When uploading to Testflight the following questions get posted. How to answer this question gets asked in many forums, however none of the answers are satisfactory and it seems every body misreads option two. What type of encryption algorithms does your app implement? Encryption algorithms that are proprietary or not accepted as standard by international standard bodies (IEEE, IETF, ITU, etc.) Standard encryption algorithms instead of, or in addition to, using or accessing the encryption within Apple's operating system Both algorithms mentioned above None of the algorithms mentioned above In the case where an application is using standard encryption provided by the OS itself and isn't doing anything proprietary, what should the answer be? Many people on the internet say the answer should be 2). 2) Does mention standard encryption algorithms, but everybody seems to gloss over this phrase "instead of, or in addition to, using or accessing the encryption within Apple's operating system" Two is not saying the app uses standard encryption algorithms from the OS, two is saying using standard encryption algorithms instead of or in addition to, those provided by the OS. In the above options, there is none to select for the situation where the app only uses standard algorithms from the OS. If that is what 2 is meant to be, then the grammar and English usage doesn't not actually mean that. The phrase "instead of or in addition to" changes that. So what option to choose? Is there a bug in 2 and its English grammar is incorrect and doesn't convey the actual intended meaning?

The documentation (https://developer.apple.com/documentation/BundleResources/Entitlements/com.apple.developer.associated-domains) for a message filter extension says: If you use a private web server, which is unreachable from the public internet, while developing your app, enable the alternate mode feature to bypass the CDN and connect directly to your server. <service>:<fully qualified domain>?mode=<alternate mode> Where alternate mode is one of the following: developer Specifies that only devices in developer mode can access the domain. In this mode, you can use any valid SSL certificate on your web server, including a certificate that the system doesn’t trust. What does it mean "you can use any valid SSL certificate on your web server"? Does the app have to do anything with regards to this?

I've got an app which is hanging, I turned on Hang Detection and got an .ips file and the top of the hang stack has this: Dispatch queue: com.apple.main-thread (0) 0 __ulock_wait2 7 NSLog 8 _MMKVLogWithLevel <snip> MMKV is a 3rd party library being used in the app. But this looks like MMKV is calling NSLog and then that is hanging? Is that correct, if so then how and why is NSLog hanging and how to solve this issue? Here's an image of the full stack from XCode when the .ips file is imported: And here is the heaviest stack info when the .ips is opened as a text file: Heaviest stack for the main thread of the target process: 411 start + 2240 (dyld + 23940) [0x1bcacad84] 411 main + 96 (MyApp + 108384) [0x10232e760] 411 UIApplicationMain + 340 (UIKitCore + 2270528) [0x19ad20540] 411 -[UIApplication _run] + 888 (UIKitCore + 2273028) [0x19ad20f04] 411 GSEventRunModal + 164 (GraphicsServices + 13536) [0x1dd8554e0] 411 CFRunLoopRunSpecific + 608 (CoreFoundation + 211304) [0x1988a6968] 397 __CFRunLoopRun + 1996 (CoreFoundation + 213528) [0x1988a7218] 397 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16 (CoreFoundation + 226588) [0x1988aa51c] 397 _dispatch_main_queue_callback_4CF + 44 (libdispatch.dylib + 74168) [0x1a07831b8] 396 _dispatch_main_queue_drain + 1060 (libdispatch.dylib + 75244) [0x1a07835ec] 396 _dispatch_client_callout + 20 (libdispatch.dylib + 15828) [0x1a0774dd4] 396 _dispatch_call_block_and_release + 32 (libdispatch.dylib + 8508) [0x1a077313c] 396 __49-[RCTCxxBridge _prepareModulesWithDispatchGroup:]_block_invoke + 156 (MyApp + 11155392) [0x102db77c0] 396 -[RCTModuleData instance] + 816 (MyApp + 11498212) [0x102e0b2e4] 396 RCTUnsafeExecuteOnMainQueueSync + 52 (MyApp + 11906956) [0x102e6ef8c] 396 __25-[RCTModuleData instance]_block_invoke + 44 (MyApp + 11499132) [0x102e0b67c] 392 -[RCTModuleData setUpInstanceAndBridge:] + 1324 (MyApp + 11490784) [0x102e095e0] 392 __115-[RCTModuleData initWithModuleClass:bridge:moduleRegistry:viewRegistry_DEPRECATED:bundleManager:callableJSModules:]_block_invoke + 36 (MyApp + 11488056) [0x102e08b38] 392 -[MMKVNative init] + 100 (MyApp + 20934364) [0x10370aedc] 392 RCTExecuteOnMainQueue + 52 (MyApp + 11906684) [0x102e6ee7c] 392 __18-[MMKVNative init]_block_invoke + 232 (MyApp + 20934688) [0x10370b020] 392 +[MMKV initializeMMKV:] + 48 (MyApp + 9265708) [0x102bea22c] 392 +[MMKV initializeMMKV:logLevel:] + 80 (MyApp + 9265800) [0x102bea288] 392 _MMKVLogWithLevel(mmkv::MMKVLogLevel, char const*, char const*, int, char const*, ...) + 348 (MyApp + 9518596) [0x102c27e04] 392 NSLog + 56 (Foundation + 602868) [0x1977b42f4] 392 _NSLogv + 164 (Foundation + 603072) [0x1977b43c0] 392 _CFLogvEx3 + 252 (CoreFoundation + 652276) [0x1989123f4] 392 _CFLogvEx2Predicate + 352 (CoreFoundation + 652792) [0x1989125f8] 392 __CFLogCString + 84 (CoreFoundation + 652948) [0x198912694] 392 _logToStderr + 144 (CoreFoundation + 653980) [0x198912a9c] 392 __ulock_wait2 + 8 (libsystem_kernel.dylib + 59708) [0x1e1a7193c] *392 ??? (<7ABFF6F3-9E55-3D7B-8DB8-8CF19FB41EFE> + 5068548) [0xfffffff008229704]

