How does Associated Domains Development work on watchOS? In comparison, on iOS we have Diagnostics menu that allows to input a link and test the setup. How to achieve the same on a watch? watchOS: iOS:

Hello, I am working on a DLP solution for macOS that relies on the Network Extension (NETransparentProxyProvider) for network traffic analysis. Could you please clarify: is it technically possible and officially supported to use a LaunchAgent as the container app to install and manage the Network Extension? If not, what is the recommended approach in case of GUI less application? Thank you in advance.

Context I'm building a study-timer feature for an iOS app (Flutter + native ActivityKit) that displays a Live Activity on the Lock Screen / Dynamic Island while a session is running. When the user force-quits the app by swiping it up from the App Switcher, I want the Live Activity to disappear as quickly as possible. I have already confirmed (from on-device testing and Apple Developer Forums thread 732418) that: applicationWillTerminate is not called on swipe-up force-kill, only on OS-initiated termination or crash. So synchronous Activity.end(...) from the app itself is not a solution for the force-kill path. Shortening staleDate does not visually dismiss the Live Activity once the app process is gone — the Widget Extension keeps rendering the last fresh snapshot and there is no body-reevaluation trigger on the stale transition post-app-death. (I implemented and verified this, then rolled it back.) The only Apple-official reliable mechanism is APNs push-to-end (Activity.request(pushType: .token) + server sends event: end via APNs). Current architecture I have APNs push-to-end working end-to-end. Structure: Client: Activity.request(pushType: .token), subscribe to Activity.pushTokenUpdates, forward each new token to the backend. Backend: On every client heartbeat, upsert (user_id, la_apns_token, la_activity_id, last_heartbeat) into Postgres. A separate scheduler polls for rows whose last_heartbeat < now() - grace_ttl and sends APNs event: end to the stored token. Parameters I am currently running with: Parameter Value Client heartbeat interval 60 s Orphan grace TTL (server) 135 s (heartbeat × 2.25, to absorb network jitter) Scheduler poll interval 30 s The observation End-to-end latency from "user force-kills the app" to "Live Activity disappears from Lock Screen" is: Worst case: 60 + 135 + 30 = ~225 s (~3.75 min) Typical: ~3 min (as consistently measured on iOS 26.4.1, iPhone 17 Pro Max) Theoretical minimum (if the kill happens exactly at a heartbeat boundary): ~135 s Users perceive 3 minutes as broken — the timer clearly stopped (no ticking), but the Live Activity "ghost" is still visible on the Lock Screen. My question Is there any Apple-supported mechanism to reliably tear down a Live Activity faster than ~2 minutes after the owning app's process is gone, given that applicationWillTerminate does not fire on swipe-kill? Specifically: Is there any practical lower bound below ~60 s for this scenario using the current ActivityKit + APNs model, assuming we are not willing to spam heartbeats every few seconds? I can push heartbeat to 20–30 s, but the server cost grows linearly with active sessions. Does BGAppRefreshTask / BGProcessingTask have any documented lifecycle hook that fires on user-initiated swipe-kill specifically, so that I could do a "last-heartbeat flush" just before the process dies? My understanding is that background tasks are scheduled for later and do not fire synchronously at termination. Is there any signal from APNs/ActivityKit to my server (e.g. a feedback-service-like mechanism) that indicates "this Live Activity's owning app was force-killed", which would let the server short-circuit the heartbeat-based orphan detection? Are there any new APIs in iOS 18.x or the upcoming release that address this specific force-kill → LA-dismissal latency? I could not find anything in the 18.x release notes, but I may have missed it. What I am NOT asking I am not asking how to implement APNs push-to-end (that works). I am not asking about applicationWillTerminate (I already confirmed it does not fire on swipe-kill). I am not asking about shortening staleDate as a visual workaround (I already verified it does not trigger body reevaluation post-kill). Environment iOS 26.4.1 (also reproducible on 18.x devices I have on hand) iPhone 17 Pro Max, iPhone 15 Pro, iPad Air 11-inch (M3) Xcode 26.x Activity.request(pushType: .token) with ActivityContent + custom stalenessInterval = 120s APNs HTTP/2 via token auth (.p8), targeting api.push.apple.com in production apns-push-type: liveactivity, apns-priority: 10, payload includes event: end What I have tried (for the record, to avoid "did you try" responses) applicationWillTerminate with DispatchSemaphore 3.5 s sync wait + dismissalPolicy: .immediate — works only for OS-terminate, not swipe-kill. stalenessInterval = 30s + 15 s refresh cadence + override to 5 s on AppLifecycleState.paused — verified not to dismiss the LA after app death. Cold-start reconciliation via Activity<...>.activities on next app launch — works, but that only helps if the user relaunches. Current APNs push-to-end with 60 s / 135 s / 30 s configuration — works, but latency is the complaint. Any guidance, even "no, ~2 minutes is the floor by design" with a pointer to the relevant doc, would be very helpful. Thank you.

