We are planning to use our internal IdP (PingFederate) for authentication of end users in their iOS apps using ASWebAuthenticationSession. Initial tests are successful, but the user is prompted for every login (and logouts) with a consent dialogue box: “AppName” wants to use “internal domain-name” to Sign In This allows the app and website to share information about you. Cancel Continue” Let’s say that our top-level domain is “company.no”, where our IdP is placed at “idp.company.com”. I have seen examples where the Associated domains entitlement points to the idp as a webserver for serving the JSON output AASA file. In this case that would be: authsrv: idp.company.com Anyone with experience implementing this structure with the IdP as webserver for serving the JSON output? Our problem is that trying to use the IdP as webserver for this purpose is that it is very complicated to modify the IdP’s webserver configuration. Also, this modification needs to be re-done every time we need to upgrade the IdP. My question is therefore also related to the options of which webserver to install the AASA file on. Has anyone installed the file on a generic webserver on the toplevel domain like “webserver.company.com” ?

Hello I'm working on Live Caller ID Lookup implementation on my own pet-project, as I understood I need to create app and extension for this app. I also created test PIR-service. I did configure serviceURL, tokenIssuerURL and userTierToken. In My app I implemented following code Task { if LiveCallerIDLookupManager.shared.status(forExtensionWithIdentifier: "some-extension") == .disabled { `//` Show an alert. print("LiveCallerIDLookupManager is disabled") } do { // Open Settings. try await LiveCallerIDLookupManager.shared.openSettings() } catch { } It does open Call settings, but I don't understand what should I do next.

We have an application WAVE PTT(Push to talk) and Application is in foreground state, When a user receives a cellular call and it is in the "ringing" state and application receives a VoIP APNS(video call) which is reported to CallKit. User rejects the Cellular call from CallKit UI, application Video call is also getting rejected (separate feedback - 19017978) and Here the issue is observed that an Application moved to background(OS26 beta 9). Issue is not observed in iOS 18 and older versions. Frequency : 1 out of 3. Please refer the sysdiagnose logs in below reported feedback ID. Feedback Ticket ID: 20187309 Syslogs Snippet reference: default 2025-09-10 12:30:06.991950 +0530 WAVE PTX 0x10e078100 - ApplicationStateTracker: UISceneDidEnterBackground

On a device with approx 800 contacts, the sheet presented when tapping ContactAccessButton with multiple matches briefly appears (.25 seconds) before disappearing, leaving the view below in a dimmed, slightly zoomed out, non-interactive state as if a sheet were being presented. Swiping down dismisses the invisible sheet returns the underlying view to a normal state. Is there a way to avoid this? It appears possibly similar to https://developer.apple.com/forums/thread/762077 Logs (exact duplicates removed) #ContactsButton response after touch -- Should show UI LaunchServices: store (null) or url (null) was nil: Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} Attempt to map database failed: permission was denied. This attempt will not be retried. Failed to initialize client context with error Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} Error returned from iconservicesagent image request: <ISBundleIdentifierIcon: 0x11c0378c0> BundleID: (null) digest: 7749FEEE-F663-39B4-AD68-A18CFF762CCC - <ISImageDescriptor: 0x111cfeb20> - (64.00, 64.00)@2x v:4 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: DF83A970-D4C9-3D90-BB7D-0BC21FC22E03 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} Error returned from iconservicesagent image request: <ISTypeIcon: 0x11c055d10>,Type: com.apple.appprotection.badge.faceid - <ISImageDescriptor: 0x111cfdfe0> - (32.00, 32.00)@3x v:0 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: E988236A-DCCF-30CB-83D0-D901CB1A5499 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} Error returned from iconservicesagent image request: <ISBundleIdentifierIcon: 0x11c037840> BundleID: (null) digest: 7749FEEE-F663-39B4-AD68-A18CFF762CCC - <ISImageDescriptor: 0x111cfd900> - (64.00, 64.00)@2x v:4 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: DF83A970-D4C9-3D90-BB7D-0BC21FC22E03 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} -[RTIInputSystemClient remoteTextInputSessionWithID:performInputOperation:] perform input operation requires a valid sessionID. inputModality = Keyboard, inputOperation = <null selector>, customInfoType = UIEmojiSearchOperations [C:6] Error received: Connection interrupted. VS terminated with error: Error Domain=_UIViewServiceInterfaceErrorDomain Code=3 "(null)" UserInfo={Message=Service Connection Interrupted} -[RTIInputSystemClient remoteTextInputSessionWithID:performInputOperation:] perform input operation requires a valid sessionID. inputModality = Keyboard, inputOperation = <null selector>, customInfoType = UIEmojiSearchOperations Error returned from iconservicesagent image request: <ISBundleIdentifierIcon: 0x117fb3440> BundleID: (null) digest: 7749FEEE-F663-39B4-AD68-A18CFF762CCC - <ISImageDescriptor: 0x117efe120> - (64.00, 64.00)@2x v:4 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: DF83A970-D4C9-3D90-BB7D-0BC21FC22E03 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} Error returned from iconservicesagent image request: <ISTypeIcon: 0x117decd50>,Type: com.apple.appprotection.badge.faceid - <ISImageDescriptor: 0x117efd400> - (32.00, 32.00)@3x v:0 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: E988236A-DCCF-30CB-83D0-D901CB1A5499 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} Error returned from iconservicesagent image request: <ISBundleIdentifierIcon: 0x117fb2200> BundleID: (null) digest: 7749FEEE-F663-39B4-AD68-A18CFF762CCC - <ISImageDescriptor: 0x117effa20> - (64.00, 64.00)@2x v:4 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: DF83A970-D4C9-3D90-BB7D-0BC21FC22E03 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} -[RTIInputSystemClient remoteTextInputSessionWithID:performInputOperation:] perform input operation requires a valid sessionID. inputModality = Keyboard, inputOperation = <null selector>, customInfoType = UIEmojiSearchOperations [C:6] Error received: Connection interrupted. VS terminated with error: Error Domain=_UIViewServiceInterfaceErrorDomain Code=3 "(null)" UserInfo={Message=Service Connection Interrupted} -[RTIInputSystemClient remoteTextInputSessionWithID:performInputOperation:] perform input operation requires a valid sessionID. inputModality = Keyboard, inputOperation = <null selector>, customInfoType = UIEmojiSearchOperations

