[Crashlytics] EXC_GUARD crash with "Additional Runtime Platform Restrictions" enabled (iOS 26.1) #15393
Description
Description
[Crashlytics] EXC_GUARD crash with "Additional Runtime Platform Restrictions" enabled (iOS 26.1)
Issue Description
Firebase Crashlytics causes immediate app crash on iOS 26 due to EXC_GUARD exception when attempting to register mach port exception handlers. This occurs when "Enable Additional Runtime Platform Restrictions" is enabled under Enhanced Security → Runtime Protections.
Environment
- iOS Version: iOS 26.1 beta 2
- Firebase iOS SDK Version: 12.4.0
- Xcode Version: 26.0.1
- Device: Physical iPhone running iOS 26.1 beta 2
- Deployment Target: iOS 26.0
Stack Trace
Exception Type: EXC_GUARD
Exception Subtype: GUARD_TYPE_MACH_PORT
Exception Message: SET_EXCEPTION_BEHAVIOR on mach port 2147483649
Thread 1 Crashed:
0 libsystem_kernel.dylib mach_port_set_attributes
1 FirebaseCrashlytics FIRCLSMachExceptionRegister
2 FirebaseCrashlytics FIRCLSMachExceptionInit
3 FirebaseCrashlytics FIRCLSContext
4 FirebaseCrashlytics -[FIRCLSInternalReport initWithPath:executionIdentifier:]
Steps to Reproduce
- Create new Xcode 26.0.1 project targeting iOS 26.0+
- Add Firebase iOS SDK 12.4.0 with Crashlytics
- In project settings, go to Signing & Capabilities → Enhanced Security → Runtime Protections
- Enable "Enable Additional Runtime Platform Restrictions" (this adds the
com.apple.security.hardened-process.platform-restrictionsentitlement) - Build and run on physical device with iOS 26.1 beta 2
- App crashes immediately on launch with
EXC_GUARDexception
Expected Behavior
App should launch successfully with Crashlytics enabled, compatible with iOS 26's Runtime Platform Restrictions which protect against attacks on the dynamic loader and Mach messaging.
Actual Behavior
App crashes with EXC_GUARD exception because the "Additional Runtime Platform Restrictions" setting blocks mach port exception handler registration that Crashlytics requires.
Temporary Workaround
Disable "Additional Runtime Platform Restrictions" in Xcode:
- Go to project settings → Signing & Capabilities → Enhanced Security → Runtime Protections
- Uncheck "Enable Additional Runtime Platform Restrictions"
Or manually remove the entitlement from your .entitlements file:
<!-- Remove this key -->
<key>com.apple.security.hardened-process.platform-restrictions</key>
<true/>This allows the app to run but sacrifices protection against dynamic loader and Mach messaging attacks. Other Enhanced Security features (Typed Allocator, Read-only Platform Memory, etc.) can remain enabled.
Additional Context
- This only affects iOS 26+ with "Additional Runtime Platform Restrictions" specifically enabled
- Other Enhanced Security features work fine (Typed Allocator, Read-only Platform Memory, Hardware Memory Tagging)
- Works on iOS 26.1 beta 2 when "Additional Runtime Platform Restrictions" is disabled
- The platform restrictions setting protects against "attacks on the dynamic loader and Mach messaging" (per Apple's description)
- Crashlytics uses mach port exception handlers (
mach_port_set_attributeswithSET_EXCEPTION_BEHAVIOR) - Other Firebase services (Auth, Firestore, Analytics, Functions, Performance) work correctly with all Enhanced Security features
- Tested with Firebase SDK 12.4.0 (latest as of October 2025)
Request
Please update Firebase Crashlytics to be compatible with iOS 26's "Additional Runtime Platform Restrictions", either by:
- Using alternative crash reporting mechanisms that don't require mach port exception handlers
- Detecting the platform-restrictions entitlement and gracefully degrading functionality
- Providing guidance on proper iOS 26 integration with full Enhanced Security enabled
Related Issues
- Apple's iOS 26 introduced enhanced restrictions on mach port operations for security
- Enhanced App Protection with platform-restrictions is recommended for iOS 26+ apps
- This is currently blocking production deployment with full iOS 26 security hardening
Is this blocking production deployment? Yes - cannot ship apps with "Additional Runtime Platform Restrictions" enabled on iOS 26, which forces us to disable protection against dynamic loader and Mach messaging attacks.