I've added NFC support for my app. So, my UIRequiredDeviceCapabilities were extended from "armv7" to "armv7 nfc". This means I've prevented this application from running on devices supported by previous versions. Now I've received a message from Apple: ITMS-90109: This bundle is invalid - The key UIRequiredDeviceCapabilities in the Info.plist may not contain values that would prevent this application from running on devices that were supported by previous versions. What is the right way to add new functions?

I have the following code for port forwarding in mac os virtualization var ipAddr = in_addr() // 1. Convert String to in_addr inet_pton(AF_INET, guestIP, &ipAddr) let status = vmnet_network_configuration_add_port_forwarding_rule( config, UInt8(IPPROTO_TCP), // TCP protocol sa_family_t(AF_INET), // address family guestPort, // internal port (guest) externalPort, // external port (host) &ipAddr // internal address (guest IP) ) if status == .VMNET_SUCCESS { print("✅ Port Forwarding set: Mac:\(externalPort) -> VM(\(guestIP)):\(guestPort)") } else { print("❌ Port Forwarding failed for \(guestIP): \(status.rawValue)") } It is returning success but when i test it it does not work. Is there anything i am doing wrong? Please help me also in fixing this problem. Note: The app runs in sandbox i tried without sandboxing and it does not work either. Please refer to this link https://developer.apple.com/forums/thread/822025?login=true&page=1#884236022 how i am creating the VZVmnetNetworkDeviceAttachment

Hi I am trying to implement a minimal DeviceActivityReport extension. Setup: iOS app with FamilyControls authorization (status = approved) DeviceActivityReport displayed in SwiftUI Report extension embedded in PlugIns Correct NSExtensionPointIdentifier: com.apple.deviceactivityui.report-extension No NSExtensionPrincipalClass or storyboard Entitlements: com.apple.developer.family-controls com.apple.developer.family-controls.app-and-website-usage The app installs and runs correctly. Authorization is granted. However, the extension is never loaded: No logs from the extension (init/body/makeConfiguration never called) Console shows: "Failed to discover the client's extension: DeviceActivityReportService... ClientError Code=2" Environment: Xcode 16.2 iOS device running iOS 18.x (latest available) The .appex is correctly embedded and signed. Question: Is there a known issue with DeviceActivityReport extensions not being discovered at runtime with this setup? Is additional configuration required beyond NSExtensionPointIdentifier? Thanks

I had published an App, and my app has App Clip supported. The issue I faced is that I had received complaints where the user keep seeing the pop up "Apple Media Services Terms and Conditions Have Changed" when user clicked on the "Open" Button in the App Clip. What we had tried so far: Let user switch the Apple Id's region to our supported region. Let user try to log out and log in to Apple Id within the supported region.

Has anyone actually managed to read the free-text note/context from Apple Health State of Mind entries? I’m building an iOS app that reads HKStateOfMind data from HealthKit. I can get the expected stuff fine: valence labels associations But in the Health app, users can also add extra context text to a mood entry, like: Tasks, Weather - Great work-life balance From my app, I can read Tasks and Weather, but I can’t find the Great work-life balance part anywhere. I already checked: public HKStateOfMind properties metadata debug description / object description attachment-ish routes Nothing so far. So before I spend more time chasing this: is that text just not exposed to third-party apps? Or is there some weird HealthKit path I’m missing? If anyone has actually pulled this off, I’d love to know how.

