> </array> </dict> </plist> What is happening here. How can I get a provisioning profile that only has the entitlements that I actually need?