Overview

We have a Man In The Middle proxy that supports all kind of protocols (http, tls, dns, mail protocols, grpc, etc...)... On apple devices we are running it using the Network Extension framework as a NETransparentProxy. First of all, thank you for the framework, took a while to learn the ins and outs but it works nicely and runs smooth... However now that we start to roll it out to customers we see issues here and there.. For most it works fine, but for some that use other proxy/vpn solutions they run into all kind of "connectivity" issues... E.g. some customers run products from companies like zscaler, fortinet, tailscale etc... First we weren't sure if you could even run multiple TransparentProxy's that have the same network capture rules (e.g. the entire TCP range), but turns out that is fine as we tested it with a demo proxy of ours as well as the product version, both deployed as system extensions NETransparentProxy, and it is all fine.. However also here the ordering is not clear? Traffic seems to flow through both but cannot tell what the order is and if the user or we have any control over it. Now... Our proxy is not a VPN and thus not open a tunnel to a remote location. It is local only there to protect the developer. As such in theory it should be compatible with any other VPN and proxy as any traffic we intercept (all traffic) is still ok to go through their proxy/client-vpn and than through a remote tunnel if desired. So the questions I have is: Is there a way, either from within the code or that our users can configure to, on the order of multiple (network extension or other) proxies? Is TransparentProxy the correct solution if I also want compatibility with these other products and want to MITM the traffic? The flows that current work fine are: ClientApp --> NETransparentProxy[ours] --> remote target server clientApp --> L7 HTTP/SOCKS5 Proxy (system or app-defined) --> NETransparentProxy[ours] --> remote target server clientApp --> L7 HTTP/SOCKS5 Proxy (system or app-defined) --> NETransparentProxy[ours/demo] --> NETransparentProxy[demo/ours] --> remote target server However when people also have products from zscaler, fortinet, tailscale or some others it seems to work sometimes but not always, which makes me think it is order defined? What all of them have in common is that they need to go through a remote tunnel, whereas we do not go through a remote tunnel... Which if I am correct (perhaps I am not) should mean that as long as traffic always goes first via us that it should work? e.g. clientApp --> NETransparentProxy[ours] --> NETransparentProxy/Tunnel/...[third party vpn] --> Vpn Server --> remote target server That should in that case just work. But it does not work in case we are behind the (vpn proxy) client. Please let me know if I provide enough detail and if I'm clear? I am mostly wondering about what I can expect in terms of compatibility if there is anything I (or our company user) can do about ordering/priority/something ?

Hi. I have a private cryptographic key that I want to generate and store for use by the system extension only (a network extension NETransparentProxyProvider). The ideal properties I want is: only accessible by extension never leave extension not be accessible by root user or other apps Here is what I have tried so far (by/within the system extension): app data container / local storage: this works, but is accessible by root user app data shared container (storage): this works, but also acccessible by root user system keyring: works, but also accesible by root user System extension by itself does not seem to be able to store/load secrets in app protected keyring. The host application however can store in app protected keyring.... So I though, let's use an app group (as access group) and have it like this shared between host and (system) extension... but nop... (system) extension cannot access the secret... Ok... so than I thought: manual low-level XPC calls.... Also that doesn't work, got something almost to work but seemed to require an entire 3rd (launchd/daemon) service.... way to complex for what I want... also seems that as a root user I can use debug tools to also access it There is however the SendMessage/HandleMessage thing available for TransparentProxy.... that does work... but (1) also doesn't seem the most secure (2) the docs clearly state cannot rely on that for this state as the system extension can be started while the host app is not active.... (e.g. at startup) So that is not a solution either.... I went in so many different directions and rabbit holes in the last days.... this feels like a lot harder than it should be? How do other VPN/Proxy like solutions store secrets that are unique to an extension???? I am hoping there is something available here that I am simply missing despite all my effort... any guidance greatly appreciated...

