Hello, I am starting work on adding AlarmKit to an existing project. During testing, I ran into an issue that if I hit Deny during the authorization request, I can't find any way to turn the alarm back on in settings. The only way I can get an authorization request again is by uninstalling the app and installing it again. I would like to be able to prompt my users where they can turn the Alarm back on if they accidentally hit Deny. Am I just not seeing the settings to change this somewhere?

I’m building an iOS app that uses FamilyControls + ManagedSettings + DeviceActivity. Goal: temporarily “unlock” a shielded app for N minutes, then automatically re-apply the shield when the timer expires. What I do: In the main app, when user picks an expiry (e.g. 15 min, 30 min). I start a non-repeating DeviceActivity schedule and remove the app’s ApplicationToken from ManagedSettingsStore().shield.applications. I also store activeUnlockBundleID etc. in an App Group so the DeviceActivityMonitor extension can re-lock at the end. Expected: DeviceActivityMonitor.intervalDidEnd(for:) is invoked when the non-repeating interval ends, and I re-add the token to the shield set. Actual: The app does not re-lock when the interval expires. I added OS logs as well as “debug local notifications” from the DeviceActivityMonitor extension in: init() intervalDidStart intervalDidEnd eventDidReachThreshold None of these logs or notifications ever appear, which suggests the extension is never invoked (or cannot schedule local notifications or OS logs). Environment: Device: iPhone 17 Pro iOS 26.3.1 Xcode 26.4 Running on a physical device Notification permissions for the app: granted App + extensions are in the same App Group entitlement. Extension Info.plist has: NSExtensionPointIdentifier = com.apple.deviceactivity.monitor NSExtensionPrincipalClass = $(PRODUCT_MODULE_NAME).DeviceActivityMonitorExtension Questions: Are there known limitations/requirements for DeviceActivityMonitor callbacks where intervalDidEnd doesn't to fire? Is posting local notifications / OS Logs from a DeviceActivityMonitor extension supported/reliable? If not, what’s the recommended way to verify the extension is invoked? If this looks like a platform bug, should I file Feedback Assistant? If so, what logs/artifacts are most useful?

Shouldn't it be supported? Also is there a way to disable spotlight indexing on a mounted folder? mds_stores is going wild on fskit volumes. mount -o nobrowse -t passthrough ~/Downloads ~/mnt alexf@MacBook-Pro-3 build % mount file:///Users/alexf/Downloads/ on /Users/alexf/mnt (passthrough, local, nodev, nosuid, noowners, noatime, fskit, mounted by alexf)```

Many times the device totally lost connectivity, WIFI is completely down, no ip was assigned after device wakeup. From system log I can see BPF socket for DHCP was closed and detached right after attached to en0 in DHCP INIT phase, as result even the DHCP server sent back OFFER(I see server sent OFFER back from packet capture), but there is no persistent BPF socket since it is closed reception during the entire INIT phase. It is definitely an OS issue, is it a known issue? Please help understand Why BPF socket was close right after sending DISCOVER? Default 0x0 0 0 kernel: bpf26 attached to en0 by configd:331 2026-03-25 14:06:33.625851+0100 0x31dea Default 0x0 0 0 kernel: bpf26 closed and detached from en0 fcount 0 dcount 0 by configd:331 System log and packet capture attach, please check.

I’m running into a hardware reality. MEMS sensor thermal drift. If a user zeroes out the tilt indoors at 20°C and then takes the phone outside in the cold, the accelerometer baseline shifts just enough as the device cools to throw off the readings. I want to apply a simple thermal compensation curve to the CoreMotion data to keep the "zero" perfectly level regardless of the weather. However, ProcessInfo.thermalState only gives broad buckets (nominal, fair, etc.) which doesn't help me calculate a continuous offset for a phone cooling down degree by degree. Is there any public API, or even a proxy metric, that can give me a rough battery or internal temperature integer? I don’t need high resolution decimals. Just a general device temp to offset the hardware drift. Any undocumented tricks or proxy metrics anyone has used to handle this?

