Dear Screen Time Team! The current 6 MB memory limit for the DeviceActivityMonitor extension no longer reflects the reality of modern iOS devices or the complexity of apps built on top of the Screen Time framework. When Screen Time APIs were introduced with iOS 15, hardware constraints were very different. Since then, iPhone performance and available RAM have increased significantly…but the extension memory limit has remained unchanged. My name is Frederik Riedel, and I’m the developer of the screen time app “one sec.” Our app relies heavily on FamilyControls, ManagedSettings, and DeviceActivity to provide real-time interventions that help users reduce social media usage. In practice, the 6 MB limit has become a critical bottleneck: The DeviceActivityMonitor extension frequently crashes due to memory pressure, often unpredictably. Even highly optimized implementations struggle to stay within this constraint when using Swift and multiple ManagedSettings stores. The limit makes it disproportionately difficult to build stable, maintainable, and scalable architectures on top of these frameworks. This is not just an edge case…it directly impacts reliability in production apps that depend on Screen Time APIs for core functionality. Modern system integrations like Screen Time are incredibly powerful, but they also require a reasonable amount of memory headroom to function reliably. The current limit forces developers into fragile workarounds and undermines the robustness of apps that aim to improve users’ digital wellbeing. We would greatly appreciate if you could revisit and update this restriction to better align with today’s device capabilities and developer needs. Thank you for your continued work on Screen Time and for supporting developers building meaningful experiences on top of it. Feedback: FB22279215 Best regards, Frederik Riedel (one sec app)

Starting somewhere around macOS 26.3, my sandboxed file manager spontaneously loses access to ~/Library/Mobile Documents mid-session. Setup: at launch, the user grants access to '/', '/Users', or '~' via NSOpenPanel; I store a security-scoped bookmark and call startAccessingSecurityScopedResource(). This works fine - including iCloud Drive - until some point mid-session. When it breaks, two things happen simultaneously: Enumeration fails: NSCocoaErrorDomain Code=257 (NSFileReadNoPermissionError)< NSPOSIXErrorDomain Code=1 (EPERM) Console shows the kernel refusing extension issuance: couldn't issue sandbox extension com.apple.app-sandbox.read for '/Users//Library/Mobile Documents': Operation not permitted And probing NSFileProviderManager confirms the process has been rejected system-wide: NSFileProviderManager.getDomainsWithCompletionHandler > NSFileProviderErrorDomain Code=-2001 "The application cannot be used right now." (underlying Code=-2014) What makes this specific to FP-backed paths: regular paths under the same '/' bookmark (~/Library/Application Support, etc.) stay accessible and recover normally with a fresh startAccessingSecurityScopedResource() call. Only ~/Library/Mobile Documents and its subtree fail - the entire tree, including the parent directory itself. Relaunch always restores access. What I've tried and ruled out: Re-resolving the bookmark + startAccessingSecurityScopedResource() - returns stale=false, granted=true but access is not restored; the kernel still refuses extension issuance for FP-traversing paths. NSFileCoordinator coordinated read - doesn't help; the coordinator depends on the same sandbox extension the kernel is refusing. Instantiating NSFileProviderManager(for: domain) per domain - fails with -2001 for every domain, confirming the rejection is process-wide, not path- or domain-specific. My working theory: when a FileProvider daemon (bird/cloudd/fileproviderd) restarts mid-session, the process's FP-client XPC registration is invalidated, and the kernel subsequently refuses to issue sandbox extensions for any path served by FP - even with a valid bookmark. The process seems to have no API path to re-register its FP-client identity without relaunching. Current workaround: I detect the -2001 response and prompt the user to relaunch, then do a programmatic self-relaunch if they confirm (which is obviously horribly intrusive). Questions: Is there an API that lets a sandboxed consumer app reconnect its FP-client identity mid-session, short of relaunching? Is there an entitlement or capability that would make the kernel's extension issuance resilient to FP daemon restarts? Has anyone else hit this on 26.x and found a workaround? Filed as FB22547671.

