You are probably aware of the upcoming root certificate change for any servers you might have that you use to send push notifications by connection to APNs. If you are not, here is the announcement. We have been getting some questions about this, and understand not everyone is familiar with their server setup. First, we would like to clarify that this is only a change to your server's certificate trust store. You do not need to update anything else, like your APNs push certificates, the build certificates and provisioning profiles for your team/app, and so on. All you need to do is to install the mentioned new root certificate to your push server's trust store. If you are using a 3rd party push provider, it is them who will need to handle their servers. But you may want to double check with them nevertheless. If you are managing your own push servers that connect to APNs directly, then it is your responsibility to download and install the root certificate mentioned in the above link on your server(s). Unfortunately we cannot provide specific instructions on how to install this root certificate on every kind of server out there. Each server operating system/push server software will have different ways these root certificates are installed, which is out of scope of our support abilities. If you are not sure how to do this, I would recommend you seek help for this from your server-side developers or server admins. Or, if you don't have access to such resources, you can ask the support channels for your system the question: How do I install a root certificate? We have setup a test server at 17.188.143.34:443 that you can use to try and send pushes to test whether your new root certificate is correctly installed. An alternative way to test this would be, from a terminal prompt: openssl s_client -connect 17.188.143.34:443 -servername api.sandbox.push.apple.com -verifyCAfile USERTrustRSACertificationAuthority.crt -showcerts Change the parameter to the -verifyCAfile argument to point to your trust store, and it should allow you to validate Sample return results would be: Connecting to 17.188.143.34 CONNECTED(00000003) depth=2 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority verify return:1 depth=1 CN=Apple Public Server RSA CA 11 - G1, O=Apple Inc., ST=California, C=US verify return:1 depth=0 C=US, ST=California, O=Apple Inc., CN=api.sandbox.push.apple.com verify return:1 Argun Tekant /  DTS Engineer / Core Technologies

Apple intelligence isn’t working, it says i have it but that’s it’s also downloading. Whenever i do have it on none of the features work, what do i do

I am getting the subject error while simulating Free trial. It is in console. Free trial proceeds but I cant figure out the error meaning. I could not find anything similar on the net or documentation. iOS 18.1 StoreKit2 SwiftUI Has anyone had similar issue that could advise ?

If an app has a text filtering extension and associated server that the iPhone OS communicates with, then how can that communication be authenticated? In other words, how can the server verify that the request is valid and coming from the iPhone and not from some spoofer? If somebody reverse engineers the associated domain urls our of the app's info.plist or entitlement files and calls the server url directly, then how can the server detect this has occurred and the request is not coming from the iPhone OS of a handset on which the app is installed?

why is it that this code doesn't show the bluetooth device name but in the iOS settings it is displayed correctly. Thank you. import UIKit import CoreBluetooth import CoreLocation class BluetoothViewController: UIViewController, CBCentralManagerDelegate, CLLocationManagerDelegate { var centralManager: CBCentralManager! var locationManager: CLLocationManager! override func viewDidLoad() { super.viewDidLoad() // Initialize central manager centralManager = CBCentralManager(delegate: self, queue: nil) // Initialize location manager to request location access locationManager = CLLocationManager() locationManager.delegate = self } // CBCentralManagerDelegate Methods func centralManagerDidUpdateState(_ central: CBCentralManager) { switch central.state { case .poweredOn: // Bluetooth is powered on, request location permission if needed if CLLocationManager.locationServicesEnabled() { locationManager.requestWhenInUseAuthorization() } startScanning() case .poweredOff: print("Bluetooth is powered off.") case .resetting: print("Bluetooth is resetting.") case .unauthorized: print("Bluetooth is unauthorized.") case .unknown: print("Bluetooth state is unknown.") case .unsupported: print("Bluetooth is unsupported on this device.") @unknown default: fatalError("Unknown Bluetooth state.") } } func startScanning() { // Start scanning for devices (you can add service UUIDs to filter specific devices) centralManager.scanForPeripherals(withServices: nil, options: [CBScanOptionAllowDuplicatesKey: true]) print("Scanning for Bluetooth devices...") } func centralManager(_ central: CBCentralManager, didDiscover peripheral: CBPeripheral, advertisementData: [String : Any], rssi: NSNumber) { // This method is called when a peripheral is discovered let deviceName = peripheral.name ?? "Unknown" let deviceAddress = peripheral.identifier.uuidString print("Found device: \(deviceName), \(deviceAddress)") // Optionally, you can stop scanning after discovering a device // centralManager.stopScan() } func centralManager(_ central: CBCentralManager, didConnect peripheral: CBPeripheral) { print("Connected to peripheral: \(peripheral.name ?? "Unknown")") } // CLLocationManagerDelegate Methods (for location services) func locationManager(_ manager: CLLocationManager, didChangeAuthorization status: CLAuthorizationStatus) { if status == .authorizedWhenInUse { // Permission granted, now start scanning startScanning() } else { print("Location permission is required for Bluetooth scanning.") } } // Optionally handle when scanning stops or any errors occur func centralManager(_ central: CBCentralManager, didFailToConnect peripheral: CBPeripheral, error: Error?) { print("Failed to connect to peripheral: \(error?.localizedDescription ?? "Unknown error")") } func centralManager(_ central: CBCentralManager, didDisconnectPeripheral peripheral: CBPeripheral, error: Error?) { print("Disconnected from peripheral: \(peripheral.name ?? "Unknown")") } }

