The Push Notifications Console now includes metrics for notifications sent in production through the Apple Push Notification service (APNs). With the console’s intuitive interface, you’ll get an aggregated view of delivery statuses and insights into various statistics for notifications, including a detailed breakdown based on push type and priority. Introduced at WWDC23, the Push Notifications Console makes it easy to send test notifications to Apple devices through APNs. Learn more.

Team-scoped keys introduce the ability to restrict your token authentication keys to either development or production environments. Topic-specific keys in addition to environment isolation allow you to associate each key with a specific Bundle ID streamlining key management. For detailed instructions on accessing these features, read our updated documentation on establishing a token-based connection to APNs.

Hi everyone, I have a SwiftUI app using CKQuerySubscription on the public database for social notifications (friend requests, recommendations, etc.). Push notifications work perfectly in the Development environment but never fire in Production (TestFlight). Setup: iOS 26.4, Xcode 26, Swift 6 Container: public database, CKQuerySubscription with .firesOnRecordCreation 5 subscriptions verified via CKDatabase.allSubscriptions() registerForRemoteNotifications() called unconditionally on every launch Valid APNS device token received in didRegisterForRemoteNotificationsWithDeviceToken Push Notifications + Background Modes (Remote notifications) capabilities enabled What works: All 5 subscriptions create successfully in Production Records are saved and queryable (in-app CloudKit fetches return them immediately) APNS production push works — tested via Xcode Push Notifications Console with the same device token, notification appeared instantly Everything works perfectly in the Development environment (subscriptions fire, push arrives) What doesn't work: When a record is created that matches a subscription predicate, no APNS push is ever delivered in Production Tested with records created from the app (device to device) and from CloudKit Dashboard — neither triggers push Tried: fresh subscription IDs, minimal NotificationInfo (just alertBody), stripped shouldSendContentAvailable, created an APNs key, toggled Push capability in Xcode, re-deployed schema from dev to prod Additional finding: One of my record types (CompletionNotification) was returning BAD_REQUEST when creating a subscription in Production, despite working in Development. Re-deploying the development schema to production (which reported "no changes") fixed the subscription creation. This suggests the production environment had inconsistent subscription state for that record type, possibly from the type being auto-created by a record save before formal schema deployment. I suspect a similar issue may be affecting the subscription-to-APNS pipeline for all my record types — the subscriptions exist and predicates match, but the production environment isn't wiring them to APNS delivery. Subscription creation code (simplified): let subscription = CKQuerySubscription( recordType: "FriendRequest", predicate: NSPredicate(format: "receiverID == %@ AND status == %@", userID, "pending"), subscriptionID: "fr-sub-v3", options: [.firesOnRecordCreation] ) let info = CKSubscription.NotificationInfo() info.titleLocalizationKey = "Friend Request" info.alertLocalizationKey = "FRIEND_REQUEST_BODY" info.alertLocalizationArgs = ["senderUsername"] info.soundName = "default" info.shouldBadge = true info.desiredKeys = ["senderUsername", "senderID"] info.category = "FRIEND_REQUEST" subscription.notificationInfo = info try await database.save(subscription) Has anyone encountered this? Is there a way to "reset" the subscription-to-APNS pipeline for a production container? I'd really appreciate any guidance on how to resolve and get my push notifications back to normal. Many thanks, Dimitar - LaterRex

I am researching URL preview functionality. https://sec-research.invalid/poc"onmouseover="alert(document.domain) Can someone verify on iOS 17?

token：eb3b63ab94b136f6d25a86d48bb4b7ff20377e393f137cb4f43b17560112bf51 msgId：67d4c88d-61b1-4f51-df0b-2efa022fd672 机型：iPhone7 系统：iOS 15.8.3 问题描述：后端服务器调用苹果提供的pushKit推送API且已成功返回上述msgId，客户端App也已经实现对应的CallKit方法reportNewIncomingCall，但没有收到对应的推送，这是什么原因呢？

Since upgrading to Xcode 26 beta 4 and using the iOS 26 simulator for testing our app, we've stopped being able to receive device tokens for the simulator from the development APNS environment. The APNS environment is able to return meta device information (e.g. model, type, manufacturer) but there are no device tokens present. When running the same app using the iOS 18.5 simulator, we are able to register the device with the same APNS environment and receive a valid device token.

