My app AirCompare has been in the app store and successfully using WeatherKit to fetch weather since it became available. Now some (not all) users are encountering the following errors: Failed to generate jwt token for: com.apple.weatherkit.authservice with error: Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" Encountered an error when fetching weather data subset; location=<+42.40865786,-88.96911526> +/- 0.00m (speed -1.00 mps / course -1.00) @ 6/23/25, 2:56:47 PM Central Daylight Time, error=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors 2 Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" Others are reporting this same problem here in the forums. We need a solution!

We have a subscription WeatherKit app which has been on the App Store since December 2023. I am getting intermittent JWT auth failures on customer devices. In the great majority of cases, the request succeeds, but sometimes it fails, and sometimes it fails and never recovers. I’m working with a customer right now who is unable to get any weather data at all, and the logs he sends me show WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors error 2 The app uses the WeatherKit SDK (we are not using the REST API directly). We know we have the project setup as it has been working since launch, and I can verify weatherkit using security cms -D -i embedded.mobileprovision It it not a problem with the specific query, since I can get data for the dates and locations they are requesting. I can’t replicate the problem on my test devices. In case there is a rate limit issue: this app is a bit unusual and downloads an unusual amount of data at once using multiple queries in parallel using a TaskGroup. When the user creates a location, the app downloads a 10 day block of weather (7 days in the past + 3 day forecast) using WeatherService.shared.weather( for: location, including: WeatherQuery.daily( startDate: startDate, endDate: endDate ), WeatherQuery.hourly( startDate: startDate, endDate: endDate ) ) It also downloads about 2 months of daily precipitation data using multiple parallel calls to dailySummary in 10 day blocks: WeatherService.shared.dailySummary( for: location, forDaysIn: DateInterval(start: startDate, end: endDate), including: .precipitation ) In almost every case, including on my test devices, this works. But some users get WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors error 2 on every request. The two users yesterday that had this problem were both on iOS 18.5 for what that's worth, though the app supports 17.2+ Is anyone else seeing this? And can anyone suggest anything else to explore? It's obviously a terrible experience for customers who pay for the service and are unable to get any data. I did submit this info to Apple as FB18276275

Hello, In production, a large number of users experience outgoing call reporting fails with the following error: com.apple.CallKit.error.requesttransaction Code=2 The iOS version doesn't matter, errors are present in v15-26 Details My CXProvider held as a global singleton, so it’s unlikely to be deinited. There is no explicit call to CXProvider.invalidate() in the app. If I manually invalidate the CXProvider, I observe the expected failure when trying to create an outgoing call (com.apple.CallKit.error.requesttransaction error 2). However, If I recreate the CXProvider after the error, outgoing calls are reported correctly. Many users trigger the providerDidReset delegate method (CXProviderDelegate) before this error. According to the documentation, providerDidReset can be called by the system, and we are supposed to end all active calls, but the documentation doesn't suggest recreating the CXProvider. Question Should I recreate CXProvider after providerDidReset and forget about that, or could this error be caused by something else?

I have an app using weatherkit and its currently live and up on the app store, recently I had some users report to me that they had been receiving errors loading weather data, I had error handling built in and it reported an issue with apples authentication server Failed to generate jwt token for: com.apple.weatherkit.authservice with error: Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" I have not come across this during the development lifecycle of my project, there where no codebase changes, it just stopped functioning. The app entitlements are valid and correct, Weatherkit is enabled in both xcode and across my Certs, identifiers and profiles. I was not experiencing this issue until I reinstalled the app from the app store completly by first removing it and then re-installing fresh. Hard reboots do not help and I do not want to start suggesting to my users to factory reset their devices. We are using WeatherKit in both our main app and widget, relying entirely on Apple’s framework for authentication and token management. We do not generate or inject our own JWT tokens; all token handling is managed by WeatherKit. We have implemented a debug menu with the following actions: Clear WeatherKit JWT tokens from the keychain Clear all related UserDefaults key Clear all app group data and all UserDefaults. Perform a “nuclear” cache clear (removes all app data, keychain, and cached files). We log all WeatherKit fetch attempts and failures, including authentication errors, both in the app and widget and get nothing but code 2. We have attempted all of the above steps, but continue to experience issues with WeatherKit JWT authentication We would appreciate any guidance or insight into what else could be causing persistent WeatherKit JWT/authentication issues, or if there are any additional steps we should try. P.S. - Tested and experiencing the same issues on an iPhone 15 Pro Max and iPhone 15 The Pro Max is on the iOS 26 Beta // and the 15 is on the latest iOS 18

I have installed the macOS 26 WWDC beta on a secondary volume, and set it up with two user accounts (both administrators). However, the options for switching users without fully logging out are nowhere to be found. The topic is still included in macOS Help and is shown when searching for “fast” in System Settings, however, the option is hidden/missing in the pref pane when selected. Filed FB18155517 (macOS 26 beta: No Fast User Switching?)

