Before iOS16, we can use https://developer.apple.com/documentation/coretelephony/ctcarrier But after iOS this is deprecated and has no replacement. There are some discussions on it, eg. https://developer.apple.com/forums/thread/714876 https://developer.apple.com/forums/thread/770400 Now I asked AI, then it provided this solution, to check the serviceCurrentRadioAccessTechnology, so it this ok to check the SIM card status? var hasSIMCard = false let info = CTTelephonyNetworkInfo() if let rat = info.serviceCurrentRadioAccessTechnology, rat.values.contains(where: { !$0.isEmpty }) { hasSIMCard = true. // has RAT } BTW, I can see a lot of changes in the Core Telephony framework. https://developer.apple.com/documentation/coretelephony 1.isSIMInserted https://developer.apple.com/documentation/coretelephony/ctsubscriber/issiminserted A Boolean property that indicates whether a SIM is present. iOS 18.0+ iPadOS 18.0+ This value property is true if the system finds a SIM matching the Info.plist carrier information (MCC / MNC / GID1 / GID2). Is this ok to check SIM insert status, this seems must preconfig some info in the info.plist. 2.iOS26 provide CTCellularPlanStatus https://developer.apple.com/documentation/coretelephony/ctcellularplanstatus Can I use this to check SIM status?

Hi guys, I try to create a content filter app by using network extension api. When it comes to a https/tls remote endpoint, the remoteEndpoint.hostname will always be "" instead of the actual hostname. How can I extract the actual hostname? private func filterTraffic(flow: NEFilterSocketFlow) -> NEFilterNewFlowVerdict { // Default action from settings will be used if no rules match logger.error("filter traffic...") guard let remoteEndpoint = flow.remoteEndpoint as? NWHostEndpoint else { logger.error("not a NWHostEndpoint)") return .allow() } logger.error("host name: \(remoteEndpoint.hostname)") if remoteEndpoint.hostname.hasSuffix("google.com"){ logger.error("google.com") return .drop() } return .allow() } code-block

I tried to test out the new Wi-Fi aware framework but encountered the issue in the title. My operation steps are as follows: 1) create a hello world project using Xcode 26.0 beta 2) add Wi-Fi Aware entitlement and service following the sample code in "Building peer-to-peer apps" 3) run my code on an iPhone 16 Pro and fail at the building stage. The error message is "Provisioning profile "iOS Team Provisioning Profile: [my project name]" doesn't include the com.apple.developer.wifi-aware entitlement." I also tried to build the sample app but faced the same issue.

I’m working on an iOS parental-control app that needs to block specific network traffic (e.g. certain domains or URLs). We’ve already obtained the Family Controls entitlement (since our app is explicitly a parental-control solution), but we do not use MDM to supervise devices. In testing, our NEFilterDataProvider extension only activates when the device is enrolled under a managed Family Controls profile. I am aware that we can use a PacketTunnel to achieve this but i was wondering if there is any simpler solution to this? Thanks for you time!

Just tried to re-run the code below (previously discussed https://developer.apple.com/forums/thread/747815) and filed as bug: https://feedbackassistant.apple.com/feedback/13678278 Still broken on macOS 26 first beta. Any chance anything can be done about this @eskimo? thanks, Martin import Foundation import Network let localPort: NWEndpoint.Port = 12345 var connections: [NWConnection] = [] func startFlow(remotePort: UInt16) { let params = NWParameters.udp params.allowLocalEndpointReuse = true params.requiredLocalEndpoint = NWEndpoint.hostPort(host: "0.0.0.0", port: localPort) let conn = NWConnection(host: "93.184.216.34", port: .init(rawValue: remotePort)!, using: params) conn.stateUpdateHandler = { newState in print("connection \(remotePort) did change state, new: \(newState)") } conn.start(queue: .main) connections.append(conn) } func main() { startFlow(remotePort: 23456) startFlow(remotePort: 23457) dispatchMain() } main()

Hello! I develop transparent proxy based application, and I'm receiving a lot of crash reports from macOS 15.5 for crash in __88-[NEExtensionAppProxyProviderContext setInitialFlowDivertControlSocket:extraValidation:]_block_invoke.90 when stopping. Even very old versions of my software started crashing on macOS 15.5. I checked my extension that it correctly calls setTunnelNetworkSettings:nil on proxy stop, but crash is still here. Does anybody else have this problem? Do you know any workaround for it?