We are seeing a CloudKit private database failure for this specific container: iCloud.com.matrixqlc.photodiet.sync Failure pattern: accountStatus succeeds in some cases ensure/create custom zone succeeds but record/database-level operations consistently fail with: CKErrorDomain code = 15 CKInternalErrorDomain code = 2000 HTTP 500 Failing operations include: allRecordZones() databaseChanges(since:nil) allSubscriptions() fetch record zone metadata save record fetch record query records What makes this unusual is that the issue follows the container, not the app. On the same physical device, same Apple ID, same developer team: PhotoDiet + iCloud.com.matrixqlc.photodiet.sync => fails RepaymentCalculator + iCloud.com.matrixqlc.photodiet.sync => fails PhotoDiet + iCloud.com.matrixqlc.repaymentcalculator.sync2 => succeeds RepaymentCalculator + iCloud.com.matrixqlc.repaymentcalculator.sync2 => succeeds So this does not currently look like: app-specific entitlement/provisioning issues device/account issues CloudKit API misuse in one app record schema or app business logic issues It currently looks like the container iCloud.com.matrixqlc.photodiet.sync itself may be in a bad backend state. Sample request identifiers: RequestUUID: C8403047-0037-4D36-A7A7-CF3C83584A42 RequestUUID: 04437D9D-115E-45F5-87B5-A8CD146AE705 RequestUUID: C924B620-BAEE-403D-B944-151ADCF3419F RequestUUID: A54E79E1-6037-4533-BA09-18FBC436851C RequestUUID: 3EFD8913-3781-47CF-A48C-B651BF38EA50 RequestUUID: 2677A991-40B3-42AB-9CE5-3C4F1288EE08 Feedback Assistant ID: FB22539748 Has anyone seen a container-specific CloudKit private database failure like this, where multiple apps under the same team can access one container normally but consistently fail on another container with CKError 15 / HTTP 500?

Hi, I'm having the same issue described in https://developer.apple.com/forums/thread/690974?page=2. When connected to Xcode or when the app is in the foreground, HKObserverQuery fires correctly and my app processes step updates. But once disconnected from Xcode, background delivery stops completely and the observer callback is never called. My setup: com.apple.developer.healthkit.background-delivery entitlement is present and in the provisioning profile enableBackgroundDelivery(for: .stepCount, frequency: .immediate) returns success = true HKObserverQuery is registered on every launch including background launches I also have CMPedometer.startEventUpdates running as a supplemental trigger Background Modes includes "Background fetch" and "Background processing" Device: iPhone, iOS 17.4+ App type: App uses Screen Time / Family Controls (ManagedSettings) to block apps until a step goal is met Has anyone found a reliable fix? Any feedback from Apple engineers would be appreciated.

你好： 以下是我的问题： 问题类型：苹果内功IAP相关问题 问题详情：我的应用是免费下载，内购一次性解锁。对于没有下载过应用的人使用我创建的优惠码，会直接显示花钱付费下载。这里是我设置的问题么?

Hello, I have a question similar to this post regarding MapKit JS quota limits. I understand that we can request rate limit increases, but it is not a guaranteed increase. My app is rapidly growing. What if Apple decides to not award the limit increase? Then, the directions service of my app will stop working, which would be catastrophic for my company. I need to know if the rate limit increases are guaranteed. I need to decide early on whether to use MapKit JS or another service on, because the more time that passes, the more entangled my code will get with MapKit JS. Can we get some more information on this?

Hi Apple team, Could you please let us know the estimated timeline for approval of our OHTTP relay request? We’d appreciate any updates on the current status or next steps from your side. My request number is GZ8425KHD9. Thanks in advance.

