Hi, I’m trying to download a remote file in the background, but I keep getting a strange behaviour where URLSession download my file indefinitely during a few minutes, without calling urlSession(_:downloadTask:didFinishDownloadingTo:) until the download eventually times out. To find out that it’s looping, I’ve observed the total bytes written on disk by implementing urlSession(_:downloadTask:didWriteData:totalBytesWritten:totalBytesExpectedToWrite:). Note that I can't know the size of the file. The server is not able to calculate the size. Below is my implementation. I create an instance of URLSession like this: private lazy var session: URLSession = { let configuration = URLSessionConfiguration.background(withIdentifier: backgroundIdentifier) configuration.isDiscretionary = false configuration.sessionSendsLaunchEvents = true return URLSession(configuration: configuration, delegate: self, delegateQueue: nil) }() My service is using async/await so I have implemented an AsyncThrowingStream : private var downloadTask: URLSessionDownloadTask? private var continuation: AsyncThrowingStream<(URL, URLResponse), Error>.Continuation? private var stream: AsyncThrowingStream<(URL, URLResponse), Error> { AsyncThrowingStream<(URL, URLResponse), Error> { continuation in self.continuation = continuation self.continuation?.onTermination = { @Sendable [weak self] data in self?.downloadTask?.cancel() } downloadTask?.resume() } } Then to start the download, I do : private func download(with request: URLRequest) async throws -> (URL, URLResponse) { do { downloadTask = session.downloadTask(with: request) for try await (url, response) in stream { return (url, response) } throw NetworkingError.couldNotBuildRequest } catch { throw error } } Then in the delegate : public func urlSession(_ session: URLSession, downloadTask: URLSessionDownloadTask, didFinishDownloadingTo location: URL) { guard let response = downloadTask.response, downloadTask.error == nil, (response as? HTTPURLResponse)?.statusCode == 200 else { continuation?.finish(throwing: downloadTask.error) return } do { let documentsURL = try FileManager.default.url(for: .documentDirectory, in: .userDomainMask, appropriateFor: nil, create: false) let savedURL = documentsURL.appendingPathComponent(location.lastPathComponent) try FileManager.default.moveItem(at: location, to: savedURL) continuation?.yield((savedURL, response)) continuation?.finish() } catch { continuation?.finish(throwing: error) } } I also tried to replace let configuration = URLSessionConfiguration.background(withIdentifier: backgroundIdentifier) by let configuration = URLSessionConfiguration.default and this time I get a different error at the end of the download: Task <0457F755-9C52-4CFB-BDB2-F378D0C94912>.<1> failed strict content length check - expected: 0, received: 530692, received (uncompressed): 0 Task <0457F755-9C52-4CFB-BDB2-F378D0C94912>.<1> finished with error [-1005] Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={NSLocalizedDescription=The network connection was lost., NSErrorFailingURLStringKey=https:/<host>:8190/proxy?Func=downloadVideoByUrl&SessionId=slufzwrMadvyJad8Lkmi9RUNAeqeq, NSErrorFailingURLKey=https://<host>:8190/proxy?Func=downloadVideoByUrl&SessionId=slufzwrMadvyJad8Lkmi9RUNAeqeq, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDownloadTask <0457F755-9C52-4CFB-BDB2-F378D0C94912>.<1>" ), _NSURLErrorFailingURLSessionTaskErrorKey=LocalDownloadTask <0457F755-9C52-4CFB-BDB2-F378D0C94912>.<1>, NSUnderlyingError=0x300d9a7c0 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x302139db0 [0x1fcb1f598]>{length = 16, capacity = 16, bytes = 0x10021ffe91e227500000000000000000}}}} The log "failed strict content length check” made me look into the response header, which has the following: content-length: 0 Content-Type: application/force-download Transfer-encoding: chunked Connection: KEEP-ALIVE Content-Transfer-Encoding: binary So it should be fine the way I setup my URLSession. The download works fine in Chrome/Safari/Chrome or Postman. My code used to work a couple of weeks before, so I expect something has changed on the server side, but I can’t find what, and I don’t get much help from the guys on the server side. Has anyone an idea of what’s going on?

