Hi everyone, I have a question regarding the intended privacy limits of the DeviceActivityReportExtension. According to the documentation and the WWDC21 session "Meet the Screen Time API", this extension was created specifically to prevent the host application from accessing the user's underlying activity data (websites visited, app usage, screen time, etc). But I have found that my host app is actually able to reconstruct this raw activity data from the activity report. I am able to extract specific visited websites and app usage durations back into the main app. I reported this to Apple Security (Case ID: OE1100504480881 ), assuming it was a sandbox bypass. However, they closed the ticket stating that this is "expected behavior" and requires no fix. My question for Screen Time Engineers: Is the documentation incorrect? If my host app is expected to be able to read this data, is there a formal API we should be using instead of extracting it from the report extension? The current behavior contradicts the privacy limits described in the documentation, so I am confused if I should rely on this data access for my app features or if it will be patched later. Thanks.

I haven’t been able to get this to work at any level! I’m running into multiple issues, any light shed on any of these would be nice: I can’t implement a bloom filter that produces the same output as can be found in the SimpleURLFilter sample project, after following the textual description of it that’s available in the documentation. No clue what my implementation is doing wrong, and because of the nature of hashing, there is no way to know. Specifically: The web is full of implementations of FNV-1a and MurmurHash3, and they all produce different hashes for the same input. Can we get the proper hashes for some sample strings, so we know which is the “correct” one? Similarly, different implementations use different encodings for the strings to hash. Which should we use here? The formulas for numberOfBits and numberOfHashes give Doubles and assign them to Ints. It seems we should do this conversing by rounding them, is this correct? Can we get a sample correct value for the combined hash, so we can verify our implementations against it? Or ignoring all of the above, can we have the actual code instead of a textual description of it? 😓 I managed to get Settings to register my first attempt at this extension in beta 1. Now, in beta 2, any other project (including the sample code) will redirect to Settings, show the Allow/Deny message box, I tap Allow, and then nothing happens. This must be a bug, right? Whenever I try to enable the only extension that Settings accepted (by setting its isEnabled to true), its status goes to .stopped and the error is, of course, .unknown. How do I debug this? While the extension is .stopped, ALL URL LOADS are blocked on the device. Is this to be expected? (shouldFailClosed is set to false) Is there any way to manually reload the bloom filter? My app ships blocklist updates with background push, so it would be wasteful to fetch the filter at a fixed interval. If so, can we opt out of the periodic fetch altogether? I initially believed the API to be near useless because I didn’t know of its “fuzzy matching” capabilities, which I’ve discovered by accident in a forum post. It’d be nice if those were documented somewhere! Thanks!!

Hello, I am using CLLocationManager to monitor multiple CLBeaconRegion instances (up to 20). When the app is terminated by the system (not force-quit) and a region enter event occurs, the app is relaunched in the background. I have two questions: What is the expected execution time window after relaunch before the app is suspended again? Is it supported to start short CoreBluetooth operations (e.g., scanning or connecting briefly) within this window? I understand that force-quitting the app disables background relaunch, so this question applies only to system-terminated apps.

We are developing an iOS application that requires NFC-based communication using ISO 7816 / ISO 14443 standards for secure element interaction as part of a card provisioning workflow. We would like clarification on the following points: Is it possible to provision a payment card or securely add a card to an NFC-enabled device using direct ISO 7816 APDU communication via NFCTagReaderSession? If not, is Apple Pay In-App Provisioning (PassKit framework) the only supported approach for enabling contactless payment functionality on iPhone? What specific entitlements are required if the use case involves secure element communication for token provisioning (not bypassing Apple Pay)? We have already requested the relevant NFC entitlements through our Apple Developer account and are awaiting a response. Any guidance on the correct architecture and approval requirements would be greatly appreciated. Thank you in advance for your support.

https://developer.apple.com/documentation/DeclaredAgeRange/AgeRangeService/isEligibleForAgeFeatures returns a bool. I assume that means that it will return True for the states where their laws are in effect. The TX law and the UT/LA/AZ laws have different requirements though: TX requires the app verify the user's age on every app launch. These other states require the app verify the user's age "no more than once during each 12-month period" A future law (Brazil maybe?) might do something else. How can we determine if the user is eligible for the TX versus other state requirements?

