Hello, I am the developer of an app called one sec which helps users to spend less time on social media: https://one-sec.app Therefore, we make heavy use of the Screen Time API, and thus ManagedSettings and ShieldActionDelegate. One feature of one sec is the so-called “Doom Scroll Emergency Brake”. This blocks a target app after a certain usage threshold (e.g. 5 minutes) and requires going through an intervention (e.g. breathing exercise) to unlock more time. That added friction makes it very effective in reducing time spent on apps. One thing that is confusing for our users is the way they are prompted to unlock more time, if they want to. They have to: Have Push Notifications enabled for one sec Exempt one sec’s notifications from being delayed by AI prioritization (otherwise they are delayed by ca. 10s) Ensure that push notifications can be delivered during foci. Understand that they have to tap on the notification, which is not very straight-forward because it does not make sense from the user’s UX perspective. This is an artificial limitation of Apple’s screen time framework which has no reason (no security / privacy implications here…). Screenshots of the current flow attached. If would be much more reasonable if there was a new ShieldActionResponse.openParentApp value that can be returned from the completion handler of the ShieldActionDelegate.handle(…) callback. We have seen different apps use private API to achieve this, but we are afraid to do the same to avoid getting banned from the App Store. It would be fair if Apple would level the playground for all apps and offer such an API officially. – Frederik PS: Tracked under FB22347946, FB18846650, FB15500681, FB15079668, FB10393561 (all without responses so far…)

We are developing an MDM agent app that uses FamilyControls with .individual authorization to enforce Screen Time restrictions (app blocking, domain blocking via ManagedSettingsStore and DeviceActivityCenter). The Problem We are actively subscribing to AuthorizationCenter.shared.$authorizationStatus to detect authorization changes. However, when the user revokes the app's FamilyControls authorization through Settings (either via Settings > Screen Time > Apps With Screen Time Access, or Settings > Apps > [Our App]), the publisher does not emit any value. All ManagedSettingsStore restrictions are lifted immediately by the system, but our app receives no notification of this change. The only scenario where the publisher reliably emits is when a debugger is attached (i.e., running directly from Xcode). Without the debugger, the publisher is completely silent — even when the app returns to foreground. Code Example We tried subscribing directly to AuthorizationCenter.shared.$authorizationStatus with no intermediary, exactly as shown in the documentation: AuthorizationCenter.shared.$authorizationStatus .sink { status in print("[DIRECT] authorizationStatus emitted: \(status)") } .store(in: &cancellables) This subscription is set up at app launch and stored in cancellables. The result is the same — the publisher does not emit when the user revokes authorization in Settings without a debugger attached. Documentation Reference The documentation for authorizationStatus states: "The status may change due to external events, such as a child graduating to an adult account, or a parent or guardian changing the status in Settings." And: "The system sets this property only after a call to requestAuthorization(for:) succeeds. It then updates the property until a call to revokeAuthorization(completionHandler:) succeeds or your app exits." This suggests the publisher should emit when the status is changed via Settings, but in our testing it does not — unless a debugger is attached. What We Verified We tested with a development-signed build (which includes the com.apple.developer.family-controls entitlement), launched from Xcode, then disconnected the debugger, killed the app, and relaunched from the home screen. Scenario Publisher emits on revocation? Running from Xcode (debugger attached) Yes, immediately Development-signed build (no debugger) No — silent even on foreground return We also confirmed: MDM configuration profiles can disable Screen Time entirely, but cannot restrict the per-app authorization toggle — the user can always freely revoke the app's Screen Time access The Security Gap This creates a significant gap for parental controls use cases: User leaves the app (app goes to background) User goes to Settings and disables Screen Time access for the app All restrictions are immediately lifted User uses the device freely User re-enables Screen Time access and opens the app Everything syncs back to normal — administrator never knows Questions Is there any supported mechanism to receive a notification (background or foreground) when FamilyControls individual authorization is revoked? We are subscribing to AuthorizationCenter.shared.$authorizationStatus but it does not emit. Is the $authorizationStatus publisher expected to work only when a debugger is attached? Is this a known limitation or a bug? Can DeviceActivityMonitor extension detect authorization revocation? Based on documentation it appears limited to schedule/threshold events, but we haven't confirmed this. Is there a planned API improvement to address this gap? Environment iOS 26.2 Xcode 26.3 Swift 6.2.4 FamilyControls .individual authorization Related Threads Screen time API can be disabled easily Changing Screen Time Passcode does not protect apps