I'm establishing a connection with NWListener and NWConnection which is working great. However, if the listener disappears, a lot of logs are appearing: Is there a way to hide these logs? I'm aware of OS_ACTIVITY_MODE=disabled, but that will also hide a lot of other logs. I also know you can hide these using Xcode's filtering. I'm looking for a programmatically way to hide these completely. I'm not interested in seeing these at all, or, at least, I want to be in control. Thanks!

Recently, while developing a network extension on macOS, I encountered a very interesting issue. When the App Sandbox entitlement is included, the NE (Network Extension) can be called and run normally. However, when the App Sandbox is removed, with everything else remaining unchanged, an error occurs. The logs are as follows: Failed to find an app extension with identifier app.acmeVpnM.extension and extension point com.apple.networkextension.packet-tunnel: (null) Found 0 registrations for app.acmeVpnM.extension (com.apple.networkextension.packet-tunnel) If you add app sandbox, it will run normally. this is my container app entitlement this is my NE extension (without App SandBox) I want to know the reason for this. App sandbox shouldn't be mandatory. How can I make my NE run in an environment without app sandbox?

i unfortunatly upgraded to Sequoia since then I see when: i select XCode ->Product->run i see Error: No route to host i cannot grant access to local network for XCode i can no longer debug my program as i did with Sonora

In my Packet Tunnel Provider, I'm setting the NEDNSSettings to localhost as I have a local DNS server listening on port 53 (this is a dns forwarder which conditionally forwards to different upstreams based on rules). On iOS it works just fine, I'm able to listen on localhost:53 in the Network Extension, then set NEDNSSettings servers to "127.0.0.1". However on macOS due to the port being under 1024, I get a Permission denied OS code 13 error. I'm assuming this is due to the Network Extension not running as root. Can this be changed? This could be rectified if you could customize the port in NEDNSSettings, as the listener could be on port 5353, but it doesn't look like it is possible? Just wondering if there is some other way to accomplish what I'm trying to do in the macOS Network Extension?

Our enterprise product uses a content filter, normally customers deploy MDM profiles to authorise and allow the content filter to work. Some customers however do not use these profiles, requiring them to enable the system extension in System Settings and allow the content filter via the popup below. If the user selects "Don't Allow", intentionally or by mistake, there does not appear to be an mechanism for them to change their mind and allow it instead. If the user fails to enable the system extension on the first prompt, there is an option to enable if via System Settings. There doesn't seem to be a similar option if they "Don't Allow" the content filter. How can the user allow a previously denied content filter?

We have a setup where the system uses proxy settings configured via a PAC file. We are investigating how NWConnection behaves inside a Network Extension (NETransparentProxyProvider) with a transparent proxy configuration based on this PAC file. Scenario: The browser makes a connection which the PAC file resolves as "DIRECT" (bypassing the proxy) Our Network Extension intercepts this traffic for analysis The extension creates a new connection using NWConnection to the original remote address. The issue: despite the PAC file’s "DIRECT" decision, NWConnection still respects the system proxy settings and routes the connection through the proxy. Our questions: Is it correct that NWConnection always uses the system proxy if configured ? Does setting preferNoProxies = true guarantee bypassing the system proxy? Additionally: Whitelisting IPs in the Network Extension to avoid interception is not a viable solution because IPs may correspond to multiple services, and the extension only sees IP addresses, not domains (e.g., we want to skip scanning meet.google.com traffic but still scan other Google services on the same IP range). Are there any recommended approaches or best practices to ensure that connections initiated from a Network Extension can truly bypass the proxy (for example, for specific IP ranges or domains)?

Question 1: After NetworkExtension is installed, when the software receives a pushed uninstall command, it needs to download the entire software but fails to uninstall this NetworkExtension. Are there any solutions? Question 2: How can residual, uninstalled NetworkExtensions be cleaned up when SIP (System Integrity Protection) is enabled?