I have two Macbook Pros: 14" M4 Pro (company) 16" M4 Max (personal) I work remote full-time and recently purchased 2 of the new Studio Display XDRs. Everything works perfectly however I chose to connect them to the M4 Max. I have a caldigit Element TB5 hub and can daisy chain both monitors through that perfectly. With that said, no matter how I plug them into the M4 Pro I can only ever get one to light up at a time. What I have tried to resolve it: Plug them in individually to the m4 pro Plug them in one at a time, force them to 60hz and then plug them both in. Daisy Chaining the displays Daisy Chaining the displays through the TB5 Hub Nothing works. Only one display comes on and its whichever is plugged in first. I have even tried lowering the refresh to as low as it goes on both manually then plugging them back in. Still nothing. From what I am reading it appears to be that the M4 Pro has 3 display lanes and when I plug the first studio display XDR it is using 2 lanes. If I go down to 60hz which is what the original studio display was, then it should theoretically go down to 1 display lane allowing a second to be plugged in. A bunch of people had the older studio display running 2x 5k ASD monitors on the M4 Pro. Now with the latest Studio Display XDR I am stuck. I was researching possibly editing the EDID of each to mimic the older studio display, but I don't know how to do that easily without BetterDisplay and right now I have no ability to install that. There is a chance I can get approval to run commands / BetterDisplay to get this working if a solution can be found. What I think the ultimate fix is for the firmware / macOS to realize the limitation, force the studio display XDR to 60hz when a second monitor is plugged in and they both would work. A single Studio Display XDR could run 120hz, but immediately upon plugging a second one it swaps to 60hz. I am completely fine with that scenario. I have found a few discussions about this topic with the main one being on apple discussions: https://discussions.apple.com/thread/256262701?sortBy=rank&answerId=261888577022 Someone sort of gave me this idea on Mac because they were trying to use the studio display XDR on windows and it appears to have worked with cloning an older ASD EDID on the new model: https://www.reddit.com/r/mac/comments/1s3ani5/got_studio_display_xdr_working_on_windows_pc_5k/ I don't really know what else to do. I opened a ticket with support. Case # 102853480566, but it went no where. I got disconnected during the first call after describing everything and when they reached back out they didn't even give me 2 seconds to pick up and they hung up and closed the ticket. I really don't want to return the displays because they are beautiful and work beautifully on the m4 max. They should work with 60hz on the m4 pro. Who / How / When can we get this resolved? I would be happy to work with an Apple dev / engineer to help resolve this.

Hi, I’m looking for clarification on TN3134: Network Extension provider deployment, specifically iOS deployment requirements for: packet tunnel provider DNS proxy provider From the documentation: Packet Tunnel Provider App extension (min iOS 9.0): per-app mode requires a managed device DNS Proxy Provider App extension (min iOS 11.0): supervised devices only App extension (min iOS 11.0): per-app mode requires managed devices Issue I implemented a DNS proxy using NEDNSProxyManager. Works as expected in debug builds on a local device Fails to configure when distributed via TestFlight Console Output (TestFlight build) error 10:05:39.872258-0500 nehelper The production version of *** is not allowed to create DNS proxy configurations. Use MDM to create DNS Proxy configurations for the production version of ***. Question Is it possible to distribute a DNS proxy provider for use on non-MDM / non-supervised devices? If not: Is the limitation strictly enforced at distribution/runtime? Is a packet tunnel provider the only viable alternative for App Store distribution? There is a lot of different VPN apps on the App Store that appear to work out of the box without MDM or supervision, which suggests they are using a different deployment model. Thank you for any clarification or guidance!

I'm building an app that integrates with Reminders using EventKit, but I can't find a way to access two important structures from EventKit: The groups that contain reminder lists The sections inside each reminder list (available since iOS 17) Any help or guidance would be appreciated.