I am planning a Core Data migration for a macOS app targeting macOS 12 and later and I would appreciate guidance on structuring the rollout to minimise risk. Context The app currently uses a SQLite store located at: ~/Library/Containers/com.company.AppName/Data/Library/Application Support/AppName I want to: Relocate the persistent store to an app group container: ~/Library/Group Containers/group.com.company.AppName Perform schema migration, including: Renaming attributes Deleting attributes Using a custom NSEntityMigrationPolicy subclass Adopt iCloud sync using NSPersistentCloudKitContainer Potentially leverage staged migration (macOS 14+) Additionally, I intend to port the app to iOS, so the end state needs to support an app group container and CloudKit with the latest schema from the outset. Questions Store relocation vs schema migration Is it advisable to perform store relocation and schema migration in a single step, or should these be separate releases? If combined, are there pitfalls when moving the SQLite file and running a migration in the same launch cycle? Custom migration policy Any best practices for structuring NSEntityMigrationPolicy when also relocating the store? Should migration policies assume the store has already been moved, or handle both concerns? Staged migration (macOS 14+) Is staged migration worth adopting when still supporting macOS 12–13? Would you gate it conditionally, or avoid it entirely for consistency? CloudKit adoption Is introducing NSPersistentCloudKitContainer in the same release as the above migrations too risky? Are there known issues when enabling CloudKit immediately after a migration? Release strategy Would you recommend: A single release handling everything Two phases: (1) store & schema migration, (2) CloudKit Or three phases: store relocation → schema migration → CloudKit Goal I want a smooth, reliable transition without data loss or duplication, particularly for existing users with non-trivial datasets. Any insights, practical experience, or recommended sequencing strategies would be very helpful.

I'm implementing a NEDNSProxyProvider on macOS 15.x and macOS 26.x. The flow works correctly up to the last step — returning the DNS response to the client via writeDatagrams. Environment: macOS 15.x, 26.x Xcode 26.x NEDNSProxyProvider with NEAppProxyUDPFlow What I'm doing: override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool { guard let udpFlow = flow as? NEAppProxyUDPFlow else { return false } udpFlow.readDatagrams { datagrams, endpoints, error in // 1. Read DNS request from client // 2. Forward to upstream DNS server via TCP // 3. Receive response from upstream // 4. Try to return response to client: udpFlow.writeDatagrams([responseData], sentBy: [endpoints.first!]) { error in // Always fails: "The datagram was too large" // responseData is 50-200 bytes — well within UDP limits } } return true } Investigation: I added logging to check the type of endpoints.first : // On macOS 15.0 and 26.3.1: // type(of: endpoints.first) → NWAddressEndpoint // Not NWHostEndpoint as expected On both macOS 15.4 and 26.3.1, readDatagrams returns [NWEndpoint] where each endpoint appears to be NWAddressEndpoint — a type that is not publicly documented. When I try to create NWHostEndpoint manually from hostname and port, and pass it to writeDatagrams, the error "The datagram was too large" still occurs in some cases. Questions: What is the correct endpoint type to pass to writeDatagrams on macOS 15.x, 26.x? Should we pass the exact same NWEndpoint objects returned by readDatagrams, or create new ones? NWEndpoint, NWHostEndpoint, and writeDatagrams are all deprecated in macOS 15. Is there a replacement API for NEAppProxyUDPFlow that works with nw_endpoint_t from the Network framework? Is the error "The datagram was too large" actually about the endpoint type rather than the data size? Any guidance would be appreciated. :-))

Hello, I am developing a URL traffic filtering system. I’ve set up a PIR server following this guide: https://aninterestingwebsite.com/documentation/networkextension/setting-up-a-pir-server-for-url-filtering According to this WWDC25 video, it appears that I need to use an OHTTP Gateway: https://aninterestingwebsite.com/videos/play/wwdc2025/234/ So, I developed an OHTTP Gateway and verified it using a test client. Following that, I built the app and installed it on a test iPhone based on this sample: https://aninterestingwebsite.com/documentation/networkextension/filtering-traffic-by-url However, I cannot find any settings related to the OHTTP URL within this sample. How should I proceed with the OHTTP configuration in this case? Thank you.

