Hello Apple Developers, I’m developing an iOS app that requires access to the user’s contacts. I understand that starting from iOS 14, Apple introduced two levels of contact permissions: 1️⃣ Full Access – The app can read all contacts. 2️⃣ Limited Access – The app can only access contacts selected by the user. My Question: If a user initially grants Limited Access, is it allowed by Apple’s guidelines to request Full Access later? 🔹 I understand that re-requesting permission immediately after the user denies it is against Apple’s policies. 🔹 However, if the user has already granted Limited Access, and we first show an explanation modal explaining why Full Access is beneficial, can we then prompt them to change their settings via openAppSettings()? 🔹 Alternatively, can we use Permission.contacts.request() again to re-prompt the user for Full Access, or will iOS prevent the permission prompt from appearing again? How We Handle This in the App: 1️⃣ If a user selects Limited Access, we respect their choice and only access their selected contacts. 2️⃣ Later, if Full Access is necessary for an enhanced experience, we display a clear explanation modal explaining why the app needs Full Access. 3️⃣ If the user agrees, we attempt to guide them to openAppSettings(), allowing them to manually change the permission. 4️⃣ However, if Permission.contacts.request() can be used to directly request Full Access again, we would like to know if this is acceptable. We want to ensure that our implementation follows Apple’s privacy guidelines while providing the best user experience. Any official guidance or best practices on this matter would be greatly appreciated. Thank you in advance!

I’m seeking guidance on an issue with my iOS app’s universal link for email verification. The link successfully opens my app, but the verification logic never runs. Here is my setup and the problem details: Associated Domains & AASA I have Associated Domains set to applinks:talkio.me in Xcode. The AASA file is located at https://talkio.me/.well-known/apple-app-site-association with the following contents: { "applinks": { "apps": [], "details": [ { "appID": "VMCWZ2A2KQ.com.elbaba.Flake2", "paths": [ "/verify*" ] } ] } } The direct link we send in the email looks like: https://talkio.me/verify?mode=verifyEmail&oobCode=XYZ&apiKey=ABC When tapped, the app launches, but the universal link handler code below never logs the URL nor triggers the verifyEmailUsing logic. SceneDelegate Logic In my SceneDelegate.swift, I handle universal links in both scene(:willConnectTo:options:) and scene(:continue:userActivity:restorationHandler:): func scene(_ scene: UIScene, willConnectTo session: UISceneSession, options connectionOptions: UIScene.ConnectionOptions) { // ... if let urlContext = connectionOptions.urlContexts.first { let url = urlContext.url print("SceneDelegate: App launched with URL: (url.absoluteString)") handleUniversalLink(url: url) } } func scene(_ scene: UIScene, continue userActivity: NSUserActivity, restorationHandler: @escaping ([UIUserActivityRestoring]?) -> Void) -> Bool { print("⚠️ scene(_:continue:) got called!") guard let url = userActivity.webpageURL else { print("No webpageURL in userActivity.") return false } print("SceneDelegate: Universal Link => (url.absoluteString)") handleUniversalLink(url: url) return true } private func handleUniversalLink(url: URL) { let urlString = url.absoluteString if let oobCode = getQueryParam(urlString, named: "oobCode") { verifyEmailUsing(oobCode) } else { print("No oobCode found => not a verify link.") } } // ... Expected Log: SceneDelegate: App launched with URL: https://talkio.me/verify?mode=verifyEmail&oobCode=XYZ&apiKey=ABC However, I only see: SceneDelegate: sceneDidBecomeActive called No mention of the universal link is printed. Result: The app opens on tapping the link but does not call handleUniversalLink(...). Consequently, Auth.auth().checkActionCode(oobCode) and Auth.auth().applyActionCode(oobCode) are never triggered. What I Tried: Verified the AASA file is served over HTTPS, with content type application/json. Reinstalled the app to refresh iOS’s associated domain cache. Confirmed my Team ID (VMCWZ2A2KQ) and Bundle ID (com.elbaba.Flake2) match in the app’s entitlements. Confirmed the link path "/verify*" matches the link structure in emails. Despite these checks, the universal link logic is not invoked. Could you help me identify why the link is not recognized as a universal link and how to ensure iOS calls my SceneDelegate methods with the correct URL? Any guidance on diagnosing or resolving this universal link issue would be greatly appreciated.