Hi all, I’m developing a companion iOS app that connects to a device-created Wi-Fi hotspot to transfer videos or other files WebSocket. The challenge is: once the iPhone connects to this hotspot, it loses internet access because iOS routes all traffic through Wi-Fi. However, I’d like to keep the iPhone’s cellular data active and usable while staying connected to the local hotspot — so the app can access cloud APIs, or the user can continue using other apps that require internet access. I understand that iOS prioritizes Wi-Fi over cellular, but are there any supported workarounds or patterns (e.g., MFi programs, local-only Wi-Fi access, NEHotspotConfiguration behavior, etc.) that : • Using Wi-Fi only for local communication; • cellular to remain active for internet access. Any insights or Apple-recommended best practices would be greatly appreciated — especially any official references regarding MFi Accessory setup or NEHotspotConfiguration behavior in this context. Thanks in !

Simulator: iPhone 16 pro (iOS 26) Minimum Deployments: iOS 16.0+, not iOS 17. Here is the demo: import SwiftUI import NetworkExtension struct ContentView: View { private var monitor = NWPathMonitor() var body: some View { VStack { Text("Hello, world!") } .task { let _ = URLSession.shared } } }

Recently, my application was having trouble sending udp messages after it was reinstalled. The cause of the problem was initially that I did not grant local network permissions when I reinstalled, I was aware of the problem, so udp worked fine after I granted permissions. However, the next time I repeat the previous operation, I also do not grant local network permissions, and then turn it back on in the Settings, and udp does not work properly (no messages can be sent, the system version and code have not changed). Fortunately, udp worked after rebooting the phone, and more importantly, I was able to repeat the problem many times. So I want to know if the process between when I re-uninstall the app and deny local network permissions, and when I turn it back on in Settings, is that permissions have been granted normally, and not fake, and not required a reboot to reset something for udp to take effect. I'm not sure if it's the system, or if it's a similar situation as described here, hopefully that will help me find out

Hey everyone, I’m developing an app for visionOS where I need to display the Apple Vision Pro’s current IP address. For this I’m using the following code, which works for iOS, macOS, and visionOS in the simulator. Only on a real Apple Vision Pro it’s unable to extract an IP. Could it be that visionOS currently doesn’t allow this? Have any of you had the same experience and found a workaround? var address: String = "no ip" var ifaddr: UnsafeMutablePointer<ifaddrs>? = nil if getifaddrs(&ifaddr) == 0 { var ptr = ifaddr while ptr != nil { defer { ptr = ptr?.pointee.ifa_next } let interface = ptr?.pointee let addrFamily = interface?.ifa_addr.pointee.sa_family if addrFamily == UInt8(AF_INET) { if let name: Optional<String> = String(cString: (interface?.ifa_name)!), name == "en0" { var hostname = [CChar](repeating: 0, count: Int(NI_MAXHOST)) getnameinfo(interface?.ifa_addr, socklen_t((interface?.ifa_addr.pointee.sa_len)!), &hostname, socklen_t(hostname.count), nil, socklen_t(0), NI_NUMERICHOST) address = String(cString: hostname) } } } freeifaddrs(ifaddr) } return address } Thanks in advance for any insights or tips! Best Regards, David

Hello, I have encountered an issue with an iPhone 15PM with iOS 18.5. The NSHTTPCookieStorage failed to clear cookies, after clearing them, I was still able to retrieve them. However, on the same system NSHTTPCookie *cookie; NSHTTPCookieStorage *storage = [NSHTTPCookieStorage sharedHTTPCookieStorage]; for (cookie in [storage cookies]) { [storage deleteCookie:cookie]; } NSArray *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:[[self url] absoluteURL]]; // still able to get cookies,why???

We are developing an iOS application with a key feature designed to enhance user safety: real-time assessment of Wi-Fi network security. The "Safe Wi-Fi" feature aims to inform users about the security level of the Wi-Fi network they are currently connected to. Our goal is to provide this information seamlessly and continuously, even when the user isn't actively using the app. Currently, we've implemented this feature using a NWPathMonitor. The limitation of NWPathMonitor is that it doesn't function when the app is in a kill state. We are looking for guidance on how to achieve persistent Wi-Fi security monitoring in the background or when the app is killed. Is there any API (Public, Special API, etc) or a recommended approach that allows for real-time Wi-Fi connection monitoring (including connection changes and network details) even when the app is not actively running or is in a kill state. Thank you in advance for your help.