I am in the middle of investigating an issue arising in the call to setsockopt syscall where it returns an undocumented and unexpected errno. As part of that, I'm looking for a way to list any socket content filters or any such extensions are in play on the system where this happens. To do that, I ran: systemextensionsctl list That retuns the following output: 0 extension(s) which seems to indicate there's no filters or extensions in play. However, when I do: netstat -s among other things, it shows: net_api: 2 interface filters currently attached 2 interface filters currently attached by OS 2 interface filters attached since boot 2 interface filters attached since boot by OS ... 4 socket filters currently attached 4 socket filters currently attached by OS 4 socket filters attached since boot 4 socket filters attached since boot by OS What would be the right command/tool/options that I could use to list all the socket filters/extensions (and their details) that are in use and applicable when a call to setsockopt is made from an application on that system? Edit: This is on a macosx-aarch64 with various different OS versions - 13.6.7, 14.3.1 and even 14.4.1.

I am seeking assistance with how to properly handle / save / reuse NWConnections when it comes to the NWBrowser vs NWListener. Let me give some context surrounding why I am trying to do what I am. I am building an iOS app that has peer to peer functionality. The design is for a user (for our example the user is Bob) to have N number of devices that have my app installed on it. All these devices are near each other or on the same wifi network. As such I want all the devices to be able to discover each other and automatically connect to each other. For example if Bob had three devices (A, B, C) then A discovers B and C and has a connection to each, B discovers B and C and has a connection to each and finally C discovers A and B and has a connection to each. In the app there is a concept of a leader and a follower. A leader device issues commands to the follower devices. A follower device just waits for commands. For our example device A is the leader and devices B and C are followers. Any follower device can opt to become a leader. So if Bob taps the “become leader” button on device B - device B sends out a message to all the devices it’s connected to telling them it is becoming the new leader. Device B doesn’t need to do anything but device A needs to set itself as a follower. This detail is to show my need to have everyone connected to everyone. Please note that I am using .includePeerToPeer = true in my NWParameters. I am using http/3 and QUIC. I am using P12 identity for TLS1.3. I am successfully able to verify certs in sec_protocal_options_set_verify_block. I am able to establish connections - both from the NWBrowser and from NWListener. My issue is that it’s flaky. I found that I have to put a 3 second delay prior to establishing a connection to a peer found by the NWBrowser. I also opted to not save the incoming connection from NWListener. I only save the connection I created from the peer I found in NWBrowser. For this example there is Device X and Device Y. Device X discovers device Y and connects to it and saves the connection. Device Y discovers device X and connects to it and saves the connection. When things work they work great - I am able to send messages back and forth. Device X uses the saved connection to send a message to device Y and device Y uses the saved connection to send a message to device X. Now here come the questions. Do I save the connection I create from the peer I discovered from the NWBrowser? Do I save the connection I get from my NWListener via newConnectionHandler? And when I save a connection (be it from NWBrowser or NWListener) am I able to reuse it to send data over (ie “i am the new leader command”)? When my NWBrowser discovers a peer, should I be able to build a connection and connect to it immediately? I know if I save the connection I create from the peer I discover I am able to send messages with it. I know if I save the connection from NWListener - I am NOT able to send messages with it — but should I be able to? I have a deterministic algorithm for who makes a connection to who. Each device has an ID - it is a UUID I generate when the app loads - I store it in UserDefaults and the next time I try and fetch it so I’m not generating new UUIDs all the time. I set this deviceID as the name of the NWListener.Service I create. As a result the peer a NWBrowser discovers has the deviceID set as its name. Due to this the NWBrowser is able to determine if it should try and connect to the peer or if it should not because the discovered peer is going to try and connect to it. So the algorithm above would be great if I could save and use the connection from NWListener to send messages over.

