Hello, this may not be the correct place to ask this question so I apologize in advance if this is the case. We are currently having some issues when attempting to restore device back ups via iCloud that where previously enrolled to our MDM solution, as upon the restore no app data seems to be persisted over (we have tested restoring the backup on the same device and we have been able to have data persist between wipes) On the initial device we have ensured that the restrictions allowCloudKeychainSync allowManagedAppsCloudSync are set to true, and can see that the initial devices back up has the app data backed up, yet despite this data is not persisted when restoring from back up on a new device. On the device where the back up was initially done when restoring the applications are applied but indicated that they must be re-installed via our management console, once the app has been uninstalled and reinstalled the old data does show up, when applied to the new device our mdm solution pushes down the app.managed config but the device treats it as a new install. Could this possibly be due to us using Device Licensing when assigning apps? Or is it due to the intial device only performing a token update request when restoring and the new device going through the entire checkin proccess? Both devices are provisioned via DEP, and applications where assigned initially via VPP Any insight on this would be useful (For reference this is an MDM solution of our own making so we are attempting to sus out if there is a configuration issue we could be overlooking).

Hi,team: I need to distribute an mdm configuration file containing the "ServiceManagementManagedLoginItems" service to a large number of company-supervised computers, where com.apple.servicemanagement only supports macOS 13.0+. However, I cannot effectively distinguish whether the device system where the mdm configuration file needs to be installed is greater than 13. Can I directly install the mdm configuration file on all devices? Will installing the mdm configuration file on devices less than 13 have any impact on the system or other configuration items in mdm? The description link of ServiceManagementManagedLoginItems is: https://developer.apple.com/documentation/devicemanagement/servicemanagementmanagedloginitems

We have an office application used internally within our enterprise. The Provisioning Profiles (PP) for the app were about to expire, so we updated the PP and released a new version. However, we've encountered an issue where some users did not update their phones in time. After the app expired, they found it unusable and downloaded the new version, but the newly downloaded app also crashes on launch. Restarting the phone does not resolve the issue, and this primarily occurs on iOS 18.3.2. What could be the cause of this problem, and how should we address it?

I am a developer distributing an enterprise app. Recently, some users have intermittently encountered an error message on iOS 18.5 stating: "Unable to install this app because its integrity could not be verified." While the issue could not be reproduced on iPhone 15 / iOS 18.5, we have received reports that it does occur on the following devices: iPhone 14 / iOS 18.5, iPhone 14 Pro / iOS 18.5, iPhone 14 Plus / iOS 18.5, iPhone 16 Pro Max / iOS 18.5, Are there any known issues or recommended solutions regarding this behavior? Thank you in advance for your assistance.

how to contact 酷

We are having issues working with bypass codes the server creates when initiating Activation Lock through MDM. We are able to use the device-generated bypass codes without issue. When using the end point to request activation lock as specified in https://developer.apple.com/documentation/devicemanagement/creating-and-using-bypass-codes/ we get a 200 response. But when using the endpoint to bypass the activation lock, we get a 404 response. If we try to manually input the activation lock bypass code, it also does not work. Both of these methods work with the device-generated bypass codes. Just to clarify when testing the server generated codes, we ensured that we did not test the device-generated codes. All of this was tested on iOS devices. Created feedback ticket FB21365819 with device specific details.