Hello, if an associated domain is specified for an app (for example, the url of a server services an app extension text spam filtering) then what is there in place to stop somebody with malicious intentions from obtaining that url from the .plist/.entitlements file of the app and doing something with that url, such as denial of service attack or whatever?

I have a developer certificate but not a distribution certificate (its not my Apple account). Its possible to create an .xcarchive with a developer certificate, but what about a .ipa? After creating an archive, non of the distribution options within XCode will work without a dist cert. Is there another way to make an .ipa with just a dev cert? And if so is that going to be a dev build rather than a prod build (i.e. the .ipa would only install onto provisioned devices and would be no good for uploading to testflight for example)

In the documentation for the Contact Provider Extension contact provider it says Use the Contact Provider framework if your app manages its own contacts and wants to make them available in other apps that use the Contacts framework. But how does an app manage its own contacts? What needs to be done differently if it manages its own contacts versus managing a user's contacts? Does the user still need to grant contacts access for example? Is there a special group/domain that should be used (how) to add app contacts? There's no mention of any of this that I can see in the documentation for CNContact or CNContactStore.

I have a real problem with XCode (15 and 16) which is that all the time it'll get stuck installing/attaching to an app. It'll be working fine one minute, I can make a code change, build, and run the app (on hardware) and everything will be fine. But then make another change, build and run again and now XCode will get stuck saying "Installing app to phone" / "Attaching to app on phone". If I click stop and try and run again now there'll be two "Installing app to phone" instances running, do it again and then there'll be three and so on. If I quit XCode and relaunch it then it does not fix the issue, I have to terminate XCode and reboot the phone. And then it'll be ok again, but only for about 10 minutes, but then it'll start doing the exact same thing again. Its impossible to work like this, having to reboot the phone every 10 minutes or so. Is there any solution or tricks? (is it possible to kill the hung task within XCode for example?)