In my Notification Service Extension I'm doing two things in parallel inside didReceive(_:withContentHandler:): Downloading and attaching a rich media image (the standard content modification work) Firing a separate analytics POST request (fire-and-forget I don't wait for its response) Once the image is ready, I call contentHandler(modifiedContent). The notification renders correctly. What I've observed (via Proxyman) is that the analytics POST request completes successfully after contentHandler has already been called. My question: Why does this network request complete? Is it because: (a) The extension process is guaranteed to stay alive for the full 30-second budget, even after contentHandler is called so my URLSession task continues executing during the remaining time? (b) The extension process loses CPU time after contentHandler but remains in memory for process reuse and the request completes at the socket/OS level without my completion handler ever firing? (c) Something else entirely? I'd like to understand the documented behaviour so I can decide whether it's safe to rely on fire-and-forget network requests completing after contentHandler, or whether I need to ensure the request finishes before calling contentHandler.

Issue: Push notifications are not being received for some users. What could be the possible causes? Push notifications are being sent from our own server, and we are receiving success responses from APNS. Users have confirmed that notifications are enabled on their devices, and they report no network issues.

Hello, I am currently developing an MDM solution, including both the sever-side(.NET) and the client app. I have recently been granted the "MDM CSR" signing permission in the Certificates, Identifier & Profiles of my developer account. I am following the official Apple documentation, "Setting up Push Notifications for your MDM Customers," to generate the required MDM Push Certificate. However, I keep encountering the "Invalid Certificate Signing Request" error when uploading the encoded .plist file to the Apple Push Certificates Portal(identity.apple.com/pushcert). The steps I have taken so far: Generated .csr file via Keychain Access Used the MDM SCR certificate to sign the request. Created a .plist file for th final upload containing : Customer CSR: Base64 encoded Signature : Signed using the SHA256withRSA algorithm and Base64 encoded. Certificate Chain : Including my MDM Vendor Signing Certificate, the Apple WWDR intermediate certificate, and the Apple Root CA. Issues/Questions: Is there a specific requirement for the order of the certificates in the chain? Are there common pitfalls regarding the .plist structure or the encoding of the signature that might cause the "Invalid CSR" error? Is there a tool or a specific validation step I can use to verify the integrity of the generated .plist before uploading? I have double-checked the encoding and the signing process, but the portal continues to reject the request. Any insights or guidance from community would be greatly appreciated. Thank you in advance for your help!

The following issue has occurred: Push notifications are not being received on certain devices. What could be the possible causes? Push notifications are being sent from our own server, and we are receiving normal responses from APNs. Users have confirmed that notifications are enabled on their devices, and they report no network issues. This problem is occurring for multiple users.

Hello, I'm from Microsoft team maintaining push notification api behind Teams platform. We are experiencing strange and short error spikes towards APNS that seem to mostly correlate worldwide. We checked the networking and push request code but could not find what could be causing this. These error spikes are all timeouts or connection resets (by remote host, ie. APNS servers) and seem to come and go randomly: Would it be possible to check this for outages or some other metrics on your side or investigate why would it happen? Since it's worldwide it seems unlikely it's something broken on our side. We are using the standard APNS http2 endpoint with modern support for all RFC features (so everything should work normally). Mind you, our api might be in a unique position because of the volume of notifications (in the billions per day).

