My Entitlements file contains the following (removed some non related entries): <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.associated-domains</key> <array> <string>webcredentials:app.mydomain.org</string> <string>applinks:*.mydomain.org</string> </array> </dict> </plist> Now when I tap on a link such as abc.mydomain.org, the app is not opened. If I change the generic applinks key from *.mydomain.org to a specific domain, this works correctly and it opens the app as expected. (This makes me think the website part of the AASA file is correct). Since I need to support a lot of subdomains (think about hundreds in the near future), I really need the wildcard to work. Do you have any tips on how to make this work?

Hi everyone, I've been working on an application that provides different subdomains for different customers, so we need to support app linking with all of them. However, using wildcard notation like applinks:*.domain.com doesn't work, while hardcoding applinks:subdomain.domain.com works fine. The association file is being served from both the main domain and subdomains. It used to work fine about a month ago, and I can't find any recent breaking changes on Apple's side . Any ideas why this could happen. ?

Hi, We have implemented Age Verification in iOS and wanted to test the workflow before releasing the app. How do we test the app before releasing it in production. We currently use Test Flight for testing. We created users in Sandbox but that shows just Texas in Age Assurance.

I would like to enable the app to persist a stable SIM identifier and compare it across app sessions so it can reliably detect when the user has changed SIM cards. When a SIM change is detected—especially while the device is on Wi-Fi—the app should trigger SIM-change handling (for example: refresh auth/session, reload account-specific data, and update feature availability). The implementation must be robust for: Dual-SIM and eSIM devices Temporary network unavailability or delayed carrier info Current challenge: On Wi-Fi, the existing hash can distinguish a different operator but cannot reliably detect a SIM-card-level change. We need a way to uniquely identify the SIM card itself, not just the operator.

⬇️ ANYONE ON APPLE'S SCREEN TIME TEAM, PLEASE READ THIS ⬇️ Let's summarize the situation. 3rd-party apps with screen time access can be disabled by going to Settings > Screen Time > Apps with Screen Time Access. That's fine. Now, if I want to make it harder to remove my restrictions, I can ask a friend to enter a Screen Time Passcode for me. Great idea! The problem is my Screen Time Passcode isn't requested when disabling permissions for a third-party app. It's required for modifying any other Screen Time setting EXCEPT permissions for 3rd party apps. This is frustrating. The Screen Time passcode is a great feature. Making it compatible with permissions granted through the Family Controls framework is our NUMBER ONE REQUEST from tens of thousands of users. This feature has been requested for a long time (iOS 16, iOS 17, …): https://forums.developer.apple.com/forums/thread/714651 https://forums.developer.apple.com/forums/thread/727291 https://discussions.apple.com/thread/255421819 FB13548526
 If you're a developer working on Screen Time, share your feedback below or file one using Feedback Assistant. It is very disappointing to see it wasn't implemented for iOS 18. I can't believe this would require tremendous work from the Screen Time team to make it happen, but it would be a significant improvement for the Family Controls Framework and a ray of sunshine for all the developers who have worked really hard to deliver high-quality apps using the Screen Time API. Could an Apple engineer or a Screen Time team member give us any updates? Implementing this before the public release of iOS 18 would make A LOT of developers happy.

hello last year at the WWDC Apple announced a app extension for audio playback in CarPlay for iOS apps is there a guide to add this feature because whenever I open my custom music I can hear the music playing trough the car's speakers and I see the album art, but I have no controls on the display of the car the person I white this app for is a indie producer who wants his huge collection to be available for people to enjoy there is no subscription of login

Hi, I have some scenario in which I need to reportIncoming to CallKit with same UUID 2 times. So I just need to know that, it will cause an issue of CallKit or with application.