So it seems the NetworkFramework is still not able to support Broastcast Mode am I correct? As soon as I switch broadcast mode to On in my game I receive console messages instead of receiving data. nw_path_evaluator_create_flow_inner failed NECP_CLIENT_ACTION_ADD_FLOW (null) evaluator parameters: udp, definite, server, attribution: developer, reuse local address, context: Default Network Context (private), proc: 2702288D-96FB-37DD-8610-A68CC526EA0F, local address: 0.0.0.0:20778 nw_path_evaluator_create_flow_inner NECP_CLIENT_ACTION_ADD_FLOW 1FB68D7E-7C9B-47B2-B6AC-E5710CD9C9CD [17: File exists] nw_endpoint_flow_setup_channel [C2 192.168.178.221:52716 initial channel-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, ipv6, dns, uses wifi)] failed to request add nexus flow nw_endpoint_flow_failed_with_error [C2 192.168.178.221:52716 initial channel-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, ipv6, dns, uses wifi)] already failing, returning nw_endpoint_handler_create_from_protocol_listener [C2 192.168.178.221:52716 failed channel-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, ipv6, dns, uses wifi)] nw_endpoint_flow_pre_attach_protocols nw_connection_create_from_protocol_on_nw_queue [C2] Failed to create connection from listener nw_ip_channel_inbox_handle_new_flow nw_connection_create_from_protocol_on_nw_queue failed I won't be able to receive data which is a real shame, so I guess I am stuck with the lower level code: // Enable broadcast var enableBroadcast: Int32 = 1 if setsockopt(socketDescriptor, SOL_SOCKET, SO_BROADCAST, &enableBroadcast, socklen_t(MemoryLayout<Int32>.size)) == -1 { let errorMessage = String(cString: strerror(errno)) throw UDPSocketError.cannotEnableBroadcast(errorMessage) }

I have read all the information and forum posts about local network, such as TN3179, etc., and have added NSLocalNetworkUsageDescription, but it does not solve my problem. The problem I encountered is described as follows: Device: iOS18.1.1 Signing method: automatic Xcode debug directly runs, and the app can access 17.25.11.128 normally. However, relase run or packaged into adhoc installation, this IP cannot be accessed. There is a phenomenon that the app package of the App Store can also be used. Our test team has few iOS18+ devices, and internal testing is not possible. Please contact us as soon as possible, thank you. ======= 我已经了解了所有关于local network 相关的资料和论坛帖子，比如TN3179 等等， 已经添加了 NSLocalNetworkUsageDescription， 但是不解决我的问题。 我遇到的问题描述如下： 设备：iOS18.1.1 签名方式：自动 xcode debug 直接运行，app是可以正常访问17.25.11.128的。 但是 relase run 或者 打包成 adhoc 安装，就无法访问这个IP了。 有一个现象， App Store 的app包 也是可以的。 我们的测试团队，iOS18+的设备就没几个，还不能内部测试了。请尽快联系我们，谢谢。

Hello there, Starting from iOS 18.4, support was included for QWAC Validation and QCStatements. Using the official QWAC Validator at: https://eidas.ec.europa.eu/efda/qwac-validation-tool I was able to check that the domain "eidas.ec.europa.eu" has a valid QWAC certificate. However, when trying to obtain the same result using the new API, I do not obtain the same result. Here is my sample playground code: import Foundation import Security import PlaygroundSupport PlaygroundPage.current.needsIndefiniteExecution = true @MainActor class CertificateFetcher: NSObject, URLSessionDelegate { private let url: URL init(url: URL) { self.url = url super.init() } func start() { let session = URLSession(configuration: .ephemeral, delegate: self, delegateQueue: nil) let task = session.dataTask(with: url) { data, response, error in if let error = error { print("Error during request: \(error)") } else { print("Request completed.") } } task.resume() } nonisolated func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -&gt; Void) { guard let trust = challenge.protectionSpace.serverTrust else { completionHandler(.cancelAuthenticationChallenge, nil) return } if let certificates = SecTrustCopyCertificateChain(trust) as? [SecCertificate] { self.checkQWAC(certificates: certificates) } let credential = URLCredential(trust: trust) completionHandler(.useCredential, credential) } nonisolated func checkQWAC(certificates: [SecCertificate]) { let policy = SecPolicyCreateSSL(true, nil) var trust: SecTrust? guard SecTrustCreateWithCertificates(certificates as CFArray, policy, &amp;trust) == noErr, let trust else { print("Unable to create SecTrust") return } var error: CFError? guard SecTrustEvaluateWithError(trust, &amp;error) else { print("Trust evaluation failed") return } guard let result = SecTrustCopyResult(trust) as? [String : Any] else { print("No result dictionary") return } let qwacStatus = result[kSecTrustQWACValidation as String] let qcStatements = result[kSecTrustQCStatements as String] print("QWAC Status: \(String(describing: qwacStatus))") print("QC Statements: \(String(describing: qcStatements))") } } let url = URL(string: "https://eidas.ec.europa.eu/")! let fetcher = CertificateFetcher(url: url) fetcher.start() Which prints: QWAC Status: nil QC Statements: nil Request completed. Am I making a mistake while using the Security framework? I would greatly appreciate any help or guidance you can provide.