Hi! I’m facing some difficulties while integrating with Apple external purchase API. I would like to clarify a few points in the documentation. Subscription Events Documentation mentions four subscription events: SUBSCRIPTION_START, SUBSCRIPTION_CHANGE, SUBSCRIPTION_PAYMENT, and RENEWAL. Could you clarify what SUBSCRIPTION_PAYMENT is used for? The examples indicate that we should send the tax and payment amounts in the SUBSCRIPTION_START and RENEWAL events. Should we also send them for SUBSCRIPTION_PAYMENT? 2. Unused Tokens Customers generate ACQUISITION and SERVICE tokens and send them to us. According to the documentation, we must report every token received. If we process balance transactions linked to an ACQUISITION token, should we send the SERVICE token with NO LINE ITEM? Should we continue sending the SERVICE token with NO LINE ITEM status in the following months? 3. Should we send reports only once a month? What should we do if, at the time a transaction is received, the token was active, but by the time the report is due, it has already expired? Do we still need to report it in that case? 4. What should we do if we receive a notification about an unreported token in the middle of the month? Should we send the report immediately, or should we take note of the token and include it in the report at the scheduled time at the beginning of the month? 5. Am I correct in understanding that if a user purchases a monthly subscription and cancels the renewals within the same month, the reports will contain only one event — SUBSCRIPTION_START with subscriptionDaysOfPaidService = 0? If a renewal for a monthly subscription fails and the payment is completed after a 7-day grace period, should we report 37 days or 30 days in subscriptionDaysOfPaidService in the RENEWAL event? Thank you in advance for your guidance!

Hello i am developing an apple wallet coupon/store card integration and as each pass will hold sensitive data (tokens referencing access to the monetary amount) i am concerned of the security implications of having a passkit-pass in ios stored as well as in icloud. Documentation is scarce if the pass is also stored on apple servers. It seems to be stored at least temporarily for synching with other devices of the same icloud user. Can you give details to the kind of data, encryption, duration of persistence of the pass data on centralized apple servers? Best Regards

I might be trying to achieve the impossible here, but if there's another way to go about it any advice would be appreciated. I've got an older Linux application that reflashes firmware on a connected USB HID device that I'm trying to port to macOS. Essentially the device starts as an HID interface (0x03/0x01/0x01) but to update firmware receives a simple control payload and then restarts and connects as a different (non-HID) device. However I can't open the HID device at all, I'm guessing this is some sort of permission error (SIP?). AppleUSBHostUserClient::openGated: failed to open IOUSBHostDevice... provider is already opened for exclusive access by AppleUSB20Hub hid_open_path: failed to open IOHIDDevice from mach entry: (0xE00002E2) not permitted AppleUSBXHCICommandRing::setAddress: completed with result code 4 AppleUSBHostPort::createDevice: failed to create device (0xe00002bc) AppleUSBIORequest ... transaction error ... 0xe00002ed Is there any way at all to do this on macOS? Interestingly if you run a Windows VM in VMWare or similar and connect the device to that VM it works, so there's obviously some way but I'd like to create a simple standalone tool.

Sign-in with Apple suddently broke in my App. The button trigger the system Apple sign in modal, I can sign in without errors but then nothing happens on my App. It seems it never goes in the onCompletion. SignInWithAppleButton( .signIn, onRequest: { }, onCompletion: { // Never get called } ) The button is inside a custom modal.