Hello, We are experiencing an issue related to push notifications after updating devices to iOS 26.4 Beta. Our system stores push notification tokens on the server by associating the device token with the device’s IDFV in the app. After updating a device to iOS 26.4 Beta, we observed that the device token from a previously uninstalled version of the app remains valid for more than a week. As a result, two push notifications are delivered to the same device. The situation is as follows: The user installs the app and a device token is generated. The user uninstalls the app. Later, the user installs the app again and a new device token is generated. However, the previous device token does not become invalid, even after more than a week. Because IDFV changes when the app is reinstalled, our server cannot determine that the device belongs to the same user. Therefore, we cannot overwrite the old token with the new one on the server side. Could you please advise: Is this behavior expected in iOS 26.4 Beta? How long does it normally take for a device token to become invalid after an app is uninstalled? What is the recommended approach to prevent duplicate push notifications in this situation? Any guidance would be greatly appreciated. Best regards

I am currently encountering an issue: when creating a new push certificate on the Apple Push Notification Certificates portal, I am required to generate a signature beforehand. Could you please explain the specific rules for this signature and how I should go about generating it? (I previously attempted to generate the certificate using the following command—openssl req -new -key mdm_push.key -out mdm_push.csr—but after uploading it, I received an error indicating an incorrect format.) !

I have a messaging app that has been working successfully for several years. It still works for most users, but about one month ago one of my users started experiencing issues receiving notifications. From my investigation, the user's Notification Service Extension (NSE) has not been triggered since they started reporting the issue. I was able to access the user's phone and connected it to the console to check for any logs related to the NSE being triggered or a push notification being received, but there were no relevant logs. I have already verified that notifications are enabled for the app and that Do Not Disturb is not active. I also tried sending a test notification using the CloudKit Console. The notification was successfully delivered to other push notification tokens, but it did not work for this specific device’s token. I have also confirmed that the push token on the server matches the one on the device and that it is being used with the APNs production environment. The issue for this user started in iOS version 26.2 and are still ongoing in version 26.3.1 . Has anyone encountered a similar issue or have suggestions on how to further diagnose this?

Could you please provide guidance on the following points: Start Token Throttling Are there any throttling limits or rate restrictions applied to Start Tokens? Token Invalidation Scenarios Under what specific conditions can a Start Token become invalidated? Are there known scenarios that trigger invalidation? Token Regeneration Timeline Once a Start Token is invalidated, how long does it typically take before a new token can be successfully generated and validated? Frequency of Invalidation Is there any documented or expected frequency with which Start Tokens may become invalid, assuming a normal development workflow? Impact on Push Notification Token When a live activity Start Token becomes invalid, does this also cause APNs Push Notification Tokens to be invalidated or refreshed automatically?

I'm building out a live activity that has a button which is meant to update the content state of the Live Activity. It calls a LiveActivityIntent that runs in the app process. The push server starts my live activity and the buttons work just fine. I pass the push token back to the server for further updates and when the next update is pushed by the server the buttons no longer work. With the debugger I'm able to verify the app intent code runs and passes the updated state to the activity. However the activity never updates or re-renders. There are no logs in Xcode or Console.app that indicates what the issue could be or that the update is ignored. I have also tried adding the frequent updates key to my plist with no change. I'm updating the live activity in the LiveActivityIntent like this: public func perform() async throws -> some IntentResult { let activities = Activity<WidgetExtensionAttributes>.activities for activity in activities { let currentState = activity.content.state let currentIndex = currentState.pageIndex ?? 0 let maxIndex = max(0, currentState.items.count - 1) let newIndex: Int if forward { newIndex = min(currentIndex + 1, maxIndex) } else { newIndex = max(currentIndex - 1, 0) } var newState = currentState newState.pageIndex = newIndex await activity.update( ActivityContent( state: newState, staleDate: nil ), alertConfiguration: nil, timestamp: Date() ) } return .result() } To sum up: Push to start -> tap button on activity -> All good! Push to start -> push update -> tap button -> No good...