Triggered by Thread: 0 Thread 0 Crashed: 0 dyld 0x1a87922b0 lsl::PreallocatedAllocatorLayout<278528ull>::init(char const**, char const**, void*) + 436 1 dyld 0x1a878ba38 start + 1960 Thread 0 crashed with ARM Thread State (64-bit): x0: 0x2010003030100000 x1: 0x0000000fffffc0d0 x2: 0x0000000000000004 x3: 0x00000001a87607a9 x4: 0x0000000000000000 x5: 0x0000000000000000 x6: 0x0000000000000000 x7: 0x0000000000000000 x8: 0x2010003030100000 x9: 0x2010003030100000 x10: 0x000000016d923dfd x11: 0x00000001a87ccf30 x12: 0x0000000000000050 x13: 0x0000000000000044 x14: 0x0000000000052010 x15: 0x0000000000000000 x16: 0x0000000000000000 x17: 0x0000000000000000 x18: 0x0000000000000000 x19: 0x00000001801d0000 x20: 0x000000016d923b50 x21: 0x000000016d923af8 x22: 0x00000001e6184050 x23: 0x000000016d9237d8 x24: 0x0000000fffffc10c x25: 0x0000000000000000 x26: 0x0000000000000000 x27: 0x0000000000000000 x28: 0x0000000000000000 fp: 0x000000016d923870 lr: 0xb0228001a8792130 sp: 0x000000016d9237d0 pc: 0x00000001a87922b0 cpsr: 0x60001000 far: 0x00000001e61840e0 esr: 0x92000047 (Data Abort) byte write Translation fault Binary Images: 0x1a8758000 - 0x1a87db693 dyld arm64e <77c1eed22ed7396aba34e770120d81d4> /usr/lib/dyld 0x1024dc000 - 0x10594ffff main_executable_path_missing arm64 /main_executable_path_missing 0x0 - 0xffffffffffffffff ??? unknown-arch <00000000000000000000000000000000> ??? Error Formulating Crash Report: dyld_process_snapshot_get_shared_cache failed EOF crash.log

I am writing an app which mainly is used to update data used by other apps on the device. After the user initializes some values in the app, they almost never have to return to it (occasionally to add a "friend"). The app needs to run a background task at least daily, however, without the user's intervention (or even awareness, once they've given permission). My understanding of background refresh tasks is that if the user doesn't activate the app in the foreground periodically, the scheduled background tasks may never run. If this is true, do I want to use a background processing task instead, or is there a better solution (or have I misunderstood entirely)?

Hi everyone, We are working on creating a virtual network interface using NEPacketTunnelProvider, with an MTU of 1500 bytes. I would like to understand what will happen if we attempt to write packets of approximately 65,000 bytes to this interface. Specifically, will the packets be fragmented based on protocol and flags, will they be dropped, or is there another unexpected behaviour we should anticipate? Thanks

Hello, My team has developed a DNS proxy for macOS. We have this set up with a system extension that interacts with the OS, and an always-running daemon that does all the heavy lifting. Communication between the two is DNS request and response packet traffic. With this architecture what are best practices for how the system extension communicates with a daemon? We tried making the daemon a socket server, but the system extension could not connect to it. We tried using XPC but it did not work and we could not understand the errors that were returned. So what is the best way to do this sort of thing?