Hi all, I'm working on a Screen Time-based app with gamification features for families, where both children and parents interact and compare usage stats. The endgoal of the app is to motivate for less screentime or more use of productive apps. I'm testing Apple's Family Controls API, which works great for getting data from child devices. However, this API doesn't support fetching screen time data on the parent device itself. Apps like Jomo appear to provide insights and even their own "calculations" on screen time usage directly on the parent device. I have tested a few apps that showed both the usage data for my children and myself and did some nice things with it like creating stats. I've gone through the documentation and APIs extensively, but I can’t figure out how they’re doing this. As far as I can tell the only solution would be a custom VPN or MDM. However as far as I can tell Jomo for example does not use either of those. My questions are: Am I missing some API Are apps like Jomo using private APIs which they have been granted access to from Apple? Is there any way to access similar data on a parent device without using MDM or VPN? Any guidance or clarification would be greatly appreciated!

The alarms that I am scheduling using alarmKit is not reliable at all, especially in beta 8 (Used to have this issue in previous betas, But they were inconsistent). The alarm fires anywhere after 5 mins to 45 mins from the actual scheduled time. I'll share the relevant code block here in case if it is me who is doing something wrong. This code block doesn't throw any errors and I am also able to see the scheduled alarms when I query them. The issue is with alarms not firing on the specified time let alert = AlarmPresentation.Alert( title: "Wakey Wakey!", stopButton: .init(text: "stop", textColor: .red, systemImageName: "stop.fill") ) let presentation = AlarmPresentation(alert: alert) let attributes = AlarmAttributes<CountDownAttribute>( presentation: presentation, metadata: .init(), tintColor: .orange ) let schedule = Alarm.Schedule.fixed(alarmTime) let config = AlarmManager.AlarmConfiguration( schedule: schedule, attributes: attributes ) let id = UUID() do { let alarm = try await AlarmManager.shared.schedule(id: id, configuration: config) print("Alarm set successfully for \(alarmTime) - \(alarm)") } catch { print("Failed to schedule alarm: \(error)") }

Hi all, I'm trying to set up universal links for my app but it's not working. What I want: cogover.com → Safari (website) - NOT my app *.cogover.com (any subdomain like abc.cogover.com) → My app What I did: Added applinks:*.cogover.com in Xcode Put AASA files on all subdomains They work fine (checked with curl) Problem: All links still open in Safari, not my app. I do not put AASA on my root domain cogover.com because I don't want open my app with root domain. I have checked TN3155: Debugging universal links | Apple Developer Documentation but it only say about universal link works with both root domain and subdomains. Weird thing I found: I checked how Salesforce does it - their *.force.com subdomains work perfectly. But when I tried to check their setup, (https://force.com/.well-known/apple-app-site-association) doesn't seem to exist either! So how does theirs work? Even stranger - Apple's CDN has their file cached at (https://app-site-association.cdn-apple.com/a/v1/force.com) but the actual domain doesn't serve it. Can Apple's CDN have a file cached even if it's not on the website anymore? Thanks for any help!

I have a multiplatform app for Mac and iOS, for which I am implementing a share extension. This share extension has to share settings with the app itself on both platforms. I am currently trying to achieve this by adding all targets to the same App Group and using UserDefaults with the App Group as suiteName. The app consists of three targets: A multiplatform SwiftUI app, an iOS Share Extension, and a macOS Share Extension,. Settings get persisted correctly on Mac and on the iOS 26 simulator. However, on a real iOS 26 beta 3 device, the Share Extension is unable to load UserDefaults (loading anything with the App Group as a suite name returns nil). What could cause this behavior? The following log entries are generated from the Share Extension on the iOS device, but not on the iOS simulator: Couldn't read values in CFPrefsPlistSource&lt;0x1030d3c80&gt; (Domain: MY_APP_GROUP, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: Yes): Using kCFPreferencesAnyUser with a container is only allowed for System Containers, detaching from cfprefsd 59638328 Plugin query method called (501) Invalidation handler invoked, clearing connection (501) personaAttributesForPersonaType for type:0 failed with error Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.mobile.usermanagerd.xpc was invalidated from this process." UserInfo={NSDebugDescription=The connection to service named com.apple.mobile.usermanagerd.xpc was invalidated from this process.} LaunchServices: store (null) or url (null) was nil: Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={_LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler, _LSFile=LSDReadService.mm, NSDebugDescription=process may not map database} Attempt to map database failed: permission was denied. This attempt will not be retried. Failed to initialize client context with error Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={_LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler, _LSFile=LSDReadService.mm, NSDebugDescription=process may not map database} [C:1-3] Error received: Invalidated by remote connection.

