I have a question regarding your policies on app ownership and payment processing. We have two separate legal entities: • Company A: owns the app and the Apple Developer account • Company B: operates the business and processes all payments (via a third-party payment provider, Klarna) Klarna’s merchant agreement is signed with Company B, and all payments go to Company B’s bank account. Company A has no involvement in the payment flow. Is this setup permitted under Apple’s App Store guidelines? Specifically, is it acceptable for the developer account and app ownership to be held by Company A, while all in-app payments are processed and received by Company B?

In the WWDC 2021 session Mitigate fraud with App Attest and DeviceCheck it is said that: App Attest is supported on devices that have a Secure Enclave, but there are cases, such as app extensions, where isSupported will still return false. The documentation shows that the following Macs have a Secure Enclave: MacBook Pro computers with Touch Bar (2016 and 2017) that contain the Apple T1 Chip Intel-based Mac computers that contain the Apple T2 Security Chip Mac computers with Apple silicon I'm using a 2018 15" MacBook Pro containing a T2 Security Chip for testing, however, DCAppAttestService.shared.isSupported always returns false in native macOS or Catalyst apps. DCDevice.current.isSupported also returns false. The documentation for DCAppAttestService shows availability on "macOS 11.0+" and "Mac Catalyst 14.0+". It appears to have been added in the macOS 11.3 SDK included in Xcode 12.5. DCDevice shows availability on "macOS 10.15+" and "Mac Catalyst 13.0+". Although both APIs are available on the listed OSes, I only ever see isSupported == false. Are App Attest or DeviceCheck functional on any Macs? If so: Are there more specific Macs that support the feature (e.g., Apple Silicon Macs only)? Are there any additional steps that need to be taken to use them (e.g., changes to entitlements, provisioning profiles or distribution through the Mac App Store)? In native macOS apps, it doesn't actually appear to be possible to add the App Attest capability in Xcode under "Signing & Capabilities". If not, I think it would be good to update the documentation with this limitation since I'd expect them to work based on the availability being "macOS 10.15+" or "macOS 11.0+" for DeviceCheck and App Attest, respectively. I imagine most others would make the same assumptions.

I have a app that has both mobile and watch versions. Recently some testers report that the watch app could not be launched if the put the app in the background and then resume. And if they kill the app and try to launch again, there is no any response when tapping the app icon. I managed to export some system logs by installing a sysdiagnose profile, and this info looks suspicious

Markup Tool: Support for persistent tool presets (color, stroke, fill settings) I use Markup heavily for work — up to 20 images per day, always with the same settings: red arrow or rectangle, no fill, specific stroke width. The problem has two parts: Part 1 – Markup resets everything: Every time Markup is opened, all settings reset: tool, color, fill, stroke width. This means 3–4 manual steps per image, adding up to 80 unnecessary interactions per day. Part 2 – The default red is unusable: The red in Apple’s color palette is muted and too pale for clear, high-contrast annotations. I have to open the color wheel every single time to manually select a proper, vivid red. The copy/duplicate workaround only helps within one image — as soon as a new photo or screenshot is opened, everything starts over from scratch. Markup has no memory between different images. Switching to a third-party annotation app is not a solution — the entire advantage of Markup is its native integration directly within the Photos app, without switching apps. And Markup cannot be configured in depth through Shortcuts either — color, fill, and stroke width are not controllable there. The attached images: Image 1 shows the entry point in the Photos app. Image 2 shows Markup open with the current color palette. The blue-outlined fields do not indicate colors to be replaced — they mark the position where personally configured tool presets should appear: not individual colors, but fully pre-configured tools with color, stroke width, and fill setting already saved, ready to use with a single tap. My suggestion: Tool presets — configure once, saved permanently, available directly in the Markup toolbar. No need to re-configure color, fill, or stroke width for every new image. iOS already remembers last-used settings in many areas: camera mode, emojis, colors in Notes, Pages, and Keynote. Markup behaves as if it’s being opened for the first time, every time. This inconsistency costs me measurable time every single day.

