We are facing a DNS resolution issue with a specific ISP, where our domain name does not resolve correctly using the system DNS. However, the same domain works as expected when a custom DNS resolver is used. On Android, this is straightforward to handle by configuring a custom DNS implementation using OkHttp / Retrofit. I am trying to implement a functionally equivalent solution in native iOS (Swift / SwiftUI). Android Reference (Working Behavior) : val dns = DnsOverHttps.Builder() .client(OkHttpClient()) .url("https://cloudflare-dns.com/dns-query".toHttpUrl()) .bootstrapDnsHosts(InetAddress.getByName("1.1.1.1")) .build() OkHttpClient.Builder() .dns(dns) .build() Attempted iOS Approach I attempted the following approach : Resolve the domain to an IP address programmatically (using DNS over HTTPS) Connect directly to the resolved IP address Set the original domain in the Host HTTP header DNS Resolution via DoH : func resolveDomain(domain: String) async throws -> String {     guard let url = URL(         string: "https://cloudflare-dns.com/dns-query?name=\(domain)&type=A"     ) else {         throw URLError(.badURL)     }     var request = URLRequest(url: url)     request.setValue("application/dns-json", forHTTPHeaderField: "accept")     let (data, _) = try await URLSession.shared.data(for: request)     let response = try JSONDecoder().decode(DNSResponse.self, from: data)     guard let ip = response.Answer?.first?.data else {         throw URLError(.cannotFindHost)     }     return ip } API Call Using Resolved IP :  func callAPIUsingCustomDNS() async throws {     let ip = try await resolveDomain(domain: "example.com")     guard let url = URL(string: "https://(ip)") else {         throw URLError(.badURL)     }     let configuration = URLSessionConfiguration.ephemeral     let session = URLSession(         configuration: configuration,         delegate: CustomURLSessionDelegate(originalHost: "example.com"),         delegateQueue: .main     )     var request = URLRequest(url: url)     request.setValue("example.com", forHTTPHeaderField: "Host")     let (_, response) = try await session.data(for: request)     print("Success: (response)") } Problem Encountered When connecting via the IP address, the TLS handshake fails with the following error: Error Domain=NSURLErrorDomain Code=-1200 "A TLS error caused the secure connection to fail." This appears to happen because iOS sends the IP address as the Server Name Indication (SNI) during the TLS handshake, while the server’s certificate is issued for the domain name. Custom URLSessionDelegate Attempt :  class CustomURLSessionDelegate: NSObject, URLSessionDelegate {     let originalHost: String     init(originalHost: String) {         self.originalHost = originalHost     }     func urlSession(         _ session: URLSession,         didReceive challenge: URLAuthenticationChallenge,         completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void     ) {         guard challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust,               let serverTrust = challenge.protectionSpace.serverTrust else {             completionHandler(.performDefaultHandling, nil)             return         }         let sslPolicy = SecPolicyCreateSSL(true, originalHost as CFString)         let basicPolicy = SecPolicyCreateBasicX509()         SecTrustSetPolicies(serverTrust, [sslPolicy, basicPolicy] as CFArray)         var error: CFError?         if SecTrustEvaluateWithError(serverTrust, &error) {             completionHandler(.useCredential, URLCredential(trust: serverTrust))         } else {             completionHandler(.cancelAuthenticationChallenge, nil)         }     } } However, TLS validation still fails because the SNI remains the IP address, not the domain. I would appreciate guidance on the supported and App Store–compliant way to handle ISP-specific DNS resolution issues on iOS. If custom DNS or SNI configuration is not supported, what alternative architectural approaches are recommended by Apple?

I would like to inquire about Apple's recommended best practices for iPhone thermal management. Specifically, what actions are developers expected to take to prevent the device from overheating? I am aware that we should subscribe to Thermal State Notifications and throttle performance accordingly—such as by reducing streaming quality or temporarily disabling active features. Beyond these measures, are there any other strategies you recommend to mitigate thermal issues and help the device cool down?

I would like to inquire about Apple's recommended best practices for iPhone thermal management. Specifically, what actions are developers expected to take to prevent the device from overheating? I am aware that we should subscribe to Thermal State Notifications and throttle performance accordingly—such as by reducing streaming quality or temporarily disabling active features. Beyond these measures, are there any other strategies you recommend to mitigate thermal issues and help the device cool down?

Hello, Regarding EKEventStore, the WWDC session mentions that “you should only have one of these for your application.” In my app, I need to use the instance on both the main thread and a background thread, and I would like to share a single instance across them. However, EKEventStore is a non-sendable type, so it cannot be shared across different isolation domains. I would like to know what the recommended best practice is for this situation. Also, do I need to protect the instance from data races by using a lock? Thank you.