Hi everyone, I’d like to update the language information of my app on the App Store. At the moment, the app is shown as available only in English, but I would like to add Italian (or other languages). Could someone explain the exact steps to do this in App Store Connect? Where can I add or edit supported languages? Is this done in the app metadata or does it depend on the localizations included in the build? Do I need to submit a new version of the app for this change? Thanks in advance!

Translated Report (Full Report Below) Process: Xcode [3078] Path: /Applications/Xcode.app/Contents/MacOS/Xcode Identifier: com.apple.dt.Xcode Version: 26.4.1 (24909.0.3) Build Info: IDEApplication-24909000003000000~2 (17E202) Code Type: ARM-64 (Native) Role: Default Parent Process: launchd [1] Coalition: com.apple.dt.Xcode [1424] User ID: 501 Date/Time: 2026-04-24 17:26:21.8348 +0800 Launch Time: 2026-04-24 17:26:21.7161 +0800 Hardware Model: MacBookPro18,1 OS Version: macOS 26.5 (25F5058e) Release Type: User Crash Reporter Key: 7A149229-7AEE-0654-7878-1A66190C590A Incident Identifier: AC932530-5FCF-45B1-90F3-D26B40150344 Time Awake Since Boot: 3400 seconds System Integrity Protection: enabled Triggered by Thread: 0, Dispatch Queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid)) Exception Subtype: UNKNOWN_0x32 at 0x0000000112948000 Exception Codes: 0x0000000000000032, 0x0000000112948000 Termination Reason: Namespace CODESIGNING, Code 2, Invalid Page

EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid)) Crash Report

Context I'm building a study-timer feature for an iOS app (Flutter + native ActivityKit) that displays a Live Activity on the Lock Screen / Dynamic Island while a session is running. When the user force-quits the app by swiping it up from the App Switcher, I want the Live Activity to disappear as quickly as possible. I have already confirmed (from on-device testing and Apple Developer Forums thread 732418) that: applicationWillTerminate is not called on swipe-up force-kill, only on OS-initiated termination or crash. So synchronous Activity.end(...) from the app itself is not a solution for the force-kill path. Shortening staleDate does not visually dismiss the Live Activity once the app process is gone — the Widget Extension keeps rendering the last fresh snapshot and there is no body-reevaluation trigger on the stale transition post-app-death. (I implemented and verified this, then rolled it back.) The only Apple-official reliable mechanism is APNs push-to-end (Activity.request(pushType: .token) + server sends event: end via APNs). Current architecture I have APNs push-to-end working end-to-end. Structure: Client: Activity.request(pushType: .token), subscribe to Activity.pushTokenUpdates, forward each new token to the backend. Backend: On every client heartbeat, upsert (user_id, la_apns_token, la_activity_id, last_heartbeat) into Postgres. A separate scheduler polls for rows whose last_heartbeat < now() - grace_ttl and sends APNs event: end to the stored token. Parameters I am currently running with: Parameter Value Client heartbeat interval 60 s Orphan grace TTL (server) 135 s (heartbeat × 2.25, to absorb network jitter) Scheduler poll interval 30 s The observation End-to-end latency from "user force-kills the app" to "Live Activity disappears from Lock Screen" is: Worst case: 60 + 135 + 30 = ~225 s (~3.75 min) Typical: ~3 min (as consistently measured on iOS 26.4.1, iPhone 17 Pro Max) Theoretical minimum (if the kill happens exactly at a heartbeat boundary): ~135 s Users perceive 3 minutes as broken — the timer clearly stopped (no ticking), but the Live Activity "ghost" is still visible on the Lock Screen. My question Is there any Apple-supported mechanism to reliably tear down a Live Activity faster than ~2 minutes after the owning app's process is gone, given that applicationWillTerminate does not fire on swipe-kill? Specifically: Is there any practical lower bound below ~60 s for this scenario using the current ActivityKit + APNs model, assuming we are not willing to spam heartbeats every few seconds? I can push heartbeat to 20–30 s, but the server cost grows linearly with active sessions. Does BGAppRefreshTask / BGProcessingTask have any documented lifecycle hook that fires on user-initiated swipe-kill specifically, so that I could do a "last-heartbeat flush" just before the process dies? My understanding is that background tasks are scheduled for later and do not fire synchronously at termination. Is there any signal from APNs/ActivityKit to my server (e.g. a feedback-service-like mechanism) that indicates "this Live Activity's owning app was force-killed", which would let the server short-circuit the heartbeat-based orphan detection? Are there any new APIs in iOS 18.x or the upcoming release that address this specific force-kill → LA-dismissal latency? I could not find anything in the 18.x release notes, but I may have missed it. What I am NOT asking I am not asking how to implement APNs push-to-end (that works). I am not asking about applicationWillTerminate (I already confirmed it does not fire on swipe-kill). I am not asking about shortening staleDate as a visual workaround (I already verified it does not trigger body reevaluation post-kill). Environment iOS 26.4.1 (also reproducible on 18.x devices I have on hand) iPhone 17 Pro Max, iPhone 15 Pro, iPad Air 11-inch (M3) Xcode 26.x Activity.request(pushType: .token) with ActivityContent + custom stalenessInterval = 120s APNs HTTP/2 via token auth (.p8), targeting api.push.apple.com in production apns-push-type: liveactivity, apns-priority: 10, payload includes event: end What I have tried (for the record, to avoid "did you try" responses) applicationWillTerminate with DispatchSemaphore 3.5 s sync wait + dismissalPolicy: .immediate — works only for OS-terminate, not swipe-kill. stalenessInterval = 30s + 15 s refresh cadence + override to 5 s on AppLifecycleState.paused — verified not to dismiss the LA after app death. Cold-start reconciliation via Activity<...>.activities on next app launch — works, but that only helps if the user relaunches. Current APNs push-to-end with 60 s / 135 s / 30 s configuration — works, but latency is the complaint. Any guidance, even "no, ~2 minutes is the floor by design" with a pointer to the relevant doc, would be very helpful. Thank you.