Reproducing the issue
No response
Firebase SDK Version
12.4
Xcode Version
26.0.1
Installation Method
Swift Package Manager
Firebase Product(s)
Crashlytics, App Check, Firestore, Functions, Authentication
Targeted Platforms
iOS
Relevant Log Output
If using Swift Package Manager, the project's Package.resolved
Expand Package.resolved snippet
{
"originHash" : "c63c63846d9c539229e96de38d6af51417e28c0ee9a0bc48bd0f0f19d923c329",
"pins" : [
{
"identity" : "abseil-cpp-binary",
"kind" : "remoteSourceControl",
"location" : "https://github.com/google/abseil-cpp-binary.git",
"state" : {
"revision" : "bbe8b69694d7873315fd3a4ad41efe043e1c07c5",
"version" : "1.2024072200.0"
}
},
{
"identity" : "app-check",
"kind" : "remoteSourceControl",
"location" : "https://github.com/google/app-check.git",
"state" : {
"revision" : "61b85103a1aeed8218f17c794687781505fbbef5",
"version" : "11.2.0"
}
},
{
"identity" : "firebase-ios-sdk",
"kind" : "remoteSourceControl",
"location" : "https://github.com/firebase/firebase-ios-sdk",
"state" : {
"revision" : "541ac342abead313f2ce0ccf33278962b5c1e43c",
"version" : "12.4.0"
}
},
{
"identity" : "google-ads-on-device-conversion-ios-sdk",
"kind" : "remoteSourceControl",
"location" : "https://github.com/googleads/google-ads-on-device-conversion-ios-sdk",
"state" : {
"revision" : "2ba031f43ef88a7f6631c84d23794eb99751e891",
"version" : "3.1.0"
}
},
{
"identity" : "googleappmeasurement",
"kind" : "remoteSourceControl",
"location" : "https://github.com/google/GoogleAppMeasurement.git",
"state" : {
"revision" : "52713644ce2831bb687ded4aefd5e5c9f15565c5",
"version" : "12.4.0"
}
},
{
"identity" : "googledatatransport",
"kind" : "remoteSourceControl",
"location" : "https://github.com/google/GoogleDataTransport.git",
"state" : {
"revision" : "617af071af9aa1d6a091d59a202910ac482128f9",
"version" : "10.1.0"
}
},
{
"identity" : "googleutilities",
"kind" : "remoteSourceControl",
"location" : "https://github.com/google/GoogleUtilities.git",
"state" : {
"revision" : "60da361632d0de02786f709bdc0c4df340f7613e",
"version" : "8.1.0"
}
},
{
"identity" : "grpc-binary",
"kind" : "remoteSourceControl",
"location" : "https://github.com/google/grpc-binary.git",
"state" : {
"revision" : "75b31c842f664a0f46a2e590a570e370249fd8f6",
"version" : "1.69.1"
}
},
{
"identity" : "gtm-session-fetcher",
"kind" : "remoteSourceControl",
"location" : "https://github.com/google/gtm-session-fetcher.git",
"state" : {
"revision" : "c756a29784521063b6a1202907e2cc47f41b667c",
"version" : "4.5.0"
}
},
{
"identity" : "interop-ios-for-google-sdks",
"kind" : "remoteSourceControl",
"location" : "https://github.com/google/interop-ios-for-google-sdks.git",
"state" : {
"revision" : "040d087ac2267d2ddd4cca36c757d1c6a05fdbfe",
"version" : "101.0.0"
}
},
{
"identity" : "leveldb",
"kind" : "remoteSourceControl",
"location" : "https://github.com/firebase/leveldb.git",
"state" : {
"revision" : "a0bc79961d7be727d258d33d5a6b2f1023270ba1",
"version" : "1.22.5"
}
},
{
"identity" : "nanopb",
"kind" : "remoteSourceControl",
"location" : "https://github.com/firebase/nanopb.git",
"state" : {
"revision" : "b7e1104502eca3a213b46303391ca4d3bc8ddec1",
"version" : "2.30910.0"
}
},
{
"identity" : "promises",
"kind" : "remoteSourceControl",
"location" : "https://github.com/google/promises.git",
"state" : {
"revision" : "540318ecedd63d883069ae7f1ed811a2df00b6ac",
"version" : "2.4.0"
}
},
{
"identity" : "swift-protobuf",
"kind" : "remoteSourceControl",
"location" : "https://github.com/apple/swift-protobuf.git",
"state" : {
"revision" : "2547102afd04fe49f1b286090f13ebce07284980",
"version" : "1.31.1"
}
}
],
"version" : 3
}
If using CocoaPods, the project's Podfile.lock
Expand Podfile.lock snippet
Replace this line with the contents of your Podfile.lock!