Hi, this is a series of questions for the Apple developers, and also for anyone that would like to speculate. How are they able to get trees marked on the in-app map? And how come they are fairly but not completely accurately marked?

Hello, I have an Asset Pack that's a database. I need to use it in 2 apps. I'm curious at the expected functionality of cross app Asset Pack distribution as I've seen conflicting behavior. (1) Each app is required to have its own unique Background Assets Target. (2) Uploading the asset pack requires the App ID to be included. (3) I'm able to access the Asset Pack of App #1 inside of App #2 by using AssetPackManager.shared.ensureLocalAvailability(of:) with local testing (Not TestFlight) This is a technical question as originally I planned to duplicate the upload of the Asset Pack to both individual apps.

Hi everyone, I’m experiencing an issue with In-App Purchases during App Review. What works My consumable IAP products load correctly using StoreKit2. TestFlight (sandbox) purchases work perfectly. Localizations are filled in and valid. Paid Apps Agreement, banking, and tax forms are active. IAP products are properly created in App Store Connect and marked as “Developer Action Needed” only because they wait for approval with the new binary. What fails During review I received: “We found that your in-app purchase products exhibited one or more bugs which create a poor user experience. Specifically, we were not able to complete a purchase.” They didn’t provide any more technical details. Additional context The StoreKit configuration file is not included in the app archive. Product identifiers perfectly match those in App Store Connect. StoreKit2 purchase() works as expected on TestFlight. The app does not use server-side receipt validation - purchases are handled purely through StoreKit2 APIs, as recommended. My questions What could cause a situation where TestFlight purchases work but App Review cannot complete a purchase? Does Apple expect server-side receipt validation even for simple one-time consumables? Could there be a delay or sync issue causing IAP products to not be available to the reviewer yet? Is there anything I should check on the App Store Connect side beyond what I already verified? Any help or hints would be greatly appreciated - I’m stuck because everything works in sandbox but fails only for reviewers. Thanks!

Hello, I recently had an unusual experience, and I’m wondering if this is related to Apple’s policies, so I wanted to ask. While a call is in Picture-in-Picture (PIP) mode, notification pushes from the same app do not appear. The API is being triggered, but the notification banner does not show on the device. Once PIP is closed, the notifications start appearing normally again. Is this behavior enforced by Apple’s policies? What’s interesting is that banners from other apps do appear — only the banners from the app currently in PIP are not shown.

In iOS 26.1, after my app answers a VoIP call on the lock screen, tapping the bottom-left "More" button doesn't bring up the app icon to jump to the app. The same scenario works normally on iOS 26. How can I resolve this issue?

Hi Team, I have a Network Extension application and UI frontend for it. The UI frontend talks to the Network Extension using XPC, as provided by NEMachServiceName. On M2 machine, The application and XPC connection works fine on clean installation. But, when the application is upgraded, the XPC connection keeps failing. Upgrade steps: PreInstall script kills the running processes, both UI and Network Extension Let installation continue PostInstall script to launch the application after installation complete. Following code is successful to the point of resume from UI application NSXPCInterface *exportedInterface = [NSXPCInterface interfaceWithProtocol:@protocol(IPCUIObject)]; newConnection.exportedInterface = exportedInterface; newConnection.exportedObject = delegate; NSXPCInterface *remoteObjectInterface = [NSXPCInterface interfaceWithProtocol:@protocol(IPCExtObject)]; newConnection.remoteObjectInterface = remoteObjectInterface; self.currentConnection = newConnection; [newConnection resume]; But it fails to get the object id<IPCExtObject> providerProxy = [self.currentConnection remoteObjectProxyWithErrorHandler:^(NSError *registerError) { }]; Please note, this only fails for M2. For M1, this exact code is running fine. Additionally, if I uninstall the application by dropping it in Trash and then installing the newer version, then too, the application works fine.