iOS 18.4 introduced some requirements on the Key Usage of 802.1x server certificates, as described here. https://support.apple.com/en-us/121158 When using TLS_ECDHE_RSA or TLS_DHE_RSA cipher suites, 802.1X server certificates containing a Key Usage extension must have Digital Signature key usage set. When using the TLS_RSA cipher suite, 802.1X server certificates containing a Key Usage extension must have Key Encipherment key usage set. It reads like the change is supposed to affect 802.1x only. However, we have found out that the new restrictions are actually imposed on all TLS connections using the Network framework, including in Safari. Unlike other certificate errors which can be either ignored by users (as in Safari) or by code (via sec_protocol_options_set_verify_block), these new ones can't. Even if passing completion(true) in the TLS verification block, the connection still ends up in waiting state with error -9830: illegal parameter. I understand that these requirements are valid ones but as a generic TLS library I also expect that Network framework could at least allow overriding the behavior. The current treatment is not consistent with those on other certificate errors. Since I can't upload certificates, here is how to reproduce a certificate that fails. Create a OpenSSL config file test.cnf [ req ] default_bits = 2048 distinguished_name = dn x509_extensions = v3_ca prompt = no [ dn ] CN = example.com [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = CA:TRUE keyUsage = critical, keyCertSign, cRLSign Generate certificate and private key openssl req -x509 -new -nodes -keyout key.pem -out cert.pem -days 365 -config test.cnf And here is the client code to test. // Target server and port let host = NWEndpoint.Host("example.com") let port = NWEndpoint.Port("443")! // Configure insecure TLS options let tlsOptions = NWProtocolTLS.Options() sec_protocol_options_set_verify_block(tlsOptions.securityProtocolOptions, { _, _, completion in // Always trust completion(true) }, DispatchQueue.global()) let params = NWParameters(tls: tlsOptions) let connection = NWConnection(host: .init(host), port: .init(rawValue: port)!, using: params) connection.stateUpdateHandler = { newState in switch newState { case .ready: print("TLS connection established") case .failed(let error): print("Connection failed: \(error)") case .cancelled: print("Connection canceled") case .preparing: print("Connection preparing") case .waiting(let error): print("Connection waiting: \(error)") case .setup: print("Connection setup") default: break } } connection.start(queue: .global()) Output Connection preparing Connection waiting: -9830: illegal parameter Previously reported as FB17099740

On one test machine, our extension wouldn't load, because [NETransparentProxyManager loadAllFromPreferencesWithCompletionHandler] can't find a manager, saying Skipping configuration appname because it is of the wrong type. This is the first time I've seen this behaviour. (The containing app tries to find a configuration, if it can't find it it creates one, then modifies whatever it found or created, then stores it. I don't have the right logging yet for that, so I can't see the error messages. [NSLog instead of os_log_error.])

