If an app has a text filtering extension and associated server that the iPhone OS communicates with, then how can that communication be authenticated? In other words, how can the server verify that the request is valid and coming from the iPhone and not from some spoofer? If somebody reverse engineers the associated domain urls our of the app's info.plist or entitlement files and calls the server url directly, then how can the server detect this has occurred and the request is not coming from the iPhone OS of a handset on which the app is installed?

In iOS 18 if a number is registered with CallKit to be blocked, then if that number is also in contacts, then the number isn't blocked. If a user has added a number to their contacts, then in all probability they might not want the number blocked, so this might seem reasonable behaviour. However the point is, this is new behaviour for CallKit in iOS 18, and its never been like this before going back several years to the very first release. Why suddenly change it now, after all these years, without notice nor documentation, and take away that option from the user, should for some reason, they want to block a number which is also in their contacts. This is quite a disruptive change for apps using CallKit.

In the documentation for the Contact Provider Extension contact provider it says Use the Contact Provider framework if your app manages its own contacts and wants to make them available in other apps that use the Contacts framework. But how does an app manage its own contacts? What needs to be done differently if it manages its own contacts versus managing a user's contacts? Does the user still need to grant contacts access for example? Is there a special group/domain that should be used (how) to add app contacts? There's no mention of any of this that I can see in the documentation for CNContact or CNContactStore.

I have a real problem with XCode (15 and 16) which is that all the time it'll get stuck installing/attaching to an app. It'll be working fine one minute, I can make a code change, build, and run the app (on hardware) and everything will be fine. But then make another change, build and run again and now XCode will get stuck saying "Installing app to phone" / "Attaching to app on phone". If I click stop and try and run again now there'll be two "Installing app to phone" instances running, do it again and then there'll be three and so on. If I quit XCode and relaunch it then it does not fix the issue, I have to terminate XCode and reboot the phone. And then it'll be ok again, but only for about 10 minutes, but then it'll start doing the exact same thing again. Its impossible to work like this, having to reboot the phone every 10 minutes or so. Is there any solution or tricks? (is it possible to kill the hung task within XCode for example?)

If I run an app with a message filter extension on < iOS 18 everything is as expected, if I run the same app, without any changes on iOS 18 then it doesn't work. I've discovered that problems occur if the extension has the following code: extension MessageFilterExtension: ILMessageFilterQueryHandling, ILMessageFilterCapabilitiesQueryHandling { func handle(_ capabilitiesQueryRequest: ILMessageFilterCapabilitiesQueryRequest, context: ILMessageFilterExtensionContext, completion: @escaping (ILMessageFilterCapabilitiesQueryResponse) -> Void) { let response = ILMessageFilterCapabilitiesQueryResponse() response.transactionalSubActions = [.transactionalCarrier, .transactionalHealth, .transactionalPublicServices, .transactionalFinance, .transactionalWeather, .transactionalRewards, .transactionalOrders, .transactionalOthers, .transactionalReminders] response.transactionalSubActions = [.transactionalFinance, .transactionalOrders, .transactionalHealth] completion(response) } This code doesn't run on iOS 18, however the following code does run on iOS 18: let response = ILMessageFilterCapabilitiesQueryResponse() completion(response) I downloaded several apps from the app store which provide message filtering, within the Message app they all had one thing in common, on < iOS 18 they all show 12 filtering categories, but within iOS 18 they only show 2. So it seems the issue is endemic and effects other apps, not just mine.

If I run an app with a Message Filter Extension on iOS 18 then it works as expected, however if its installed onto a phone with iOS 17.6.1 then there is the following error: dyld[1042]: Symbol not found: _$sSo40ILMessageFilterCapabilitiesQueryResponseC14IdentityLookupE21promotionalSubActionsSaySo0abI6ActionVGvs Referenced from: &lt;C82A1045-98F4-3751-8080-413FD0B0DEEB&gt; /private/var/containers/Bundle/Application/F295C156-9B20-4927-AEFA-C6983388B193/Myapp.app/PlugIns/MyMessageFilterExtension.appex/CequintTextFilterExtension.debug.dylib Expected in: &lt;29BFFA34-9B52-3D14-A254-A0653545B72E&gt; /System/Library/Frameworks/IdentityLookup.framework/IdentityLookup (App built using XCode 16.2). Here's code causing the issue: import IdentityLookup final class MessageFilterExtension: ILMessageFilterExtension {} extension MessageFilterExtension: ILMessageFilterQueryHandling, ILMessageFilterCapabilitiesQueryHandling { func handle(_ capabilitiesQueryRequest: ILMessageFilterCapabilitiesQueryRequest, context: ILMessageFilterExtensionContext, completion: @escaping (ILMessageFilterCapabilitiesQueryResponse) -&gt; Void) { let response = ILMessageFilterCapabilitiesQueryResponse() response.transactionalSubActions = [.transactionalCarrier, .transactionalHealth, .transactionalPublicServices, .transactionalFinance, .transactionalWeather, .transactionalRewards, .transactionalOrders, .transactionalOthers, .transactionalReminders] response.promotionalSubActions = [.promotionalOffers, .promotionalOthers, .promotionalCoupons] completion(response) } Message filter sub actions were introduced in iOS 16, so why is this error occurring when the code is run on iOS 17, but its fine with iOS 18? This isn't specific to my app, its easily reproducable in two minutes - create an app, add a message filter extension target, change the template code to add a transactional or promotional sub action and then run and it'll occur. (Reported as issue FB16148083)