I want to add more cipher suites. I use NWConnection to make a connection. Before I use sec_protocol_options_append_tls_ciphersuite method to add more cipher suites, I found that Apple provided 20 cipher suites shown in the client hello packet. But after I added three more cipher suites, I found that nothing changed, and still original 20 cipher suites shown in the client hello packet when I made a new connection. The following is the code about connection. I want to add three more cipher suites: tls_ciphersuite_t.ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, tls_ciphersuite_t.ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, tls_ciphersuite_t.ECDHE_RSA_WITH_AES_256_CBC_SHA384 Can you give me some advice about how to add more cipher suites? Thanks. By the way, I working on a MacOS app. Xcode version: 16 MacOS version: 15.6

Hi there, I have a plan of creating another app in the same niche, but I would like the actual subscribers to have access to the new app. So the subscribers of App 1 don't need to subscribe to App 2. Is that possible? Thanks Pedro M.R. Gregorio

Our company sells insurance and we'd like to offer annual renewals via Apple Pay on the Web. Most of the docs seem to point towards using recurringpaymentrequest but this method required an amount value which would only be calculated at renewal time. It appears that Shopify is doing something akin to what we want where they do auto payments so my question is can we do annual payments with unknown renewal prices with Apple Pay for Web ? What we cannot do is show the renewal price like this as it being insurance is almost certain to change. This is our current code which works but won't get past the regulator. const applePayPaymentRequestAnnual = { countryCode: 'GB', currencyCode: 'GBP', supportedNetworks: ['visa', 'masterCard'], merchantCapabilities: ['supports3DS'], requiredBillingContactFields: ['postalAddress', 'email'], requiredShippingContactFields: ['phone'], recurringPaymentRequest: { paymentDescription: 'Annual Insurance Renewal', regularBilling: { label: 'Annual Renewal Premium', amount: price, paymentTiming: "recurring", recurringPaymentIntervalUnit: "year", recurringPaymentStartDate: year + "-" + month + "-" + day + "T00:00:00.000Z", type: 'final' }, managementURL: window.location.protocol + '//' + window.location.host + '/manage-policy', tokenNotificationURL: window.location.protocol + '//' + window.location.host + '/apple-pay-notifications' }, lineItems: [{ label: alabel, amount: price, }], total: { label: alabel, amount: price, type: "final" }, }

I have a standalone Apple Watch app that uses Bluetooth with the bluetooth-central background mode. It seems that in watchOS 26.2, once the system terminates the BLE connection after background allowance is exceeded, the app never regains background BLE capability, even after the user returns to the foreground and interacts with it. This contradicts the documentation and the WWDC22 “Get timely alerts from Bluetooth devices on watchOS” session, which state that background BLE connectivity should be restored when the user brings the app back to the foreground. Does anyone have any insight into this behavior?

Hello, I have tried a lot to get AlarmKit to work from a controlwidget without first going into the app. So far, I have not been successful unless I also opened the app on clicking the controlwidget. Is this a known limitation?

We are getting vulnerabilities for passkit generator, used for apple wallet creation. Could you please suggest how to resolve this issue In our system we updated MIME with latest version but passkit is referring older version 1.4.1 npm audit report mime <1.4.1 Severity: high mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input - https://github.com/advisories/GHSA-wrvr-8mpx-r7pp No fix available node_modules/mime passkit * Depends on vulnerable versions of mime node_modules/passkit 2 high severity vulnerabilities Some issues need review, and may require choosing a different dependency.

After upgrading to iOS 18, crashes caused by calling null function pointers have changed their crash signal from SIGEGV to SIGKILL, making it impossible for developers to capture crash stacks using third-party components like KSCrash/PLCrashReporter. Is this a design change in iOS 18's memory protection mechanism? If so, are there any officially recommended crash capture solutions? - (void)MockCrashOnNullFunctionPointer { void (*func)(void) = NULL; func(); } Crash report comparison:

I followed the method outlined in Apple's documentation to test "Revocation of Consent." Our server received the notification sent by Apple, but the parsed data only contains the following content (some data has been modified for privacy, but the fields remain unchanged): { "receiptType": "Sandbox", "bundleId": "com.xxx.xxxxx", "receiptCreationDate": 1764932591296, "requestDate": 1764932591296, "originalPurchaseDate": 1375340400000, "originalApplicationVersion": "1.0", "appTransactionId": "705020051250081000", "originalPlatform": "iOS" } How can we identify that "a parent/guardian has revoked authorization for a specific user"? We are unable to determine which minor user should be restricted from using certain features of our app. I hope to receive a prompt response from Apple's technical experts!

iPhone 15 Pro Max and similar models are unable to connect to the AP configuration hotspot broadcast by an IoT oven equipped with the MediaTek MT7682 chip. The connection interface remains in a spinning/loading state indefinitely, preventing the completion of the device’s network provisioning workflow.

It looks like ExtensionKit (and ExtensionFoundation) is fully available on iOS 26 but there is no mention about this in WWDC. From my testing, it seems as of beta 1, ExtensionKit allows the app from one dev team to launch extension provided by another dev team. Before we start building on this, can someone from Apple help confirm this is the intentional behavior and not just beta 1 thing?