Platform and Version Platform: iOS iOS Version: 17.0+ Development Environment: .NET MAUI (C#, .NET 9) Network Layer: HttpClient with HttpClientHandler Description of the Problem We are facing an issue where HttpClientHandler.ServerCertificateCustomValidationCallback is not being invoked when the app is in a terminated (kill) state. In normal app lifecycle states (foreground/background), the callback is triggered as expected and allows us to handle server certificate validation (e.g., for certificate pinning or custom validation logic). However, when the app is in a killed state and is relaunched due to a notification action, the callback does not execute. We would like to understand: Why ServerCertificateCustomValidationCallback is not invoked in this scenario Whether this behavior is expected within iOS networking/runtime constraints Any recommended approach or workaround to ensure certificate validation still occurs when handling notification-triggered flows from a terminated state Steps to Reproduce Ensure the app is force-terminated (kill mode) Configure a push notification with category: "INVITE_CATEGORY" Include custom notification action buttons Tap one of the custom actions This triggers app launch and network call using HttpClient Expected Behavior ServerCertificateCustomValidationCallback should be invoked during the network request initiated after tapping the notification action, allowing custom certificate validation.

Hi, I submitted my Family Controls entitlement requests on April 21 for my iOS app, but I still haven’t received an approval, rejection, or any status update. This is blocking my ability to properly test and move forward with the app, since it depends on the Screen Time / Family Controls APIs. Has anyone had a similar delay recently? Is the recommended next step to file a code-level support request with my Team ID, or should I continue waiting? Thanks.

Hi Im creating an app with Alarmkit, the idea is to have the hardware buttons react like they do in Alarmclock with a snooze or if the buttons can just mute without intent. right now, hardware button end and dismisses the Alarm. its instinct to click that button. apple needs to update or do something.

I have Family Controls (Distribution) and (Development) on my main app. The shield overlay, shield actions, and ManagedSettingsStore all work correctly. My app concept: the user selects a specific time (e.g. 7:00 AM) at which their selected apps (Instagram, TikTok, Snapchat, etc.) should be blocked until they complete an action. The blocking should happen everyday automatically at the chosen time without the user needing to open my app. What actually happens: at 7:00 AM nothing happens. The selected apps remain accessible. The blocking only activates when the user manually opens my app and then closes it. Has anyone found a reliable way to make intervalDidStart fire every day at the scheduled time in the background? Is there a known workaround? I have seen similar reports from other developers but no confirmed solution. Any guidance from Apple engineers would be greatly appreciated.

Hello, with macOS' and iOS' recent updates (26.4.x), Handoff in my app appears to have become dysfunctional, as I receive the following message in the logs: getContinuationStreamsWithCompletionHandler(), inputStream=(null) outputStream=(null) error=Error Domain=NSPOSIXErrorDomain Code=94 "Bad message" UserInfo={NSLocalizedDescription=Could not set up internal streams} It ONLY works: From a Mac with 15.x to other Macs or iOS devices (on 26.4.x). All other combinations (see below) do NOT work: iOS (26.4.x) > iOS (26.4.x) iOS (26.4.x) > Mac (26.4.x) iOS (26.4.x) > Mac (15.x) Mac (26.4.x) > iOS (26.4.x) The Handoff prompt is shown in the Dock on Mac, in the app switcher on iOS, and in the Dock on iPadOS, but once I click/press it, I get the continuationStreams error. Now, is it my app, or the OS? Thank you kindly, – Matthias

Hey . So i'm building a screentime app whereby users can add an accountability partner who will be able to see their total screentime.(no app breakdowns included) . This will require me to send the data to firebase realtime database and retrieve for the accountability partner to see. Problem is , I've literally tried everything but the screentime still shows 0m on the accountabiliy partner's end. I need the data to be displayed rounded down to the nearest 0.5 e.g 1hr43mins ->1.5hrs+ ,2.0hrs+ ,3.5hrs+ , meaning it only moves when a threshold is crossed by the user. (this is to save database costs). Anyway i'd really appreciate if someone could help me out here. Thanks

Hello, I submitted a request for Family Controls (Distribution) approval, and it has now been over 12 days without any update on the status. I understand that review times can vary, but I wanted to check if this delay is expected or if there’s anything I might need to do on my end to help move the process forward. Could anyone from the Apple team or the community provide insight into: Typical processing times for Family Controls distribution requests Whether delays beyond a few days are common Any steps I should take to follow up or expedite the review For reference: Status: Submitted Submission time: April 29, 2026 Any guidance would be greatly appreciated. Thank you!