As a third-party application on Apple Watch, can it be located in the same LAN httpServer? Currently, when testing to initiate an http request in the LAN, the connection timeout is returned, code: -1001 self.customSession.request("http://10.15.48.191:9000/hello").response { response in switch response.result { case .success(let data): dlog("✅ 请求成功，收到数据：") if let html = String(data: data ?? Data(), encoding: .utf8) { dlog(html) } case .failure(let error): dlog("❌ 请求失败：\(error.localizedDescription)") } } 执行后报错 Task <B71BE820-FD0E-4880-A6DD-1F8F6EAF98B0>.<1> finished with error [-1001] Error Domain=NSURLErrorDomain Code=-1001 "请求超时。" UserInfo={_kCFStreamErrorCodeKey=-2102, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <B71BE820-FD0E-4880-A6DD-1F8F6EAF98B0>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <B71BE820-FD0E-4880-A6DD-1F8F6EAF98B0>.<1>", "LocalDataPDTask <B71BE820-FD0E-4880-A6DD-1F8F6EAF98B0>.<1>", "LocalDataTask <B71BE820-FD0E-4880-A6DD-1F8F6EAF98B0>.<1>" ), NSLocalizedDescription=请求超时。, _kCFStreamErrorDomainKey=4, NSErrorFailingURLStringKey=http://10.15.48.191:9000/hello, NSErrorFailingURLKey=http://10.15.48.191:9000/hello}

Hi Dev Forums and Quinn "The Eskimo!", Short version Is there sample NWConnection code available that behaves in a similar way to the higher level URLSession and URLRequest APIs? Long version I have not been able to make this question get past the "sensitive language filter" on the dev forums. I figured it might be 'fool' or 'heck', or the X link, but removing each of those still triggers the sensitive language filter. Please see this gist: https://gist.github.com/lzell/8672c26ecb6ee1bb26d3aa3c7d67dd62 Thank you! Lou Zell

Hi! I recently had an idea to build an iOS app that allows users to create a system-level block of specified web domains by curating a "blacklist" on their device. If the user, for instance, inputs "*example.com" to their list, their iPhone would be blocked from relaying that network traffic to their ISP/DNS, and hence return an error message ("iPhone can't open the page because the address is invalid") instead of successfully fetching the response from example.com's servers. The overarching goal of this app would be to allow users to time-block their use of specified websites/apps and grant them greater agency over their technology consumption, and I thought that an app that blocks traffic at the network level, combined with the ability to control when to/not to allow access, would be a powerful alternative to the existing implementations out there that work more on the browser-level (eg. via Safari extension, which is isolated to the scope of user's Safari browser) or via Screen Time (which can be easy to bypass by inputting one's passcode). Another thing to mention is that since the app would serve as a local DNS proxy (instead of relying on a third party DNS resolver), none of their internet activity will be collected/transmitted off-device and be used for commercial purposes. I feel particularly driven to create a privacy-centered app in this way, since no user data needs to be harvested to implement this kind of filtering. I'd also love to get suggestions for a transparent privacy policy that respects users control over their device. With all this said, I found that the Network Extension APIs may be the only way that an app like this could be built on iOS and, I wanted to ask if the above-mentioned use case of Network Extension would be eligible to be granted access to its entitlement before I go ahead and purchase the $99/year Apple Developer Program membership. Happy to provide further information, and I'd also particularly be open to any mentions of existing solutions out there (since I might have missed some in my search). Maybe something like this already exists, in which case it'd be great to know in any case! :). Thank you so much in advance!