Dear Screen Time Team! The Screen Time passcode can be brute-forced without rate limiting by repeatedly attempting guesses through the "Erase All Content and Settings" flow. This allows unlimited passcode attempts with no delay, lockout, or escalation, effectively defeating the purpose of the Screen Time passcode as a parental control mechanism. Impact: Children can bypass Screen Time protections by guessing the passcode No rate limiting enables trivial brute-force attacks (especially for 4-digit codes) Undermines trust in Screen Time as a parental control system Creates real-world safety risks for families relying on Screen Time restrictions Publicly shared methods (e.g. on TikTok) increase likelihood of widespread abuse Steps to Reproduce: Enable Screen Time and set a passcode Open Settings → General → Transfer or Reset iPhone → Erase All Content and Settings When prompted for the Screen Time passcode, enter an incorrect code Repeat the process with different guesses Expected Result: After a small number of incorrect attempts, the system should: enforce exponential backoff delays, or temporarily lock further attempts, or require Apple ID authentication Attempts should be rate-limited across system flows Actual Result: Unlimited passcode attempts are allowed No delay, lockout, or penalty is applied Enables rapid brute-force guessing of the Screen Time passcode Notes: This appears to bypass standard passcode protections that exist in other parts of iOS The issue is especially severe for 4-digit Screen Time passcodes (10,000 combinations) The attack surface is exposed through a system-level reset flow Suggested Fix: Introduce global rate limiting for Screen Time passcode attempts across all entry points Apply exponential backoff after failed attempts Require Apple ID authentication after multiple failures Consider enforcing 6-digit minimum passcodes for Screen Time Log and unify attempt counters across system components Severity: Critical (Security vulnerability enabling brute-force of parental control passcode) See TikTok: https://www.tiktok.com/@aldanaisthebest12170/video/7615053429500644621 Feedback request: FB22263276 – Frederik (one sec app)

Hello! I am experiencing some strange bugs around DeviceActivityEvents: When creating a DeviceActivityEvent we can assign a threshold and applicationTokens. The idea is, that after the user has spent said threshold on said apps, eventDidReachThreshold is called. includesPastActivity is set to false. On iOS 26 however, it happens (quite reliably after updating to a new beta seed) quite often that eventDidReachThreshold is called immediately (after a couple of seconds) instead of waiting for the threshold to be met. Is anyone else seeing similar issues on iOS 26? Only workaround I have found is to ask users to re-grant Screen Time permissions. This only holds for about two weeks though or at most until the next iOS 26 beta update is installed. Feedback filed under: FB18061981 FB18927456

On macOS 26, I've run into a situation when a user “customizes” a folder icon with Finder by assigning/changing an SF Symbol or an emoji, QLThumbnailGenerator keeps returning the stale initially retrieved folder icon (no matter whether it had been customized or not) until my app quits. After the app is re-launched, the icon is correctly retrieved once again. let generator = QLThumbnailGenerator.shared let size: CGSize = CGSize(width: 64, height: 64) let request = QLThumbnailGenerator.Request(fileAt: url, size: size, scale: NSScreen.main!.backingScaleFactor, representationTypes: .icon) request.iconMode = true do { let thumb = try await generator.generateBestRepresentation(for: request) thumb.nsImage.size = size return thumb.nsImage } catch { print("generateThumbnail: \(error)") return nil } It seems like the QuickLook Thumbnailing cache does not invalidate automatically upon folder customization. Is there any way to manually invalidate the QuickLook Thumbnailing cache?

Hello, I submitted a request for the Family Controls (Distribution) entitlement, but haven't received status update regarding approval/rejection etc. I submitted a previous contact support ticket as well. I'm wondering the timeline and also if my request went through - currently it says 'submitted' but it's remained this way for a while... I've had other developers in communities saying they were approved earlier, so curious if it's an app issue. Thank you

Hello, I am researching the technical feasibility of developing a Default Dialer App for the EU market using the specific entitlements granted under the Digital Markets Act (DMA). Our primary goal is to implement a Cellular/VoLTE-based calling system—not mVoIP—and we need to clarify whether it is possible to provide features such as STT (Speech-to-Text) and Call Summarization, which require In-call Audio Recording. Regarding the Default Dialer App Entitlement in the EU, I would like to clarify the following: Access to Raw Audio Stream: When an app is granted the Default Dialer status in the EU, does it gain programmatic access to the downlink and uplink audio streams of a cellular/VoLTE call for recording purposes? LiveCommunicationKit & Recording APIs: Does LiveCommunicationKit (or any related framework for iOS 26) provide specific APIs for a third-party dialer to capture native telephony audio? Entitlement Scope for Partners: If an EU-based partner obtains the necessary entitlements, can those entitlements be used to grant our application the authority to process cellular calls and access the associated audio data? Recommended Implementation: Are there any Apple-sanctioned methods or specific frameworks for implementing call recording for AI-driven services within the scope of the new EU-specific regulations? We need to confirm these technical boundaries to establish the implementation scope with our EU partners. Any guidance on whether a third-party app can technically and legally record cellular calls under these specific conditions would be greatly appreciated. Thank you.