Device Info: Device: iPad Pro 2022 (M2) OS: iPadOS 26.4 Network: 5GHz Wi-Fi Accessory: Apple Pencil (2nd Generation) Issue Description: Since updating to iPadOS 26, I experience periodic ping spikes during online gaming whenever Bluetooth is enabled. Since I use an Apple Pencil which requires Bluetooth, the issue affects me constantly during gaming sessions. Simply turning off Bluetooth in Settings does not fix the problem — the only way to temporarily restore normal ping is to turn off Bluetooth and then fully reboot the device. My Wi-Fi connection itself is fine, and other devices on the same 5GHz network have no issues. What I've Already Tried: Confirmed Wi-Fi is on 5GHz band (not 2.4GHz) Turning off Bluetooth + rebooting the device (temporary fix only, not a permanent solution) Reset network settings Updated to the latest iPadOS version (26.4) Important Background: When iPadOS 26 first launched, Apple Support provided a Configuration Profile that resolved the issue upon installation. However, the profile expired after approximately one week, and the problem has persisted ever since — never fixed by any subsequent update. I am currently on iPadOS 26.4 and the issue remains. My Questions: Has anyone else experienced this? Are there any known workarounds? Has Apple released an updated Configuration Profile or announced a fix for this specific issue?

The documentation for NSURL -URLByAppendingPathComponent: states: "Returns a new URL by appending a path component to the original URL." Path component is singular. But this "works" : NSURL *testURL = [applicationsDirectory URLByAppendingPathComponent:@"Evil/../../" isDirectory:YES]; So my questions are: One) Was it always this way? I can't recall if it was like this before the Foundation rewrite and I just never stumbled across? and Two) Is it intended behavior? The API seems to suggest that you append one path component on the url with this method. But I guess you can append as many as you want?

Hi, i searched some information about how widgetKit updates widgets using "reloadAllTimelines/reloadAllControls" and i know about daily limit for apps to update their widgets. I only care about how to notify user instantly about vpn status change even if app is terminated and user launch vpn connection from ControlCenter(system widget) or SysSettings, is there a way to update my app's contolCenter widgets from Tunnel if widget and tunnel extensions already have same appGroup defaults?

I have the typical StoreKit 2 manager class, where I check currentEntitlements for subscription. I have filed a feedback (FB22349195), I hope someone can take a look at it. func updateCustomerProductStatus() async { var activeSubscription: String? = nil // BUG: In some cases the currentEntitlements does not emit a transaction until the device is reboot for await result in Transaction.currentEntitlements { print("Found transaction: \(result)") // This print does not appear until a restart! do { let transaction = try checkVerified(result) // Skip revoked transactions if transaction.revocationDate != nil { print("Skipping revoked transaction for \(transaction.productID)") continue } // Skip expired subscriptions if let expirationDate = transaction.expirationDate, expirationDate < Date() { print("Skipping expired subscription for \(transaction.productID)") continue } // Check product type switch transaction.productType { case .autoRenewable: activeSubscription = transaction.productID default: break } } catch { print("Unable to verify transaction: \(error)") } } // Update state once after processing all entitlements self.activeSubscription = activeSubscription print("updateCustomerProductStatus() activeSubscription: \(activeSubscription ?? "nil")") } There is some unexpected behavior where the currentEntitlements does not emit a result until the iPhone device is reboot. This bug appeared in iOS 26.4 (and in the betas).

Hello, I submitted a request for the Family Controls (Distribution) entitlement, but haven't received status update regarding approval/rejection etc. I submitted a previous contact support ticket as well. I'm wondering the timeline and also if my request went through - currently it says 'submitted' but it's remained this way for a while... I've had other developers in communities saying they were approved earlier, so curious if it's an app issue. Thank you

Hello, I am the developer of an app called one sec which helps users to spend less time on social media: https://one-sec.app Therefore, we make heavy use of the Screen Time API, and thus ManagedSettings and ShieldActionDelegate. One feature of one sec is the so-called “Doom Scroll Emergency Brake”. This blocks a target app after a certain usage threshold (e.g. 5 minutes) and requires going through an intervention (e.g. breathing exercise) to unlock more time. That added friction makes it very effective in reducing time spent on apps. One thing that is confusing for our users is the way they are prompted to unlock more time, if they want to. They have to: Have Push Notifications enabled for one sec Exempt one sec’s notifications from being delayed by AI prioritization (otherwise they are delayed by ca. 10s) Ensure that push notifications can be delivered during foci. Understand that they have to tap on the notification, which is not very straight-forward because it does not make sense from the user’s UX perspective. This is an artificial limitation of Apple’s screen time framework which has no reason (no security / privacy implications here…). Screenshots of the current flow attached. If would be much more reasonable if there was a new ShieldActionResponse.openParentApp value that can be returned from the completion handler of the ShieldActionDelegate.handle(…) callback. We have seen different apps use private API to achieve this, but we are afraid to do the same to avoid getting banned from the App Store. It would be fair if Apple would level the playground for all apps and offer such an API officially. – Frederik PS: Tracked under FB22347946, FB18846650, FB15500681, FB15079668, FB10393561 (all without responses so far…)