Subject: iOS Fails to Fetch AASA File for Internationalized Domain Names (IDN) in Unicode or Punycode Format Dear Apple Developer Relations Team And Community Members, We are reporting a critical bug in the iOS Associated Domains feature that prevents Universal Links from working for apps using Internationalized Domain Names (IDN). Problem Description: The iOS operating system does not attempt to download the apple-app-site-association (AASA) file for domains containing non-ASCII characters (e.g., diacritics, Cyrillic). This failure occurs regardless of whether the domain is specified in the app's entitlements in its human-readable Unicode format (e.g., montréal.ca) or its encoded Punycode format (e.g., xn--montral-fya.ca, xn--e1afka0abm4b.xn--p1ai). Without fetching and validating this file, Universal Links are not activated, and the system fails to establish a connection between the website and our app. Steps to Reproduce: Create an app with the Associated Domains entitlement enabled. Add an IDN to the entitlement. We tested both formats: Format A (Unicode): applinks://montréal.ca Format B (Punycode): applinks://xn--montral-fya.ca Host a valid AASA file on our server at the correct, accessible well-known URLs for both domain representations: For montréal.ca: https://montréal.ca/.well-known/apple-app-site-association and https://xn--montral-fya.ca/.well-known/apple-app-site-association Install the app on a device running the latest iOS version. Monitor network traffic using a tool like Charles Proxy. Observed Result: No HTTP GET request is made to any of the AASA URLs for the domains montréal.ca (in either Unicode or Punycode format) upon app installation. The system does not initiate the domain validation process. In contrast, for a standard ASCII domain (e.g., applinks://example.com), the AASA fetch is triggered immediately and is observed in the network log. Expected Result: iOS should correctly resolve the Internationalized Domain Name (whether specified in Unicode or Punycode format in the entitlement) and perform an HTTP GET request to fetch the AASA file from the /.well-known path, identical to its behavior for ASCII domains. Evidence & Configuration: Our server is configured correctly: SSL certificates are valid, the AASA file is served with the correct application/json MIME type, and is directly accessible via a browser or curl. The AASA file's syntax has been validated and is correct. The issue is reproducible on the latest versions of iOS. Impact: This bug blocks a core platform feature for millions of users in regions that use non-Latin scripts (e.g., France, Russia, China, Arab states). It makes it impossible to use Universal Links with our primary domains, severely degrading the user experience and forcing us to seek suboptimal workarounds like registering separate ASCII domains. Request: We kindly request that you investigate and log this issue as a bug in iOS and forward it to the appropriate engineering team for a fix in an upcoming update. We are prepared to provide any additional information, demo projects, or server access to assist in diagnostics. Thank you for your attention to this serious matter.

Hi everyone, on iOS, when a VoIP call arrives and the user accepts it from the lock screen (after unlocking with Face ID/Touch ID), is there any way to automatically bring my app to the foreground and show the in-app call screen, instead of staying in the system CallKit UI?

Hello, After being in the AppStore for more than a year with the app working perfectly, yesterday I started seeing that WeatherKit requests failed with Failed to generate jwt token for: com.apple.weatherkit.authservice with error: Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" Encountered an error when fetching weather data subset; location=<+41.40217108,+2.20023642> +/- 0.00m (speed -1.00 mps / course -1.00) @ 13/12/25, 12:20:35 Central European Standard Time, error=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors 2 Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" I checked on developer.apple.com and we still have everything turned on and No changes were made from an already deployed app; and we pay 200$ a month for WeatherKit, this is unacceptable since it's not the first time WeatherKit randomly decides to stop working. More fun facts: the widget works fine...

We have found a large number of memory-related crashes in iOS18, and multiple issues have finally pointed to this crash line xzm_xzone_malloc_tiny_outlined. Do not know how to solve it now

This is a bit of a headscratcher. Xcode 16 fyi. I've written a standalone watchos app (with a stub ios app). Distributes and works perfectly over Testflight. I've submitted for app store and it passed the checks an I've released it for sale. Told my brother to use a promo code to download it and show me how it looks and report me any nuisances. He tells me there's no app neither on phone (expected) nor in watch. And he checked both the Watch ios app list and the watch. I've gone through various GPTs and they've all told me the basic troubleshooting. That his watch might not be supported (wrong, it's a watch 10 ultra with latest updates and my min supported versions are hilariously low). They've suggested that I might not have the right keys for making it standalone set, also no. They suggested that skip_install shouldn't be set to no; also wrong I think they're thinking xcode 13 and below. The stub ios app has a dependency on watchos app and also has an embed directive. I also checked the archive and saw the watchos app embedded indeed. Again, the app works perfectly fine when distributed over testflight. And AFAIK that's a release build which I know for a fact because I had a problem with not giving healthkit entitlements to release (that was another but minor headscratcher at the time, when it was working over direct xcode upload). Minor detail, I've written, test(flight)ed the app in UK and in English, my brother is in Turkey. Of course now I immediately pulled the app out of sale because I don't want people paying and getting nothing, that's gonna cause a lot of trouble. So I need any help I can get to How to debug this without exposing the app and myself: is it possible to limit the release? Obviously: what could be going wrong? How the hell did I even pass app review? Is this maybe isolated to my brother's watch? I'm more than happy to share project files and/or info.plist files(end products of them, because my plists are generated from project file).