Sign-in with Apple suddently broke in my App. The button trigger the system Apple sign in modal, I can sign in without errors but then nothing happens on my App. It seems it never goes in the onCompletion. SignInWithAppleButton( .signIn, onRequest: { }, onCompletion: { // Never get called } ) The button is inside a custom modal.

Hello, I am researching the technical feasibility of developing a Default Dialer App for the EU market using the specific entitlements granted under the Digital Markets Act (DMA). Our primary goal is to implement a Cellular/VoLTE-based calling system—not mVoIP—and we need to clarify whether it is possible to provide features such as STT (Speech-to-Text) and Call Summarization, which require In-call Audio Recording. Regarding the Default Dialer App Entitlement in the EU, I would like to clarify the following: Access to Raw Audio Stream: When an app is granted the Default Dialer status in the EU, does it gain programmatic access to the downlink and uplink audio streams of a cellular/VoLTE call for recording purposes? LiveCommunicationKit & Recording APIs: Does LiveCommunicationKit (or any related framework for iOS 26) provide specific APIs for a third-party dialer to capture native telephony audio? Entitlement Scope for Partners: If an EU-based partner obtains the necessary entitlements, can those entitlements be used to grant our application the authority to process cellular calls and access the associated audio data? Recommended Implementation: Are there any Apple-sanctioned methods or specific frameworks for implementing call recording for AI-driven services within the scope of the new EU-specific regulations? We need to confirm these technical boundaries to establish the implementation scope with our EU partners. Any guidance on whether a third-party app can technically and legally record cellular calls under these specific conditions would be greatly appreciated. Thank you. Access to Raw Audio Stream: When an app is granted the Default Dialer status in the EU, does it gain programmatic access to the downlink/uplink audio streams of a cellular call for recording purposes? LiveCommunicationKit & Recording: Does LiveCommunicationKit provide any specific APIs or delegates that allow a third-party dialer to capture call audio, or is the recording still restricted by the system’s sandbox? Entitlement Scope: If our EU partner obtains the necessary entitlements, can they authorize our application to handle the cellular call processing entirely, including the access to telephony audio data? AI Service Implementation: Are there any Apple-recommended ways to implement AI features (STT, Summarization) within a Default Dialer App without violating current iOS security architectures? We need to provide a clear "Feasibility Report" to our EU partners during upcoming meetings. Any technical guidance on whether a third-party app can legally and technically record cellular calls under this new EU-specific policy would be extremely helpful. Thank you.

Hi team: I recently update to Xcode 26.4, and I encountered crash when running to < iOS 26.4 both for physical device and Simulator with this log: dyld[1257]: Symbol not found: _$s9MetricKit10mxSignpost_3dso3log4name10signpostID__ySo03os_H7_type_ta_SVSo03OS_j1_F0Cs12StaticStringV0J0010OSSignpostI0VALSays7CVarArg_pGtF Referenced from: <164CCEB0-E1F8-3CE2-A934-2096C19C0A9A> /private/var/containers/Bundle/Application/EA709A68-F76F-4D97-85C6-B71D61D68389/xxx.app/xxx.debug.dylib Expected in: <9E5EC9BB-5828-329C-A2BC-038B67060298> /System/Library/Frameworks/MetricKit.framework/MetricKit Symbol not found: _$s9MetricKit10mxSignpost_3dso3log4name10signpostID__ySo03os_H7_type_ta_SVSo03OS_j1_F0Cs12StaticStringV0J0010OSSignpostI0VALSays7CVarArg_pGtF Referenced from: <164CCEB0-E1F8-3CE2-A934-2096C19C0A9A>x /private/var/containers/Bundle/Application/EA709A68-F76F-4D97-85C6-B71D61D68389/xxx.app/xxx.debug.dylib Expected in: <9E5EC9BB-5828-329C-A2BC-038B67060298> /System/Library/Frameworks/MetricKit.framework/MetricKit dyld config: DYLD_LIBRARY_PATH=/usr/lib/system/introspection DYLD_INSERT_LIBRARIES=/usr/lib/libLogRedirect.dylib:/usr/lib/libBacktraceRecording.dylib:/usr/lib/libMainThreadChecker.dylib:/usr/lib/libRPAC.dylib:/usr/lib/libViewDebuggerSupport.dylib but iOS 26.4 works well. Env: Xcode: 26.4 Simulator/Physical Device: < 26.4 macOS: 26.3 Thanks for giving any help.