We have a VPN app that uses NEPacketTunnelProvider with includeAllNetworks = true. We've encountered an issue where push notifications are not delivered over Wi-Fi while the tunnel is active in a pre-MFA quarantine state (tunnel is up but traffic is blocked on server side), regardless of whether excludeAPNS is set to true or false. Observed behavior Wi-Fi excludeAPNS = true - Notifications not delivered Wi-Fi excludeAPNS = false - Notifications not delivered Cellular excludeAPNS = true - Notifications delivered Cellular excludeAPNS = false - Notifications not delivered On cellular, the behavior matches our expectations: setting excludeAPNS = true allows APNS traffic to bypass the tunnel and notifications arrive; setting it to false routes APNS through the tunnel and notifications are blocked (as expected for a non-forwarding tunnel). On Wi-Fi, notifications fail to deliver in both cases. Our question Is this expected behavior when includeAllNetworks is enabled on Wi-Fi, or is this a known issue / bug with APNS delivery? Is there something else in the Wi-Fi networking path that includeAllNetworks affects beyond routing, which could prevent APNS from functioning even when the traffic is excluded from the tunnel? Sample Project Below is the minimal code that reproduces this issue. The project has two targets: a main app and a Network Extension. The tunnel provider captures all IPv4 and IPv6 traffic via default routes but does not forward packets — simulating a pre-MFA quarantine state. The main app configures the tunnel with includeAllNetworks = true and provides a UI toggle for excludeAPNS. PacketTunnelProvider.swift (Network Extension target): import NetworkExtension class PacketTunnelProvider: NEPacketTunnelProvider { override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) { let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "127.0.0.1") let ipv4 = NEIPv4Settings(addresses: ["198.51.100.1"], subnetMasks: ["255.255.255.0"]) ipv4.includedRoutes = [NEIPv4Route.default()] settings.ipv4Settings = ipv4 let ipv6 = NEIPv6Settings(addresses: ["fd00::1"], networkPrefixLengths: [64]) ipv6.includedRoutes = [NEIPv6Route.default()] settings.ipv6Settings = ipv6 let dns = NEDNSSettings(servers: ["198.51.100.1"]) settings.dnsSettings = dns settings.mtu = 1400 setTunnelNetworkSettings(settings) { error in if let error = error { completionHandler(error) return } self.readPackets() completionHandler(nil) } } private func readPackets() { packetFlow.readPackets { [weak self] packets, protocols in self?.readPackets() } } override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { completionHandler() } override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)?) { if let handler = completionHandler { handler(messageData) } } override func sleep(completionHandler: @escaping () -> Void) { completionHandler() } override func wake() { } } ContentView.swift (Main app target) — trimmed to essentials: import SwiftUI import NetworkExtension struct ContentView: View { @State private var excludeAPNs = false @State private var manager: NETunnelProviderManager? var body: some View { VStack { Toggle("Exclude APNs", isOn: $excludeAPNs) .onChange(of: excludeAPNs) { Task { await saveAndReload() } } Button("Connect") { Task { await toggleVPN() } } } .padding() .task { await loadManager() } } private func loadManager() async { let managers = try? await NETunnelProviderManager.loadAllFromPreferences() if let existing = managers?.first { manager = existing } else { let m = NETunnelProviderManager() let proto = NETunnelProviderProtocol() proto.providerBundleIdentifier = "<your-extension-bundle-id>" proto.serverAddress = "127.0.0.1" proto.includeAllNetworks = true proto.excludeAPNs = excludeAPNs m.protocolConfiguration = proto m.localizedDescription = "TestVPN" m.isEnabled = true try? await m.saveToPreferences() try? await m.loadFromPreferences() manager = m } if let proto = manager?.protocolConfiguration as? NETunnelProviderProtocol { excludeAPNs = proto.excludeAPNs } } private func saveAndReload() async { guard let manager else { return } if let proto = manager.protocolConfiguration as? NETunnelProviderProtocol { proto.includeAllNetworks = true proto.excludeAPNs = excludeAPNs } manager.isEnabled = true try? await manager.saveToPreferences() try? await manager.loadFromPreferences() } private func toggleVPN() async { guard let manager else { return } if manager.connection.status == .connected { manager.connection.stopVPNTunnel() } else { await saveAndReload() try? manager.connection.startVPNTunnel() } } } Steps to reproduce Build and run the sample project with above code on a physical iOS device. Connect to a Wi-Fi network. Set excludeAPNS = true using the toggle and tap Connect. Send a push notification to the device to a test app with remote notification capability (e.g., via a test push service or the push notification console). Observe that the notification is not delivered. Disconnect. Switch to cellular. Reconnect with the same settings. Send the same push notification — observe that it is delivered. Environment iOS 26.2 Xcode 26.2 Physical device (iPhone 15 Pro)