{"bug_type":"210","timestamp":"2025-07-04 14:19:35.00 +0800","os_version":"macOS 15.5 (24F74)","roots_installed":0,"incident_id":"5457889A-1002-4389-BAE6-A447733EFD78"} { "build" : "macOS 15.5 (24F74)", "product" : "MacBookPro18,4", "socId" : "6001", "socRevision" : "11", "incident" : "5457889A-1002-4389-BAE6-A447733EFD78", "crashReporterKey" : "4ABE0CA2-C60B-8B0E-557A-C0BDEB1E9144", "kernel" : "Darwin Kernel Version 24.5.0: Tue Apr 22 19:54:49 PDT 2025; root:xnu-11417.121.62/RELEASE_ARM64_T6000", "date" : "2025-07-04 14:19:35.95 +0800", "panicString" : "panic(cpu 1 caller 0xfffffe00215f28e8): Kernel data abort. at pc 0xfffffe0021310d9c, lr 0x37a67e002116f050 (saved state: 0xfffffe60706d3240)\n\t x0: 0xfffffe2eaac676f8 x1: 0x0000000000000000 x2: 0xfffffe002116f050 x3: 0x0000000000000002\n\t x4: 0x0000000000002021 x5: 0xffffffffffffffff x6: 0x0000000000000000 x7: 0x0000006ddf79e068\n\t x8: 0xf9555cb919b50093 x9: 0x0000000000000000 x10: 0x0000000000000054 x11: 0x0000000000000000\n\t x12: 0xfffffe002477dfc8 x13: 0x0000000000000001 x14: 0x0000000000000052 x15: 0x0000000000000000\n\t x16: 0x0000020061052ad4 x17: 0x0000000000000001 x18: 0x0000000000000000 x19: 0xfffffe2eaa38d000\n\t x20: 0x0000000000000000 x21: 0xfffffe2eaac676f8 x22: 0x0000000000000020 x23: 0xfffffe2eab90f000\n\t x24: 0x000000001e22b50a x25: 0x0000000000000000 x26: 0x0000000000000000 x27: 0xfffffe2eab90efb4\n\t x28: 0x0000000000003500 fp: 0xfffffe60706d35b0 lr: 0x37a67e002116f050 sp: 0xfffffe60706d3590\n\t pc: 0xfffffe0021310d9c cpsr: 0x60401208 esr: 0xfffffe6096000006 far: 0x0000000000000068\n\nDebugger message: panic\nMemory ID: 0x6\nOS release type: User\nOS version: 24F74\nKernel version: Darwin Kernel Version 24.5.0: Tue Apr 22 19:54:49 PDT 2025; root:xnu-11417.121.62/RELEASE_ARM64_T6000\nFileset Kernelcache UUID: AF6531DB60D1EB2338126CF77682B8DE\nKernel UUID: CBC2F718-53E4-3C8D-BEC7-FB6DDC3318E1\nBoot session UUID: 5457889A-1002-4389-BAE6-A447733EFD78\niBoot version: iBoot-11881.121.1\niBoot Stage 2 version: iBoot-11881.121.1\nsecure boot?: YES\nroots installed: 0\nPaniclog version: 14\nKernelCache slide: 0x0000000018540000\nKernelCache base: 0xfffffe001f544000\nKernel slide: 0x0000000018548000\nKernel text base: 0xfffffe001f54c000\nKernel text exec slide: 0x0000000019ce0000\nKernel text exec base: 0xfffffe0020ce4000\nmach_absolute_time: 0x6ddf85c206\nEpoch Time: sec usec\n Boot : 0x686680ed 0x000c5ab2\n Sleep : 0x68676ff9 0x0005fdc0\n Wake : 0x68677007 0x000d2cfa\n Calendar: 0x68677252 0x00021537\n\nZone info:\n Zone map: 0xfffffe1016000000 - 0xfffffe3616000000\n . VM : 0xfffffe1016000000 - 0xfffffe15e2000000\n . RO : 0xfffffe15e2000000 - 0xfffffe187c000000\n . GEN0 : 0xfffffe187c000000 - 0xfffffe1e48000000\n . GEN1 : 0xfffffe1e48000000 - 0xfffffe2414000000\n . GEN2 : 0xfffffe2414000000 - 0xfffffe29e0000000\n . GEN3 : 0xfffffe29e0000000 - 0xfffffe2fac000000\n . DATA : 0xfffffe2fac000000 - 0xfffffe3616000000\n Metadata: 0xfffffe5e3a010000 - 0xfffffe5e43810000\n Bitmaps : 0xfffffe5e43810000 - 0xfffffe5e4f500000\n Extra : 0 - 0\n\nTPIDRx_ELy = {1: 0xfffffe28ded6aff0 0: 0x0000000000000001 0ro: 0x000000016fd330e0 }\nCORE 0 PVH locks held: None\nCORE 1 PVH locks held: None\nCORE 2 PVH locks held: None\nCORE 3 PVH locks held: None\nCORE 4 PVH locks held: None\nCORE 5 PVH locks held: None\nCORE 6 PVH locks held: None\nCORE 7 PVH locks held: None\nCORE 8 PVH locks held: None\nCORE 9 PVH locks held: None\nCORE 0: PC=0xfffffe0020f2d330, LR=0xfffffe0020f2d368, FP=0xfffffe60717cb460\nCORE 1 is the one that panicked. Check the full backtrace for details.