Case-ID: 10969723 （Due to privacy concerns, I have hidden part of the URL and included the complete plain text in the email demo project with Case-ID: 10969723） After our game was launched in Japan, a small number of Japanese users reported that they were unable to enter the game. After our investigation, we confirmed that the request under the yfy-api-oversea.xxxxxxxxxxxxxx.com domain name failed. iOS NSURLSession API returns the following error: Error Domain=NSURLErrorDomain Code=-1000 "無効なURL" UserInfo={_kCFStreamErrorCodeKey=22, NSUnderlyingError=0x3019e8030 {Error Domain=kCFErrorDomainCFNetwork Code=-1000 "(null)" UserInfo={_NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: en0[802.11], ipv4, ipv6, dns, proxy, uses wifi, _kCFStreamErrorCodeKey=22, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask .<7>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask .<7>" ), NSLocalizedDescription=無効なURL, NSErrorFailingURLStringKey=https://yfy-api-oversea.xxxxxxxxxxxxxx.com/init/info?channel_code=jpxxxxxxxxxxxxxxios&timestamp=1735012505&sign=1617e4cf88b58df2aa90a6b3985a8ac2&game_code=XXXXX, NSErrorFailingURLKey=https://yfy-api-oversea.xxxxxxxxxxxxxx.com/init/info?channel_code=jpxxxxxxxxxxxxxxios&timestamp=1735012505&sign=1617e4cf88b58df2aa90a6b3985a8ac2&game_code=XXXXX, _kCFStreamErrorDomainKey=1}。 We have tried various methods but cannot reproduce this error (Code=-1000). I can provide the following clues： 1、We have checked the server and confirmed that the request did not reach the server, but was intercepted by the iOS client and was not sent. 2、This problem does not seem to have much to do with the iOS system version. The system versions where the problem occurred are widely distributed: 17.2.1、17.7.1、17.5.1、17.6.1、17.7、18.0.1、18.1、18.1.1 e.g. 3、This problem seems to have nothing to do with the device model. The following models have experienced problems: iPhone16、iPhone 16 Pro、iPhone 14、iPhone 14 Plus、iPhone 14 Pro Max、iPhone 13、iPhone11 e.g. 4、By tracking the logs, some users who encountered the problem later recovered and the problem did not occur again（The user IP and iOS system restored by yourself have not changed）. However, this problem persists for some users. Even if the iOS system is upgraded to the latest version, there are still problems. 5、The following two IPs are the IPs of users who encountered this problem (1.73.13.210, 153.252.131.136). But this problem seems to have nothing to do with IP. For some users who restored themselves, their IPs did not change, but the problem no longer occurred. 6、This problem seems to only occur in Japan. Mainland China, Taiwan, and Hong Kong have never encountered this situation. 7、It doesn't seem to have anything to do with GET requests. Another login request（https://yfy-api-oversea.xxxxxxxxxxxxxx.com/login/c/place）uses a POST request and will also encounter this error. 8、I wonder if it has something to do with the two symbol "-" in the domain name? I checked Apple documentation and searched online, but couldn't find any more information. This problem cannot be reproduced either. Only technical requests can be initiated. I provided a demo project(see email for Case-ID: 10969723) Thanks.

I've implemented a custom system extension VPN for macOS, using a Packet Tunnel Provider. I saw something suspicious on macOS 15.2.0: When I disconnected my VPN, the UTUN was not being cleared. This results in a lot of UTUNs when the user connects and disconnects multiple times. utun77: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 utun78: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 This happens only on macOS 15.2. I tried the same app on older versions (15.0, 15.1.x), and it didn't reproduce. Can those 'dirty' UTUNs cause a networking problem? Since it happens only on macOS 15.2, is there a bug in this OS version? How can I check if something in my code causes this behavior? How can I 'fix' it or force clean the 'dirty' UTUNs?

I want to check if the device has a internet connection or not by pinging DNS "8.8.8.8". connection.send(content: content, completion: .contentProcessed {[weak self] error in send function is not returning any error even if the host is unreachable. I am checking if I can receive the data or not but connection.receiveMessage function never returns. This is the complete code which I am following: private let networkMonitor = NWPathMonitor() private var connection: NWConnection @MainActor var isConnectedToInternet = false init(host: NWEndpoint.Host = "8.8.8.8", port: NWEndpoint.Port = 53) { let endpoint = NWEndpoint.hostPort(host: host, port: port) connection = NWConnection(to: endpoint, using: .udp) startMonitoring() } private func startMonitoring() { networkMonitor.pathUpdateHandler = { [weak self] path in guard let self else { return } ping(callback: { isSuccess in print("***** ping status:", isSuccess) Task { @MainActor in self.isConnectedToInternet = isSuccess } }) } let queue = DispatchQueue(label: QueueLabel.networkMonitor) networkMonitor.start(queue: queue) } func ping( host: NWEndpoint.Host = "8.8.8.8", port: NWEndpoint.Port = 53, callback: @escaping ((Bool) -> Void) ) { var didSendState = false connection.stateUpdateHandler = {[weak self] state in guard let self = self else { return } guard !didSendState else { if state != .cancelled { cancel(connection) } return } switch state { case .ready: // State is ready now send data let content = "Ping".data(using: .utf8) let startTime = Date() connection.send(content: content, completion: .contentProcessed {[weak self] error in guard let self = self else { return } if error != nil { callback(false) didSendState = true cancel(connection) } else { print("Ping sent, waiting for response...") connection.receiveMessage { [weak self] content, _, _, receiveError in guard let self = self else { return } if let receiveError { print("Error receiving ping: \(receiveError.localizedDescription)") callback(false) } else if let content = content, String(data: content, encoding: .utf8) == "Ping" { let roundTripTime = Date().timeIntervalSince(startTime) print("Ping received! Round-trip time: \(roundTripTime) seconds") callback(true) } else { print("Invalid response received") callback(true) } didSendState = true cancel(connection) } } }) case .failed( _), .waiting( _), .cancelled: didSendState = true callback(false) case .setup, .preparing: // No callback because the ping has not yet succeeded or failed break @unknown default: didSendState = true callback(false) // We don't know what this unknown default means, so cancel pings to be safe cancel(connection) } } connection.start(queue: .main) } func cancel(_ connection: NWConnection) { connection.cancel() } } Can anyone please help what I am doing wrong.