Environment: iOS 26.4 beta Xcode 26.4 beta Framework: AccessoryNotifications, AccessorySetupKit, AccessoryTransportExtension Description: I'm implementing notification forwarding to a custom BLE accessory using the new AccessoryNotifications framework in iOS 26.4. I've set up an AccessoryDataProvider extension following the documentation, but I'm unclear about how the data is actually transmitted to the BLE accessory. Current Implementation: Main App - Uses AccessorySetupKit to discover and pair accessories: let descriptor = ASDiscoveryDescriptor() descriptor.bluetoothServiceUUID = CBUUID(string: "FEE0") let displayItem = ASPickerDisplayItem( name: "Notification Accessory", productImage: UIImage(systemName: "applewatch")!, descriptor: descriptor ) accessorySession.showPicker(for: [displayItem]) { error in // Handle error } AccessoryDataProvider Extension - Implements NotificationsForwarding.AccessoryNotificationsHandler: @main struct AccessoryDataProvider: AccessoryTransportExtension.AccessoryDataProvider { @AppExtensionPoint.Bind static var boundExtensionPoint: AppExtensionPoint { Identifier("com.apple.accessory-data-provider") Implementing { AccessoryNotifications.NotificationsForwarding { NotificationHandler() } } } } // NotificationHandler sends messages via: let message = AccessoryMessage { AccessoryMessage.Payload(transport: .bluetooth, data: data) } try await session?.sendMessage(message) Info.plist Configuration: EXExtensionPointIdentifier com.apple.accessory-data-provider NSAccessorySetupBluetoothServices FEE0 Questions: What BLE Service and Characteristic should the accessory advertise? - The documentation mentions specifying transport: .bluetooth, but doesn't explain what Service/Characteristic the accessory needs to implement to receive the notification data. 2. How does AccessoryMessage with transport: .bluetooth actually transmit data? - Is there a specific Apple-defined BLE protocol? - Does the accessory need to run specific firmware or support a particular protocol stack? 3. Is there any documentation about the accessory-side implementation? - The iOS-side documentation is clear, but I couldn't find information about what the BLE peripheral needs to implement. 4. Is MFi certification required for the accessory? - The documentation doesn't explicitly mention MFi, but it's unclear if custom third-party accessories can use this framework. Any guidance on how the BLE communication works under the hood would be greatly appreciated.

The APP was not awakened by system after start a liveactivity and the liveactivity has showed on lock screen.so the updatetoken wont send to our inner server and the liveactivity can not update,often like this,but sometimes it can work. it makes me confuse,and i don't know how should i can do,because the liveactivity like a black box,i can not analyse the data link.for example ,inner server send a start liveactivity,but it can not accept a updatetoken unless the user lanuch APP. i hope the liveactivity can start and update on background. And i have developed it as described in the document. Hope to get your help，thank you very much.