I'm writing this post out of genuine desperation after exhausting every official support channel available to me. The situation: I've built a screen time / focus app for students called SınavKilidi, specifically designed for Turkish high school students preparing for the YKS university entrance exam — one of the most high-stakes exams in Turkey, taken by hundreds of thousands of students every year. The exam window is approximately 2 months away. This app is inherently seasonal: if it doesn't reach users before the exam season, an entire year of development becomes irrelevant. The main app binary was approved and is live. Everything on the App Store Connect side is fully ready — metadata, screenshots, pricing, in-app purchases, the works. The blocker: My app uses App Extensions that require the com.apple.developer.family-controls entitlement. The main app target received distribution entitlement approval. However, the extensions — which are architecturally inseparable from the core functionality — have not received the same entitlement. Without this, I cannot submit a working build. The app is literally unshippable in its current state despite the main entitlement being granted. This is not a configuration issue on my end. The entitlement is correctly set up in my provisioning profiles. The gap is purely on Apple's approval side for the extension targets. The support experience: I opened Case #102855522321 on March 29, 2026. Since then: I had a call with Apple Developer Support on April 1 I sent follow-up emails on April 1, April 2, April 3, and April 7 Not a single substantive response. Only automated acknowledgements. That is 10+ days, 4 follow-up emails, 1 phone call, and complete silence on an issue that is actively costing me my launch window. What I'm asking: I'm not asking for special treatment. I understand Apple receives thousands of requests. But this entitlement request is for a legitimate, already-partially-approved app, with a documented real-world deadline, in an educational category that Apple actively promotes. Can anyone from the App Review or Developer Relations team look into Case #102855522321 and provide an actual update? Or can anyone here share whether there's a known delay affecting FamilyControls entitlement approvals for extensions specifically? Any guidance would be deeply appreciated. Every day that passes without a resolution is a day closer to this app missing its entire reason for existing.

Hello, We are experiencing an issue related to push notifications after updating devices to iOS 26.4 Beta. Our system stores push notification tokens on the server by associating the device token with the device’s IDFV in the app. After updating a device to iOS 26.4 Beta, we observed that the device token from a previously uninstalled version of the app remains valid for more than a week. As a result, two push notifications are delivered to the same device. The situation is as follows: The user installs the app and a device token is generated. The user uninstalls the app. Later, the user installs the app again and a new device token is generated. However, the previous device token does not become invalid, even after more than a week. Because IDFV changes when the app is reinstalled, our server cannot determine that the device belongs to the same user. Therefore, we cannot overwrite the old token with the new one on the server side. Could you please advise: Is this behavior expected in iOS 26.4 Beta? How long does it normally take for a device token to become invalid after an app is uninstalled? What is the recommended approach to prevent duplicate push notifications in this situation? Any guidance would be greatly appreciated. Best regards

I'm writing a read-only filesystem extension. I see that the documentation for loadResource(resource:options:replyHandler:) claims that the --rdonly option is supported, which suggests that this should be possible. However, I have never seen this option provided to my filesystem extension, even if I return usableButLimited as a probe result (where it doesn't mount at all - FB19241327) or pass the -r or -o rdonly options to the mount(8) command. Instead I see those options on the volume's activate call. But other than saving that "readonly" state (which, in my case, is always the case) and then throwing on all write-related calls I'm not sure how to actually mark the filesystem as "read-only." Without such an indicator, the user is still offered the option to do things like trash items in Finder (although of course those operations do not succeed since I throw an EROFS error in the relevant calls). It also seems like the FSKit extensions that come with the system handle read-only strangely as well. For example, for a FAT32 filesystem, if I mount it like mount -r -F -t msdos /dev/disk15s1 /tmp/mnt Then it acts... weirdly. For example, Finder doesn't know that the volume is read-only, and lets me do some operations like making new folders, although they never actually get written to disk. Writing may or may not lead to errors and/or the change just disappearing immediately (or later), which is pretty much what I'm seeing in my own filesystem extension. If I remove the -F option (thus using the kernel extension version of msdos), this doesn't happen. Are read-only filesystems currently supported by FSKit? The fact that extensions like Apple's own msdos also seem to act weirdly makes me think this is just a current FSKit limitation, although maybe I'm missing something. It's not necessarily a hard blocker given that I can prevent writes from happening in my FSKit module code (or, in my case, just not implement such features at all), but it does make for a strange experience. (I reported this as FB21068845, although I'm mostly asking here because I'm not 100% sure this is not just me missing something.)