我是开发者，日常工作会同时打开大量终端（tmux、多项目、自动化脚本、node‑pty 等）。在这种现代开发场景下，511 的 PTY 上限明显过低，而且这个默认值对顶配机器（128GB RAM）和低配机器是一样的，没有随硬件规格调整，这不合理。 我尝试过使用 tmux control mode 来减少 PTY 占用，但它会导致终端输出对齐错乱，影响可用性，所以必须继续使用 PTY 模式。这意味着只要终端数量稍多，就很容易触及 511 上限，导致系统层面无法创建新终端，影响全局稳定性。 总结： 511 作为默认值在过去或许合理，但对现代开发者明显不足； 顶配机器和低配机器同一上限不合理； control mode 有输出对齐问题，无法作为现实替代方案。 谢谢！ Apple 支持社区工作人员

I am developing a USB MTP device for use with macOS. When the device is connected while Preview is running, I observe the host send OpenSession, then GetDeviceInfo, and then no further MTP commands. I do not see a later CloseSession. Problem is that once this happens, exclusive access to the USB interface is retained, so another application cannot connect to the device. From the device side, there is no obvious way to recover except forcing a USB disconnect/reset or shutting down the USB interface. My questions are: Is this expected behavior for Preview, or for a Preview-related macOS helper? Is it expected on macOS that a client may open an MTP session and then leave it idle without sending CloseSession? I am mainly trying to understand whether this is expected macOS behavior, or whether this should be considered a bug.

My Apple Developer Program enrollment. It has been pending for 3 weeks. I already submitted my identity documents twice. The last one was on April 15th, but I haven't received any update. Case ID: 102857837099 and 102863699831 Is there anything else I need to provide? Has anyone else encountered this problem? And what should I do? Thank you.