Here’s the formatted summary in English for your issue submission: Issue Summary We are activating a Network Extension system extension (filter-data) from a signed and notarized macOS app. Activation consistently fails with the following error: Error Message: OSSystemExtensionErrorDomain code=4 Extension not found in App bundle. Unable to find any matched extension with identifier: com.seaskylight.yksmacos.ExamNetFilter.data At the same time, sysextd logs show: no policy, cannot allow apps outside /Applications However, our host app and executable paths are already under /Applications, and the extension bundle physically exists in the expected app bundle location. Environment Information macOS: Darwin 25.4.0 Host App: /Applications/xxx.app Host Bundle ID: com.seaskylight.yksmacos System Extension Bundle ID: com.seaskylight.yksmacos.ExamNetFilter.data Team ID: BVU65MZFLK Device Management: Enrolled via DEP: No MDM Enrollment: No Reproduction Steps Install the host app to /Applications. Launch the host app via Finder or using the command: open -a "/Applications/xxx.app" Trigger OSSystemExtensionRequest activationRequestForExtension for: com.seaskylight.yksmacos.ExamNetFilter.data. Observe failure callback (code=4). Collect logs: log show --last 2m --style compact --info --debug --predicate 'process == "sysextd"' Check extension status using: systemextensionsctl list (shows 0 extension(s)) Observed Results sysextd client activation request for com.seaskylight.yksmacos.ExamNetFilter.data attempts to realize extension with identifier com.seaskylight.yksmacos.ExamNetFilter.data. Log indicates: no policy, cannot allow apps outside /Applications App-side Diagnostics (captured at failure) PID: 3249 Bundle Path: /Applications/xxx.app Real Path: /Applications/xxx.app Exec Path: /Applications/xxx.app/Contents/MacOS/xxx Real Exec Path: /Applications/xxx.app/Contents/MacOS/xxx Ext Path: /Applications/xxx.app/Contents/Library/SystemExtensions/ExamNetFilterData.systemextension Ext Exists: true Running From Helper: false Error Callback: NSError{domain=OSSystemExtensionErrorDomain code=4 desc=Extension not found in App bundle...} Additional Validation We reproduced the same failure using a minimal native host app (SysExtProbe) in /Applications that only submits the activation request for the same extension identifier. It also fails with OSSystemExtensionErrorDomain code=4, indicating this is not specific to Electron app logic. Signing / Packaging Notes Host app and system extension are signed with the same Team ID (BVU65MZFLK). System extension bundle exists under: /Applications/xxx.app/Contents/Library/SystemExtensions/ExamNetFilterData.systemextension Extension Info.plist contains bundle id: com.seaskylight.yksmacos.ExamNetFilter.data Host app includes NSSystemExtensionUsageDescription. Questions for DTS In non-MDM personal-device scenarios, what exact conditions trigger sysextd to emit: no policy, cannot allow apps outside /Applications even when both bundlePath and realpath are in /Applications? Can code=4 (“Extension not found in App bundle”) be returned for policy/state reasons even when the extension bundle is present and the identifier matches? Are there known sysextd policy/cache states that cause this behavior, and what is the recommended recovery procedure? Feel free to copy and paste this summary for your submission. If you need any further modifications or assistance, let me know!