Body: I'm experiencing a persistent issue that has affected multiple apps I've developed, and I'm hoping to get some guidance from the community or Apple engineers. The Problem: When testing In-App Purchases, my app never enters the sandbox environment. The payment prompt does NOT show the "[Environment: Sandbox]" indicator, and I always receive error code -100 (Invalid Product Identifier). This issue has occurred across multiple apps I've built, including a previous app that I ultimately had to release as a paid download (rather than freemium with IAP) because I couldn't resolve this same problem. Now I'm facing the identical issue with my new app, "AI Job Assistant". What I've Checked (all correct): ✅ Paid App Agreement status is "Active" in App Store Connect ✅ Bundle ID matches exactly between Xcode/HBuilderX and App Store Connect ✅ Product IDs in code match those created in App Store Connect (case-sensitive, no spaces) ✅ All IAP products have complete metadata (name, description, pricing, 640x920 screenshot) ✅ Product status is "Ready to Submit" (not "Waiting for Review") ✅ I have both iOS Development certificate and iOS Distribution certificate — I am using the Development certificate for testing ✅ My provisioning profile is explicitly for Development (named "aijobDevprofile", shows "iOS Development" type) ✅ The Development profile contains my test device UDID ✅ I have fully signed out of my real Apple ID in Settings → Media & Purchases ✅ I only log into my Sandbox Tester account through the purchase prompt (not in Settings) ✅ I test on a real device (not simulator) ✅ I have tried creating multiple new Sandbox Tester accounts ✅ I have tried toggling "Cleared for Sale" off and on for all products ✅ I have waited over 24 hours after making configuration changes What I See: When I initiate a purchase, the payment prompt comes up but there is NO "[Environment: Sandbox]" text anywhere After entering my Sandbox Tester credentials, the request fails with error code -100 (Invalid Product Identifier) My Setup: Development framework: uni-app / HBuilderX (custom debug base with Development certificate and Development provisioning profile) Backend: Cloudflare Workers (handles receipt verification) Testing device: iPhone (latest iOS version) The same issue occurred with my previous app, which I never resolved and eventually gave up on IAP entirely Question: Why does my app never enter the sandbox environment despite using the correct Development certificate and Development provisioning profile? Is it possible there is an issue at the Apple developer account level that is preventing sandbox environment activation? How can I force my debug builds to connect to sandbox instead of production? I am willing to provide any additional logs or information needed. Please help. Thank you.

We use TeamCity as our Continuous Integration (CI) solution to build and run automated tests. These are integration tests executed through our 4D application, which is properly code‑signed and notarized. These CI machines are heavily used and build multiple versions per day, making them critical to our development workflow. However, we are experiencing an issue on some machines: after a certain period of time, network communication through our application stops working, while network communication remains fully functional when using third‑party tools (for example, LDAP clients). Based on our investigation, this issue appears to be related to Local Network Privacy management. We have followed the procedure described in Apple’s Technical Note: TN3179: Understanding local network privacy | Apple Developer Documentation to reset network authorizations, but this has not been sufficient to resolve the issue. In addition, our CI environment requires acknowledging a large number of Local Network access permission prompts. Given that these machines build multiple versions per day and are intended to run unattended, this is not practical in an automated CI context. We have around ten Macs dedicated to running these tests, and manually approving these pop‑ups is not a viable solution.