Hello Apple Developer Support Team, We are developing an iOS iPhone application and would like clarification on whether Apple provides any APIs or system-level support to implement parental approval workflows aligned with certain regional regulatory requirements (for example, Texas, Utah, and Louisiana). Our intended use cases are outlined below: Initial Approval (App Download Stage) We understand that, in some situations, when a minor attempts to download an app from the App Store on iPhone, iOS may require approval through Family Sharing / Ask to Buy. We would like to confirm: • Whether there is any developer-accessible API that allows an iPhone app to detect if installation was approved via parental consent. • Whether apps can receive any callback, status indicator, or system signal confirming parental approval or rejection. • Whether the Declared Age Range API or any related framework provides access to parental approval or age verification signals. Ongoing Approval for Significant Changes For regulatory compliance, we may need to request parental re-approval when introducing significant application updates (for example, adding chat functionality, social interaction features, or modifying data collection practices). We would like clarification on: • Whether iOS provides any mechanism or API that allows iPhone apps to trigger or request parental re-approval after the application has already been installed. • Whether Apple provides any built-in workflows, system prompts, or entitlement-based approaches that support this type of re-approval process. In-App Handling of Parent Approval Requirements If our backend determines that a minor user requires parental approval before continuing to use certain app features, we would like to understand: • Whether Apple provides any APIs, SDKs, or recommended frameworks that allow initiating or facilitating parental authorization from within the iPhone app. • Whether there are any callbacks, permission states, entitlement checks, or system notifications that developers can use to determine and track parental consent status. If any such capabilities exist, we would greatly appreciate links to official documentation, technical guidance, or sample implementations demonstrating how approval status can be retrieved and handled in an iOS iPhone application. Also from which iOS version this capabilities will work & how to handle lower iOS version which is not supporting. Additionally, if Apple recommends alternative compliance approaches using existing frameworks such as Family Sharing, Screen Time APIs, or Declared Age Range, we would appreciate guidance on best practices for implementation. Also, could you please clarify the minimum iOS version that supports these capabilities? We would also appreciate recommendations on how developers should manage or implement fallback handling for devices running lower iOS versions where these capabilities are not supported. Thank you for your assistance and guidance in ensuring compliance with Apple platform policies and regional regulatory requirements. Kind regards

Hello, I would like to discuss the behavior of the expiration of NFCPresentmentIntentAssertion (test in iOS 18.5). In the documentation we have : The intent assertion expires if any of the following occur: The intent assertion object deinitializes Your app goes into the background 15 seconds elapse BUT; in fact ; only the 1st rule is applied. The expiration seems to be random after the usage of CardSession and that's difficult to give to the user a good experience. Has someone faced the same kind of issue; or can give an explanation? Regards, François

Hello, Our team submitted a request for Family Controls entitlements for our main app and four related extensions. It has now been a little over two weeks since submission, and the request is still pending review. We wanted to check if there are any recommended steps we can take on our end to help move the process forward. Any guidance or tips from anyone who have recently gone through this process would be greatly appreciated. Thank you.

Hi, Submitted Family Controls entitlement request a month ago for my main focus app, got approved within a day. Submitted 3 more requests for my extensions, and it has been 16 days without any word. Saw advice to file a code-level support with DTS in this similar forum: https://developer.apple.com/forums/thread/812934 Is there anything else I can do before filing a code-level support? Any extra info to provide? If not, can a DTS engineer please refer me for the code-level support? Thanks!

We are experiencing an issue where Apple’s CDN is not fetching the updated apple-app-site-association (AASA) file correctly for our domain. Domain - app.myloft-stage.com AASA File Locations (Both Return Correct JSON): https://app.myloft-stage.com/.well-known/apple-app-site-association https://app.myloft-stage.com/apple-app-site-association Both endpoints: Return HTTP 200 Return valid JSON Content-Type: application/json No redirects Valid SSL certificate JSON validated and correctly formatted Apple CDN URL - https://app-site-association.cdn-apple.com/a/v1/app.myloft-stage.com Error Returned by Apple CDN - {"cause":"invalid character '\u003c' looking for beginning of value"} This error indicates that Apple CDN is receiving HTML content (starting with <) instead of JSON, even though the origin server returns proper JSON. Observations : Direct access to AASA file returns correct JSON. Apple CDN appears to be caching an older or incorrect response. The CDN response does not match the current server response. Universal Links fail due to this incorrect AASA retrieval.

Our app supports UIScene. As a result, launchOptions in application(_:didFinishLaunchingWithOptions:) is always nil. However, the documentation mentions that UIApplication.LaunchOptionsKey.location should be present when the app is launched due to a location event. Given that our app is scene-based: How can we reliably determine whether the app was launched due to a location update, geofence, or significant location change? Is there a recommended pattern or API to detect this scenario in a Scene-based app lifecycle? This information is critical for us to correctly initialize location-related logic on launch. Relevant documentation: https://developer.apple.com/documentation/corelocation/cllocationmanager/startmonitoringsignificantlocationchanges()

We have an app that controls InDesign Desktop and InDesignServer via hundreds of AppleScripts. Some macOS security updates a while back dictated that we start communicating with other apps via ScriptingBridge. We couldn't afford to convert the hundreds of AppleScripts into direct ScriptingBridge nomenclature, so we opted to keep them as is and instead tell the external apps to: [app doScript:<the script text> language:InDesignScLgApplescriptLanguage withArguments:nil undoMode:InDesignESUMScriptRequest undoName:@"blah"] There are a handful of scripts that we did convert to direct ScriptingBridge. There are times (and under the right circumstances, it's repeatable) when a certain script will have run perfectly dozens of times, and then it will throw errOSAInternalTableOverflow. We create a new SBApplication for every job (which could be a single instance of Desktop or the multiple instances of Server). Why is this error happening seemingly randomly? Is there anything we can do to work around or prevent this?