Summary: When applying a configuration profile that uses allowListedAppBundleIDs to permit a defined set of apps, essential Apple Watch apps are unexpectedly removed from the paired Watch — even though their associated iPhone bundle IDs are explicitly included. This issue occurs with a minimal profile, and has been consistently reproducible on the latest versions of iOS and watchOS. Impact: This behavior severely limits the use of Apple Watch in managed environments (e.g., education, family management, accessibility contexts), where allowlisting is a key control mechanism. It also suggests either: Undocumented internal dependencies between iOS and watchOS apps, or A possible regression in how allowlists interact with Watch integration. Steps to Reproduce: Create a configuration profile with a Restrictions payload containing only the allowListedAppBundleIDs key. Allow a broad list of essential system apps, including all known Apple Watch-related bundle IDs: com.apple.NanoAlarm com.apple.NanoNowPlaying com.apple.NanoOxygenSaturation com.apple.NanoRegistry com.apple.NanoRemote com.apple.NanoSleep com.apple.NanoStopwatch com.apple.NanoWorldClock (All the bundles can be seen in the Attached profile) Install the profile on a supervised or non-supervised iPhone paired with an Apple Watch. Restart both devices. Observe that several core Watch apps (e.g. Heart Rate, Activity, Workout) are missing from the Watch. Expected Behavior: All apps explicitly included in the allowlist should function normally. System apps — especially those tied to hardware like Apple Watch — should remain accessible unless explicitly excluded. Actual Behavior: Multiple Apple Watch system apps are removed or hidden, despite their iPhone bundle IDs being listed in the allowlist. Test Environment: iPhone running iOS 18 Apple Watch running watchOS 11 Profile includes only the allowListedAppBundleIDs key Issue confirmed on fresh devices with no third-party apps Request for Apple Engineering: Please confirm whether additional internal or undocumented bundle IDs are required to preserve Apple Watch functionality when allowlisting apps. If this behavior is unintended, please treat this as a regression or bug affecting key system components. If intentional, please provide formal documentation listing all required bundle IDs for preserving Watch support with allowlisting enabled. Attachment: .mobileconfig profile demonstrating the issue (clean, minimal, reproducible) Attached test profile = https://drive.google.com/file/d/12YknGWuo1bDG-bmzPi0T41H6uHrhDmdR/view?usp=sharing

We are experiencing a lot of problems deploying an enterprise app for in-house use since late January. All our iPads are managed by an MDM solution. It can take 10 or more attempts to successfully deploy the app. The deployment usually fails with the message "ASDErrorDomain error 854" among other messages. The company providing the MDM solution has no idea what causes this message or what it means. I suspect the error message is not generated by the MDM solutiion but rather gets passed through from iOS. After many attempts the installation may succeed suddenly, though, and the apps works as expected, but this may take weeks. I have not done any changes to my development system. 'I am running XCode 15.3 with SDK version 17.4, the iPads are on iOS 18.3

Hello world! First post here. Developing my first app. It primarily targets supervised and MDM managed devices. A few questions: For supervised devices, is serial number available? I want to get the number and use it for app auto activation Is MDM required for supervised devices? Or, as long as a device is enrolled through Apple Business Manager? Which capacity shall I request for the app? Thanks so much!

I created a provisional profile from apple developer portal for my iOS app. The expiry date shown in the profile is 21-April 2026. However, when I build the app with this provisional profile the expiry date shown in the app is 11 Dec, 2025. My iOS distribution certificate expires only in November 2026. I see a embeded.mobileprovision profile inside the app, and it has an expiry of 11-Dec-2025. I did a clean build,, cleared unnecessary profiles from profile folder, created a new provisional profile and tried, but nothing seems help. We have a few apps, and no other app has this issue. We do annual release of all apps together for provisional profile renewal. As this app expiry is different, it will cause lot of difficulty for us next year. Will you please help me to resolve this issue? Thanks.

Hi, I was looking for advice on the suitable mac to get for a web app development project for university . Would an Apple MacBook Air 2020 M1 8GB RAM 256GB SSD 13.3" macOS Big Sur, be sufficient ?? Or would I need a newer version !

m personal iPhone is managed by an Unauthorized and Unknown mdm management team, The profile isn’t showing up in VPN Settings and I can’t remove them from having Remote access and control over my Personal Device! I’ve SPENT MANY MONTHS TRYING TO GET SUPPORT VIA EMAILING APPLE DEVELOPER AND SPEAKING TO APPLE SUPPORT WHICH HAS BEEN EXTREMELY EXHAUSTING AND HUMILIATIN! I’ve resorted to contacting Internet crime websit, the federal trade commissio, Better business bureau and Consumer Affairs to file an online complaint against Apple for not complying with their Security and Privacy policy for consumers accounts! Because of this unauthorized and unknown mdm device management profile I don’t have COMPLETE CONTROL OVER MY OWN IPHONE! ! Unable to find a team with the given Team II 'L95TAW5KWP' to which you belong. Pleas Developer Program Support. https://developer.apple.com/support I contacted developer support via email and also tried calling but they don’t respond!

Hi, My client has already developed an ios app and they need an enterprise account to publish the app. What are the procedures to create enterprise account?