Summary We are activating a Network Extension system extension (filter-data) from a signed and notarized macOS app. Activation consistently fails with: OSSystemExtensionErrorDomain code=4 Extension not found in App bundle. Unable to find any matched extension with identifier: com.seaskylight.yksmacos.ExamNetFilter.data At the same time, sysextd logs: no policy, cannot allow apps outside /Applications However, our host app and executable real paths are already under /Applications, and the extension bundle physically exists in the expected app bundle location. Environment macOS: Darwin 25.4.0 Host app: /Applications/xxx.app Host bundle id: com.seaskylight.yksmacos System extension bundle id: com.seaskylight.yksmacos.ExamNetFilter.data Team ID: BVU65MZFLK Device management: Enrolled via DEP: No MDM enrollment: No Reproduction Steps Install host app to /Applications. Launch host app via Finder or: open -a "/Applications/xxx.app" Trigger OSSystemExtensionRequest activationRequestForExtension for: com.seaskylight.yksmacos.ExamNetFilter.data Observe failure callback (code=4). Collect logs: log show --last 2m --style compact --info --debug --predicate 'process == "sysextd"' systemextensionsctl list (shows 0 extension(s)) Observed Results sysextd client activation request for com.seaskylight.yksmacos.ExamNetFilter.data attempting to realize extension with identifier com.seaskylight.yksmacos.ExamNetFilter.data no policy, cannot allow apps outside /Applications App-side diagnostics (captured at failure) pid=3249 bundlePath=/Applications/xxx.app bundlePathReal=/Applications/xxx.app execPath=/Applications/xxx.app/Contents/MacOS/xxx execPathReal=/Applications/xxx.app/Contents/MacOS/xxx extPath=/Applications/xxx.app/Contents/Library/SystemExtensions/ExamNetFilterData.systemextension extExists=true runningFromHelper=false Error callback NSError{domain=OSSystemExtensionErrorDomain code=4 desc=Extension not found in App bundle...} Additional Validation We reproduced the same failure using a minimal native host app (SysExtProbe) in /Applications that only submits the activation request for the same extension identifier. It also fails with OSSystemExtensionErrorDomain code=4, indicating this is not specific to Electron app logic. Signing / Packaging Notes Host app and system extension are signed with the same Team ID (BVU65MZFLK). System extension bundle exists under: /Applications/xxx.app/Contents/Library/SystemExtensions/ExamNetFilterData.systemextension Extension Info.plist contains bundle id: com.seaskylight.yksmacos.ExamNetFilter.data Host app includes NSSystemExtensionUsageDescription. Questions for DTS In non-MDM personal-device scenarios, what exact conditions trigger sysextd to emit: no policy, cannot allow apps outside /Applications even when both bundlePath and realpath are in /Applications? Can code=4 (“Extension not found in App bundle”) be returned for policy/state reasons even when extension bundle is present and identifier matches? Are there known sysextd policy/cache states that cause this behavior, and what is the recommended recovery procedure?

Hello, I am researching the technical feasibility of developing a Default Dialer App for the EU market using the specific entitlements granted under the Digital Markets Act (DMA). Our primary goal is to implement a Cellular/VoLTE-based calling system—not mVoIP—and we need to clarify whether it is possible to provide features such as STT (Speech-to-Text) and Call Summarization, which require In-call Audio Recording. Regarding the Default Dialer App Entitlement in the EU, I would like to clarify the following: Access to Raw Audio Stream: When an app is granted the Default Dialer status in the EU, does it gain programmatic access to the downlink and uplink audio streams of a cellular/VoLTE call for recording purposes? LiveCommunicationKit & Recording APIs: Does LiveCommunicationKit (or any related framework for iOS 26) provide specific APIs for a third-party dialer to capture native telephony audio? Entitlement Scope for Partners: If an EU-based partner obtains the necessary entitlements, can those entitlements be used to grant our application the authority to process cellular calls and access the associated audio data? Recommended Implementation: Are there any Apple-sanctioned methods or specific frameworks for implementing call recording for AI-driven services within the scope of the new EU-specific regulations? We need to confirm these technical boundaries to establish the implementation scope with our EU partners. Any guidance on whether a third-party app can technically and legally record cellular calls under these specific conditions would be greatly appreciated. Thank you.

Hi everyone, I'm developing a standalone Matter controller app on iOS 18+ using Apple's Matter.framework directly — without integrating with Apple Home or HomeKit. We manage our own Matter fabric and handle the full commissioning flow ourselves. Current setup: BLE-based Matter device discovery and commissioning via Matter.framework Own fabric management (not adding devices to Apple Home) During development, we rely on the "Bluetooth Central Matter Client Developer Mode" profile to enable BLE access The challenge: As we approach our App Store release, we need end users to be able to commission Matter devices without installing any developer profiles. I'm trying to figure out the correct entitlement path for a non-HomeKit Matter controller app in production. Questions: Which entitlements are required for a third-party Matter controller app using Matter.framework directly (not via HomeKit) to work in production? Is there a formal entitlement request process for something like com.apple.developer.matter.allow-setup-payload? If so, where do we initiate it? Are there additional program memberships or certifications required beyond the standard Apple Developer Program membership? We've gone through the Matter framework documentation and relevant WWDC sessions but haven't found a clear answer specifically for non-HomeKit standalone Matter controller apps. Would appreciate any input from Apple staff or developers who've shipped a similar app. Happy to provide more details if needed. Tagging for visibility: @Apple or relevant team — this involves a non-HomeKit Matter.framework usage pattern and entitlement approval process.

