1) Blocked page UX When a URL is blocked, the browser typically shows a generic error like “"Safari cannot open the page because it couldn’t load any data,” with no indication that the page was blocked by a policy. Is there any plan to add an API that allows developers to present a custom “blocked” page or remediation action, similar to NEFilterControlProvider’s remediationMap? Even a minimal hook (custom HTML, deep link, or support URL) would make the experience clearer for users. 2) Cross‑app link‑opening behavior With a block rule in place, direct navigation in Safari is blocked as expected. However, tapping the same URL in a messaging app (e.g., WhatsApp) opens Safari - and the page loads, not blocked. Repro steps: Configure a URL Filter extension that blocks https://example.com. Case A: Open a browser and type the URL in the address bar → blocked (expected). Case B: Tap the same URL in WhatsApp (or another messenger) → a browser opens and the page loads (unexpected). iOS version - 26.0

I have an iPhone app which relies heavily on TCP/IP communication in the local network. Therefore, the application starts a server socket and accepts incoming connections. This worked flawlessly for a long time and we had no problems with this. Problem In the last days however, we observed that for some iPhones with the server role other devices cannot connect to the server of our app. The server does not accept incoming connections on the devices IP address and the client times out. Environment Both iPhones (the server and the client) are in the same network with 192.168.1.0 address range and 255.255.255.0 subnet mask. The server has the IP 192.168.1.11 and the client has 192.168.1.22. This is a normal home WiFi network with no special firewall rules. Both devices have mobile data disabled and the "access local network" permission is granted. The server socket is bound to all interfaces (0.0.0.0). More technical symptoms When the server iPhone is in this faulty state, it seems like it somehow has two ip addresses: 192.168.2.123 and 192.168.1.11 The WiFi preferences show the (correct) .1.11 ip address. The Apps however see the (wrong) .2.123 ip address. I cannot explain where the other ip address comes from and why the device thinks it has this ip address. I've collected interface diagnosis information on a faulty iPhone and it listed the following interfaces and IPs: en0 -> 192.168.2.123 lo0 -> 127.0.0.1 pdp_ip0 (cellular) -> 192.0.0.2 pdp_ip1 to pdp_ip6 (cellular) -> -/- ipsec0 to ipsec6 (vpn) -> -/- llw0 (vpn) -> -/- awdl0 -> -/- anpi0 -> -/- ap1 -> -/- XHC0 -> -/- en1 and en2 (wired) -> -/- utun0 to utun2 (vpn) -> -/- The correct ip of the device is not listed anywhere in this list. A reboot helped to temporarily fix this problem. One user reported the same issue again a few hours later after a reboot. Switching off WiFi and reconnecting does not solve the problem. This issue occurred on several iPhones with the following specs: iOS Version 18.1.1, 18.3.1 iPhone 13 Pro, iPhone 13 Pro Max, iPhone 15 Pro The problem must be on the server side as the client can successfully connect to any other device in the same network. Question(s) Where does this second IP come from and why does the server not accept connections to either ip even though it is bound to 0.0.0.0? Are there any iOS system settings which could lead to this problem? (privacy setting, vpn, ...) What could be done to permanently fix this issue?

We have a setup where the system uses proxy settings configured via a PAC file. We are investigating how NWConnection behaves inside a Network Extension (NETransparentProxyProvider) with a transparent proxy configuration based on this PAC file. Scenario: The browser makes a connection which the PAC file resolves as "DIRECT" (bypassing the proxy) Our Network Extension intercepts this traffic for analysis The extension creates a new connection using NWConnection to the original remote address. The issue: despite the PAC file’s "DIRECT" decision, NWConnection still respects the system proxy settings and routes the connection through the proxy. Our questions: Is it correct that NWConnection always uses the system proxy if configured ? Does setting preferNoProxies = true guarantee bypassing the system proxy? Additionally: Whitelisting IPs in the Network Extension to avoid interception is not a viable solution because IPs may correspond to multiple services, and the extension only sees IP addresses, not domains (e.g., we want to skip scanning meet.google.com traffic but still scan other Google services on the same IP range). Are there any recommended approaches or best practices to ensure that connections initiated from a Network Extension can truly bypass the proxy (for example, for specific IP ranges or domains)?

On my macOS 15.x device, frequently encountering the error: Error Domain=com.apple.wifi.apple80211API.error Code=-528342014 "tmpErr" when connecting to an EAP WiFi network using CWWiFiClient. Restarting the device temporarily resolves the issue, but it reoccurs after some time. What could be causing this, and how can it be resolved programmatically?