Hi, I’m seeing WeatherKit fail on device with a JWT permission error even though the app appears to be signed correctly with the WeatherKit entitlement. Error: Failed to generate jwt token for: com.apple.weatherkit.authservice Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" Setup verified: iOS physical device, tested after clean install/reboot Tested on more than one physical device Bundle ID: com.elilindenDinematch.Al-Outfits Team ID: FYGW4LHN42 App ID has WeatherKit capability enabled Fresh provisioning profile includes: application-identifier = FYGW4LHN42.com.elilindenDinematch.Al-Outfits com.apple.developer.team-identifier = FYGW4LHN42 com.apple.developer.weatherkit = true Signed app binary entitlements also include com.apple.developer.weatherkit = true codesign -dv confirms TeamIdentifier=FYGW4LHN42 Cleared DerivedData and regenerated/reinstalled with a fresh profile Toggled WeatherKit capability off/on in Developer portal and regenerated profile The failure occurs when calling: let weather = try await WeatherKit.WeatherService.shared.weather(for: location) The request takes a few seconds before failing, which makes it seem like the WeatherKit daemon is reaching Apple’s auth service but being rejected during JWT generation. Has anyone seen WeatherKit entitlement propagation get stuck server-side for a specific Team ID + Bundle ID? Is there anything else I can verify locally, or does this require Apple to inspect the WeatherKit auth service registration for this App ID?

I enabled the WeatherKit capability on my App ID (com.saimcan.darkweather, Team 6SWSD6V4ZC) about 12 hours ago. The entitlement is embedded in the binary and the provisioning profile authorizes it, but every request fails at the JWT generation step. Error from the logs: Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" Relevant log excerpt (iOS 26.4 Simulator, same result on a physical device): [AuthService] Calling process is 3rd party process and has the correct entitlement ... accepting the connection [AuthService] Received proxy request for generating a jwt token. url=https://weatherkit.apple.com [WeatherDataService] Starting to generate JWT token request. bundleIdentifier=com.saimcan.darkweather [AuthService] Signed successfully [WeatherDataService] Make new JWT token request. requestIdentifier=... [AuthService] Failed to generate jwt token ... Code=2 What I have verified: Active Apple Developer Program membership (renewed through April 2027) All agreements accepted WeatherKit capability enabled on the App ID codesign -d --entitlements confirms com.apple.developer.weatherkit in the built binary embedded.mobileprovision also includes com.apple.developer.weatherkit App Group (group.com.saimcan.darkweather.shared) correctly bound to both the app and widget App IDs Since "Signed successfully" is logged, the device-side auth plumbing is working. The rejection appears to be server-side. Could someone from the WeatherKit team check whether JWT minting is enabled for this Team ID / Bundle ID? Team ID: 6SWSD6V4ZC Bundle ID: com.saimcan.darkweather

I've been stuck on Guideline 2.3 for two weeks now and I'm running out of ideas. My app is iPhone-only (UIDeviceFamily = [1]) and has been on the App Store since January. Version 2.1.9 passed review fine. The only change in 2.1.10 is adding two DeviceActivity extensions — a DeviceActivityMonitor and a DeviceActivityReport — for screen time-based stress detection. Every build since then gets rejected with the same message: "The UIRequiredDeviceCapabilities key in the Info.plist is set up in such a way that the app will not install on the device used in review." Review devices: iPhone 14 Pro, iPhone 17 Pro Max, iPad Air M3. Here's what I've tried across 13+ submissions: UIRequiredDeviceCapabilities as ["arm64"] (array) — rejected Empty array [] — rejected Removed the key entirely — upload validation fails, Xcode re-injects arm64 anyway Post-build script to force ["arm64"] — rejected Dictionary format {"arm64": true} — rejected Added com.apple.developer.family-controls to extension entitlements — rejected Enabled Family Controls (Distribution) on extension bundle IDs — rejected Fixed CFBundleVersion mismatch between host app and extensions — rejected Set TARGETED_DEVICE_FAMILY=1 on all targets including extensions — rejected Tried GENERATE_INFOPLIST_FILE=YES with minimal plists — rejected Tried ExtensionKit type for the report extension — rejected In the exported IPA, every target has UIRequiredDeviceCapabilities = ["arm64"] and UIDeviceFamily = [1]. The entitlements, provisioning profiles, and code signing all look correct. arm64 is supported on every review device they listed. The previous version (2.1.9) without DeviceActivity extensions passes review with the exact same UIRequiredDeviceCapabilities and signing configuration. Has anyone shipped an app with DeviceActivityMonitor + DeviceActivityReport extensions successfully? Is there something specific about these extension types that affects device capability validation? Or is there a known issue with the review system and FamilyControls extensions? I've replied to the review team multiple times asking which specific capability is causing the failure, but the response is always the same generic template. Any guidance would be really appreciated — I'm completely blocked on shipping this update.

