Development environment: Xcode 26.4, macOS 26.3.1 Run-time configuration: iOS 18.7.6 and higher
We have an application running on supervised devices, with an MDM profile typically deployed via jamf. The profile enables a Content Filter, with the two flags "Socket Filter" and "Browser Filter" set to true. On the device side, we implement the content filter as a network extension via:
- a class FilterDataProvider extending NEFilterDataProvider,
- a class FilterControlProvider extending NEFilerControlProvider.
For the record, the FilterDataProvider overrides the handle*() methods to allow all traffic; the handleNewFlow() simply reports the new connection to FilterControlProvider for analysis.
Problem: some customers reported that after a reboot of their device, they would not get access to the internet for up to 60s/90s. We have not been able to reproduce the problem on our own devices. What we see is that, even with our app uninstalled, without any Content Filter, it takes roughly 20s to 25s for a device to have internet access, so we can probably consider this 20s delay as a baseline.
But would you be aware of a reason that would explain the delay observed by these customers?
More details: We have conducted some tests on our devices, with extended logging. In particular:
- we have added an internet probe in the app that is triggered when the app starts up: it will try to connect to apple.com every 2s and report success or failure,
- we also have a network monitor (nw_path_monitor_set_update_handler) that reacts to network stack status updates and logs the said status.
A typical boot up sequence shows the following:
- the boot time is 7:59:05,
- the app starts up at 7:59:30 (manually launched when the device is ready),
- the probe fails and keeps failing,
- the content filter is initialized/started up 7:59:53 and is ready at 7:59:55,
- the network monitor shows that the network stack is connected (status = nw_path_status_satisfied) right after that,
- and the probe succeeds in connecting 2s later.
In other words, internet is available about 50s after boot time, 25s after app startup (i.e. after the device is actually ready). For some customers, this 25s delay can go up to 60/90s.