Hello. I've implemented the Live Caller ID Lookup feature in my app, but sometimes I get a weird error. When I call LiveCallerIDLookupManager.shared.refreshPIRParameters(...) from my app, it sometimes throws an error: Error Domain=com.apple.CipherML Code=1100 "Unable to query status due to errors: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSLocalizedDescription=Unable to query status due to errors: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSUnderlyingError=0x118f65740 {Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://www.example.com/config}}} What does this error mean? And where did the example.com part come from? What should I do to get rid of this error? My Service URL is hardcoded in the Live Caller ID Lookup Extension of my app and it is definitely not example.com.

Hello. We have an app and a custom dylib hat seems to be crashing only when Rosetta is involved. I believe it's the custom DYLIB that crashes. Here are some observations. The issue happens on the older 2022 built DYLIB (Intel only) And the newer DYLIB built (Universal) The universal DYLIB works fine natively on both Intel and M1 machines. It's only when we access it through an Intel only .app and it's running with Rosetta that we see the crash. The older Intel only .DYLIB worked perfectly with the same testing .app in versions before Sonoma, now they crash with the same .app, same build. Crash reports have been all over the place, they vary but repeat themselves. It has been a little confusing as to how to approach this issue and would appreciate any input that can help us understand what is going wrong and how to move forward. Crash reports are attached Crash Report 1 Crash Report 2 Crash Report 3 The crash occurs as SIGSEGV Version: 2.0 (1) Code Type: X86-64 (Translated) Parent Process: launchd [1] User ID: 501 Date/Time: 2025-04-14 19:55:06.0103 +0200 OS Version: macOS 14.6 (23G5075b) Report Version: 12 Anonymous UUID: A08ECCFA-BF01-8636-7453-E4476586D3A8 Time Awake Since Boot: 3900 seconds System Integrity Protection: enabled Notes: PC register does not match crashing frame (0x0 vs 0x102920144) Crashed Thread: 10 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x000000011d052840 Exception Codes: 0x0000000000000001, 0x000000011d052840 Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11 Terminating Process: exc handler [3174] VM Region Info: 0x11d052840 is not in any region. Thank you so much for all the attention and effort.