I started a fresh “Sticker Pack App” project, add one image to it and it wouldn’t show up on emulator or device. From what I remember, there shouldn't be any coding involved, just drag and drop images of the correct format and dimensions and it should work. I tried changing the file format, dimensions etc while consulting with web and AI assistant searches and but still didn’t work. Apple support also didn't reply with anything useful but to post in the forum. I'm guessing I'm missing something trivial where a lot of us here have encountered before. Appreciate your help here, thank you in advance!

We are developing an MDM agent app that uses FamilyControls with .individual authorization to enforce Screen Time restrictions (app blocking, domain blocking via ManagedSettingsStore and DeviceActivityCenter). The Problem We are actively subscribing to AuthorizationCenter.shared.$authorizationStatus to detect authorization changes. However, when the user revokes the app's FamilyControls authorization through Settings (either via Settings > Screen Time > Apps With Screen Time Access, or Settings > Apps > [Our App]), the publisher does not emit any value. All ManagedSettingsStore restrictions are lifted immediately by the system, but our app receives no notification of this change. The only scenario where the publisher reliably emits is when a debugger is attached (i.e., running directly from Xcode). Without the debugger, the publisher is completely silent — even when the app returns to foreground. Code Example We tried subscribing directly to AuthorizationCenter.shared.$authorizationStatus with no intermediary, exactly as shown in the documentation: AuthorizationCenter.shared.$authorizationStatus .sink { status in print("[DIRECT] authorizationStatus emitted: \(status)") } .store(in: &cancellables) This subscription is set up at app launch and stored in cancellables. The result is the same — the publisher does not emit when the user revokes authorization in Settings without a debugger attached. Documentation Reference The documentation for authorizationStatus states: "The status may change due to external events, such as a child graduating to an adult account, or a parent or guardian changing the status in Settings." And: "The system sets this property only after a call to requestAuthorization(for:) succeeds. It then updates the property until a call to revokeAuthorization(completionHandler:) succeeds or your app exits." This suggests the publisher should emit when the status is changed via Settings, but in our testing it does not — unless a debugger is attached. What We Verified We tested with a development-signed build (which includes the com.apple.developer.family-controls entitlement), launched from Xcode, then disconnected the debugger, killed the app, and relaunched from the home screen. Scenario Publisher emits on revocation? Running from Xcode (debugger attached) Yes, immediately Development-signed build (no debugger) No — silent even on foreground return We also confirmed: MDM configuration profiles can disable Screen Time entirely, but cannot restrict the per-app authorization toggle — the user can always freely revoke the app's Screen Time access The Security Gap This creates a significant gap for parental controls use cases: User leaves the app (app goes to background) User goes to Settings and disables Screen Time access for the app All restrictions are immediately lifted User uses the device freely User re-enables Screen Time access and opens the app Everything syncs back to normal — administrator never knows Questions Is there any supported mechanism to receive a notification (background or foreground) when FamilyControls individual authorization is revoked? We are subscribing to AuthorizationCenter.shared.$authorizationStatus but it does not emit. Is the $authorizationStatus publisher expected to work only when a debugger is attached? Is this a known limitation or a bug? Can DeviceActivityMonitor extension detect authorization revocation? Based on documentation it appears limited to schedule/threshold events, but we haven't confirmed this. Is there a planned API improvement to address this gap? Environment iOS 26.2 Xcode 26.3 Swift 6.2.4 FamilyControls .individual authorization Related Threads Screen time API can be disabled easily Changing Screen Time Passcode does not protect apps

From the Developer Guide page 12 for the entitlements. The footnote mentions that CarPlay EV charging app and CarPlay fueling app entitlements may be combined in a single app Does this mean that i can implement both fuelling and EV charging feature in the same app ? How will the entitlement process to get this be done ? should i make 2 request for each of the entitlement ?

