Hello, I have noticed that the ShieldConfiguration is only requested when opening a target app, and never when the application token is moved to a different shield while the target app remains in foreground. This causes problems because many times the wrong ShieldConfiguration is displayed (recycled) instead of requesting a new ShieldConfiguration. This bug has been around since the introduction of the Screen Time API in 2020 and is has not been addressed. Bug reports: FB14237883 FB17902392 Please fix asap!! Not acceptable to have bugs not being addressed for more than 5 years. Most concerning: This is still reproducing on iOS 26 beta 7!! Thanks a lot for your help.

Hi, In my app, I have an option to remove a contact from a contact group (using the Contacts framework), and it's been working fine till recently users of the macOS version reported that it's not working. I have been using the CNSaveRequest removeMember(contact, from: group) API. The same API works fine on iOS. I'm not sure when it started but it seems to be affecting macOS14.6 as well as 15.1. I was able to reproduce it in a small test project as well, and have the same experience (the API works on iOS but not on macOS), so it definitely seems like a problem with the framework. Can someone confirm this, and/or suggest a workaround? Here's the code I run to test it out ...a simple SwiftUI view that has 4 buttons: Create contact and group Add contact to group Remove contact from group (optional) cleanup by deleting contact and group It's the 3rd step that seems to fail on macOS, but works fine on iOS. Here's the code to test it out: struct ContentView: View { let contactsModel = ContactsStoreModel() var body: some View { VStack (alignment: .center, spacing: 15){ Button ("1. Add Contact And Group") { print("add contact button pressed") contactsModel.addTestContact() if let _ = contactsModel.createdContact { print("created contact success") } } Button ("2. Add Contact To Group") { print("add to group button pressed") contactsModel.addContactToGroup() } Button ("3. Remove Contact From Group") { print("remove from group button pressed") contactsModel.removeContactFromGroup() } Button ("4. Delete Contact and Group") { print("remove from group button pressed") contactsModel.deleteContactAndGroup() } } .padding() } } #Preview { ContentView() } @available(iOS 13.0, *) @objc final class ContactsStoreModel: NSObject, ObservableObject { let contactStore = CNContactStore() var createdContact : CNContact? var createdGroup : CNGroup? public func addTestContact() { let storeContainer = contactStore.defaultContainerIdentifier() let contact = CNMutableContact() contact.givenName = "Testing" contact.familyName = "User" contact.phoneNumbers = [CNLabeledValue(label: "Cell", value: CNPhoneNumber(stringValue: "1234567890"))] let group = CNMutableGroup() group.name = "Testing Group" print("create contact id = \(contact.identifier)") print("create group id = \(group.identifier)") do { let saveRequest = CNSaveRequest() saveRequest.transactionAuthor = "TestApp" saveRequest.add(contact, toContainerWithIdentifier: storeContainer) saveRequest.add(group, toContainerWithIdentifier: storeContainer) try contactStore.execute(saveRequest) createdContact = contact createdGroup = group } catch { print("error in store execute = \(error)") } } public func addContactToGroup() { if let contact = createdContact, let group = createdGroup { do { let saveRequest = CNSaveRequest() saveRequest.transactionAuthor = "TestApp" saveRequest.addMember(contact, to: group) try contactStore.execute(saveRequest) } catch { print("error in store execute = \(error)") } } } public func removeContactFromGroup() { if let contact = createdContact, let group = createdGroup { do { let saveRequest = CNSaveRequest() saveRequest.transactionAuthor = "TestApp" saveRequest.removeMember(contact, from: group) try contactStore.execute(saveRequest) } catch { print("error in store execute = \(error)") } } } public func addGroupAndContact() { let storeContainer = contactStore.defaultContainerIdentifier() let group = CNMutableGroup() group.name = "Test Group" print("create group id = \(group.identifier)") if let contact = createdContact { do { let saveRequest = CNSaveRequest() saveRequest.transactionAuthor = "TestApp" saveRequest.add(group, toContainerWithIdentifier: storeContainer) saveRequest.addMember(contact, to: group) try contactStore.execute(saveRequest) createdGroup = group } catch { print("error in store execute = \(error)") } } } public func deleteContactAndGroup() { if let contact = createdContact, let group = createdGroup { do { let mutableGroup = group.mutableCopy() as! CNMutableGroup let mutableContact = contact.mutableCopy() as! CNMutableContact let saveRequest = CNSaveRequest() saveRequest.transactionAuthor = "TestApp" saveRequest.delete(mutableContact) saveRequest.delete(mutableGroup) try contactStore.execute(saveRequest) } catch { print("error in deleting store execute = \(error)") } } } }