We are developing an MDM agent app that uses FamilyControls with .individual authorization to enforce Screen Time restrictions (app blocking, domain blocking via ManagedSettingsStore and DeviceActivityCenter). The Problem We are actively subscribing to AuthorizationCenter.shared.$authorizationStatus to detect authorization changes. However, when the user revokes the app's FamilyControls authorization through Settings (either via Settings > Screen Time > Apps With Screen Time Access, or Settings > Apps > [Our App]), the publisher does not emit any value. All ManagedSettingsStore restrictions are lifted immediately by the system, but our app receives no notification of this change. The only scenario where the publisher reliably emits is when a debugger is attached (i.e., running directly from Xcode). Without the debugger, the publisher is completely silent — even when the app returns to foreground. Code Example We tried subscribing directly to AuthorizationCenter.shared.$authorizationStatus with no intermediary, exactly as shown in the documentation: AuthorizationCenter.shared.$authorizationStatus .sink { status in print("[DIRECT] authorizationStatus emitted: \(status)") } .store(in: &cancellables) This subscription is set up at app launch and stored in cancellables. The result is the same — the publisher does not emit when the user revokes authorization in Settings without a debugger attached. Documentation Reference The documentation for authorizationStatus states: "The status may change due to external events, such as a child graduating to an adult account, or a parent or guardian changing the status in Settings." And: "The system sets this property only after a call to requestAuthorization(for:) succeeds. It then updates the property until a call to revokeAuthorization(completionHandler:) succeeds or your app exits." This suggests the publisher should emit when the status is changed via Settings, but in our testing it does not — unless a debugger is attached. What We Verified We tested with a development-signed build (which includes the com.apple.developer.family-controls entitlement), launched from Xcode, then disconnected the debugger, killed the app, and relaunched from the home screen. Scenario Publisher emits on revocation? Running from Xcode (debugger attached) Yes, immediately Development-signed build (no debugger) No — silent even on foreground return We also confirmed: MDM configuration profiles can disable Screen Time entirely, but cannot restrict the per-app authorization toggle — the user can always freely revoke the app's Screen Time access The Security Gap This creates a significant gap for parental controls use cases: User leaves the app (app goes to background) User goes to Settings and disables Screen Time access for the app All restrictions are immediately lifted User uses the device freely User re-enables Screen Time access and opens the app Everything syncs back to normal — administrator never knows Questions Is there any supported mechanism to receive a notification (background or foreground) when FamilyControls individual authorization is revoked? We are subscribing to AuthorizationCenter.shared.$authorizationStatus but it does not emit. Is the $authorizationStatus publisher expected to work only when a debugger is attached? Is this a known limitation or a bug? Can DeviceActivityMonitor extension detect authorization revocation? Based on documentation it appears limited to schedule/threshold events, but we haven't confirmed this. Is there a planned API improvement to address this gap? Environment iOS 26.2 Xcode 26.3 Swift 6.2.4 FamilyControls .individual authorization Related Threads Screen time API can be disabled easily Changing Screen Time Passcode does not protect apps