I'm new to the Screen Time API and trying to block custom websites, but I can't get WebDomain tokens to work. When I create a WebDomain like WebDomain(domain: "reddit.com"), the token property is always nil. I have proper authorization and the app works fine for blocking apps, but website blocking just won't work. I'm confused because I see apps like JOMO that let users type in any website domain and successfully block it using Screen Time API. They have the same 49 domain limit and only ask for Screen Time permission, so they must be using the same API I am. But somehow their WebDomain tokens work and mine don't. I've tried creating the tokens right after getting authorization and during the FamilyActivityPicker session, but still get nil. Am I missing some setup step or API call that makes WebDomain tokens valid? Any help would be really appreciated since I'm stuck on this.

Hi everyone, I’m working with the ManagedSettingsStore API for managing Screen Time restrictions and I have a specific question: Is it possible for an app to block itself using ManagedSettingsStore() — for example, by applying an application category restriction or setting a specific block on its own bundle ID? If so, what strategies or best practices are recommended to avoid accidentally blocking the app itself while applying restrictions to other apps or categories? I haven’t found any official documentation confirming whether the system prevents self-blocking automatically or if this is something developers need to manage explicitly. Thanks for any clarification or advice you can provide!

Hi everyone, We're using the react-native-device-activity package to implement app blocking via Apple's Screen Time API. The blocking functionality works well: when the user selects apps and taps "Done," those apps get blocked as expected. However, we're facing an issue with unblocking apps that the user later unselects. Even after the user unchecks some apps and taps "Done" again, those previously selected (now unselected) apps remain blocked and still show the shield.

系统闹钟APP响铃响起时，点击电源键可以小睡功能。AlarmKit能否有办法判断是电源键和其他物理按键关闭了闹钟，而非点击或滑动关闭按钮。这样第三方闹钟也可以增加小睡功能。目前是直接关闭了闹钟。

Hi Team, We are encountering issues while implementing the live translation feature in our VoIP application using CallKit on iOS 26.0. Specifically, we are attempting to use the CXSetTranslatingCallAction transaction to enable translation programmatically during an active call. However, executing this transaction results in the following error: "Couldn't communicate with a helper application." This occurs consistently when we attempt to trigger the translation setup without user interaction. We are seeking clarification on the following points: Is it possible to enable CallKit's live translation feature using CXSetTranslatingCallAction purely programmatically, without requiring the user to interact with the system-provided Call UI? What does the above error indicate in the context of CXSetTranslatingCallAction? Are there specific conditions, entitlements, or background service requirements that must be fulfilled to communicate with CallKit? Code snippet: let translationAction = CXSetTranslatingCallAction(call: callUUID, isTranslating: true, localLocale: Locale.init(identifier: "es-ES"), remoteLocale: Locale(identifier: "en-US")) let transaction = CXTransaction(action: translationAction) callController.request(transaction) We would deeply appreciate any guidance you can provide regarding the feasibility of our approach and how to address this error. Thank you for your support.

Hello, If I fire an alarm using AlarmKit, using a ringtone that lengths less than 30 seconds, in the last version of iOS (26.0) the sound doesn't repeat. (After about 30 seconds, the sounds stops). BUT in the current version of iOS (26.1), the sound repeats until we slide Stop, thing that I doesn't want. So, is there a way to restore the previous behavior? Or is there a property that can fill this lack? Thank you very much.

I'd like to allow users to select apps to shield from a DeviceActivityReport (similar to how Apple's Screen Time Settings activity report allows a user to "add limits" to a selected app in the report. What I need to do is pass an appToken from the DeviceActivityReportExtension to my app. I realize the extension is sandboxed and doesn't allow "private" data to be seen outside of the sandbox. The docs state: To protect the user’s privacy, your extension runs in a sandbox. This sandbox prevents your extension from making network requests or moving sensitive content outside the extension’s address space. However, tokens aren't "sensitive". I want to pass a token set out of the sandboxed extension so users can select certain apps from the report that my app can use for setting limits, etc. I thought using App Groups and saving data with UserDefaults with a suiteName for my app group would do it, but it doesn't appear to allow me to pass the token data. Yes I'm using the same KEY for both as I set a config enum to ensure it's the same and I can pass tokens successfully between other extensions/apps in the app group, but not the report extension. It seems the app and the extension have their own stores as the report extension can write to and read from a store but despite being the same suiteName, other apps in the app group don't get or send data to the Report Extension. I realize this is probably due to the design with the sandbox to protect user privacy, however it seems an exception should be made for passing tokens (or even better allow passing through another method like a callback, etc). Is there ay way to accomplish passing a token from the sandboxed report extension to my app?