Hello, I’m developing an Apple Watch companion app for my swimming application and the app keeps uninstalling/disappearing from Apple Watch. I have a specific Scheme to install it to my watches, it appears there, I can debug but after a while it disappears. It’s my first app for this device but it doesn’t seem normal to me. any idea?

Hello, I've run into an issue where AssetPacks being served locally are downloading but unable to complete. try await AssetPackManager .shared .ensureLocalAvailability(of: assetPack) This method is called but never appears to complete. Even 10 minutes after the download is finished. <NSProgress: 0x10fb4fc80> : Parent: 0x0 (portion: 0) / Fraction completed: 1.0000 / Completed: 2462633379 of 2462633379 This however does not appear to be an issue in production, as the method completes 30-60 seconds after the download has finished. Issue happens across multiple devices running 26.4.1

There appears to be a data loss bug in NSFileWrapper on macOS 26.4. It may have been around longer but I just never noticed ... So I write a RTFD file wrapper: NSFileWrapper *rtfd = [attributedString RTFDFileWrapperFromRange:NSMakeRange(0, attributedString.length) documentAttributes:@{NSDocumentTypeDocumentAttribute:NSRTFDTextDocumentType}]; Now IF I use -writeToURL:options:originalContentsURL:error: without using the NSFileWrapperWritingAtomic option and I pass in an existing URL, the followings happens: -The method returns NO and populates the NSError with NSFileWriteFileExistsError, as expected. This is what I want. -BUT the existing file is nuked. It just disappears. Foundation kills it. Poof. Another thing I gotta workaround. Getting pretty ridiculous, I must say. Just my lucky day I guess. It would be wonderful if I could work on my own features and fixing my own bugs.

I’m running an experiment around generating and importing .vcf files on iOS and wanted to sanity check expected behavior with others who may have explored this deeper. Goal Programmatically generate a vCard (v3.0) that, when imported into iOS Contacts, includes: Standard fields (name, phone, email, organization, etc.) Contact photo (PHOTO) Social profile (e.g., LinkedIn via X-SOCIALPROFILE) What I tested I tried to eliminate formatting issues by using iOS itself as the source of truth. Steps: Created a new contact directly in iOS Contacts Added name, phone, email Added a contact photo Added a social profile (LinkedIn) Exported that contact as a .vcf Deleted the contact from the device Re-imported the exported .vcf Result Core fields (name, phone, email, etc.) are restored correctly Contact photo is NOT restored Social profile is NOT restored as a native social entry This happens even though: The exported .vcf clearly contains a PHOTO field The exported .vcf includes X-SOCIALPROFILE;type=linkedin:... Additional testing I also generated my own .vcf files that closely mirror the structure produced by iOS (field order, encoding, etc.), and observed the same behavior: Photo does not reliably import Social profiles do not appear as native social entries in Contacts Question Is this expected behavior on iOS? More specifically: Are PHOTO fields intentionally ignored (or restricted) during .vcf import? Is X-SOCIALPROFILE supported for import, or only used internally/exported by Contacts? Is there any supported way to programmatically create a contact with: a photo social profile entries via .vcf import? Current understanding Based on testing, it appears that: iOS may export more data than it will accept on import Some fields (like social profiles and possibly photos) may only be fully supported when created via native APIs (e.g., Contacts framework) rather than .vcf Would appreciate confirmation or any documentation pointers if this is known behavior or if there are recommended alternatives. Closing thought If this is by design, it would be helpful to know which vCard fields are officially supported for import vs. export on iOS, since the current behavior is not entirely symmetric.

Hi folks, in my application I write some logs over debugPrint or directly over print. The application is already distributed and some part of functionality failed with application traceback. I would like to ask user for providing logs from the App. Is it possible to get those logs? Thanks Petr