Hello, we are developing hardware that needs to connect to an iPhone via Wi-Fi to send requests to a server. On Android, we have managed to create a programmatic local hotspot within the app to facilitate connection and improve the user experience. On iOS, however, Personal Hotspot must be manually enabled from the system settings, and the user must manually enter the SSID and password, which significantly degrades the UX. My questions are: Is there a workaround, unofficial method, or private API to generate a local hotspot from an app on iOS, similar to what can be done on Android? Is there an alternative within the MFi program or through specific frameworks to facilitate a quick and automatic connection between the hardware and the iPhone without relying on the manual Personal Hotspot? Are there any best practices for improving the local Wi-Fi connection experience between an accessory and an iPhone in the absence of hotspot controls? I would appreciate any guidance, experience, or resources that would help me better understand the feasible options in iOS for scenarios where fast and direct communication between hardware and mobile devices via Wi-Fi is required.

We are developing a custom vpn client using Packet Tunnel Provider extension. Our VPN use Client Certificate authentication. Certificates need to be delivered to device using MDM. We plan to deliver certificates and other settings using configuration profiles with com.apple.vpn.managed and com.apple.security.pkcs12 payloads. There are some things we do not understand: What entitlements do we need? Do we need additional entitlements except com.apple.developer.networkingextension and com.apple.managed.vpn.shared? What is the process to get com.apple.managed.vpn.shared entitlement? Is ADP (not ADEP) enough for such application?

I was wondering which is the preferred way to send a lot of data from sensors of the apple watch to server. It is preferred to send small chucks to iphone and then to server or directly send bulk data to server from watch. How does it affect battery and resources from watch ? Are there any triggers that I can use to ensure best data stream. I need to send at least once a day. Can I do it in background or do I need the user to have my app in the foreground ? Thank you in advance

Our app receives real-time GPS and aircraft data from devices via UDP broadcast and/or multicast on a WiFi network created by the device. We have identified that the iPhone or iPad will just stop receiving UDP broadcast/multicast data for an interval of time. In general, it appears after roughly every 128KB of data is received. In the attached screenshot from Xcode instruments, you can see the data reception alternating on/off. We have verified with Wireshark that the data is still flowing during that entire time period. And by tracking bytes received the app ultimately receives about 55% of the bytes, which tracks with the Network graph. We have used different approaches to the network code, including GCDAsyncUdpSocket, BSD Sockets, and the Network framework. We've tried it on background threads and the main thread. Tested it on iPads and iPhones. All produce the same result. The data is just never reaching the app code. Any insight on what may be temporarily disabling data reception?

I'm able to discover a service with Bonjour, which gets me an nw_browse_result_t from which I can get an nw_endpoint_t and then an nw_connection_t. That's all fine. But this particular service runs on 3 ports. The port numbers of the other 2 ports are in the txt record (but they are well-known and stable anyway). How can I create 2 more nw_connection_t to the same host/IP but on a different port? I already have this working with NSNetService, but am trying to update to Network.framework. I've found nw_endpoint_get_address() but the docs say it returns null "if the endpoint is not of type nw_endpoint_type_address" and indeed nw_browse_result_t gives me an nw_endpoint_type_bonjour_service.

We have an iPad application that utilizes Multipeer Connectivity to enable local communication between devices running a copy of our app. Until recently, we were able to test this functionality in the Xcode simulator without any issues. We could easily set up multiple simulators and have them all communicate with each other. However, recently, either due to an upgrade to Xcode or MacOS, this functionality ceased working in the simulator. Surprisingly, it still functions perfectly on physical devices. If we reboot the development computer and launch the simulator immediately after the reboot (without building and sending from Xcode, but running the existing code on the device), the issue resolves. However, the moment we generate a new build and send it to the simulator from Xcode, the multipeer functionality stops working again in the simulator. The simulators won’t reconnect until a reboot of the physical Mac hardware hosting the simulator. We’ve tried the usual troubleshooting steps, such as downgrading Xcode, deleting simulators and recreating them, cleaning the build folder, and deleting derived data, but unfortunately, none of these solutions have worked. The next step is to attempt to use a previous version of MacOS (15.3) and see if that helps, but I’d prefer to avoid this if possible. Does anyone have any obvious suggestions or troubleshooting steps that might help us identify the cause of this issue?

I have an iOS app that connects to a server running on macOS by leveraging NWListener & NWBrowser. It also makes use of the peerToPeer functionality / AWDL offered via the Network framework. This works great in the iOS app. Now I would like to add support for Shortcuts / App Intents in general. The NWConnection on its own is also working great in the App Intent, but only if I provide the host/port manually, which means I can't use the peer to peer functionality. If I try to run my NWBrowser in the AppIntent it immediately changes its state to failed with a NoAuth (-65555) error: nw_browser_cancel [B1517] The browser has already been cancelled, ignoring nw_browser_cancel(). nw_browser_fail_on_dns_error_locked [B1518] DNSServiceBrowse failed: NoAuth(-65555) NWClientManager: Browser failed: -65555: NoAuth I haven't found documentation/information on whether NWBrowser should work in an AppIntent extension or not.