I have a app that has both mobile and watch versions. Recently some testers report that the watch app could not be launched if the put the app in the background and then resume. And if they kill the app and try to launch again, there is no any response when tapping the app icon. I managed to export some system logs by installing a sysdiagnose profile, and this info looks suspicious

In my application, I use CallKit and have supportsHolding = true set. During my phone call, another call comes in (e.g., GSM). I accept the incoming call and put the current call on hold. If I end the active call myself, everything is fine, and CallKit calls the method provider(_ provider: CXProvider, didActivate audioSession: AVAudioSession). However, if the other party ends the call, the second call remains on hold. In the application, the user clicks on unhold, and I notify CallKit that the hold has ended. But in this case, the didActivate method is not called at all. If I try to activate the audio myself after unhold, I receive the error: Domain=NSOSStatusErrorDomain Code=561017449 "Session activation failed" UserInfo={NSLocalizedDescription=Session activation failed} AVAudioSessionErrorInsufficientPriority == NSOSStatusErrorDomain Code: 561017449 What needs to be done for CallKit to activate my audio?

I created in my Objective-c project the AgeRange check for a special function. It is working well on an iPhone. Now I used my Mac and added my app to the TestFlight on my macOS Tahoe 26.1 Here it is directly crashing. But how can I debug an Application which is created for iPhone and iPad with Xcode? I cannot use the target myMac when running a debugging mode. So how is the debugging working for such Apps?

I'm running into a contradictory requirement involving the DeviceActivity Report extension (com.apple.deviceactivityui.report-extension) that makes it impossible to both: upload the app to App Store Connect, and install the app on a physical device. This creates a complete catch-22. 📌 Overview My extension: Path: Runner.app/PlugIns/LoADeviceActivityReport.appex Extension point: com.apple.deviceactivityui.report-extension Implementation (SwiftUI): import SwiftUI import DeviceActivity @main struct LoADeviceActivityReport: DeviceActivityReportExtension { var body: some DeviceActivityReportScene { // ... } } This is the standard SwiftUI @main DeviceActivityReportExtension template. 🟥 Side A — iOS runtime behavior (device installer) If I add either of these keys to the extension's Info.plist: NSExtensionPrincipalClass NSExtensionMainStoryboard then the app cannot be installed on a real iPhone/iPad. The device installer fails with: Error 3002 AppexBundleContainsClassOrStoryboard NSExtensionPrincipalClass and NSExtensionMainStoryboard are not allowed for extension point com.apple.deviceactivityui.report-extension. To make the app install and run, I must remove both keys completely. This leaves the extension Info.plist like: NSExtension NSExtensionPointIdentifier com.apple.deviceactivityui.report-extension With this, the app installs and runs correctly. 🟥 Side B — App Store Connect upload validator However, when I upload the IPA with the runtime-correct Info.plist, App Store Connect rejects it: State: STATE_ERROR.VALIDATION_ERROR (HTTP 409) Missing Info.plist values. No values for NSExtensionMainStoryboard or NSExtensionPrincipalClass found in extension Info.plist for Runner.app/PlugIns/LoADeviceActivityReport.appex. So ASC requires that at least one of those keys be present. 💥 The catch-22 If I add PrincipalClass / MainStoryboard: ✔ App Store Connect validation passes ❌ But the app can NOT be installed on any device (Error 3002) If I remove PrincipalClass / MainStoryboard: ✔ The app installs and runs correctly ❌ ASC rejects the upload with “Missing Info.plist values” There is currently NO Info.plist configuration that satisfies both: Runtime: "NSExtensionPrincipalClass and NSExtensionMainStoryboard are not allowed." App Store Connect: "You must include NSExtensionPrincipalClass or NSExtensionMainStoryboard." 📌 Expected behavior For SwiftUI @main DeviceActivityReportExtension, the documentation and examples suggest the correct configuration is: NSExtensionPointIdentifier com.apple.deviceactivityui.report-extension with no principal class or storyboard at all. If that is correct for runtime, ASC seems to need updated validation rules for this extension type. ❓My Questions What is the officially correct Info.plist configuration for a SwiftUI DeviceActivityReportExtension? Should principal class / storyboard not be required for this extension type? Is this a known issue with App Store Connect validation? Is there currently a workaround that allows: installation on device and successful App Store Connect upload, without violating runtime restrictions?