I've been reading this question: https://developer.apple.com/forums/thread/701945 and watching the videos on background tasks But can't arrive to a concrete solution. Q1: Are there any tips (or sample app) on how to handle a launch in background in a streamlined way? How to have a shared code that is ran for both 'launch in background' & 'launch in foreground'? Specifically the case I'm talking about is: You set up some observance of some OS callback at a Foo screen of your app. Example app should request and then send push-to-start live activity tokens to server. Or setup location tracking. App is then suspended and then later terminated but is eligible for relaunch App is then launched in background because it has requested a push-to-start live activity token or an update for location tracking. User DOES NOT go back to screen Foo. So at this point app is no longer tracking / listening to updates for token update or location changes. How should I architecture my code for this? I'm trying to see if there's a an approach where I can avoid having multiple places in code where I do the same thing. Currently what I'm doing is as such: Q2: Is it then correct to say that anytime you've launched your app, whether it's in foreground or background then you must immediately match 'all observations done by the previous app launch'? Like store items in UserDefaults and upon launch retrieve them and do: handleGeneralAppLaunchFlow() // ALSO if defaults.contains("didLastLaunchSetupLiveActivtiyTokenObservance") { for await ptsToken in Activity<EmojiRangers> .pushToStartTokenUpdates { ... } } if defaults.contains("didLastLaunchSetupLocationTracking") { locationManager = CLLocationManager() locationManager?.delegate = itsDelegate locationManager?.allowsBackgroundLocationUpdates = true locationManager?.showsBackgroundLocationIndicator = true locationManager?.startUpdatingLocation() } // Other checks for prior observance setup Q3: Actually I think even if app is launched in foreground then because you may not end up at screen Foo again, then you must setup things regardless of app state and just based on prior observations set. Right? Q4: And then later if the user ever made it again to screen Foo, then we just skip the re-do of the observance, or maybe to just keep things simple, we'd just redo without over-engineering things? I tried to mark my questions with Q1- Q4.

Hi Team, We are currently working on phone number lookup functionality for iOS 18 and have a few queries: When the extension sends a request to our backend server using the PIR encryption process, is the user's phone number visible to our server?

Using Apple SwiftUI Translate library: when calling: try await session.prepareTranslation() the first time, the API's Language Download sheet does not show (or shows briefly and dismisses immediately) Even when the sheet doesn't show, the keyboard is lowered, as though the sheet would be appearing, but then the keyboard raises as though the sheet was dismissed. The following Errors are printed in the console dozens of times; but on all subsequent executions, the API Language Download sheet shows as expected. The trigger code is in a function which is executed when a Translate button is tapped. Any ideas would be welcome! Console Error on first execution only LaunchServices: store (null) or url (null) was nil: Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} Attempt to map database failed: permission was denied. This attempt will not be retried. Failed to initialize client context with error Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} LaunchServices: store (null) or url (null) was nil: Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} Attempt to map database failed: permission was denied. This attempt will not be retried. Failed to initialize client context with error Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} LaunchServices: store (null) or url (null) was nil: Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} Attempt to map database failed: permission was denied. This attempt will not be retried. Failed to initialize client context with error Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} Error returned from iconservicesagent image request: <ISBundleIdentifierIcon: 0x300df3c30> BundleID: (null) digest: 7749FEEE-F663-39B4-AD68-A18CFF762CCC - <ISImageDescriptor: 0x3033b26c0> - (64.00, 64.00)@2x v:4 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: DF83A970-D4C9-3D90-BB7D-0BC21FC22E03 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} Error returned from iconservicesagent image request: <ISTypeIcon: 0x300d0fb70>,Type: com.apple.appprotection.badge.faceid - <ISImageDescriptor: 0x3033ad0e0> - (32.00, 32.00)@2x v:0 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: 648D7A72-90CB-3858-9409-5C554BB43B8E error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} Connection interrupted, finishing translation with error Error Domain=TranslationErrorDomain Code=14 "(null)" Got response from extension with error: Error Domain=TranslationErrorDomain Code=14 "(null)" Reported that remote UI finished but didn't get finished configuration, reporting the error as: Error Domain=TranslationErrorDomain Code=20 "(null)" VS terminated with error: Error Domain=_UIViewServiceErrorDomain Code=1 "(null)" UserInfo={Terminated=disconnect method} Reported that remote UI finished but didn't get finished configuration, reporting the error as: Error Domain=TranslationErrorDomain Code=14 "(null)" VS terminated with error: Error Domain=_UIViewServiceErrorDomain Code=1 "(null)" UserInfo={Terminated=disconnect method} VS terminated with error: Error Domain=_UIViewServiceErrorDomain Code=1 "(null)" UserInfo={Terminated=disconnect method} VS terminated with error: Error Domain=_UIViewServiceErrorDomain Code=1 "(null)" UserInfo={Terminated=disconnect method} VS terminated with error: Error Domain=_UIViewServiceErrorDomain Code=1 "(null)" UserInfo={Terminated=disconnect method} Trigger the Translation: // check if we need to create a translation configuration if configuration == nil { configuration = TranslationSession.Configuration.init( source: Locale.Language(identifier: sourceLanguageCode), target: Locale.Language(identifier: targetLanguageCode) ) } else { // or just update the target code then invalidate the config to re-trigger the refresh of .translationTask() configuration?.source = Locale.Language(identifier: sourceLanguageCode) configuration?.target = Locale.Language(identifier: targetLanguageCode) configuration?.invalidate() } Prepare and check if Download sheet should be presented: .translationTask(configuration) { session in do { // prepare translation & present API download sheet if lanugage download needed. try await session.prepareTranslation() } catch { print("Translate failed: \(error)") } }