\nCORE 2: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe607167bed0\nCORE 3: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe60725d3ed0\nCORE 4: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe6072bafed0\nCORE 5: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe6072197ed0\nCORE 6: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe60727abed0\nCORE 7: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe6071897ed0\nCORE 8: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe607149bed0\nCORE 9: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe607214bed0\nCompressor Info: 0% of compressed pages limit (OK) and 0% of segments limit (OK) with 0 swapfiles and OK swap space\nPanicked task 0xfffffe1d4729c7a0: 1925 pages, 14 threads: pid 36674: com.TE.TEDataCloak.ne\nPanicked thread: 0xfffffe28ded6aff0, backtrace: 0xfffffe60706d28f0, tid: 743602\n\t\t lr: 0xfffffe0020d432b4 fp: 0xfffffe60706d2980\n\t\t lr: 0xfffffe0020ea52f8 fp: 0xfffffe60706d29f0\n\t\t lr: 0xfffffe0020ea3554 fp: 0xfffffe60706d2ab0\n\t\t lr: 0xfffffe0020cebb98 fp: 0xfffffe60706d2ac0\n\t\t lr: 0xfffffe0020d42b98 fp: 0xfffffe60706d2e90\n\t\t lr: 0xfffffe00215e7388 fp: 0xfffffe60706d2eb0\n\t\t lr: 0xfffffe00215f28e8 fp: 0xfffffe60706d30c0\n\t\t lr: 0xfffffe0020ea5154 fp: 0xfffffe60706d3160\n\t\t lr: 0xfffffe0020ea36c8 fp: 0xfffffe60706d3220\n\t\t lr: 0xfffffe0020cebb98 fp: 0xfffffe60706d3230\n\t\t lr: 0xfffffe002116f050 fp: 0xfffffe60706d35b0\n\t\t lr: 0xfffffe002116f050 fp: 0xfffffe60706d3730\n\t\t lr: 0xfffffe002116de88 fp: 0xfffffe60706d3780\n\t\t lr: 0xfffffe0021180174 fp: 0xfffffe60706d3810\n\t\t lr: 0xfffffe002117ea94 fp: 0xfffffe60706d38d0\n\t\t lr: 0xfffffe002117d69c fp: 0xfffffe60706d3a30\n\t\t lr: 0xfffffe0021281400 fp: 0xfffffe60706d3a80\n\t\t lr: 0xfffffe00213146dc fp: 0xfffffe60706d3c10\n\t\t lr: 0xfffffe0021324ff8 fp: 0xfffffe60706d3d00\n\t\t lr: 0xfffffe0021325580 fp: 0xfffffe60706d3de0\n\t\t lr: 0xfffffe00213edc24 fp: 0xfffffe60706d3e50\n\t\t lr: 0xfffffe0020ea35dc fp: 0xfffffe60706d3f10\n\t\t lr: 0xfffffe0020cebb98 fp: 0xfffffe60706d3f20\n\t\t lr: 0xfffffe0020cebb60 fp: 0x0000000000000000\n\nlast started kext at 3810289154: com.apple.filesystems.smbfs\t6.0 (addr 0xfffffe00200f68e0, size 111737)\nloaded kexts:\ncom.paragon-

Hi all, I’m developing a companion iOS app that connects to a device-created Wi-Fi hotspot to transfer videos or other files WebSocket. The challenge is: once the iPhone connects to this hotspot, it loses internet access because iOS routes all traffic through Wi-Fi. However, I’d like to keep the iPhone’s cellular data active and usable while staying connected to the local hotspot — so the app can access cloud APIs, or the user can continue using other apps that require internet access. I understand that iOS prioritizes Wi-Fi over cellular, but are there any supported workarounds or patterns (e.g., MFi programs, local-only Wi-Fi access, NEHotspotConfiguration behavior, etc.) that : • Using Wi-Fi only for local communication; • cellular to remain active for internet access. Any insights or Apple-recommended best practices would be greatly appreciated — especially any official references regarding MFi Accessory setup or NEHotspotConfiguration behavior in this context. Thanks in !