Device: iPhone 15 Pro Max, iOS 26.4 Xcode: Latest version, development signing with "Automatically manage signing" Team: Registered Apple Developer Program (Organization) Problem DeviceActivityReport SwiftUI view renders completely blank. The Report Extension's makeConfiguration(representing:) is never called (confirmed via App Group counter that stays at 0). The DeviceActivityMonitorExtension callbacks (intervalDidStart, eventDidReachThreshold) also never fire. What works AuthorizationCenter.shared.requestAuthorization(for: .individual) → .approved DeviceActivityCenter().startMonitoring() → registers schedules successfully, center.activities returns them ManagedSettingsStore.shield.applications → blocks apps correctly from the main app process Screen Time is enabled and actively collecting data (Settings > Screen Time shows per-app usage: Clash Royale 2h 35m, etc.) App Group UserDefaults(suiteName:) read/write works from the main app What doesn't work DeviceActivityReportExtension.makeConfiguration() is never called (callCount stays 0 in App Group) DeviceActivityMonitorExtension.intervalDidStart() is never called No extension callbacks fire at all — the extension process is never launched by iOS Confirmed it's NOT our app's issue We created a brand new Xcode project from Apple's template: File > New > Project > App File > New > Target > Device Activity Report Extension Added Family Controls capability to both targets Embedded DeviceActivityReport view in ContentView with daily filter Built and ran on the same device Result: Same blank screen. The template project's Report Extension also never renders any data. Console errors Failed to locate container app bundle record. The process may not be entitled to access the LaunchServices database or the app may have moved. (501) personaAttributesForPersonaType for type:0 failed with error Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.mobile.usermanagerd.xpc was invalidated: Connection init failed at lookup with error 159 - Sandbox restriction." LaunchServices: store (null) or url (null) was nil: Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" Attempt to map database failed: permission was denied. This attempt will not be retried. Failed to initialize client context with error Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" What we've tried Deleting app, rebooting device, reinstalling Re-requesting FamilyControls authorization on every launch Embedding extensions with "Embed & Sign" (not just "Embed Without Signing") Verified all 3 .appex files are in PlugIns/ directory at runtime Verified App Group (group.com.parentguard.app) is accessible Verified all App IDs and capabilities registered in Apple Developer portal Tried different DeviceActivityFilter configurations (daily, hourly) Placed DeviceActivityReport view at root of view hierarchy Clean build, new provisioning profiles Extensions embedded [Diagnose] Found extension: DeviceActivityReportExtension.appex [Diagnose] Found extension: DeviceActivityMonitorExtension.appex [Diagnose] Found extension: ShieldConfigurationExtension.appex Question Has anyone gotten DeviceActivityReport or DeviceActivityMonitorExtension to work on iOS 26.4 with a development-signed build from Xcode? Is there a specific configuration or workaround that makes the extension process launch? The Sandbox restriction error (159) on usermanagerd.xpc seems to be the root cause — is there an entitlement or device setting we're missing?

We’re building an iOS app that uses an ILMessageFilterExtension to classify unwanted property-related SMS messages. Our goal is for filtered/junk messages to trigger an automatic scan/classification flow so the main app can show the user useful stats like “X messages blocked since your last check-in,” and ideally categorize them by type such as likely wholesaler, investor, realtor, scam, or unclear. The bottleneck we’re running into is understanding the correct architecture and limits of the Message Filter Extension. We know the extension can inspect sender/message content and return allow/junk, and we understand that network requests are limited to Apple’s deferred query flow. What we’re trying to clarify is whether there is an Apple-compliant way for the extension to persist lightweight scan results or aggregate counts that the containing app can later read, without violating privacy or extension restrictions. We do not need to export a full copy of message bodies into the app; what we want is a compliant way to keep counters/summary metadata such as blocked count, blocked since last app open, and maybe category counts. Questions we’re trying to answer: Is it acceptable for an ILMessageFilterExtension to persist aggregate scan stats for later display in the main app? If so, what is the recommended storage pattern for lightweight counters/metadata? Can extension-side classification results be surfaced to the app only as summary data, not raw message content? If using deferred network classification, what is the best way to reflect those results back into user-facing counts like “messages blocked since last check-in”? Our desired user experience is: unwanted message hits the filter filter classifies it locally or via deferred server lookup message is junked if appropriate aggregate counters are updated when the user opens the app, they see something like: 12 messages blocked since your last check-in 8 likely wholesalers 3 scams 1 unclear We’re mainly looking for guidance on the correct Apple-supported architecture here, especially around what data can be retained/shared between the extension and the containing app.

Hello, I have submitted the Family Controls Distribution entitlement request twice, but I have not received any confirmation email or follow-up number for either submission. App: parental control app Bundle ID: com.learnunlock.app Use case: We use FamilyControls (authorization), ManagedSettings (shield apps), and DeviceActivity (schedule restrictions) to help families manage screen time. Could anyone from Apple please check the status of my submissions, or advise on next steps? Thank you.