Rosetta 2 Deadlock on M4 Pro January 2026 Blizzard update causes a deadlock in Rosetta 2 on M4 chips. CodeWeavers (the developer of CrossOver) has analyzed the issue and identified it as a Rosetta translation failure, not a CrossOver application-level bug. Hardware: M4 Pro Mac Book Pro System: Tahoe 26.2 Impacted Software: CrossOver 25.1.1 Diablo II: Resurrected

My team is developing an enterprise VPN application that needs to respond to Mobile Device Management (MDM) profile installations and removals in real-time. Our app uses the NetworkExtension framework and needs to update the UI immediately when VPN configurations are added or removed via MDM. We are currently observing NEVPNConfigurationChangeNotification to detect VPN configuration changes: While NEVPNConfigurationChangeNotification fires reliably when users manually remove VPN profiles through Settings > General > VPN & Device Management, it appears to have inconsistent behavior when MDM profiles containing VPN configurations are installed programmatically via MDM systems. STEPS TO REPRODUCE From MDM Admin Console: Deploy a new VPN profile to the test device On Device: Wait for MDM profile installation (usually silent, no user interaction required) Check Device Settings: Go to Settings > General > VPN & Device Management to confirm profile is installed Return to App: Check if the UI shows the new VPN profile

Dear Apple Support Team, Thank you for your continued support. I would like to inquire about the behavior of CallKit. Our company provides an office PBX extension phone application (iPhone app). When the iPhone is placed into sleep mode (screen off) and our app receives an incoming call, the following sequence sometimes results in an audio playback panel appearing at the bottom of the lock screen for a few seconds after the call ends(See attachment file for detail). Sequence to reproduce the issue: Put the iPhone into sleep mode (screen off). Receive an incoming call to our extension phone app. CallKit incoming call screen appears. Answer the call. Conduct the call. End the call from the peer. iOS versions with confirmed behavior: iOS 26.0: Not observed. iOS 26.2: Observed. iOS 26.3: Not observed. This behavior does not affect the call functionality itself; however, some users report that the temporary appearance of the audio playback panel feels unusual. If there is any known reason for this behavior or any recommended workaround, we would greatly appreciate your guidance. Additionally, if this is a known issue that was addressed in iOS 26.3, we would appreciate any information you can provide regarding that as well. Thank you very much for your assistance.

Hi, I've now identified a few areas when BGContinuedProcessingTask gets expired by the system no progress for ~30 seconds high CPU usage high temperature Some of these I can preempt and expire preemptively and handle the notification, others I cannot and just need to let the failure bubble up. When the failure does bubble up, I'd like to update the title and subtitle. I'm able to update the title, but the subtitle is fixed at "Task Failed" Is there any workaround? Or shall I file a bug here?

I have been toying around with the URL filter API, and now a few installed configurations have piled up. I can't seem to remove them. I swear a few betas ago I could tap on one and then delete it. But now no tap, swipe, or long press does anything. Is this a bug?

In didFinishLaunchingWithOptions I have this setup for getting the token to send to my server for notifications. The issue is that the delegate callback didRegisterForRemoteNotificationsWithDeviceToken gets called twice when also initializing a CKSyncEngine object. This confuses me. Is this expected behavior? Why is the delegate callback only called twice when both are called, but not at all when only using CKSyncEngine. See code and comments below. /// Calling just this triggers `didRegisterForRemoteNotificationsWithDeviceToken` once. UIApplication.shared.registerForRemoteNotifications() /// When triggering the above function plus initializing a CKSyncEngine, `didRegisterForRemoteNotificationsWithDeviceToken` gets called twice. /// This somewhat make sense, because CloudKit likely also registers for remote notifications itself, but why is the delegate not triggered when *only* initializing CKSyncEngine and removing the `registerForRemoteNotifications` call above? let syncManager = SyncManager() /// Further more, if calling `registerForRemoteNotifications` with a delay instead of directly, the delegate is only called once, as expected. For some reason, the delegate is only triggered when two entities call `registerForRemoteNotifications` at the same time? DispatchQueue.main.asyncAfter(deadline: .now() + 4) { UIApplication.shared.registerForRemoteNotifications() } func application(_ application: UIApplication, didRegisterForRemoteNotificationsWithDeviceToken deviceToken: Data) { print("didRegisterForRemoteNotificationsWithDeviceToken") }

There is a warning message displays in my itune connect's In App Purchase page but there is nothing highlighted in the table. This is very stange. Is there anyone having the same problem? Or can anyone help?

I am encountering an issue where the Lock Screen Quick Action fails to visibly open my app. My app is a camera application that utilizes a CameraCaptureIntent to launch a standalone, lightweight camera view (accessible while the device is locked), distinct from the main application. Steps to Reproduce: Open the lightweight camera view using the Lock Screen Quick Action. From this view, launch the Main App. Lock the iPhone (put it to sleep). Attempt to launch the lightweight camera view via the Quick Action again. A slight animation occurs, but the camera view does not appear on screen. After multiple tests, it seems the view is actually launching but remains in an "invisible state." I suspect that the system hides the lightweight camera view when transitioning to the Main App, but fails to reset this hidden state when the Quick Action is triggered subsequently. I would appreciate any guidance on a potential workaround or confirmation if this is a known issue awaiting a system update.