I am needing to access the ABM API via C#. Searching has directed me to use BouncyCastle. I have downloaded the PEM file. However, using the following: using (var reader = File.OpenText(pemFilePath)) { var pemReader = new PemReader(reader); var keyObject = pemReader.ReadObject(); I get the error "problem creating EC private key: System.NullReferenceException: Object reference not set to an instance of an object."

I'm currently implementing a managed app using the new AppConfig specification. I referred to Apple's official documentation: Specifying and decoding a configuration. Based on the example provided in the "Publish your configuration specification" section, I structured my application configuration plist like this: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>configuration</key> <dict> <key>account</key> <dict> <key>username</key> <string>test user</string> <key>password</key> <string>test 123</string> </dict> <key>domain</key> <string>test example.com</string> </dict> </dict> </plist> When I deployed this configuration via my MDM server, the server reported valid for the activation, configuration and asset (which is the plist), but the configuration did not reflect or apply within my app. My app was unable to retrieve these settings. After some troubleshooting, I found that removing the top-level <key>configuration</key> wrapper resolved the issue. The following plist structure successfully pushed the configuration to my app: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>account</key> <dict> <key>username</key> <string>test user</string> <key>password</key> <string>test 123</string> </dict> <key>domain</key> <string>test example.com</string> </dict> </plist> My question is: Is the inclusion of the <key>configuration</key> wrapper (as shown in the Apple documentation example) incorrect for the current AppConfig implementation? Or is this structure intended for a future release (e.g., iOS 26 or beyond) and the documentation implicitly refers to it, causing confusion for current implementation? Any clarification would be greatly appreciated! Thank you!

There is a longstanding restriction payload for supervised iOS devices that disables "Erase All Content and Settings." We have been experimenting with supervised watches paired with supervised phones that have that payload applied, and yet "Erase All Content and Settings" remains available on the watch. Is this: – a) An error with our payload? Should we be sending something else? – b) A bug in watchOS supervision? – c) A deliberate design choice? If so, what is the rationale for preventing organizations from maintaining this very basic level of control over devices they may be configuring and dispatching into the field?

ABM has introduced a target date for moving a device from one MDM server to a new one. However, there's nothing in the API for setting that when you use the API to move MDM server Am I missing something or does it just not exist? Thanks Caroline