If I run an app with a message filter extension on < iOS 18 everything is as expected, if I run the same app, without any changes on iOS 18 then it doesn't work. I've discovered that problems occur if the extension has the following code: extension MessageFilterExtension: ILMessageFilterQueryHandling, ILMessageFilterCapabilitiesQueryHandling { func handle(_ capabilitiesQueryRequest: ILMessageFilterCapabilitiesQueryRequest, context: ILMessageFilterExtensionContext, completion: @escaping (ILMessageFilterCapabilitiesQueryResponse) -> Void) { let response = ILMessageFilterCapabilitiesQueryResponse() response.transactionalSubActions = [.transactionalCarrier, .transactionalHealth, .transactionalPublicServices, .transactionalFinance, .transactionalWeather, .transactionalRewards, .transactionalOrders, .transactionalOthers, .transactionalReminders] response.transactionalSubActions = [.transactionalFinance, .transactionalOrders, .transactionalHealth] completion(response) } This code doesn't run on iOS 18, however the following code does run on iOS 18: let response = ILMessageFilterCapabilitiesQueryResponse() completion(response) I downloaded several apps from the app store which provide message filtering, within the Message app they all had one thing in common, on < iOS 18 they all show 12 filtering categories, but within iOS 18 they only show 2. So it seems the issue is endemic and effects other apps, not just mine.

If I run an app with a Message Filter Extension on iOS 18 then it works as expected, however if its installed onto a phone with iOS 17.6.1 then there is the following error: dyld[1042]: Symbol not found: _$sSo40ILMessageFilterCapabilitiesQueryResponseC14IdentityLookupE21promotionalSubActionsSaySo0abI6ActionVGvs Referenced from: &lt;C82A1045-98F4-3751-8080-413FD0B0DEEB&gt; /private/var/containers/Bundle/Application/F295C156-9B20-4927-AEFA-C6983388B193/Myapp.app/PlugIns/MyMessageFilterExtension.appex/CequintTextFilterExtension.debug.dylib Expected in: &lt;29BFFA34-9B52-3D14-A254-A0653545B72E&gt; /System/Library/Frameworks/IdentityLookup.framework/IdentityLookup (App built using XCode 16.2). Here's code causing the issue: import IdentityLookup final class MessageFilterExtension: ILMessageFilterExtension {} extension MessageFilterExtension: ILMessageFilterQueryHandling, ILMessageFilterCapabilitiesQueryHandling { func handle(_ capabilitiesQueryRequest: ILMessageFilterCapabilitiesQueryRequest, context: ILMessageFilterExtensionContext, completion: @escaping (ILMessageFilterCapabilitiesQueryResponse) -&gt; Void) { let response = ILMessageFilterCapabilitiesQueryResponse() response.transactionalSubActions = [.transactionalCarrier, .transactionalHealth, .transactionalPublicServices, .transactionalFinance, .transactionalWeather, .transactionalRewards, .transactionalOrders, .transactionalOthers, .transactionalReminders] response.promotionalSubActions = [.promotionalOffers, .promotionalOthers, .promotionalCoupons] completion(response) } Message filter sub actions were introduced in iOS 16, so why is this error occurring when the code is run on iOS 17, but its fine with iOS 18? This isn't specific to my app, its easily reproducable in two minutes - create an app, add a message filter extension target, change the template code to add a transactional or promotional sub action and then run and it'll occur. (Reported as issue FB16148083)

In iOS 18 if a number is registered with CallKit to be blocked, then if that number is also in contacts, then the number isn't blocked. If a user has added a number to their contacts, then in all probability they might not want the number blocked, so this might seem reasonable behaviour. However the point is, this is new behaviour for CallKit in iOS 18, and its never been like this before going back several years to the very first release. Why suddenly change it now, after all these years, without notice nor documentation, and take away that option from the user, should for some reason, they want to block a number which is also in their contacts. This is quite a disruptive change for apps using CallKit.

If an app has a text filtering extension and associated server that the iPhone OS communicates with, then how can that communication be authenticated? In other words, how can the server verify that the request is valid and coming from the iPhone and not from some spoofer? If somebody reverse engineers the associated domain urls our of the app's info.plist or entitlement files and calls the server url directly, then how can the server detect this has occurred and the request is not coming from the iPhone OS of a handset on which the app is installed?