Hello! I am a relatively new Apple developer and am almost done with my first app. I am implementing the Screen Time API to my app because the app is designed to help the user digitally detox and I am trying to make it so the user can select which apps they would like to monitor from a list of their apps on their phone so I am using the family activity picker but I just can't extract the data needed to track the apps. I am wondering how to do this. Thank you!

I am currently facing an issue when trying to enable Shortcut support and would greatly appreciate your assistance in resolving it. I have successfully enabled Shortcut support, and I can find my app and its respective functionalities within the Shortcuts app. However, I am unable to locate my app when attempting to create an automation within Shortcuts. I would appreciate any guidance or solutions you may offer regarding this matter.

When the iPhone is set to 12-hour time format, obtaining a timestamp similar to "2025-07-18 16:29:00" fails

We encountered an issue with iOS 26 and release version. We developed a voipout application and we created an entry in native call log on dev/prod version with our app that run under iOS 18.6 and earlier. On iOS 26 TestFlight version didn't create entry in call log but debug version did it. I don't find any clue in CallKit documentation for iOS 26 and we use action.fulfill(withDateStarted: .now) for call and end transaction and we develop under Xcode 26 Do you have any suggestion to solve our problems ?

Hello,I try to get all contacts from an iCoud Account...First I run:&lt; ?xml version="1.0" encoding="UTF-8" ?&gt; &lt; d:propfind xmlns:d="DAV: "&gt; &lt; d:prop &gt; &lt; d:current-user-principal/ &gt; &lt; /d:prop &gt; &lt; /d:propfind &gt;Then I get /xxxxxxxxxxx/carddavhome/ and run:&lt; ?xml version="1.0" encoding="UTF-8"? &gt; &lt; d:propfind xmlns:d="DAV:" xmlns:card="urn:ietf:params:xml:ns:carddav" &gt; &lt; d:prop &gt; &lt; card:addressbook-home-set/ &gt; &lt; /d:prop &gt; &lt; /d:propfind &gt;This give me the URL https://pXX-contacts.icloud.com:443/xxxxxxxxxxx/carddavhome/ then I send the following request to this URL:&lt; ?xml version="1.0" encoding="UTF-8"? &gt; &lt; d:propfind xmlns:d="DAV:" xmlns:card="urn:ietf:params:xml:ns:carddav" &gt; &lt; d:prop &gt; &lt; d:displayname/ &gt; &lt; d:resourcetype/ &gt; &lt; /d:prop &gt; &lt; /d:propfind &gt;And I get:&lt; ?xml version="1.0" encoding="UTF-8"? &gt; &lt; multistatus xmlns="DAV:" &gt; &lt; response &gt; &lt; href &gt;/xxxxxxxxxxx/carddavhome/&lt; /href &gt; &lt; propstat &gt; &lt; prop &gt; &lt; resourcetype &gt; &lt; collection/ &gt; &lt; /resourcetype &gt; &lt; /prop &gt; &lt; status &gt;HTTP/1.1 200 OK&lt; /status &gt; &lt; /propstat &gt; &lt; propstat &gt; &lt; prop &gt; &lt; displayname/ &gt; &lt; /prop &gt; &lt; status &gt;HTTP/1.1 404 Not Found&lt; /status &gt; &lt; /propstat &gt; &lt; /response &gt; &lt; /multistatus &gt;If I try to run this to the the URL https://pXX-contacts.icloud.com:443/xxxxxxxxxxx/carddavhome/contacts&lt; ?xml version="1.0" encoding="UTF-8"? &gt; &lt; card:addressbook-query xmlns:d="DAV:" xmlns:card="urn:ietf:params:xml:ns:carddav" &gt; &lt; d:prop &gt; &lt; d:getetag/ &gt; &lt; card:address-data/ &gt; &lt; /d:prop &gt; &lt; /card:addressbook-query &gt;I get: Improperly formed XML encountered, unexpected root nodeWhat is my mistake? The first 2 queries work and give me the expected results, the 3rd one should give me a list of the addressbooks and groups and the 4th one should give me all VCards.