We first discovered this issue in our own product, but we were able to reproduce it even when using Apple’s official demo: https://developer.apple.com/documentation/alarmkit/scheduling-an-alarm-with-alarmkit Reproduction Steps: Set an alarm on iOS 26.1 using AlarmKit. Upgrade the device to iOS 26.2 beta 3 or later. The alarm will no longer ring. Based on our testing, versions prior to 26.2 beta 2 do not exhibit this issue, so it appears that something introduced in beta 3 has caused the regression. The results are as follows: iOS 26.1 → iOS 26.2 beta 2 or earlier: Alarms ring normally iOS 26.1 / iOS 26.2 beta 2 → iOS 26.2 beta 3 / iOS 26.2 RC: Alarms fail to ring iOS 26.2 beta 3 → iOS 26.2 RC: Alarms ring normally This issue is critical. Users currently on iOS 26.1 may experience alarms failing to ring after updating their system, which can cause real-life disruptions (e.g., being late for work). We strongly recommend addressing this as soon as possible. Xcode Version: Version 26.1.1 (17B100) Feedback ID: FB21273655

I've added NFC support for my app. So, my UIRequiredDeviceCapabilities were extended from "armv7" to "armv7 nfc". This means I've prevented this application from running on devices supported by previous versions. Now I've received a message from Apple: ITMS-90109: This bundle is invalid - The key UIRequiredDeviceCapabilities in the Info.plist may not contain values that would prevent this application from running on devices that were supported by previous versions. What is the right way to add new functions?

On iOS 26.4, I set a Screen Time passcode. However, when I go to Settings > Apps > [Our App] and turn off Screen Time Access for the app, the system asks for Face ID instead of the Screen Time passcode. As a result, Screen Time access can be disabled without entering the Screen Time passcode. Steps to Reproduce 1. Set a Screen Time passcode on iOS 26.4. 2. Open Settings > Apps > [Our App]. 3. Turn off Screen Time Access for the app. Expected Result The system should require the Screen Time passcode before allowing Screen Time access to be disabled. Actual Result The system asks for Face ID instead of the Screen Time passcode, and Screen Time access is disabled.

I would like to enable the app to persist a stable SIM identifier and compare it across app sessions so it can reliably detect when the user has changed SIM cards. When a SIM change is detected—especially while the device is on Wi-Fi—the app should trigger SIM-change handling (for example: refresh auth/session, reload account-specific data, and update feature availability). The implementation must be robust for: Dual-SIM and eSIM devices Temporary network unavailability or delayed carrier info Current challenge: On Wi-Fi, the existing hash can distinguish a different operator but cannot reliably detect a SIM-card-level change. We need a way to uniquely identify the SIM card itself, not just the operator.