I've got an app which is hanging, I turned on Hang Detection and got an .ips file and the top of the hang stack has this: Dispatch queue: com.apple.main-thread (0) 0 __ulock_wait2 7 NSLog 8 _MMKVLogWithLevel <snip> MMKV is a 3rd party library being used in the app. But this looks like MMKV is calling NSLog and then that is hanging? Is that correct, if so then how and why is NSLog hanging and how to solve this issue? Here's an image of the full stack from XCode when the .ips file is imported: And here is the heaviest stack info when the .ips is opened as a text file: Heaviest stack for the main thread of the target process: 411 start + 2240 (dyld + 23940) [0x1bcacad84] 411 main + 96 (MyApp + 108384) [0x10232e760] 411 UIApplicationMain + 340 (UIKitCore + 2270528) [0x19ad20540] 411 -[UIApplication _run] + 888 (UIKitCore + 2273028) [0x19ad20f04] 411 GSEventRunModal + 164 (GraphicsServices + 13536) [0x1dd8554e0] 411 CFRunLoopRunSpecific + 608 (CoreFoundation + 211304) [0x1988a6968] 397 __CFRunLoopRun + 1996 (CoreFoundation + 213528) [0x1988a7218] 397 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16 (CoreFoundation + 226588) [0x1988aa51c] 397 _dispatch_main_queue_callback_4CF + 44 (libdispatch.dylib + 74168) [0x1a07831b8] 396 _dispatch_main_queue_drain + 1060 (libdispatch.dylib + 75244) [0x1a07835ec] 396 _dispatch_client_callout + 20 (libdispatch.dylib + 15828) [0x1a0774dd4] 396 _dispatch_call_block_and_release + 32 (libdispatch.dylib + 8508) [0x1a077313c] 396 __49-[RCTCxxBridge _prepareModulesWithDispatchGroup:]_block_invoke + 156 (MyApp + 11155392) [0x102db77c0] 396 -[RCTModuleData instance] + 816 (MyApp + 11498212) [0x102e0b2e4] 396 RCTUnsafeExecuteOnMainQueueSync + 52 (MyApp + 11906956) [0x102e6ef8c] 396 __25-[RCTModuleData instance]_block_invoke + 44 (MyApp + 11499132) [0x102e0b67c] 392 -[RCTModuleData setUpInstanceAndBridge:] + 1324 (MyApp + 11490784) [0x102e095e0] 392 __115-[RCTModuleData initWithModuleClass:bridge:moduleRegistry:viewRegistry_DEPRECATED:bundleManager:callableJSModules:]_block_invoke + 36 (MyApp + 11488056) [0x102e08b38] 392 -[MMKVNative init] + 100 (MyApp + 20934364) [0x10370aedc] 392 RCTExecuteOnMainQueue + 52 (MyApp + 11906684) [0x102e6ee7c] 392 __18-[MMKVNative init]_block_invoke + 232 (MyApp + 20934688) [0x10370b020] 392 +[MMKV initializeMMKV:] + 48 (MyApp + 9265708) [0x102bea22c] 392 +[MMKV initializeMMKV:logLevel:] + 80 (MyApp + 9265800) [0x102bea288] 392 _MMKVLogWithLevel(mmkv::MMKVLogLevel, char const*, char const*, int, char const*, ...) + 348 (MyApp + 9518596) [0x102c27e04] 392 NSLog + 56 (Foundation + 602868) [0x1977b42f4] 392 _NSLogv + 164 (Foundation + 603072) [0x1977b43c0] 392 _CFLogvEx3 + 252 (CoreFoundation + 652276) [0x1989123f4] 392 _CFLogvEx2Predicate + 352 (CoreFoundation + 652792) [0x1989125f8] 392 __CFLogCString + 84 (CoreFoundation + 652948) [0x198912694] 392 _logToStderr + 144 (CoreFoundation + 653980) [0x198912a9c] 392 __ulock_wait2 + 8 (libsystem_kernel.dylib + 59708) [0x1e1a7193c] *392 ??? (<7ABFF6F3-9E55-3D7B-8DB8-8CF19FB41EFE> + 5068548) [0xfffffff008229704]

Hello, if an associated domain is specified for an app (for example, the url of a server services an app extension text spam filtering) then what is there in place to stop somebody with malicious intentions from obtaining that url from the .plist/.entitlements file of the app and doing something with that url, such as denial of service attack or whatever?