My Entitlements file contains the following (removed some non related entries): <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.associated-domains</key> <array> <string>webcredentials:app.mydomain.org</string> <string>applinks:*.mydomain.org</string> </array> </dict> </plist> Now when I tap on a link such as abc.mydomain.org, the app is not opened. If I change the generic applinks key from *.mydomain.org to a specific domain, this works correctly and it opens the app as expected. (This makes me think the website part of the AASA file is correct). Since I need to support a lot of subdomains (think about hundreds in the near future), I really need the wildcard to work. Do you have any tips on how to make this work?

Hi everyone, I've been working on an application that provides different subdomains for different customers, so we need to support app linking with all of them. However, using wildcard notation like applinks:*.domain.com doesn't work, while hardcoding applinks:subdomain.domain.com works fine. The association file is being served from both the main domain and subdomains. It used to work fine about a month ago, and I can't find any recent breaking changes on Apple's side . Any ideas why this could happen. ?

Hi, I'm using AppTransaction.originalAppVersion to detect whether a user originally purchased the app under the old paid model, so I can automatically unlock the app for them as a courtesy when migrating to freemium. Background On iOS, originalAppVersion returns CFBundleVersion (the build number). When I transitioned the app from paid (v1.x) to freemium (v2.0), I defined a numeric threshold for CFBundleVersion to distinguish legacy purchasers from new users: Build number below the threshold → v1.x purchase → auto-unlock Build number at or above the threshold → v2.0+ install → requires IAP In Production, originalAppVersion correctly returns the actual build number, and the comparison works as intended. Detection logic (simplified) // Determine environment via receipt URL func detectStoreEnvironment() -> String { if let url = Bundle.main.appStoreReceiptURL, url.lastPathComponent == "sandboxReceipt" { return "Sandbox" } return "Production" } // Legacy check using numeric comparison static func isLegacyPaidUser(version: String, threshold: String) -> Bool { guard !version.isEmpty else { return false } return version.compare(threshold, options: .numeric) == .orderedAscending } // In checkLegacyPurchase(): let version = appTransaction.originalAppVersion let isLegacy = isLegacyPaidUser(version: version, threshold: legacyBuildNumberThreshold) let env = detectStoreEnvironment() let shouldAutoUnlock = isLegacy && env != "Sandbox" The problem I know that in the Sandbox environment, originalAppVersion always returns "1.0" — this is mentioned in the AppTransaction documentation. My code already suppresses the auto-unlock for Sandbox (env != "Sandbox"). However, it appears that the App Review environment also returns "1.0" for originalAppVersion. Because the receipt URL path component is "receipt" (not "sandboxReceipt"), my environment detection classifies it as "Production" — so the Sandbox suppression doesn't apply. The reviewer is incorrectly identified as a legacy paid user and the app is unlocked without a purchase. This caused our v2.0 submission to be rejected under Guideline 2.1a. Questions Is it documented that the App Review environment returns "1.0" for AppTransaction.originalAppVersion, similar to Sandbox? Is there a reliable way to detect the App Review environment specifically — separate from both Sandbox and Production? For example, does the receipt URL differ, or is there another API? Is using originalAppVersion for legacy paid-user detection a supported pattern? If so, what is the recommended approach to handle the App Review case? Any guidance would be greatly appreciated. Thank you.