Hi all. I'm exploring the new URL Filter framework that supports filtering URLs in encrypted HTTPS traffic. I'm particularly interested in understanding how we can leverage this in System Extensions on macOS. Can URL Filter be implemented within a macOS System Extension? The documentation seems to focus primarily on iOS implementations. I've attempted to evaluate the "Filtering traffic by URL" sample code by running PIRService on localhost (tried both macOS native binary, and Linux container) and SimpleURLFilter on the iOS simulator (26.0 23A5260l). However, the app fails to apply the configuration with NetworkExtension.NEURLFilterManager.Error 8, and PIRService doesn't receive any requests. Is this functionality supported in the simulator environment? Does Keyword Private Information Retrieval support pattern matching or wildcards? For example, would it be possible to create rules that block URLs like "object-storage.example[.]org/malicious-user/*"? Regarding enterprise use cases: While I understand URL filtering uses Private Information Retrieval to enhance user privacy, enterprise security teams often need visibility into network traffic for security monitoring and incident response. Are there supported approaches for enterprises to monitor HTTPS URLs? Any insights or clarification would be greatly appreciated. Shay

We have a transparent proxy in a system extension. We intercept all traffic from machine using 0.0.0.0 and :: as include rules for protocol ANY. We intercept all DNS queries and forward them to a public or private DNS server based on whether its a private domain or not. In most cases, everything works fine. However, sometimes, git command (over SSH) in terminal fail to resolve DNS and receives below error: ssh: Could not resolve hostname gitserver.corp.company.com: nodename nor servname provided, or not known While investigating, we found that mDNSResponder was using HTTPS to dns.google to resolve the queries securely. DNS Request logs While this works for public domains (not how we would want by anyways), the query fails for our company private domains because Transparent Proxy cannot read the DNS query to be able to tunnel or respond to it. Several years back when secure DNS was introduced to Apple platforms, I remember in one of the WWDC sessions, it was mentioned that VPN providers will still get plain text queries even when system has secure DNS configured or available. In this case, there is no DNS proxy or any other setting to enable secure DNS on the machine except for Google public DNS configured as DNS server. So my question is: Shouldn't transparent proxy also get plain text DNS queries like PacketTunnelProvider? And is there a way to disable/block the secure DNS feature in mDNSResponder or on machine itself? Using Transparent proxy or MDM or any other config? So that transparent proxy can handle/resolve public and private domains correctly. Another thing we noticed that not all queries are going over secure channel. We still get quite a few queries over plain UDP. So is there any rule/criteria when mDNSResponder uses secure DNS and when plain text DNS over UDP?