Hi Team, We are encountering issues while implementing the live translation feature in our VoIP application using CallKit on iOS 26.0. Specifically, we are attempting to use the CXSetTranslatingCallAction transaction to enable translation programmatically during an active call. However, executing this transaction results in the following error: "Couldn't communicate with a helper application." This occurs consistently when we attempt to trigger the translation setup without user interaction. We are seeking clarification on the following points: Is it possible to enable CallKit's live translation feature using CXSetTranslatingCallAction purely programmatically, without requiring the user to interact with the system-provided Call UI? What does the above error indicate in the context of CXSetTranslatingCallAction? Are there specific conditions, entitlements, or background service requirements that must be fulfilled to communicate with CallKit? Code snippet: let translationAction = CXSetTranslatingCallAction(call: callUUID, isTranslating: true, localLocale: Locale.init(identifier: "es-ES"), remoteLocale: Locale(identifier: "en-US")) let transaction = CXTransaction(action: translationAction) callController.request(transaction) We would deeply appreciate any guidance you can provide regarding the feasibility of our approach and how to address this error. Thank you for your support.

Hey folks! I'm working on a macOS app which has a Finder Quick Action extension. It's all working fine, but I'm hitting a weird struggle with getting the icon rendering how I would like, and the docs haven't been able to help me. I want to re-use a custom SF Symbol from my app, so I've copied that from the main app's xcassets bundle to the one in the extension, and configured it for Template rendering. The icon renders in the right click menu in Finder, the Finder preview pane and the Extensions section of System Settings, but all of them render with the wrong colour in dark mode. In light mode they look fine, but in dark mode I would expect a templated icon to be rendered in white, not black. I've attached a variety of screenshots of the icons in the UI and how things are set up in Xcode (both for the symbol in the xcassets bundle, and the Info.plist) I tried reading the docs, searching Google, searching GitHub and even asking the dreaded AI, but it seems like there's not really very much information available about doing icons for Finder extensions, especially ones using a custom SF Symbol, so I would love to know if anyone here has been able to solve this in the past! Finder preview pane in light mode: Finder preview pane in dark mode: Finder quick action context menu: System Settings extension preferences: The custom symbol in my .xcassets bundle: The finder extension's Info.plist:

At present, all my apps cannot display normally

I'm encountering what appears to be a specific precedence behavior with ManagedSettingsStore.shield and would appreciate some further clarification. My current understanding is that category-level shields take precedence over individual app allowances. My test involved... Using FamilyActivityPicker to select a single target application (e.g., "Calculator," which falls under the "Utilities" category). Using FamilyActivityPicker again to select the category of that target application. I applied shields using ManagedSettingsStore (named .individual): store.shield.applicationCategories = .specific(Set([utilitiesCategoryToken])) store.shield.applications = Set([calculatorApplicationToken]) Result: The calculator app remains shielded, suggesting that the category-level shield on Utilities overrides the attempt to allow the individual app. I also tried this using a single picker, but received only the category token instead of all application tokens in that category. Is this observed precedence (where store.shield.applicationCategories effectively overrides store.shield.applications for apps within the shielded category) the intended behavior? If so, are there any mechanisms available within the main app's capabilities (potentially using a Device Activity Report Extension or Shield Extension) to allow a specific ApplicationToken if its corresponding ActivityCategoryToken is part of the store.shield.applicationCategories set? Essentially, can store.shield.applications be used to create "allow exceptions" for individual apps that fall into an otherwise shielded category? Additionally, I mentioned that selecting an entire category in the picker only returns the opaque category token, not any application tokens. Is there any way in which I could return both the category and all application tokens by just selecting the category? Any insights or pointers would be greatly appreciated!

Hi, I'm trying to setup PIR service for live caller id lookup (in python but based on swift example: https://github.com/apple/live-caller-id-lookup-example). The swift example provides utilities for database setup and encryption, but I can't find any specification about which key is used for database encryption and how the ios system knows about this key in order to be able to construct the PIR requests. So my question is how does the PIR service communicate the secret key to ios system or vice versa? (specific to the test environment, before onboarding)

My ASA file is located here https://staging.docyt.com/apple-appsite-association It downloads fine. It does not have .json extension and neither does it reside inside the ./well-known folder. Should it work? Because opening the link https://staging.docyt.com/reset-password is not opening the app installed via TestFlight . Installing via XCode however works fine. Please help