iOS App terminated by Watchdog (Signal 9) in Background state despite reporting call Description I have successfully implemented VoIP pushes for the Killed state, where CallKit triggers correctly. However, when the app is in the Background state (suspended), it consistently crashes with an NSInternalInconsistencyException. The app process is killed by the iOS Watchdog because it fails to satisfy the requirement of posting an incoming call in the same run loop as the push receipt, or the completion handler is not being released fast enough by the JS bridge. Environment React Native Version: .78 React Native CallKeep Version: 4.3.14 React Native VoIP Push Notification Version: 3.3.3 iOS Version: 18.x Device: Physical iPhone [iphone 13 pro] The Issue When a VoIP push arrives while the app is in the Background: pushRegistry:didReceiveIncomingPushWithPayload: is called. RNCallKeep.reportNewIncomingCall is triggered on the Main Thread. The app is terminated by the system before the CallKit UI is fully established or before the completion() closure is executed. Current Implementation (AppDelegate.swift) func pushRegistry(_ registry: PKPushRegistry, didReceiveIncomingPushWith payload: PKPushPayload, for type: PKPushType, completion: @escaping () -> Void) { let payloadDict = payload.dictionaryPayload let callerName = payloadDict["callerName"] as? String ?? "Unknown Caller" let callUUIDString = payloadDict["uuid"] as? String ?? UUID().uuidString let userGUID = payloadDict["guid"] as? String ?? "0" RNCallKeep.reportNewIncomingCall( callUUIDString, handle: userGUID, handleType: "generic", hasVideo: false, localizedCallerName: callerName, supportsHolding: true, supportsDTMF: true, supportsGrouping: true, supportsUngrouping: true, fromPushKit: true, payload: ["userGuid": userGUID], withCompletionHandler: { } ) RNVoipPushNotificationManager.didReceiveIncomingPush(with: payload, forType: type.rawValue) completion() } Logs Exception Type: EXC_CRASH (SIGKILL) Exception Note: EXC_CORPSE_NOTIFY Termination Reason: TCC 1 | [CoreFoundation] Killing app because it never posted an incoming call to the system after receiving a PushKit VoIP push. Observed Behavior Killed State: Works perfectly. Foreground State: Works perfectly. Background State: The phone may vibrate once, but the app process is killed before the CallKit UI appears. Questions/Suspected Causes Is RNVoipPushNotificationManager.addCompletionHandler causing a delay in the background run loop that triggers the Watchdog? Should completion() be called immediately in Swift for the Background state, rather than waiting for VoipPushNotification.onVoipNotificationCompleted in JS? Is there a known issue with RNCallKeep not being able to present the UI while the app is in a suspended background state?

Hi everyone, I’m implementing Live Activities in my iOS app and encountering an issue when starting a Live Activity via an APNS push. The Live Activity card appears on the Lock Screen / Dynamic Island for a moment, then immediately disappears. In the console, I see the following error: Content load failed: unable to find or unarchive file for key: [com.meituan.imeituan-beta::com.meituan.imeituan-beta.liveactivity:Attributes type: SAKUniversalReminderAttributes:6DBCC2DC-E613-48F5-B97F-3EF72AA0877B]:[w:fix-374.00-h:dyn-64.00-160.00-cr:23.5-s:1.0.fam:medium]. The session may still produce one shortly. Error: Using url file:///private/var/mobile/Containers/Data/PluginKitPlugin/04F7B437-3C41-4823-8559-42E18F82B283/SystemData/com.apple.chrono/activities/6DBCC2DC-E613-48F5-B97F-3EF72AA0877B-w:fix-374.00-h:dyn-64.00-160.00-cr:23.5-s:1.0.fam:medium.activity-archive ... Error Domain=NSCocoaErrorDomain Code=4 "文件“6DBCC2DC-E613-48F5-B97F-3EF72AA0877B-w/fix-374.00-h/dyn-64.00-160.00-cr/23.5-s/1.0.fam/medium.activity-archive”不存在。" UserInfo={NSFilePath=/private/var/mobile/Containers/Data/PluginKitPlugin/04F7B437-3C41-4823-8559-42E18F82B283/SystemData/com.apple.chrono/activities/6DBCC2DC-E613-48F5-B97F-3EF72AA0877B-w:fix-374.00-h:dyn-64.00-160.00-cr:23.5-s:1.0.fam:medium.activity-archive, NSUnderlyingError=0x712b56820 {Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"}<…> The Live Activity is started by sending an APNS payload with the necessary content-state and attributes. I’ve verified that the attributes and content state types match the ones defined in the app, and the app is built with the correct entitlements.This happens on my iPhone 17 Pro device. Has anyone encountered a similar issue? Could it be related to the archive file not being written correctly by the system, or perhaps a mismatch in the activity attributes? Any guidance on debugging or resolving this would be greatly appreciated. Thank you!