I'm facing an issue where if a WiFi network is turned off and back on within a short time frame (2-4 seconds), iOS still shows the device as connected but does not send a new DHCP request. This causes a problem for my network device, which relies on the DHCP request to assign an IP address. Without the request, the device is unable to establish a socket connection properly. Is there any way to force iOS to send a DHCP request immediately when reconnecting to the network in this scenario? Are there any known workarounds or configurations that might help ensure the DHCP process is re-triggered? Any insights would be appreciated. Thanks!

Android phones supporting Wi-Fi Aware 4.0 should be able to connect with iPhones (iOS 26). For testing, we selected two Samsung S25 devices, which support Wi-Fi Aware 4.0. Issues we are facing Android as Publisher, iOS as Subscriber, iOS cannot discover the service. Log shows: Discovery: Dropping event, 02:14:60:76:a6:0f missing DCEA attribute. iOS as Publisher, Android as Subscriber.Android can discover the service.However, the PIN code is not displayed on iOS. From the packet capture, the publish packet does not contain the DCEA field. However, Android-to-Android devices can still pair normally, and the subsequent PASN packets include the DCEA field. It seems that the Wi-Fi Alliance only requires the DCEA to be present in the PASN packets. iOS cannot discover Android devices or complete pairing — is this caused by the DCEA field, or by other reasons?

Hello everyone, Last year I built an application for tvOS and iPadOS that enables device-to-device communication. I based it on Apple’s sample code, available here: https://developer.apple.com/documentation/Network/building-a-custom-peer-to-peer-protocol At that time, everything worked flawlessly. However, this year I had to revisit the project to add new features, and now it no longer works as expected. The first time the app runs it connects fine, but if we relaunch it (on either the iPad, the Apple TV, or both), the connection fails. Most importantly, this is not an issue with my own code — I tested it directly with the original Apple sample code, and the exact same problem occurs there too. Here’s what I see in the logs: nw_endpoint_flow_setup_channel [C1 TicTacToe,65E91B02-890E-4D30-88B8-CE2AB9677BF9 in_progress channel-flow (satisfied (Path is satisfied), viable, interface: utun0, scoped, ipv6)] nexus assignment error Connection refused nw_endpoint_flow_failed_with_error [C1 TicTacToe,65E91B02-890E-4D30-88B8-CE2AB9677BF9 in_progress channel-flow (satisfied (Path is satisfied), viable, interface: utun0, scoped, ipv6)] already failing, returning code-block This happens right after I select the iPad from the device list and try to connect. What’s strange is that the interface being used is utun0. I don’t have a VPN or iCloud Private Relay enabled. I also tried running the app through the iPad’s personal hotspot, but I get the same error. The only workaround I’ve found so far is to restart the Apple TV. Has anyone else run into this problem? Is there any known solution or workaround? Tested on tvOS 18.6 and iPadOS 18.3.2 / 18.6.

我的完整报错信息： Task <0568A3A0-A40C-42A8-9491-2FC52D71EFFF>.<4> finished with error [-1009] Error Domain=NSURLErrorDomain Code=-1009 "似乎已断开与互联网的连接。" UserInfo={_kCFStreamErrorCodeKey=50, NSUnderlyingError=0x107db5590 {Error Domain=kCFErrorDomainCFNetwork Code=-1009 "(null)" UserInfo={_kCFStreamErrorDomainKey=1, _kCFStreamErrorCodeKey=50, _NSURLErrorNWResolutionReportKey=Resolved 0 endpoints in 1ms using unknown from cache, _NSURLErrorNWPathKey=unsatisfied (Denied over Wi-Fi interface), interface: en0[802.11], ipv4, dns, uses wifi}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <0568A3A0-A40C-42A8-9491-2FC52D71EFFF>.<4>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <0568A3A0-A40C-42A8-9491-2FC52D71EFFF>.<4>" ), NSLocalizedDescription=似乎已断开与互联网的连接。, NSErrorFailingURLStringKey=https://sharkserver.dypc.top/shark_user/login, NSErrorFailingURLKey=https://sharkserver.dypc.top/shark_user/login, _kCFStreamErrorDomainKey=1} 请求失败：似乎已断开与互联网的连接。 以下是问题的具体描述 我的A手机（15pro max 版本18,6,1） 使用xcode直接在A手机上运行我的程序 尝试发起post请求的时候得到了该报错。 我做了以下尝试 1.检查了A手机网络，一切正常，浏览器和其他app均可正常访问网络 2.检查了A手机上我的app权限，确认我因为为我的程序打开了无线网络和蜂窝流量 3.重启A手机，还原A手机网络设置，还原A手机所有设置，重启mac电脑 以上做法均无效，依旧报上面的错误 4.然后我尝试使用B手机(iPhone13 版本18.5)安装该程序 ，B手机可以正常运行并成功发起post请求，证明我的代码没有问题 5.我将代码上传至testfight 然后使用A手机下载testfight里的该程序 ，程序可以成功发起post请求没有任何错误，我再次使用xcode运行该程序到真机，又得到了Code=-1009错误 无法发起post请求