I have a developer certificate but not a distribution certificate (its not my Apple account). Its possible to create an .xcarchive with a developer certificate, but what about a .ipa? After creating an archive, non of the distribution options within XCode will work without a dist cert. Is there another way to make an .ipa with just a dev cert? And if so is that going to be a dev build rather than a prod build (i.e. the .ipa would only install onto provisioned devices and would be no good for uploading to testflight for example)

In this Apple documentation https://developer.apple.com/documentation/xcode/acquiring-crash-reports-and-diagnostic-logs it says "If a customer reports a crash, they can transfer the crash report to either a Mac or Windows computer. See Find device crash and energy logs on a Mac or Windows computer." In the page that links to (https://help.apple.com/xcode/mac/current/#/dev0f3181c2c) it says "When an app crashes or uses excessive CPU on a device, the operating system creates a log of that event. The next time you connect the device to your Mac, the system downloads those records (known as crash or energy logs) to your Mac. " But where on your Mac, it doesn't say where. Where does it the Mac download the crash reports to?

Hello I have a few questions regarding the Live Caller ID lookup feature First question: The documentation for Live Caller ID Lookup says that "the system does not use private relay when the application is installed directly from XCode.This allows the application & the service deployment to be tested before filling out the onboarding form and setting up private relay." What is the situation regarding development distribution signed .ipas? Would they be able to bypass the private relay too? Second question: Is there anyway an application could dynamically switch which blocking dataset gets used? The use case for this is providing the option to the user whether a set of numbers gets blocked or not. If the OS makes a blocking lookup and an identity lookup, then if these always map to the same blocking dataset then it means the blocking behaviour is the same for every user there is. That means whatever decisions the server makes as to what numbers to block applies to every user. Whether to block a number of not is a fuzzy decision, it would be good if users had the ability to decide for themselves if fuzzy numbers should be blocked or not rather than have that imposed upon them. Third question: It looks from the way things are set up that 2) is not actually possible. If that is the case then will it be permitted for two endpoints to be registered with Apple? (then the app could implement more than one Live Caller ID extension which provide different blocking behaviour)? Thank you very much.

I have account holder/admin status for an Apple developer account. I would like to add a user to the account and grant them the ability to be able to generate app ids, apply for entitlements, generate/edit provisioning profiles, register devices to an app id, upload the app to Testflgith etc. etc. for just one specific app. However it seems this isn't possible. If I add them with the App Manger role, then its possible to specify the particular app which they can manage, however the App Manager role hides the Certificates, App IDs, & Profiles section, meaning they are unable to do many of these things listed about. If I change their role to Admin, then now the Certificates, App IDs, & Profiles section is now available to them, but then the apps automatically changes to all apps and its not possible to select just one. This seems like a very common scenario that occurs, but its not possible to enable. Whereby company X wants to publish an app and sub-contracts the development of that app to company Y. It seems its not possible to register developers from company Y with the level of access required to develop the app without simultaneously limiting their powers to just one app. You have a choice, give them all access to all apps, or insufficient access to just one app. Is there something I've overlooking?

I've got an existing app using storyboards and would like to incorporate the new iOS 18 ContactAccessButton() and contactAccessPicker() into the GUI. However, how can that be done? If I try to do something like add a UIView to a view controller in the storyboard, then ContactAccessButton can't be assigned to it (even though ContactAccessButton inherits from UIView). Nor can a ContactAccessButton be used as a type within the Storyboard/the View Controller. How do I go about integrating this new iOS feature into an existing app using Storyboards and view controllers?

I just received a message upon app submission saying "Although submission for App Store review was successful, you may want to correct the following issues in your next submission for App Store review. Invalid privacy manifest - The PrivacyInfo.xcprivacy file from the following path is invalid" This is due to a 3rd party dependency being used by the app, but the thing is I was able to submit the app a few weeks ago, and a few months ago prior to that, and this warning wasn't present despite the exact same version of the 3rd party dependency being in those previous submissions as for the current submission. As the deadline for including privacy manifests was earlier this year, and as the message says " you may want to correct the following issues in your next submission", then whats the point, is there any point in this message? The wording doesn't even say must or should resubmit, it simply says "may like to". Is there therefore any need to address this or not bother if the message just says "may like to"?

I made an update to my app's code to make use of the new Contact access limited permission (CNAuthorizationStatusLimited), like so: if (@available(iOS 18.0, *)) { switch ([CNContactStore authorizationStatusForEntityType:CNEntityTypeContacts]) { case CNAuthorizationStatusLimited: <snip> However, later I discovered there's another totally unrelated issue which only manifests when the app is built with XCode 16. It isn't a trivial change to workaround, so for now I would like to make a release to the app store which makes use of the new CNAuthorizationStatusLimited status but is built using XCode 15. However, building with XCode 15 results in a "Use of undeclared identifier 'CNAuthorizationStatusLimited' error. If the code were making use of a new API, I could workaround using a selector for example, however as this is an enum, is there Is there any workaround possible for this - or its just not possible to build using XCode 15 and the source code contain references to CNAuthorizationStatusLimited?