Hi, We're having problems starting an Ad Hoc ipa on an iPad with iOS 12.7.7 and 12.7.8, probably iOS 12 in general. The iPad's UUID is added to the certificate. And we don't have problems with iOS versions > iOS 12. Here is the anonymized Console Log: default 09:05:12.088994+0100 SpringBoard immediate edge swipe: failed default 09:05:12.095189+0100 SpringBoard Icon touch began: <private> default 09:05:12.096204+0100 SpringBoard Found a reasonable launch image for <private>, not pre-warming SplashBoard. Load image into the snapshot instance. default 09:05:12.117737+0100 powerd Activity changes from 0x2 to 0x1. UseActiveState:1 default 09:05:12.118572+0100 powerd hidActive:1 displayOff:0 assertionActivityValid:0 now:0xcb6 hid_ts:0xcb6 assertion_ts:0x0 default 09:05:12.145354+0100 backboardd [HID] [MT] dispatchEvent Dispatching event with 1 children, _eventMask=0x23 _childEventMask=0x3 Cancel=0 Touching=0 inRange=0 default 09:05:12.152820+0100 SpringBoard Icon tapped: <private> default 09:05:12.158236+0100 dasd Trigger: <private> is now [1] default 09:05:12.159538+0100 dasd Don't have <private> for type 1 default 09:05:12.170128+0100 trustd cert[0]: SubjectCommonName =(leaf)[]> 0 default 09:05:12.170407+0100 trustd cert[0]: LeafMarkerOid =(leaf)[]> 0 default 09:05:12.182388+0100 trustd OCSPSingleResponse: nextUpdate 0.54 days ago default 09:05:12.186084+0100 trustd OCSPSingleResponse: nextUpdate 0.62 days ago default 09:05:12.187067+0100 SpringBoard Trust evaluate failure: [leaf IssuerCommonName LeafMarkerOid SubjectCommonName] default 09:05:12.238604+0100 trustd Task <TASK_UUID_REDACTED_1>.<1> resuming, QOS(0x19) default 09:05:12.240650+0100 trustd TIC TCP Conn Start [12:0xADDR_REDACTED] default 09:05:12.241136+0100 trustd [C12 Hostname#HASH_REDACTED:80 tcp, pid: PID_REDACTED, url hash: HASH_REDACTED] start default 09:05:12.245884+0100 trustd TIC TCP Conn Start [13:0xADDR_REDACTED] default 09:05:12.246361+0100 trustd [C13 Hostname#HASH_REDACTED:80 tcp, pid: PID_REDACTED, url hash: HASH_REDACTED] start default 09:05:12.256520+0100 trustd nw_connection_report_state_with_handler_locked [C12] reporting state failed error Network is down error 09:05:12.256978+0100 trustd TIC TCP Conn Failed [12:0xADDR_REDACTED]: 1:50 Err(50) error 09:05:12.262697+0100 trustd Task <TASK_UUID_REDACTED_1>.<1> HTTP load failed (error code: -1009 [1:50]) error 09:05:12.271646+0100 trustd Task <TASK_UUID_REDACTED_1>.<1> load failed with error Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." default 09:05:12.271898+0100 trustd Failed to download ocsp response http://ocsp.apple.com/ocsp03-wwdrg311/... with error Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." default 09:05:12.280643+0100 SpringBoard Activating <private> from icon default 09:05:12.281399+0100 CommCenter #I CTServerConnection from pid PID_REDACTED has closed (conn=0xADDR_REDACTED) default 09:05:12.513629+0100 SpringBoard Bootstrapping com.example.myapp with intent foreground-interactive default 09:05:12.514084+0100 assertiond Submitting new job for "com.example.myapp" on behalf of <BKProcess: 0xADDR_REDACTED; SpringBoard; com.apple.springboard; pid: PID_REDACTED; ...> default 09:05:12.514909+0100 assertiond Submitted job with label: UIKitApplication:com.example.myapp[REDACTED][REDACTED] error 09:05:12.516769+0100 SpringBoard [com.example.myapp] Bootstrap failed with error: <NSError: 0xADDR_REDACTED; domain: BKSProcessErrorDomain; code: 1 (bootstrap-failed); reason: "Failed to start job"> error 09:05:12.516935+0100 SpringBoard Bootstrapping failed for <FBApplicationProcess: 0xADDR_REDACTED; com.example.myapp; pid: -1> with error: Error Domain=BKSProcessErrorDomain Code=1 "Unable to bootstrap process with bundleID com.example.myapp" default 09:05:12.517589+0100 SpringBoard <FBApplicationProcess: 0xADDR_REDACTED; com.example.myapp; pid: -1> exited. default 09:05:12.542638+0100 SpringBoard Application process state changed for com.example.myapp: <SBApplicationProcessState: 0xADDR_REDACTED; pid: -1; taskState: Not Running; visibility: Unknown> default 09:05:13.072994+0100 SpringBoard Front display did change: <SBApplication: 0xADDR_REDACTED; com.example.myapp> Is there any know problem with running Ad Hoc ipas on iOS 12? Thanks Christian

Hello, I'm currently working on implementing app installation features, referencing the app.managed.yaml declaration on GitHub: https://github.com/apple/device-management/blob/0a4527c5ea21825fd23e08273ccdb9e2302458ce/declarative/declarations/configurations/app.managed.yaml My question pertains to the InstallBehavior.Version key. The current specification indicates its type as <integer>: key: Version title: Version supportedOS: iOS: introduced: '26.0' macOS: introduced: '26.0' visionOS: introduced: '26.0' type: <integer> Is there a way to specify the app version using a string format, such as x.y.z, instead of the integer (App Store External Version Identifier - EVID)? Allowing for a simpler version specification would make app version management through MDM more flexible and efficient. I believe this would significantly streamline the deployment and operation of Apple devices within organizations. Any guidance or consideration for this would be greatly appreciated. Thank you.

When an iOS 26.0 device is prepared in supervised mode, wifi connection screen is showing when the device is restarted. This wifi connect appears always on restart. I have tried using Apple Configurator GUI and Command line (cfgutil) command. In both cases, The behavior Wifi screen is showing up on restart for supervised mode. Cfgutil command: cfgutil -C {Certificate} -K {Key} prepare --supervised --name {NAME} --host-cert {Certificate} --skip-all Note: In non-supervised mode and other iOS, the wifi screen is not showing. Apple Configurator version: 2.18 iOS version: 26.0 Device model: iPhone 11 and above. Anyone else facing this issue? Any help is super appreciated.