I have an iOS project based on SwiftUI in which almost all code is organised in Packages. With Xcode 26.2 and 26.3, I can preview all SwiftUI views without issues. With Xcode 26.4, the same previews don't work, in the canvas appears this error message: "Cannot preview in this file. Could not find target description for “TaskListView.swift”". The explanation is: "The list of source files that produce object files did not contain this file to be previewed. Check to make sure it is not excluded using the EXCLUDED_SOURCE_FILE_NAMES build setting." If I add a SwiftUI view to the main project files (not in a package), the preview works as expected. Is it an Xcode 26.4 regression? Or do I need to modify some configuration file?

Hi everyone, I have a question regarding App Store subscriptions and tax country / storefront changes. If a customer originally purchased a subscription while their App Store country was France (so we reported France as the tax country), and later updates or renews that same subscription while located in Hungary, which country should we report going forward? Should we continue using the original country (France)? Or should we start sending the new country (Hungary) once it changes? Also, what happens if the customer changes their App Store region entirely, for example from France to the US? How is Apple’s commission calculated after the region change? If anyone has experience with this scenario or knows the official Apple behavior, I’d really appreciate your help. Thanks!

Hi everyone, I'm looking for advice from people who have done this before. Situation: I have an app under Developer account A. It has only been distributed via TestFlight (internal + external, including Beta App Review approval). It has NEVER been released on the public App Store. I want to move this app to my Developer account B before the public launch. Since App Transfer requires a prior App Store release, that option is off the table. My plan is simply to create a new Bundle ID and a new app record on account B, and resubmit from scratch. My questions: Bundle ID / app name conflicts Has anyone experienced issues reusing an app name that was previously used on another account (even if never publicly released)? Does the name stay "reserved" somehow? Beta App Review history — Does Apple's review system flag a resubmission from a different account if the binary is essentially the same app? Any risk of extra scrutiny or rejection because "this app already exists" somewhere in their system? TestFlight testers — I assume external testers will need to reinstall from a new TestFlight link. Is there any way to migrate them, or is it a clean slate? Cleanup on account A — Should I fully delete the app + Bundle ID on account A before creating the new one on account B, or does it not matter since the Bundle ID will be different anyway? Anything else I'm missing? — Hidden gotchas, signing issues, push notification certs, provisioning profiles, anything that bit you when doing something similar. Thanks in advance for any insight.

Hi all, I enrolled in the Apple Developer Program through the Developer App on iPhone. The payment was processed successfully and I received the purchase confirmation, but my membership has never become active. Has anyone else experienced this after enrolling via the Developer App on mobile? Did it eventually resolve on its own, or did contacting support (phone, not email) help? Any guidance would be appreciated — I'm blocked from publishing. Thanks.

I need to add my organisation ID - I've been accepted on the developer program - but I can't find my ID. Where can I locate that information please

Our app uses WKWebView to load web pages, and we're encountering a crash with WKScreenTimeConfigurationObserver on iOS 26.1 and above. However, there are no WKScreenTimeConfigurationObserver-related code calls in our project. The crash log is as follows: NSInternalInconsistencyException Cannot update for observer <WKScreenTimeConfigurationObserver 0x13be821e0> for the key path "configuration.enforcesChildRestrictions" from <STScreenTimeConfigurationObserver 0x13be808e0>, most likely because the value for the key "configuration" has changed without an appropriate KVO notification being sent. Check the KVO compliance of the STScreenTimeConfigurationObserver class. We want to confirm if this is a system bug. How can we fix it?

It has been five days since we applied for Family Controls (Distribution) permission, but the status still shows as Submitted. Is there any way to expedite the review process?