Since updating the OS to 26.4, the app has been crashing more often after I launch it. The devices on which this issue has been confirmed are as follows: ・iPhone SE (2nd generation) ・9th-generation iPad ・8th-generation iPad ・5th-generation iPad mini We have confirmed that the application functions properly on all devices prior to the OS update.

The M5 Pro does not connect to the Wi-Fi AP using RADIUS when NetworkExtension Activiate. The M1 and M2 Pro worked, but only the M5 Pro MacBook Pro did not work. If you deactivate NetworkExtension, it connects to the AP, and afterwards, it works even if you activate NetworkExtension.

Hi, Regarding the Brazil Digital ECA (DECA) requirements, which became effective on March 17, 2026. Following the guidance for regulated regions, we have been testing the eligibility check with the iOS 26.4 release. We previously confirmed that isEligibleForAgeFeatures was returning true for users in the Brazil region, which allowed us to verify our age-gating implementation. A few questions follow on this eligibility check: We have observed in manual testing that specific devices which returned true as recently as March 23rd are now returning false today, despite no changes to the OS build or account settings. Does this indicate a change in the server-side eligibility heuristics? Why would isEligibleForAgeFeatures stop returning true for a region where the law is now in force? Has the guidance on how to evaluate these properties for Brazil changed with the transition to the stable 26.4 release? Thank you!

I’m prototyping a personal-use system that lets an iPhone with a physically attached controller act as an input device for a Mac. End goal: Use the iPhone as the transport and sensor host Use the attached physical controller for buttons/sticks Map the iPhone gyroscope to the controller’s right stick to get gyro aim in Mac games / cloud-streamed games such as GeForce NOW that don't support the gyro. What I’m trying to understand is whether Apple supports any path for this on macOS that does NOT require restricted entitlements or paid-program-only capabilities. What I’ve already found: CoreHID virtual HID device creation appears to require com.apple.developer.hid.virtual.device HIDDriverKit / system extensions appear to require Apple-granted entitlements as well GCVirtualController does not seem to solve the problem because I need a controller-visible device that other apps can see, not just controls inside my own app So my concrete question is: Is there any supported, entitlement-free way for a personal macOS app to expose a game-controller-like input device that other apps can consume system-wide? If not, is the official answer that this class of solution necessarily requires one of: CoreHID with restricted entitlement HIDDriverKit/system extension entitlement some other Apple-approved framework or program I’m missing I’m not asking about App Store distribution. This is primarily for local/personal use during development. I’m trying to understand the supported platform boundary before investing further. Any guidance on the recommended architecture for this use case would be appreciated.

Is there a way to trigger the start of my app (just for a short time) when the iPhone is connected to CarPlay (and/or to a car via bluetooth). I could not find anything. I don´t want to apply for CarPlay as I have no intention to show something on the cars screen. Any even small tipp is welcome

In an iOS App that uses CKShare I have a many-to-many relationship that does not consistently sync between the share's N participants. The relationship is between Group and Player as group.players and player.groups. As an example, given 3 group each with 4 players (aka 4:4:4), some devices show CoreData (it is NOT a UI issue) with 4:2:3 or 3:4:4. (A deletion of CoreData from a device, forcing a full re-sync from CloudKit, seems to populate the group:player relationships consistently; but obviously that is impractical to resolving the issue). How do I avoid these sync-from-CloudKit inconsistencies? Note: AI agents generally suggest adding a CoreData 'join' entity - such as 'GroupPlayer'. Is that THE fix?

how to disable streamline purchasing, when I click turn off, it show error Streamlined purchasing cannot be turned off because your latest approved binary doesn’t include the required StoreKit APIs My app has subscribe button to click before start to use though not need to login, chatgpt had done the store kit and subscription part, do not understand why it can not turn off streamlined purchasing

After updating Xcode and SDK to 26.4, I'm now getting an concurrency error when trying to update or end live activities with the following code that built successfully before: // Get list of active activities let allActivities = Activity<ArbeitszeitWidgetAttributes>.activities // Cancel all active activities Task { for activity in allActivities { await activity.end(nil, dismissalPolicy: .immediate) } } Sending 'activity' risks causing data races. Sending main actor-isolated 'activity' to @concurrent instance method 'update' risks causing data races between @concurrent and main actor-isolated uses I'm currently using nonisolated(unsafe) let activity = activity await activity.end(nil, dismissalPolicy: .immediate) to get it to compile again. What's the best approach here?