Hi everyone, I'm building an iOS app that uses a DeviceActivityMonitor app extension as part of the Screen Time / Family Controls API. Every time I try to upload my IPA to App Store Connect, the validation fails with this error: "Invalid Info.plist value. The value of the NSExtensionPointIdentifier key, com.apple.deviceactivity.monitor, in the Info.plist of 'Alexandria.app/PlugIns/AlexandriaActivityMonitor.appex' is invalid." Error Domain=IrisAPI Code=-19241, iris-code=STATE_ERROR.VALIDATION_ERROR What I have verified (everything looks correct): NSExtensionPointIdentifier = com.apple.deviceactivity.monitor NSExtensionPrincipalClass = AlexandriaActivityMonitor.AlexandriaActivityMonitorExtension (correctly resolved in the compiled binary, verified with plutil -p) The Swift class correctly subclasses DeviceActivityMonitor CFBundleShortVersionString matches the main app Both the main app and extension provisioning profiles explicitly contain com.apple.developer.family-controls = true (verified by inspecting embedded.mobileprovision inside the IPA) The binary code signature itself contains com.apple.developer.family-controls = true (verified with codesign -d --entitlements :-) Family Controls entitlement was requested and approved in the Developer Portal for both App IDs Tested with both Xcode 26.2 (iOS 26 SDK) and Xcode 16.4 (iOS 18 SDK) — same error in both cases The IPA is structurally correct. The error comes purely from Apple's server-side IrisAPI validator and does not correspond to anything I can identify or fix in the code or configuration. Has anyone successfully submitted an app with a DeviceActivityMonitor extension to App Store Connect recently? Is there a backend approval requirement for com.apple.deviceactivity.monitor beyond the standard Family Controls entitlement approval? Could this be a known validator bug for this specific extension type? Any help appreciated.

Hi folks, in my application I write some logs over debugPrint or directly over print. The application is already distributed and some part of functionality failed with application traceback. I would like to ask user for providing logs from the App. Is it possible to get those logs? Thanks Petr

Hello, I have an app on the App Store built around WeatherKit and it was working fine, up until this morning when I started seeing errors when using the app. When debugging using Xcode I see the familiar error Failed to generate jwt token for: com.apple.weatherkit.authservice with error: Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" which, according to what I've read on the forums looks like an authentication error. Attaching a network debugger to the Simulator, I saw this error: This I have tried: Verify that WeatherKit is enabled on both Capabilities and App Services tabs on the Dev Portal. Toggle on/off this value and regenerate Provisioning Profiles Uninstall/reinstall Checking that I have API available calls. Nothing. If I create a new Bundle ID and sign with that, it works correctly. But this is not an option since that will force all my customers to download everything from scratch. I am getting emails from customers demanding money back and I can't figure out what has happened. The only thing I can think of, is that I started developing an Apple Watch app to complement the iOS app, but that was last week and everything was working fine.

I logged in to macOS with my localization language. try to perform following code. but always get "Documents". What do I miss? Apple Swift version 5.2.4 macOS 10.15.6 Xcode 11.6 code let paths = NSSearchPathForDirectoriesInDomains(.documentDirectory, .userDomainMask, true) if paths.count > 0 {     let doc = FileManager().displayName(atPath: paths[0])     print(doc) } result Documents

Hi Everyone, We're experiencing a persistent issue where Apple's CDN returns SWCERR00301 Timeout for some of our associated domains, while other domains hosted on the exact same server work perfectly. Note: Using aliases below for privacy. "working.example.com" and "failing.example.com" are not our actual domains. The Problem Our app has multiple associated domains. When checking Apple's CDN: Working domain: $ curl -sD - "https://app-site-association.cdn-apple.com/a/v1/www.working.example.com" -o /dev/null HTTP/1.1 200 OK Apple-Origin-Format: json Cache-Control: max-age=21600,public Failing domain (same server, same IP, same AASA content): $ curl -sD - "https://app-site-association.cdn-apple.com/a/v1/www.failing.example.com" -o /dev/null HTTP/1.1 404 Not Found Apple-Failure-Reason: SWCERR00301 Timeout Apple-Failure-Details: {"cause":"context deadline exceeded (Client.Timeout exceeded while awaiting headers)"} Apple-Try-Direct: true Cache-Control: max-age=3600,public On device, swcutil dl -d www.failing.example.com returns SWCErrorDomain error 7, confirming the CDN has no valid cache. What We've Verified Both domains are hosted on the same server (same IP) and serve identical AASA files: HTTP 200, Content-Type: application/json, 229 bytes Valid JSON with correct appID Valid SSL certificates (Amazon RSA 2048), no redirects Both registered in the app's Associated Domains entitlement Response time < 500ms from multiple locations We simulated Apple's crawler locally: $ curl -H "User-Agent: com.apple.swcd (unknown version) CFNetwork/1568.200.51 Darwin/24.1.0" --connect-timeout 5 --max-time 5 -4 --tls-max 1.2 "https://www.failing.example.com/.well-known/apple-app-site-association" Result: 200 OK, 0.25s — well within the 5-second limit. We cannot reproduce the timeout from any network we've tested. Scope Out of 43 associated domains, 5 return 404 (Timeout) on Apple CDN while the other 38 work fine. All 43 domains serve valid AASA files from the same server infrastructure. What We've Tried Verified AASA content, headers, SSL, and response times for all domains Submitted new TestFlight builds to trigger re-crawl — timeout persists The failing CDN cache (max-age=3600) expires every hour, but Apple's crawler keeps timing out on retry No WAF or rate-limiting rules that would block Apple IPs (17.0.0.0/8) Impact The failing domain is our primary email campaign domain. Universal Links not working means newsletter links open in the browser instead of the app, affecting millions of email recipients daily. Questions Is there a way to request Apple's CDN to refresh/invalidate the cache for specific domains? Could the Apple crawler be experiencing connectivity issues to our server (AWS us-west-2) for specific SNI hostnames? We have 43 associated domains — could the volume affect crawl reliability? Is there an internal team we can escalate this to for CDN-side investigation? Any guidance would be greatly appreciated. Thank you!