I am writing to seek clarification on two technical issues related to iOS frameworks (CoreBluetooth and NetworkExtension). These observations are critical for optimizing our app's performance, and I would appreciate any official guidance or documentation references. CoreBluetooth Scanning Frequency and Cycle Issue: We noticed inconsistent BLE device discovery times (ranging from 0.5s to 1.5s) despite the peripheral advertising at 2Hz (500ms interval). Questions: Does iOS regulate the BLE scan interval or duty cycle internally? If yes, what factors affect this behavior (e.g., foreground/background state, connected devices)? Are there recommended practices to reduce discovery latency for peripherals with fixed advertising intervals? Is there a way to configure scan parameters (e.g., scan window/interval) programmatically, similar to Android's BluetoothLeScanner? Test Context: Device: iPhone 13 mini (iOS 17.6.1) Code: CBCentralManager.scanForPeripherals(withServices: nil, options: [CBCentralManagerScanOptionAllowDuplicatesKey: true]) NEHotspotConfigurationManager Workflow and Latency Issue: Using NEHotspotConfigurationManager.shared.apply(_:) to connect to Wi-Fi occasionally takes up to 8 seconds to complete. Questions: What is the internal workflow of the apply method? Does it include user permission checks, SSID scanning, authentication, or IP assignment steps? Are there known scenarios where this method would block for extended periods (e.g., waiting for user interaction, network timeouts)? Is the latency related to system-level retries or radio coexistence with other wireless activities (e.g., Bluetooth)? Test Context: Configuration: NEHotspotConfiguration(ssid: "TestSSID") Behavior: Delay occurs even when the Wi-Fi network is in range and credentials are correct.

I cannot find in the documentation and samples how exactly the Bloom filter is generated. Is there any code sample for that?

I have a question regarding /etc/pf.conf. If I use this rule, rdr pass on bridge100 inet proto tcp from 192.168.2.104 to any port {80, 443, 8883} -> 127.0.0.1 port 8080 all other traffic on bridge100 will not function properly, even the traffic that is not destined for 192.168.2.104. Additionally, the hotspot generated through bridge100 will also become unavailable. Even if I comment out this rule and run sudo pfctl -e -f /etc/pf.conf, the problem still persists. The situation will only return to normal when I restart my Mac. my macos:15.3.2 my /etc/pf.conf # scrub-anchor "com.apple/*" nat-anchor "com.apple/*" rdr-anchor "com.apple/*" rdr pass on bridge100 inet proto tcp from 192.168.2.104 to any port {80, 443, 8883} -> 127.0.0.1 port 8080 dummynet-anchor "com.apple/*" anchor "com.apple/*" load anchor "com.apple" from "/etc/pf.anchors/com.apple"

I'm writing an application that implements a Bonjour service and browser for the purpose of connecting to Logic Pro and interacting with a MIDI Device Script. Because it's connecting to Logic Pro running on the same system as the application, the service and browser do not need to access anything else on the local network. I'm creating the service and browser with calls like this: err = DNSServiceRegister( &serviceRef, 0, kDNSServiceInterfaceIndexLocalOnly, "MyService", "_osc._udp", "local", nullptr, 52854, txtLen, txtRecord, static_cast<DNSServiceRegisterReply>(myCallback), context ); err = DNSServiceBrowse( &browserRef, 0, kDNSServiceInterfaceIndexLocalOnly, "_osc._udp", nullptr, static_cast<DNSServiceBrowseReply>(browserCallback), context ); Despite the fact that I'm passing in kDNSServiceInterfaceIndexLocalOnly for the network interface, it still triggers an "Allow 'Application' to find devices on local networks?" permissions prompt. How can I avoid that prompt? It is both a significant failure point (in case users don't notice it or click 'Don't Allow' by mistake) but it may also scare them away, since it strongly implies my application is scanning devices on the local network, even though it's doing no such thing!

Hi everyone, I’m currently developing a macOS app that is distributed via a DMG file on our website. The app includes an App Extension (appex) for Network Extension functionality. I’m wondering if distributing via DMG on the web requires the app extension to be implemented as a System Extension instead of an App Extension. Is it necessary to migrate to System Extension for web-based DMG distribution, or can I continue using App Extension as is? Any insights or recommendations would be greatly appreciated. Thank you!