Hello, I have crated a DriverKit driver for macOS and iPad M-series if I ever get the mac driver working. I have the correct entittlements, and matching provisioning profile downloaded manually. The driver loads (no errors!), and is visible in ioreg below the usb device (when plugged). The issue is that I never get any log from the driver, have reduced to minimal working code (below). When I debug with lldb, I load the symbols for my driver and break on init and Start - but lldb never triggers == never calls start or init. This is also why no logs. When I unplug the device, the driver process (ps aux) keeps running, causes a hard crash of the Mac with dext remove/or kill driver.dext process. I have asked Claude - but its just running in circles: check Info.plist=ok, check entitlements=ok, check code (minimal)=ok, check iig=ok, check provisioning profile=ok, check build settings=ok, check ioreg=ok, check code signature=ok, start over I don't get any log from my driver, which is consistent with init() not being called. All logs from kernel & friends (AMFI) do show the driver loading - no errors. Any tips appreciated! // USBDriver.iig #ifndef USBDriver_h #define USBDriver_h #include <USBDriverKit/IOUSBHostInterface.iig> class USBDriver: public IOService { public: virtual bool init() override; virtual void free() override; virtual kern_return_t Start(IOService * provider) override; virtual kern_return_t Stop(IOService * provider) override; }; // USBDriver.cpp #include <os/log.h> #include <DriverKit/DriverKit.h> #include "USBDriver.h" bool USBDriver::init() { if (!super::init()) return false; os_log(OS_LOG_DEFAULT, "terminal.driver: init()"); return true; } kern_return_t IMPL(USBDriver, Start) { os_log(OS_LOG_DEFAULT, "terminal.driver: Start()"); kern_return_t ret = super::Start(provider); if (ret != kIOReturnSuccess) { os_log(OS_LOG_DEFAULT, "terminal.driver: super::Start failed: 0x%08x", ret); return ret; } os_log(OS_LOG_DEFAULT, "terminal.driver: Start() success"); return super::Start(provider); } kern_return_t IMPL(USBDriver, Stop) { os_log(OS_LOG_DEFAULT, "terminal.driver: Stop()"); return super::Stop(provider); } void USBDriver::free() { os_log(OS_LOG_DEFAULT, "terminal.driver: free()"); super::free(); }

I found this documentation that instructs you how to use CLServiceSession to defer any accidental/premature locacation permission prompts: https://developer.apple.com/documentation/corelocation/suspending-authorization-requests It says "Add the CLRequireExplicitServiceSession property to your app’s Info.plist file to opt into this control behavior." I pretty much followed this example to a T. It seemed to work, however in some cases I still manage to get a location permission prompt on a fresh install before the part of the onboarding where we'd ask the user for location permissions (with CLServiceSession now). Is there any additional information on using CLRequireExplicitServiceSession than this blurb? Googling brings up nothing. I presumed the property is a BOOL but I'm not even sure of that, as it doesn't show up in Info.plist's autocomplete suggestions and I have to manually set the type.

Hello, I have a perplexing issue with apple reviewers not having the same experience as myself regarding the paywall. This is an Expo app and uses RevenueCat and SuperWall integrations. This app is going through its first review - it is not published yet. So the app and its subscriptions are being reviewed for the first time. I should also mention that this is my first time as an app developer, so please pardon my ignorance. When I install the app from TestFlight and launch it, I see the paywall with the product prices shown and I can complete a test purchase. Same for my friends who I've asked to test for me. But the apple reviewer does not see the product prices when the paywall is shown to them. Without being able to replicate the problem I am flying blind. I don't want to re-submit the app for review only to find the same problem exists. I also need to understand what is different between my testing environment and the apple testers. If anyone can point me in the right direction here I would really appreciate the help!