Original discussion pre iOS 26 Our app uses Auth0 with HTTPS callback, we've found the issue where AASA file is not ready immediately when app is initially launched, which is the exact issue from the above link. The issue seems mostly fixed on later versions on iOS 18, however, we are seeing some indications of a regression on iOS 26. Here's some measurement over the last week. | Platform | iOS 18 | iOS 26 | |---------------|----------|--------| | Adoption rate | 55% | 45% | | Issue seen | 1 | 5 | | Recover? | Yes | No | This only 1 iOS 18 instance was able to recover after 1 second after the first try, however, all iOS 26 instances were not able to recover in couple tens of seconds and less than 1 minute, the user eventually gave up. Is there a way to force app to update AASA file? Are there some iOS setting (like using a VPN) that could potentially downgrade the AASA fetch? Related Auth0 discussion: https://community.auth0.com/t/ios-application-not- recognizing-auth0-associated-domain/134847/27

Device: iPhone 15 Pro Max, iOS 26.4 Xcode: Latest version, development signing with "Automatically manage signing" Team: Registered Apple Developer Program (Organization) Problem DeviceActivityReport SwiftUI view renders completely blank. The Report Extension's makeConfiguration(representing:) is never called (confirmed via App Group counter that stays at 0). The DeviceActivityMonitorExtension callbacks (intervalDidStart, eventDidReachThreshold) also never fire. What works AuthorizationCenter.shared.requestAuthorization(for: .individual) → .approved DeviceActivityCenter().startMonitoring() → registers schedules successfully, center.activities returns them ManagedSettingsStore.shield.applications → blocks apps correctly from the main app process Screen Time is enabled and actively collecting data (Settings > Screen Time shows per-app usage: Clash Royale 2h 35m, etc.) App Group UserDefaults(suiteName:) read/write works from the main app What doesn't work DeviceActivityReportExtension.makeConfiguration() is never called (callCount stays 0 in App Group) DeviceActivityMonitorExtension.intervalDidStart() is never called No extension callbacks fire at all — the extension process is never launched by iOS Confirmed it's NOT our app's issue We created a brand new Xcode project from Apple's template: File > New > Project > App File > New > Target > Device Activity Report Extension Added Family Controls capability to both targets Embedded DeviceActivityReport view in ContentView with daily filter Built and ran on the same device Result: Same blank screen. The template project's Report Extension also never renders any data. Console errors Failed to locate container app bundle record. The process may not be entitled to access the LaunchServices database or the app may have moved. (501) personaAttributesForPersonaType for type:0 failed with error Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.mobile.usermanagerd.xpc was invalidated: Connection init failed at lookup with error 159 - Sandbox restriction." LaunchServices: store (null) or url (null) was nil: Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" Attempt to map database failed: permission was denied. This attempt will not be retried. Failed to initialize client context with error Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" What we've tried Deleting app, rebooting device, reinstalling Re-requesting FamilyControls authorization on every launch Embedding extensions with "Embed & Sign" (not just "Embed Without Signing") Verified all 3 .appex files are in PlugIns/ directory at runtime Verified App Group (group.com.parentguard.app) is accessible Verified all App IDs and capabilities registered in Apple Developer portal Tried different DeviceActivityFilter configurations (daily, hourly) Placed DeviceActivityReport view at root of view hierarchy Clean build, new provisioning profiles Extensions embedded [Diagnose] Found extension: DeviceActivityReportExtension.appex [Diagnose] Found extension: DeviceActivityMonitorExtension.appex [Diagnose] Found extension: ShieldConfigurationExtension.appex Question Has anyone gotten DeviceActivityReport or DeviceActivityMonitorExtension to work on iOS 26.4 with a development-signed build from Xcode? Is there a specific configuration or workaround that makes the extension process launch? The Sandbox restriction error (159) on usermanagerd.xpc seems to be the root cause — is there an entitlement or device setting we're missing?