I am planning a Core Data migration for a macOS app targeting macOS 12 and later and I would appreciate guidance on structuring the rollout to minimise risk. Context The app currently uses a SQLite store located at: ~/Library/Containers/com.company.AppName/Data/Library/Application Support/AppName I want to: Relocate the persistent store to an app group container: ~/Library/Group Containers/group.com.company.AppName Perform schema migration, including: Renaming attributes Deleting attributes Using a custom NSEntityMigrationPolicy subclass Adopt iCloud sync using NSPersistentCloudKitContainer Potentially leverage staged migration (macOS 14+) Additionally, I intend to port the app to iOS, so the end state needs to support an app group container and CloudKit with the latest schema from the outset. Questions Store relocation vs schema migration Is it advisable to perform store relocation and schema migration in a single step, or should these be separate releases? If combined, are there pitfalls when moving the SQLite file and running a migration in the same launch cycle? Custom migration policy Any best practices for structuring NSEntityMigrationPolicy when also relocating the store? Should migration policies assume the store has already been moved, or handle both concerns? Staged migration (macOS 14+) Is staged migration worth adopting when still supporting macOS 12–13? Would you gate it conditionally, or avoid it entirely for consistency? CloudKit adoption Is introducing NSPersistentCloudKitContainer in the same release as the above migrations too risky? Are there known issues when enabling CloudKit immediately after a migration? Release strategy Would you recommend: A single release handling everything Two phases: (1) store & schema migration, (2) CloudKit Or three phases: store relocation → schema migration → CloudKit Goal I want a smooth, reliable transition without data loss or duplication, particularly for existing users with non-trivial datasets. Any insights, practical experience, or recommended sequencing strategies would be very helpful.

I'm implementing a NEDNSProxyProvider on macOS 15.x and macOS 26.x. The flow works correctly up to the last step — returning the DNS response to the client via writeDatagrams. Environment: macOS 15.x, 26.x Xcode 26.x NEDNSProxyProvider with NEAppProxyUDPFlow What I'm doing: override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool { guard let udpFlow = flow as? NEAppProxyUDPFlow else { return false } udpFlow.readDatagrams { datagrams, endpoints, error in // 1. Read DNS request from client // 2. Forward to upstream DNS server via TCP // 3. Receive response from upstream // 4. Try to return response to client: udpFlow.writeDatagrams([responseData], sentBy: [endpoints.first!]) { error in // Always fails: "The datagram was too large" // responseData is 50-200 bytes — well within UDP limits } } return true } Investigation: I added logging to check the type of endpoints.first : // On macOS 15.0 and 26.3.1: // type(of: endpoints.first) → NWAddressEndpoint // Not NWHostEndpoint as expected On both macOS 15.4 and 26.3.1, readDatagrams returns [NWEndpoint] where each endpoint appears to be NWAddressEndpoint — a type that is not publicly documented. When I try to create NWHostEndpoint manually from hostname and port, and pass it to writeDatagrams, the error "The datagram was too large" still occurs in some cases. Questions: What is the correct endpoint type to pass to writeDatagrams on macOS 15.x, 26.x? Should we pass the exact same NWEndpoint objects returned by readDatagrams, or create new ones? NWEndpoint, NWHostEndpoint, and writeDatagrams are all deprecated in macOS 15. Is there a replacement API for NEAppProxyUDPFlow that works with nw_endpoint_t from the Network framework? Is the error "The datagram was too large" actually about the endpoint type rather than the data size? Any guidance would be appreciated. :-))

Hello, I am developing a URL traffic filtering system. I’ve set up a PIR server following this guide: https://developer.apple.com/documentation/networkextension/setting-up-a-pir-server-for-url-filtering According to this WWDC25 video, it appears that I need to use an OHTTP Gateway: https://developer.apple.com/videos/play/wwdc2025/234/ So, I developed an OHTTP Gateway and verified it using a test client. Following that, I built the app and installed it on a test iPhone based on this sample: https://developer.apple.com/documentation/networkextension/filtering-traffic-by-url However, I cannot find any settings related to the OHTTP URL within this sample. How should I proceed with the OHTTP configuration in this case? Thank you.

Since updating the OS to 26.4, the app has been crashing more often after I launch it. The devices on which this issue has been confirmed are as follows: ・iPhone SE (2nd generation) ・9th-generation iPad ・8th-generation iPad ・5th-generation iPad mini We have confirmed that the application functions properly on all devices prior to the OS update.

The M5 Pro does not connect to the Wi-Fi AP using RADIUS when NetworkExtension Activiate. The M1 and M2 Pro worked, but only the M5 Pro MacBook Pro did not work. If you deactivate NetworkExtension, it connects to the AP, and afterwards, it works even if you activate NetworkExtension.