Hello, I need guidance on App Store Connect product state vs StoreKit behavior during App Review. Stack: iOS app (Expo / React Native), subscriptions via RevenueCat + StoreKit. Bundle ID matches App Store Connect. RevenueCat API keys — what I’ve verified locally: With the production RevenueCat API key (iOS appl_..., same as the submitted build), everything works on local device but not when I download it from TestFlight. I have also tested with RevenueCat’s sandbox / test API key (the separate key intended for sandbox/testing). That setup works as well — I can load offerings and complete test purchases the same way What RevenueCat (SDK / dashboard health) reports: Product monthly is configured in RevenueCat. Warnings that products aren’t approved in App Store Connect yet and that the default offering has configuration issues. Apple’s product state: WAITING_FOR_REVIEW. The SDK still states that test purchases are possible. What App Review reports: After onboarding a new business account, “Activate subscription” leads to an error (plans don’t load / purchase path fails). Review suggested an app code issue. Why this is confusing: Locally, both RevenueCat key modes I tried (production and sandbox/test) work with Apple Sandbox on the device. The submitted build uses the production RevenueCat key. Review still sees a failure. Questions: For IAP in WAITING_FOR_REVIEW, should App Review always use an Apple Sandbox account to test subscriptions until the product is fully approved? Is it documented that StoreKit may not return products during review without Sandbox while the product remains WAITING_FOR_REVIEW? Has anyone else seen “works locally (prod + sandbox RevenueCat keys + Apple Sandbox) but Review fails” with the same WAITING_FOR_REVIEW state? Thanks for any official documentation or similar threads.

Hello, I am researching the technical feasibility of developing a Default Dialer App for the EU market using the specific entitlements granted under the Digital Markets Act (DMA). Our primary goal is to implement a Cellular/VoLTE-based calling system—not mVoIP—and we need to clarify whether it is possible to provide features such as STT (Speech-to-Text) and Call Summarization, which require In-call Audio Recording. Regarding the Default Dialer App Entitlement in the EU, I would like to clarify the following: Access to Raw Audio Stream: When an app is granted the Default Dialer status in the EU, does it gain programmatic access to the downlink and uplink audio streams of a cellular/VoLTE call for recording purposes? LiveCommunicationKit & Recording APIs: Does LiveCommunicationKit (or any related framework for iOS 26) provide specific APIs for a third-party dialer to capture native telephony audio? Entitlement Scope for Partners: If an EU-based partner obtains the necessary entitlements, can those entitlements be used to grant our application the authority to process cellular calls and access the associated audio data? Recommended Implementation: Are there any Apple-sanctioned methods or specific frameworks for implementing call recording for AI-driven services within the scope of the new EU-specific regulations? We need to confirm these technical boundaries to establish the implementation scope with our EU partners. Any guidance on whether a third-party app can technically and legally record cellular calls under these specific conditions would be greatly appreciated. Thank you. Access to Raw Audio Stream: When an app is granted the Default Dialer status in the EU, does it gain programmatic access to the downlink/uplink audio streams of a cellular call for recording purposes? LiveCommunicationKit & Recording: Does LiveCommunicationKit provide any specific APIs or delegates that allow a third-party dialer to capture call audio, or is the recording still restricted by the system’s sandbox? Entitlement Scope: If our EU partner obtains the necessary entitlements, can they authorize our application to handle the cellular call processing entirely, including the access to telephony audio data? AI Service Implementation: Are there any Apple-recommended ways to implement AI features (STT, Summarization) within a Default Dialer App without violating current iOS security architectures? We need to provide a clear "Feasibility Report" to our EU partners during upcoming meetings. Any technical guidance on whether a third-party app can legally and technically record cellular calls under this new EU-specific policy would be extremely helpful. Thank you.