[EDIT: Please ignore. Will delete in a second] Transaction.currentEntitlements is returning the complete history of transactions on a subscription product. I have a program with an In-App Purchase for a monthly subscription. I am testing with a local StoreKit file in Xcode. I configured the StoreKit test file to update every minute. When the program starts, I retrieve the current transactions from StoreKit to see if there is an active subscription. for await verificationResult in Transaction.currentEntitlements { guard case .verified(let transaction) = verificationResult else { continue } // update status for subscriptions This morning's testing is showing transactions for all transactions, both current and past. The current subscription renewal is sent plus all the past renewals that have expired. I thought in my previous testing that only one transaction (i.e., the latest/current) was sent per Product ID. Is this (all subscription transactions) the expected behavior, or should I file a bug report? Example debug output from Transaction.currentEntitlements loop (top transaction is the current one, but past expired ones are provided too; "DEBUG CURRENT ----" separates individual transactions): DEBUG CURRENT: getCurrentEntitlements BEGIN DEBUG CURRENT ---- DEBUG CURRENT: for product pro.monthly DEBUG CURRENT: Verified Reason: Renewal DEBUG CURRENT: Ownership: Purchased DEBUG CURRENT: Purchases: is good DEBUG CURRENT: signed date: 2026-03-26 17:37:12 +0000 DEBUG CURRENT: purchase date: 2026-03-26 17:36:24 +0000 DEBUG CURRENT: environment: Environment(rawValue: "Xcode") DEBUG CURRENT: store front: Storefront(countryCode: "USA", id: "143441", localeStorage: en_US (fixed en_US)) DEBUG CURRENT ---- DEBUG CURRENT: for product pro.monthly DEBUG CURRENT: Verified Reason: Renewal DEBUG CURRENT: Ownership: Purchased DEBUG CURRENT: Expired 2026-03-26 17:36:24 +0000 DEBUG CURRENT: signed date: 2026-03-26 17:35:25 +0000 DEBUG CURRENT: purchase date: 2026-03-26 17:35:24 +0000 DEBUG CURRENT: environment: Environment(rawValue: "Xcode") DEBUG CURRENT: store front: Storefront(countryCode: "USA", id: "143441", localeStorage: en_US (fixed en_US)) DEBUG CURRENT ---- DEBUG CURRENT: for product pro.monthly DEBUG CURRENT: Verified Reason: Renewal DEBUG CURRENT: Ownership: Purchased DEBUG CURRENT: Expired 2026-03-26 17:35:24 +0000 DEBUG CURRENT: signed date: 2026-03-26 17:34:25 +0000 DEBUG CURRENT: purchase date: 2026-03-26 17:34:24 +0000 DEBUG CURRENT: environment: Environment(rawValue: "Xcode") DEBUG CURRENT: store front: Storefront(countryCode: "USA", id: "143441", localeStorage: en_US (fixed en_US))

We are seeing an issue after updating iPads to iPadOS 26.4 where cellular service is lost until network settings are reset. Environment: Devices managed via Apple Business Manager and Microsoft Intune Carrier: Verizon Confirmed affected devices: iPad (9th generation) eSIM Behavior: After update, device shows no cellular service No prompt to re-activate or re-add the cellular plan The plan appears to still be present on the device Workaround observed: Resetting Network Settings restores service Notes: This does not appear to be a provisioning issue (no need to re-add eSIM) Behavior suggests the cellular/eSIM state may not be initializing correctly after update Toggling Cellular or Airplane mode has not yet been tested for service restoration. We have not yet confirmed whether devices using a physical SIM are affected Still gathering data on scope across additional iPad models Additional observation: We have not observed this behavior on iPhones (e.g., iPhone 16 on iOS 26.4 with LTE remains unaffected) Has anyone else observed similar behavior on iPadOS 26.4, particularly on managed devices or eSIM configurations?