Hello Everyone, I am currently using macOS 15.5 and XCode 16.4. I am using the following code to send/receive multicast packets on multicast group ff02::1 and port 49153 using Apple NF's NWConnectionGroup. import Network import Foundation // Creating a mutlicast group endpoint let multicastIPv6GroupEndpoint: NWEndpoint = NWEndpoint.hostPort(host: NWEndpoint.Host.ipv6(IPv6Address("ff02::1")!), port: NWEndpoint.Port("49153")!) do { let multicastGroupDescriptor: NWMulticastGroup = try NWMulticastGroup (for: [multicastIPv6GroupEndpoint]) let multicastConnectionGroupDescriptor = NWConnectionGroup (with: multicastGroupDescriptor, using: .udp) multicastConnectionGroupDescriptor.stateUpdateHandler = { state in print ("🕰️ Connection Group state: \(state)") if state == .ready { multicastConnectionGroupDescriptor.send (content: "👋🏻 Hello from the Mac 💻".data (using: .utf8)) { err in print ("➡️ Now, I am trying to send some messages.") if let err = err { print ("💥 Error sending multicast message: \(err)") } else { print ("🌚 Initial multicast message sent") } } } } multicastConnectionGroupDescriptor.setReceiveHandler { message, content, isComplete in if let content = content, let messageString = String (data: content, encoding: .utf8) { print ("⬅️ Received message: \(messageString)") } } multicastConnectionGroupDescriptor.start (queue: .global()) } catch { print ("💥 Error while creating Multicast Group: \(error)") } RunLoop.main.run() I am able to successfully create a NWConnectionGroup without any warnings/errors. The issue occurs when the stateUpdateHandler's callback gets invoked. It first gives me this warning: nw_listener_socket_inbox_create_socket IPV6_LEAVE_GROUP ff02::1.49153 failed [49: Can't assign requested address But then it shows me that the state is ready: 🕰️ Connection Group state: ready After this, when the send is performed, it gives me a bunch of errros: nw_endpoint_flow_failed_with_error [C1 ff02::1.49153 waiting parent-flow (unsatisfied (Local network prohibited), interface: en0[802.11], ipv4, ipv6, uses wifi)] already failing, returning nw_socket_connect [C1:1] connectx(7, [srcif=0, srcaddr=::.62838, dstaddr=ff02::1.49153], SAE_ASSOCID_ANY, 0, NULL, 0, NULL, SAE_CONNID_ANY) failed: [48: Address already in use] nw_socket_connect [C1:1] connectx failed (fd 7) [48: Address already in use] nw_socket_connect connectx failed [48: Address already in use] nw_endpoint_flow_failed_with_error [C1 ff02::1.49153 in_progress socket-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, ipv6, dns, uses wifi)] already failing, returning There is no other background process running on the same port. I tried using different ports as well as multicast groups but the same error persists. The same code works fine for an IPv4 multicast group. I have following questions: Why am I getting these errors specifically for IPv6 multicast group but not for IPv4 multicast group? Are there any configurations that needed to be done in order to get this working?

iOS 26 NWPathMonitor dont handle any updates - always all good.

Recently, my application was having trouble connecting socket using TCP protocol after it was reinstalled. The cause of the problem was initially that I did not grant local network permissions when I reinstalled, I was aware of the problem, so socket connect interface worked fine after I granted permissions. However, the next time I repeat the previous operation, I also do not grant local network permissions, and then turn it back on in the Settings, and socket connect interfcae does not work properly (connect interface return errno 65, the system version and code have not changed). Fortunately, socket connect success after rebooting the phone, and more importantly, I was able to repeat the problem many times. So I want to know if the process between when I re-uninstall the app and deny local network permissions, and when I turn it back on in Settings, is that permissions have been granted normally, and not fake, and not required a reboot to reset something for socket coonnect to take effect.

Hi all, I have a requirement to intercept and modify inbound connections on macOS. For example, if I’m running a server on TCP port 8080 on macOS, I want to intercept all traffic to and from this port. I’m open to working at the level of TCP flows or even raw Ethernet packets, depending on what’s feasible. I’m already successfully using NETransparentProxy to intercept outbound traffic, but I haven’t found a way to handle inbound connections using any of the Network Extension APIs. Is there any supported or alternative approach for intercepting inbound traffic (via NE, NKEs, PF, or something else)? Any guidance would be greatly appreciated. Thanks in advance!

