Root issue is missing entitlement in NFC App

Question

Created 1w

Replies 3

Boosts 0

Participants 2

The root issues is a missing entitlement error. I've jumped through countless hoops of checking/rechecking .entitlement file/plist file, creating new credentials, creating new projects, creating new provisioning profiles with no luck, manual signing, automatic signing. Any suggestions appreciated.

Looking at the Provisioning Profile Info shows NFC Tag capabilities is included and NFC Entitlements are included. Screenshot 2025-07-06 at 9.29.12 PM.png

I'm at a loss...

I am including the following:

Pertinent output from console
Current Info.Plist
Current .entitlement file

Here are the pertinent sectsis the Console Log for reference:

... NFCConnectionManager[0x074d6e40].tagReaderSessionDidBecomeActive(:): NFCTagReaderSessionDelegate: Session did become active NFCConnectionManager[0x074d6e40].tagReaderSession(:didDetect:): NFCTagReaderSessionDelegate: Session didDetectTags – 1 tags NFCConnectionManager[0x074d6e40].connected(session:tag:): Manager.connected(session:tag:) - tag: 7 bytes NFCConnection.Type.connection(): NFCConnection.connection() – connection established DEBUG: Successfully established YubiKit NFCConnection. DEBUG: UI updated: 'YubiKey connected... Performing challenge-response...' DEBUG: Sending APDU to select OATH applet: 00a4040008a000000527210101 NFCConnection[0x04575e00].send(data:): NFCConnection.send(data:) – 13 bytes NFCConnectionManager[0x074d6e40].transmit(request:for:): Manager.transmit – 13 bytes to tag ISO7816Identifier(data: 7 bytes)

Here is the dreaded error: -[NFCTagReaderSession transceive:tagUpdate:error:]:897 Error Domain=NFCError Code=2 "Missing required entitlement" UserInfo={NSLocalizedDescription=Missing required entitlement}

ERROR: Operation failed: Missing required entitlement DEBUG: Unexpected error: Missing required entitlement

Here is the info.plist

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NFCReaderUsageDescription</key> <string>The application needs access to NFC reading to communicate with your YubiKey.</string> <key>com.apple.developer.nfc.readersession.iso7816.select-identifiers</key> <array> <string>A000000527471117</string> <string>A0000006472F0001</string> <string>A0000005272101</string> <string>A000000308</string> <string>A000000527200101</string> <string>A000000151000000</string> </array> <key>UISupportedExternalAccessoryProtocols</key> <array> <string>com.yubico.ylp</string> </array> </dict> </plist>

Here is the entitlements file:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.nfc.readersession.formats</key> <array> <string>TAG</string> </array> <key>com.apple.security.smartcard</key> <true/> </dict> </plist>

Answered by Engineer in 848264022

Entitlement errors during SELECT is caused by mismatched AIDs between your app code, Info.plist declaration, and the actual AID used by the tag.

Boost

Answer 1

MarcoF OP

1w

My initial post was not very clear, adding some supporting information below:

Initial NFC session establishes successfully
Failure occurs immediately on first APDU transmission

Configuration & Verification:

Xcode Capabilities: "Near Field Communication Tag Reading" is enabled in the target's "Signing & Capabilities" tab.
entitlements File:

com.apple.developer.nfc.readersession.formats is correctly set to an array containing only <string>TAG</string>. (Confirmed ISO7816 should NOT be directly in this array based on Apple documentation).

<key>com.apple.developer.nfc.readersession.formats</key> <array> <string>TAG</string> </array>

Info.plist Configuration:

Privacy - NFC Scan Usage Description (NFCReaderUsageDescription) is present.

com.apple.developer.nfc.readersession.iso7816.select-identifiers is correctly configured with an array of relevant YubiKey AIDs, including the OATH AID (A000000527210101) and others.

codesign Output :

After building the app, running codesign -d --entitlements :- /path/to/YourAppName.app explicitly confirms that the com.apple.developer.nfc.readersession.formats entitlement with <string>TAG</string> IS present in the final signed application bundle.

<key>com.apple.developer.nfc.readersession.formats</key><array><string>TAG</string></array>

This indicates the entitlement is correctly embedded in the binary.

0

Answer 2

Engineer OP

Apple

1w

Accepted Answer

Entitlement errors during SELECT is caused by mismatched AIDs between your app code, Info.plist declaration, and the actual AID used by the tag.

0

Answer 3

MarcoF OP

1w

I can confirm that despite checking the AIDS dozens of times over the past week of debug.... there was in fact a typo in one of them. Thank you for pointing me in that direction.

0