Hi, I previously posted about this but didn't provide specifics so decide to try this again: https://developer.apple.com/forums/thread/824212 The app is called Kino Controller, it is a client for the Kino app that runs on Smart TVs and allows users to upload videos to their TVs both to store(on the TVs internal storage and the USB storage they may attach to their TVs) and watch those videos(it has decent video player). In short, it turns their TVs into media servers. I personally use it to store videos that I film but I don't want to keep on my phone because of the disk usage. This is the app in question and you can give it a try with its macOS client that I published directly: https://appwared.com/apps/kino Now, I want to get the macOS and the iOS clients into the App Store and because I don't want to collect/sell user data and display advertisement I want to offer in-app Purchases that removes the free usage limit that is 10 videos stored in the TV at a time. I already offer this from the TV app and I want to offer the same option through the macOS and iOS apps, with having this on the client app that controls the TV app it's just better UX and I'm happy to bring business to Apple as well. However after multiple rejections from and fulfillments of the reviewers I have come to a point where I don't know how to proceed because the reviewers are rejecting the app about a features that We have already implemented. There are two things in particular, both under "Guideline 5.1.1(v) - Legal - Data Collection and Storage". We noticed that the app requires users to register with personal information to purchase and track In-App Purchase products that are not account based. Apps cannot require user registration prior to allowing access to app content and features that are not associated specifically to the user. User registration that requires the sharing of personal information must be optional or tied to account-specific functionality. The app supports account creation but does not include an option to initiate account deletion. Apps that support account creation must also offer account deletion to give users more control of the data they've shared while using an app.Follow these requirements when updating an app to support account deletion: Only offering to temporarily deactivate or disable an account is insufficient. If users need to visit a website to finish deleting their account, include a link directly to the website page where they can complete the process. Apps may include confirmation steps to prevent users from accidentally deleting their account. However, only apps in highly-regulated industries may require users to use customer service resources, such as making a phone call or sending an email, to complete account deletion. Now, we introduced the registration feature after the reviewers demanded having this in the 2. or 3. rejection or something like that. Initially we went with the "default" scope of the profile but on the latest build we change that to absolute minimum data collection, so in the server we don't receive any personal data about the user. Just some alphanumeric ids so we can associate the stored purchases with a signed in user. Also, using the sign-in with Apple is %100 optional, no feature or iAP require the user be signed in, it is solely to store unlocked TV devices so we can re-unlock those if the user resets the TV etc. I replied to the message clarifying this and also put it in the reviewer notes but for some reason the reviewer keeps believing that it's otherwise Then the reviewer keeps believing that we do not have account deletion feature. This is also factually false, the delete account button is right next to sign out button and both of those are one the same View where the sign in with Apple button is. Also, the app has exactly two screens: One to list the detected TVs and one to upload/play videos to the connected TV. When the app is launched, the TV list screen is displayed and that's where the sign in with Apple button as well as the delete account buttons are. I simply don't understand how it is possible that the reviewer is missing out this. It is a super simple app. This is the TVs screen with sign in with Apple button with clearly indicating that it is optional and what is it for. This is the same screen after sign in with Apple completed. The delete account button is right there This is what user sees after tapping delete account. Once they tap the "Delete", the account is deleted from our servers and the user is signed out. And this is a sample of the data we store when a user signs in with Apple: It is immediately deleted if the user deletes the account. What are we doing wrong here, how to fix this? Thank you

We’re investigating a Platform SSO registration issue on macOS and wanted to check whether others have seen similar behavior or know whether this is expected system behavior. Scenario: Our extension implements ASAuthorizationProviderExtensionRegistrationHandler for device and user registration. On failure we complete with ASAuthorizationProviderExtensionRegistrationResult.failed, and on success we complete with .success. What we’re seeing: If registration fails multiple times, macOS shows multiple system dialogs saying: Registration failed and will automatically retry in a few minutes. If we do not close those earlier failure dialogs and then start another registration that succeeds, the old failure dialogs remain visible and do not dismiss automatically. They have to be closed manually one by one. From our side, these appear to be system-owned Platform SSO dialogs, not app-owned windows. We only return the registration result via the handler completion. Any guidance on whether macOS is expected to reconcile/dismiss earlier failure dialogs after a later success would also be helpful.

App Store Connect: TestFlight show "Complete" for Mac application. What is the next step ? Do I need to invite (or create group for) testers ?

Hi Apple team, Could you please let us know the estimated timeline for approval of our OHTTP relay request? We’d appreciate any updates on the current status or next steps from your side. My request number is GZ8425KHD9. Thanks in advance.