I've a iOT companion app, in which I'll connect to iOT's Wi-Fi and then communicate the device with APIs, for the above functionality we needed local network permission So we enabled neccessary keys in info.plist and at the time of App Launch we trigger local network permission using the following code info.plist <string>This app needs local network access permission to connect with your iOT device and customize its settings</string> <key>NSBonjourServices</key> <array> <string>_network-perm._tcp</string> <string>_network-perm._udp</string> </array> Network Permission Trigger Methods import Foundation import MultipeerConnectivity class NetworkPermissionManager: NSObject { static let shared = NetworkPermissionManager() private var session: MCSession? private var advertiser: MCNearbyServiceAdvertiser? private var browser: MCNearbyServiceBrowser? private var permissionCallback: ((String) -> Void)? func requestPermission(callback: @escaping (String) -> Void) { self.permissionCallback = callback do { let peerId = MCPeerID(displayName: UUID().uuidString) session = MCSession(peer: peerId, securityIdentity: nil, encryptionPreference: .required) session?.delegate = self advertiser = MCNearbyServiceAdvertiser( peer: peerId, discoveryInfo: nil, serviceType: "network-perm" ) advertiser?.delegate = self browser = MCNearbyServiceBrowser( peer: peerId, serviceType: "network-perm" ) browser?.delegate = self advertiser?.startAdvertisingPeer() browser?.startBrowsingForPeers() // Stop after delay DispatchQueue.main.asyncAfter(deadline: .now() + 1.0) { [weak self] in self?.stopAll() // If no error occurred until now, consider permission triggered self?.permissionCallback?("granted") self?.permissionCallback = nil } } catch { permissionCallback?("error: \(error.localizedDescription)") permissionCallback = nil } } func stopAll() { advertiser?.stopAdvertisingPeer() browser?.stopBrowsingForPeers() session?.disconnect() } } extension NetworkPermissionManager: MCSessionDelegate { func session(_: MCSession, peer _: MCPeerID, didChange _: MCSessionState) {} func session(_: MCSession, didReceive _: Data, fromPeer _: MCPeerID) {} func session(_: MCSession, didReceive _: InputStream, withName _: String, fromPeer _: MCPeerID) {} func session(_: MCSession, didStartReceivingResourceWithName _: String, fromPeer _: MCPeerID, with _: Progress) {} func session(_: MCSession, didFinishReceivingResourceWithName _: String, fromPeer _: MCPeerID, at _: URL?, withError _: Error?) {} } extension NetworkPermissionManager: MCNearbyServiceAdvertiserDelegate { func advertiser(_: MCNearbyServiceAdvertiser, didReceiveInvitationFromPeer _: MCPeerID, withContext _: Data?, invitationHandler: @escaping (Bool, MCSession?) -> Void) { invitationHandler(false, nil) } func advertiser(_: MCNearbyServiceAdvertiser, didNotStartAdvertisingPeer error: Error) { print("❌ Advertising failed: \(error)") if let nsError = error as NSError?, nsError.domain == NetService.errorDomain, nsError.code == -72008 { permissionCallback?("denied") } else { permissionCallback?("error: \(error.localizedDescription)") } permissionCallback = nil stopAll() } } extension NetworkPermissionManager: MCNearbyServiceBrowserDelegate { func browser(_: MCNearbyServiceBrowser, foundPeer _: MCPeerID, withDiscoveryInfo _: [String: String]?) {} func browser(_: MCNearbyServiceBrowser, lostPeer _: MCPeerID) {} func browser(_: MCNearbyServiceBrowser, didNotStartBrowsingForPeers error: Error) { print("❌ Browsing failed: \(error)") if let nsError = error as NSError?, nsError.domain == NetService.errorDomain, nsError.code == -72008 { permissionCallback?("denied") } else { permissionCallback?("error: \(error.localizedDescription)") } permissionCallback = nil stopAll() } }``` I want to satisfy this following cases but it's not working as expected # Case1 Working App launches --> trigger permission using above code --> user granted permission --> connect to iOT's Wi-Fi using app --> Communicate via Local API ---> should return success response # Case2 Not working App launches --> trigger permission using above code --> user denied permission --> connect to iOT's Wi-Fi using app --> Communicate via Local API ---> should throw an error I double checked the permission status in the app settings there also showing disabled state In my case case 2 is also return success, even though user denied the permission I got success response. I wonder why this happens the same above 2 cases working as expected in iOS 17.x versions

Hi, I am trying to update an old prototype I made for tvOS using DNSServiceBrowse(). The target was tvOS 17. My old build from September 2023 still works fine: It can discover computers on the same local network as the Apple TV (simulator). However, now that I am using Xcode 16, the DNSServiceBrowse() callback (of type DNSServiceBrowseReply) receives the error code: -65570. The call to DNSServiceBrowse() itself returns no error, neither does the following call to DNSServiceProcessResult() — which actually triggers the call of the callback. I found nowhere in the Internet any list of possible error codes received by the callback, so I have no idea what it means. So, my first question is: What does this error code mean? (And is there any list of the possible errors somewehere, with their meaning?) Since it was a prototype, I have no provisioning profile defined for it. Could that be related to the issue? Since I will make a real app out that prototype (targeting tvOS 18), I will have to define a provisioning profile for it. Would a provisioning profile for the app solve the issue? If yes, are there any requirements for that profile that I should take into account to solve the issue? Thank you in advance for any help, Marc