I have the following code running on macOS and iOS: CKQuerySubscription *zsub = [[CKQuerySubscription alloc] initWithRecordType:ESS_CLOUDCONTROLLER_RECORDTYPE_PUSHNOTE predicate:[NSPredicate predicateWithFormat:@"TRUEPREDICATE"] subscriptionID:@"pushZSub" options:CKQuerySubscriptionOptionsFiresOnRecordUpdate|CKQuerySubscriptionOptionsFiresOnRecordCreation|CKQuerySubscriptionOptionsFiresOnRecordDeletion]; zsub.zoneID = zid; CKNotificationInfo *inf = [[CKNotificationInfo alloc] init]; inf.shouldSendContentAvailable = YES; inf.desiredKeys = @[ESS_PN_RECORDFIELD_KEY_OVERALLDATE]; zsub.notificationInfo = inf; CKModifySubscriptionsOperation *msop = [[CKModifySubscriptionsOperation alloc] initWithSubscriptionsToSave:@[zsub] subscriptionIDsToDelete:nil]; msop.qualityOfService = NSQualityOfServiceUserInitiated; msop.modifySubscriptionsCompletionBlock = ^(NSArray<CKSubscription *> * _Nullable savedSubscriptions, NSArray<CKSubscriptionID> * _Nullable deletedSubscriptionIDs, NSError * _Nullable operationError) { dispatch_async(dispatch_get_main_queue(), ^{ if (savedSubscriptions.count == 1) { //works also when already created. compH(YES, nil); } else { compH(NO, nil); } }); }; [self.database addOperation:msop]; (code synopsis: after i create a custom zone (not shown in code), I add a ckquerysubscription to it for a specific record type, configured as a silent notification) When I change the according record in my Mac app, I get an immediate silent push on iOS. On macOS, however, after I change the record in my iOS app, I don't get one. Sometimes, one silent push makes it through every now and then a minute+ late or so, and after that, it's going missing again. What's the deal? Everything's set up correctly (com.apple.developer.aps-environment is set, container-identifiers are the same, icloud services are the same, ubiquity-kvstore-identifier are the same). I obviously register for remote notifications in both apps. I see all the records and subscriptions and zones in both the Mac and iOS app. I tried setting alertBody to an empty string, or soundName to an empty string, or both to an empty string: no difference I tried having different subscriptions for my Mac and iOS app, since they use different bundle ids, but that was merged into one subscription server-side, so I'm thinking that's not it I tried making it not-silent by setting contentAvailable to NO and adding a full alertBody, title and subtitle. Again, worked on iOS, not on macOS. This has been going on since macOS 14 Sonoma (when I first got reports of this. Now running on macOS 26.3). Before Sonoma, it worked just fine. Now I thought perhaps it's because I had a subscription on the default zone, and not a custom one, so I tried subscribing to changes on a record in a custom zone (see code above), but that did not change anything either. It's all working fine, only the push notifications are not making it through to the Mac app. If I sudo killall apsd (kill the push service daemon), the last push notification suddenly miraculously makes it through, by the way. At this point, I'm out of ideas and would very much appreciate pointers as to how to debug this. Polling every 30 seconds for changes is so 1990s. Speaking of which, this is a rather long-time-running app (started in 2011). Could my CloudKit database be “too old” or “corrupted” or whatever? Thank you kindly, – Matthias