Hi, I develop a feature to get the iPhone's total storage. After some researching, the way I can get the total storage of iPhone is using this code. class DiskStatus { /// Helper method to query against a resource value key private static func getVolumeResourceValues(for key: URLResourceKey) -> URLResourceValues? { let fileUrl = URL(fileURLWithPath: "/") let results = try? fileUrl.resourceValues(forKeys: [key]) return results } /// Volume’s total capacity in bytes. public static var totalCapacity: Int? { get { let resourceValues = getVolumeResourceValues(for: .volumeTotalCapacityKey) return resourceValues?.volumeTotalCapacity } } } When I print the totalCapacity, its value is 254807724032 bytes. If I convert it to GB using decimal system it will be 254.8GB. When I looked into Settings, the total storage of my iPhone is 256GB. My questions are: Why the total storage shown in Settings different with my code result? How to achieve so that I can show exact value in Settings? Thank you.

Nowday, Is it possible to get the phone number from the device?

We have an app which is using CTSubscriber.simInserted (using the carrier entitlement com.apple.CommCenter.fine-grained). In iOS 18, simInserted returns false for every sim (where it should instead be returning true). Presumably this just is a temporary bug in 18 beta?

I want to use the Apple Healthkit data to recommend personalised insurance. Is this allowed? As I have read in the documentation that the Apple Healthkit data can only be used for fitness and health purposes. Anyone knows what is meant / scope of "fitness and health purposes"? Will personalised insurance as per health data be allowed under this category?

Hello, I’m working on a caller ID app and with the release of iOS 18.2, Apple has introduced the ability to set a third-party app as the default calling app. I have followed the official documentation for this feature and successfully set my app as the default phone app for making and receiving calls. Documentation Reference: https://developer.apple.com/documentation/callkit/preparing-your-app-to-be-the-default-calling-app Now, I’m facing some challenges and need some guidance: Custom UI for Incoming Cellular Calls: Is it possible to show a custom UI when receiving SIM-based cellular calls (not VoIP)? I want to replace the default iOS call screen with my own design when a cellular call is received. Can CallKit allow me to manage and display this custom UI for real cellular calls? Detecting Incoming Cellular Calls: Can I detect incoming SIM-based cellular calls when my app is set as the default calling app? I would like to track and show details of incoming calls (e.g., caller information, call duration) using a custom interface. Displaying Call Data (Call Duration, Recent Calls): Can I show call data (e.g., call duration, recent call history, etc.) for SIM-based cellular calls within my app when it is the default calling app? I need to know if it’s possible to retrieve and display this data in a custom format. Managing Outgoing Cellular Calls: For SIM-based outgoing calls, can I handle the process of initiating the call and then show a custom UI for the call in progress (similar to how VoIP apps manage outgoing calls)? I understand that CallKit can be used to manage the UI for calls, but I’m unsure about the limitations when it comes to real SIM-based cellular calls. Is it possible to implement these features with the current API capabilities, or are there any restrictions I should be aware of when managing cellular network calls? Thanks in advance for your help!

Run on Xcode Unchecked Scheme -> Run -> 'Debug excitable' is fine. But, I need the debug log, how to fix?

Apple Docs mentions that driver should be approved(enabled) in Settings app. I wonder is there any API available to check that driver is not enabled? To my mind, App with driver should have a following flow: Run App Check that driver is(not) enabled Display message(alert) and ask to enable driver in Settings. Optionally: provide shortcut to exact Settings page Unfortunately, it's not obvious how to check that driver is enabled.

On macOS Sequoia, the settings to enable FIFinderSync seem to have gone. I have already figured out that Extensions are no longer in the Privacy &amp; Security section, but they are now at General › Login Items &amp; Extensions. Here there is a Finder section, but that is just for the Finder-Extensions, not the Finder-Sync-Extensions. Those previously did not have their own section and were hidden away in the Added Extensions section that apparently no longer exists. I expect that it has been forgotten when migrating. Where are the settings for this – have they been forgotten?