Hello. Background: Most learning resources are for leaning Swift/Objective-C. I'm pretty sure I need something different. I'm already an experienced software engineer, just new to iOS/MacOS development. My problem is not learning the language, but rather how to learn modern best practices. I cannot find examples for what I'm looking for. So much seems to be sparse on implementation details, out of date, or both. I'm trying to write an app that has a few distinct parts. The UI portion will be mostly a menu bar app, which I am not having a problem discovering resources for how to implement. The app will also have a daemon and utilize network extensions. This is where I am having trouble. What's the current best practices on how to write and launch a daemon? Should the daemon be its own library/package which is them imported into the main app? If so, which Xcode template do I use for this? Are there any Hello World! examples of this? What is the best way for a UI app to communicate with a daemon? Are there any Hello World! repositories on how to implement network extensions? Should this be done in the main UI app, or in a separate library/package? TIA

Since I updated to iOS 18, CallKit-linked caller not display on screen of CarPlay. CarPlay display only "{App Name} Caller ID". When iOS version was 17.x, CarPlay displayed caller name of CallKit-linked contact. I think CarPlay should perform the same function as iOS 17. Please review it.

In MetricKit, a metric payload comes in with a time range which usually means it contains multiple launches/sessions. How can we relate things that will change between launches or sessions such as pid and lowPowerModeEnabled from the metadata. Will there be multiple payloads for each unique value or is there some other way to use this?

Since iOS 18.4 and macOS 15.4 updating the calendar of an (ek)event (to another accounts calendar) or detaching an repeating event throws an error while saving: "Access denied" EKEventStore.save(event, span: .thisEvent, commit: true) catch { "Access denied" }

I have an app developed by using the Callkit/Call-Blocking and received feedback from individual users, when using [cxcalldirectorymanager reloadextensionwithidentifier] to write call blocking data, it returned error code 11 with the following contents: errorCode: 11 errorDomain: com.apple.callkit.database.sqlite errorDescription: sqlite3_step for query 'DELETE FROM PhoneNumberBlockingEntry WHERE extension_id =?' returned 11 (11) errorMessage 'database disk image is malformed' I want to know the reasons for this error and how to solve it，Thanks!

iOS Message Filter Extension - deferQueryRequestToNetwork(completion:) error I made a test app using the iOS App template and added a target using the Message Filter Extension template which invokes deferQueryRequestToNetwork(completion:) when receiving an SMS. The app and the extension have same "Associated Domains Capabilities" with "messagefilter" pointing to a server which receives query requests and returns proper responses. The extension has the "ILMessageFilterExtensionNetworkURL" key in Info.plist file which specifies the server URL. deferQueryRequestToNetwork(completion:) throws a com.apple.calls.messagefilter error which reads "Extension's containing app (appID ) unauthorized to defer requests to host "

My iOS app uses a Message Filter extension (via ILMessageFilterQueryHandling) and works only when run directly as the extension target. When installed normally (via TestFlight), the filter does not trigger at all — which I now believe is because iOS enforces the com.apple.developer.identitylookup entitlement at runtime. Anyone know anything about this? I put in a request for the entitlement last week but heard nothing back. Called Apple "technical" support and they had no idea what I was talking about. The documentation around this is EXTREMELY lacking in my opinion...

I’m currently developing a spam number blocking app using CallKit. I’ve confirmed that up to iOS 26 beta 5, there is a bug where number blocking doesn’t work. In my current tests, the ringtone doesn’t sound and the blocking works fine, but the call still appears in the missed calls list, which is bothersome. If the bug is fixed in future versions (as it was in previous versions), is there a way to block the number so that it also does not appear in missed calls?

In my application, I use CallKit and have supportsHolding = true set. During my phone call, another call comes in (e.g., GSM). I accept the incoming call and put the current call on hold. If I end the active call myself, everything is fine, and CallKit calls the method provider(_ provider: CXProvider, didActivate audioSession: AVAudioSession). However, if the other party ends the call, the second call remains on hold. In the application, the user clicks on unhold, and I notify CallKit that the hold has ended. But in this case, the didActivate method is not called at all. If I try to activate the audio myself after unhold, I receive the error: Domain=NSOSStatusErrorDomain Code=561017449 "Session activation failed" UserInfo={NSLocalizedDescription=Session activation failed} AVAudioSessionErrorInsufficientPriority == NSOSStatusErrorDomain Code: 561017449 What needs to be done for CallKit to activate my audio?

In a project having both an app and a website, the following two website urls are to be handed over to the corresponding app: https://www.example.com/search?plus https://www.example.com/search?query=something In AASA file, this becomes: "components": [ { "/": "/search", "?": { "plus": "", "query": "?*" } } However, finally it does not work for both urls. Only the one with "query" works by hand over to app. For investigation, I have tried this for the problematic link: "components": [ { "/": "/search", "?": "plus" } and this works. How can I get both to work? (note that for the sake of brevity, only a portion of the AASA files are shown)