I enabled the WeatherKit capability on my App ID (com.saimcan.darkweather, Team 6SWSD6V4ZC) about 12 hours ago. The entitlement is embedded in the binary and the provisioning profile authorizes it, but every request fails at the JWT generation step. Error from the logs: Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" Relevant log excerpt (iOS 26.4 Simulator, same result on a physical device): [AuthService] Calling process is 3rd party process and has the correct entitlement ... accepting the connection [AuthService] Received proxy request for generating a jwt token. url=https://weatherkit.apple.com [WeatherDataService] Starting to generate JWT token request. bundleIdentifier=com.saimcan.darkweather [AuthService] Signed successfully [WeatherDataService] Make new JWT token request. requestIdentifier=... [AuthService] Failed to generate jwt token ... Code=2 What I have verified: Active Apple Developer Program membership (renewed through April 2027) All agreements accepted WeatherKit capability enabled on the App ID codesign -d --entitlements confirms com.apple.developer.weatherkit in the built binary embedded.mobileprovision also includes com.apple.developer.weatherkit App Group (group.com.saimcan.darkweather.shared) correctly bound to both the app and widget App IDs Since "Signed successfully" is logged, the device-side auth plumbing is working. The rejection appears to be server-side. Could someone from the WeatherKit team check whether JWT minting is enabled for this Team ID / Bundle ID? Team ID: 6SWSD6V4ZC Bundle ID: com.saimcan.darkweather

Hello, I am hoping someone from Apple or the community can help escalate or advise on my situation. I submitted a Live Caller ID Lookup entitlement request for my app Zinfo (com.parastashvili.Mobile), Team ID: CNH4KYRW44. A support case was opened on February 17, 2026 (Case ID: 102823550184). Apple's documentation states entitlement review takes up to 2 weeks. It has now been over 3 weeks with no substantive response despite multiple follow-ups. Timeline: Feb 17: Case opened Feb 26: I provided all requested technical details in full — OHTTP endpoints, Privacy Pass token system, DNS TXT record, Apple test number (+1 408 555 1212 returning "Johnny Appleseed"), all fully deployed and ready for validation Feb 27: Apple replied with a generic "appropriate team will be in contact" message Feb 28, Mar 6, Mar 10: Follow-up emails sent — no meaningful response All technical requirements are fully implemented and operational. We are ready for Apple's validation at any time. Has anyone else experienced long delays with Live Caller ID Lookup entitlement reviews? Is there a better escalation path? I have also submitted a new escalation ticket (Case ID: 102840874265) under Development and Technical > Entitlements today. Any advice or visibility from Apple staff would be greatly appreciated. App: Zinfo (com.parastashvili.Mobile) Extension Bundle ID: com.parastashvili.Mobile.LiveCallerID Team ID: CNH4KYRW44

Hi everyone, I am developing a macOS virtualization manager (VirtualProg) using the Virtualization.framework. The application is distributed via the Mac App Store, so it operates strictly within the App Store Sandbox. I am looking for a reliable, programmatic way to discover the IP address assigned to a guest (both macOS and Linux). Is there a recommended "Sandbox-safe" API or pattern within the Virtualization framework—or a lower-level networking entitlement—that allows a host application to retrieve the guest's assigned IP address? Ideally, I am looking for a solution that does not require the user to manually install a non-sandboxed helper tool. Thanks in advance for any insights or guidance!

Hi, I have a problem with watchOS widget configuration intents. It turns out that watchOS is unable to load text for localization keys. This is how I set configuration parameter in WidgetConfigurationIntent: @Parameter( title: LocalizedStringResource( "watchWidgetConfig.showSymbols", defaultValue: "Symbole", table: "WidgetLocalizable", bundle: widgetBundle ), default: true ) var showSymbols: Bool Unfortunately, on a device always the defaultValue is used. I tried everything and nothing works. What's weird, it correctly works on watchOS simulator and if you configure widgets in iOS "Watch" app. On real Apple Watch, the "defaultValue" is displayed. I'm not sure if it's important but both: the Swift file with WidgetConfigurationIntent and WidgetLocalizable.xcstring are included in two targets: Watch Widget Extension and Watch App. I tried so far: All variants of LocalizableStringResource init. With/without "table", with/without "bundle". Previously I had texts in Localizable.strings, I migrated it to WidgetLocalizable.xcstrings and it didn't work either. Setting only one target for WidgetLocalizable.xcstring and WidgetConfigurationIntent. I checked inside xcarchive to see if WidgetLocalizable.xcstring is copied correctly. Seems like watchOS bug, but I would be happy to know if someone figured out any workaround. Xcode: Version 26.4 (17E192) iOS 26.4.1 watchOS 26.4 I already created a ticket: FB22509406