After implementing the new structured concurrency API's for Network framework, we are noticing a few memory leaks in the Network framework when using API's like onViabilityUpdate and onBetterPathUpdate. Whenever a previously established connection is disconnected, the NWConnection object is never released by the Network framework when we use the 2 API's mentioned. Irrespective of what goes inside these handlers(or leave it empty), the connection object is leaking. If I comment out the handlers, there is no memory leak. Posting this here in the forum to understand if others have encountered similar issues and found a workaround? Raised a feedback assistant request with all the details and a sample app here: FB22339653

Hello, I’m facing an issue with StoreKit where no products are returned in Sandbox. Context: App: SylvoY (Bundle ID: fr.sylvoy.app) Product ID: sylvoy_sylvoy_premium_v2_monthly Type: auto-renewable subscription Build: TestFlight 1.0.16 (Build 20) Device: physical iPhone Environment: Sandbox account Setup: Paid Applications Agreement: Active Banking & Tax: Active Product status: Ready to Submit Product is linked to the current TestFlight build Issue: When fetching products using StoreKit, the returned array is empty: productsCount = 0 products = [] Expected: Product metadata (price, description) should be returned. Actual: No products are returned at all. Additional info: Product identifier is correct Tested on real device (not simulator) Installed via TestFlight Sandbox account properly configured This issue is currently blocking validation of the subscription flow before release. DTS Case-ID: 18968852 (redirected here) Any help would be appreciated.

Hello, How does macOS handle coexistence between multiple Transparent Proxy providers from different vendors if their network rules overlap and one provider modifies the traffic? Thank you in advance!

Hello, Is it possible for a Network Extension (running in its sandbox) to act as a client for an XPC service hosted by a Launch Daemon (e.g., to offload data processing)? Are there any specific sandbox restrictions or entitlement requirements for this type of XPC communication? Thank you in advance!

I have a macOS VPN app with a Network Extension (packet tunnel provider) distributed outside the App Store via Developer ID. Everything works perfectly when running from Xcode. After archiving and exporting for Developer ID distribution, the extension launches but immediately gets killed by nesessionmanager. The error: Signature check failed: code failed to satisfy specified code requirement(s) followed by: started with PID 0 status changed to disconnected, last stop reason Plugin failed What makes this interesting: the extension process does launch. AMFI approves it, taskgated-helper validates the provisioning profile and says allowing entitlement(s) due to provisioning profile, the sandbox is applied, PacketTunnelProvider is created — but then Apple's Security framework internally fails the designated requirement check and nesessionmanager kills the session. Key log sequence: taskgated-helper: Checking profile: Developer ID - MacOS WireGuardExtension taskgated-helper: allowing entitlement(s) for com.xx.xx.WireGuardNetworkExtension due to provisioning profile (isUPP: 1) WireGuardNetworkExtensionMac: AppSandbox request successful WireGuardNetworkExtensionMac: creating principle object: PacketTunnelProvider WireGuardNetworkExtensionMac: Signature check failed: code failed to satisfy specified code requirement(s) nesessionmanager: started with PID 0 error (null) nesessionmanager: status changed to disconnected, last stop reason Plugin failed Setup: macOS 15, Xcode 16 Developer ID Application certificate Manual code signing, Developer ID provisioning profiles with Network Extensions capability Extension in Contents/PlugIns/ (standard appex, not System Extension) Extension entitlement: packet-tunnel-provider-systemextension NSExtensionPointIdentifier: com.apple.networkextension.packet-tunnel codesign --verify --deep --strict PASSES on the exported app Hardened runtime enabled on all targets What I've verified: Both app and extension have matching TeamIdentifier Both are signed with the same Developer ID Application certificate The designated requirement correctly references the cert's OIDs The provisioning profiles are valid and taskgated-helper explicitly approves them No custom signature validation code exists in the extension — the "Signature check failed" comes from Apple's Security framework What I've tried (all produce the same error): Normal Xcode archive + export (Direct Distribution) Manual build + sign script (bypassing Xcode export entirely) Stripping all signatures and re-signing from scratch Different provisioning profiles (freshly generated) Comparison with official WireGuard app: I noticed the official WireGuard macOS app (which works with Developer ID) uses packet-tunnel-provider (without -systemextension suffix) in its entitlements. My app uses packet-tunnel-provider-systemextension. However, I cannot switch to the non-systemextension variant because the provisioning profiles from Apple Developer portal always include the -systemextension variants when "Network Extensions" capability is enabled, and AMFI rejects the mismatch. Questions: Is there a known issue with packet-tunnel-provider-systemextension entitlement + PlugIn-based Network Extension + Developer ID signing? Should the extension be using packet-tunnel-provider (without -systemextension) for Developer ID distribution? If so, how do I get a provisioning profile that allows it? The "Signature check failed" happens after taskgated-helper approves the profile — what additional code requirement check is the NE framework performing, and how can I satisfy it? Any guidance would be appreciated. I've exhausted all signing approaches I can think of.