Summary I'm using Background Assets to download Apple-hosted Asset Packs(downloadPolicy = onDemand). The first download cancellation succeeds, but on the second and subsequent downloads, progress.cancel() fails to work and the download completes to the end. Environment iOS 26.0 – 26.3 RC (all produce the same result) Xcode Version 26.2 (17C52) Using Apple-hosted Asset Packs Steps to Reproduce Start downloading an Asset Pack Call progress.cancel() during download → Succeeds Start downloading the same Asset Pack again Call progress.cancel() during download → Fails (download completes to the end) Observed Error Logs After 1st cancellation: A download with the ID "X-XXXXXXXX-XXX" failed: Error Domain=NSURLErrorDomain Code=-999 "cancelled" ↑ This is expected (cancellation succeeded) The fact that version 0 of the asset pack with the ID "X-XXXXXX-XXX" finished being downloaded couldn't be reported: Error Domain=NSCocoaErrorDomain Code=3851 "Property list invalid for format: 200 (property lists cannot contain objects of type 'CFError')" ↑ Problem: Unable to serialize CFError to plist 2nd cancellation attempt: The download with the ID "X-XXXXXX-XXX" couldn't be canceled: Error Domain=BAErrorDomain Code=113 "The requested download operation failed because the download object did not exist." ↑ The download object we're trying to cancel supposedly doesn't exist Implementation Code // Cancel implementation func cancel(tag: String) async { let statusUpdates = AssetPackManager.shared.statusUpdates(forAssetPackWithID: tag) for await statusUpdate in statusUpdates { if case .downloading(_, let progress) = statusUpdate, progress.isCancellable { progress.cancel() } } } Analysis It appears that when the first cancellation occurs, the system internally tries to save the cancellation state to a plist, but fails to serialize the CFError object. This seems to cause an inconsistent internal state, preventing the system from correctly recognizing the download object on subsequent downloads. Questions Is there a workaround? Is there a planned fix for a future iOS version?

We integrated DeviceCheck framework into our app to prevent fraudulent call to our app service around one year ago. Recently, we received a few cases related to this function over Christmas Eve period. Based on the logs we have, it indicated both the following two functions returned errors. But we don't have the exactly errors logged and now we cannot replicate. DCAppAttestService.shared.attestKey() DCAppAttestService.shared.generateAssertion() The other finding we have is some users reporting this issue recently upgraded their devices from iOS 18 to iOS 26. So we are suspecting it's due to either the OS upgrading, or Apple's app attest service degrading. Anyone encountered the similar issues before, or have any idea regarding the root cause? Thanks!

In my case, when I try to block calls on iOS 26, the blocking doesn't occur; the scenarios seem intermittent. If I create two CallDirectory extensions, the first blocks the numbers, but the second doesn't. Interestingly, the extension marks the number as suspicious. There's also a case where, on iOS 26 on an iPhone 16 Pro, the functionality doesn't work at all. I'd like to know if there have been any changes to the use of CallKit in iOS 26, because users of my app on iOS 18 and below report successful blocking.