I'd like to write a MacOS App that makes use of the ASAM functonality as described here: https://developer.apple.com/documentation/devicemanagement/autonomoussingleappmode I have tried to use the example with Safari, and have enrolled a Mac with MDM and installed the profile. But when opening Safari it does not appear in Single App Mode. I've only tried it with Safari so far but eventually I want to be able to use my own App. Is there an API that has to be used to enter single app mode programmatically? I've found the whole Assessment API but as I do not have the required entitlements to use that API I'm looking for another solution. The documentation on ASAM does not mention the Assessment API at all, is it the only way to enter "a" single app mode on MacOS? How is the Assessment API linked to ASAM? As far as I have understood there's the com.apple.developer.automatic-assessment-configuration entitlement but apps having this do not need to be configured via MDM? I'm really confused as to what's actually required to be able to get into single app mode on MacOS. The app I'm trying to write isn't really related to an an assessment task, but I am doing this for an academic institution so maybe requesting the entitlement would be feasable. The documentation on ASAM also mentions that the App is granted access to the "Accessibility" API and I've found the whole UIAccessibility/requestGuidedAccessSession but this does not seem to be available on MacOS proper? Any help on this would be greatly appreciated.

Hi Team, We are currently working on phone number lookup functionality for iOS 18 and have a few queries: When the extension sends a request to our backend server using the PIR encryption process, is the user's phone number visible to our server?

Hello, I am building an iMessage extension for my app and I am struggling to figure out how to test it. The extension allows users to send their friends an interactive widget and the recipient experience is very important to test. I tried to do it in the simulators, but simulators do not support iMessage. I have got a second iPhone and created a sandbox account, but I cannot install TestFlight with the sandbox account, as this feature is not supported. Reddit, Stackoverflow, ChatGPT and Apple Developer support also did not help. Can someone share their experience with testing recipient experience in the iMessage extension?

I've run Speakerbox(https://docs-assets.developer.apple.com/published/8e99045a90e2/MakingAndReceivingVoIPCallsWithCallKit.zip) to check the behavior of CallKit. When there was one active call and one on hold and another call was received, the behavior was defferent depending on whether I operated it from a headset or not. No headset or operated from CallKit screen When "End & Accept" tapped: the active call is hung up, and the received call is answered. When "End Held & Accept" tapped: the held call is hung up, the active call is held, and the received call is answered. Operated from headset Answer opeation cannot be performed for unknown reasons Disconnect operation caused that all calls other than the one on hold are hung up and the held call is unheld. Hold operation caused that the active call is held and the received call is answered. (Strangely, there are two held calls.) And when I toggle calls at this time, one of the two on hold is hung up for unknown reasons. I tried changing the settings of CXProviderConfiguration and CXCallUpdate, and changing the options in the Audio Session category, but it did not improve. I checked CXActions occurring, and it was as follows. (Call A = held call, Call B = active call, Call C = received call) Disconnect (or Answer?) operation (lacking CXEndCallAction for Call A) CXEndCallAction for Call B CXAnswerCallAction for Call C CXEndCallAction for Call C <- weird CXSetHeldCallAction for Call A onHold=false Hold operation (lacking lacking CXEndCallAction for Call A) CXSetHeldCallAction for Call B CXAnswerCallAction for Call C Toggle calls CXSetHeldCallAction for Call C onHold=true CXSetHeldCallAction for Call A onHold=false CXSetHeldCallAction for Call B onHold=false <- weird CXEndCallAction for Call B

testtestestestestest I have a question regarding CarKeyErrorCode in the CarKey framework. I plan to use the following methods in the CarKey framework: If methods 1-4 do not return CarKeyErrorCode, what kind of Error do they return? Thank you in advance.

如下图所示，在iOS18以上，这个识别话术为“xx主叫号码”，这个如何修改？ 附：iOS18以下话术就很合理

I have been using Universal Links since January of this year. As of January, it was working fine, but when I checked its operation in August, it was no longer working properly. After investigating, I believe that the reason it is not working is because our firewall is blocking communication from AppleCDN to check for AASA files. Our firewall blocks communication from outside Japan, and Apple's IP address (17.0.0.0/8) is whitelisted. Does anyone know the hostname or IP address that is used to check AASA files? If you know, please let me know.