We have implemented live activities with broadcast notification using channels. It has been working without a problem for the last 6-8 months. Now we want to upgrade it by starting the channel based live activity via push notification. Whenever I try locally with development channels there isnt any problem regarding to starting live activity. When we go production on Testflight or App Store it doesn't work after first successful push even though user enters the app and send the new push to start token to our server and we are using the latest token we receive. We couldn't go further with debugging since it works perfectly fine the client when tried locally and we know we can send successful pushes as well since the metrics shows 12% success but we do not actually know what happened to remaining 88%. Every apns request return success with 200 and empty body. How can we further debug this issue. Or is this a common problem, if so, is there any possible solution to this. As far as we see, token goes to our server so we have the latest token all the time and this whole logic doesn't work without deleting and reinstalling the app.

My iPhone VoIP app, which I'm developing, uses Apple Push Notification service (APNs). I have a question regarding the following statement found in "[Overview of app transfer > Apps using push notifications]" Overview of app transfer You must manually reestablish push notification services if transferring an app that uses the Apple Push Notifications service (APNs). The recipient must create a new client SSL certificate using their developer account, as associated client SSL certificates, TLS certificates, and authentication tokens aren’t transferred. Question Let's say the recipient of the app transfer creates a "new SSL certificates, TLS certificates, and authentication tokens." Afterward, we need to verify that the Apple Push Notification service (APNs) works correctly when combining the transferred app with this "new SSL certificates, TLS certificates, and authentication tokens." However, until the recipient finishes verifying that it works correctly, the transferor want to keep the app available for download as before and be able to use the Apple Push Notification service. Is this possible? More specifically, can the recipient test the app to be transferred on TestFlight "before the transfer is completed"? I want to combine it with the "new SSL certificates, TLS certificates, and authentication tokens." and test it on TestFlight. Reading "[Initiate an app transfer]," it mentions the existence of a "Pending App Transfer" status. During this "Pending App Transfer" status, can the recipient test the app on TestFlight? Initiate an app transfer After you initiate the transfer, the app stays in its previous status, with the Pending App Transfer status added, until the recipient accepts it or the transfer expires after 60 days. Also, if there are any documents describing these procedures, I would appreciate it if you could share them. Thank you very much.

Hi All, I am building my own MDM server. It seems that in order for the MDM commands to function an MDM Push Certificate for the APNS framework. And in order to get the MDM Push Certificate from the Apple Push Certificates Portal (https://identity.apple.com/pushcert/) you need to upload your CSR usually provided and sign by the MDM Vendor of your choosing. I am familiar with this process. But now that I am the MDM Vendor, I am not sure where to get this MDM Vendor CSR Signing Certificate. I've already submitted a formal request via the "contact us" form. Apple's response pointed me to the documentation on Setting Up Push Notifications and the MDM Vendor CSR Signing Certificate help page (which I had already reviewed): https://developer.apple.com/documentation/devicemanagement/setting-up-push-notifications-for-your-mdm-customers https://developer.apple.com/help/account/certificates/mdm-vendor-csr-signing-certificate/ The issue is that these documents describe using the signing certificate, but not the process for obtaining it as a new, independent vendor. So does anyone know of a portal or method of generating this “MDM Vendor Certificate”? or maybe I'm going about this all wrong and there is a simpler way… the again, its apple, so I’m probably on the right path just beed a little direction please. (I am not sure where to get this MDM Vendor CSR Signing Certificate.)

We are facing an issue: push notifications are not being received. We are using the Marketing Cloud SDK for push notifications. On install, the app correctly registers for push notifications. We pass the required information to Marketing Cloud — for example, contact key, token, etc. Marketing Cloud also confirms that the configuration is set up, and we have tried sending push notifications with proper delivery settings. The issue is that after some time, the device gets automatically opted out in the Marketing Cloud portal. When we consulted their team, they said this is caused by the “DeviceTokenNotForTopic” error received from APNs. I have verified the certificates and bundle ID from my end — everything looks correct. Device: iPhone 15, iPhone 17 iOS: 18.7.2, 26.1

Hi everyone, I’m having trouble getting remote push notifications working on iOS for a production Flutter app, and it looks like it’s related to the provisioning profile / entitlements used during signing. Context Platform: Flutter Push provider: OneSignal (backend is Supabase; Android push works fine) CI: Codemagic Target: iOS TestFlight / App Store builds I’m on Windows, so I cannot open Xcode locally. All iOS builds happen via Codemagic. Capabilities / entitlements In the Apple Developer portal, my App ID for com.zachspizza.app has: Push Notifications capability enabled A separate Broadcast capability is listed but currently not checked. In my repo, ios/Runner/Runner.entitlements contains: xml aps-environment production So the project is clearly requesting the push entitlement. Codemagic signing setup For my App Store workflow (ios_appstore_release in codemagic.yaml ): I use a combination of manual and automatic signing: Environment variables can provide: P12_BASE64 + P12_PASSWORD (distribution certificate) MOBILEPROVISION_BASE64 (a .mobileprovision file) A script in the workflow: Creates a temporary keychain. Imports the .p12 and installs the .mobileprovision into ~/Library/MobileDevice/Provisioning Profiles. For the final export, I generate an exportOptions.plist that does: If a profile name/UUID is provided via env (PROV_PROFILE_SPEC, PROV_PROFILE_UUID, PROVISIONING_PROFILE_SPECIFIER, PROVISIONING_PROFILE): xml signingStylemanual provisioningProfiles com.zachspizza.app[profile name or UUID] Otherwise, it falls back to: xml signingStyleautomatic After archiving and exporting, my script runs: bash codesign -d --entitlements :- "$ARCHIVE_PATH/Products/Applications/Runner.app" ... and again on the signed Runner.app inside the exported IPA codesign -d --entitlements :- "$SIGNED_APP" In both cases, the effective entitlements output does not show aps-environment, even though: The App ID has push enabled. Runner.entitlements includes aps-environment = production. Observed behavior iOS devices (TestFlight build) do not receive remote push notifications at all. Android devices receive notifications as expected with the same backend payloads. OneSignal configuration and backend are verified; this appears to be an APNs / signing / entitlements problem. The Codemagic logs strongly suggest that the provisioning profile being used for signing does not carry aps-environment. Questions Under what conditions would a distribution provisioning profile (for an App ID with Push Notifications enabled) result in a signed app without aps-environment, even when: The entitlements file in the project includes aps-environment, and The App ID in the Developer portal has Push Notifications enabled? Does using a CI flow like the above (custom .p12 + .mobileprovision installed via script, exportOptions with signingStyle=manual) increase the chances of: Xcode ignoring the requested entitlements, or Selecting a provisioning profile variant that does not include the push entitlement? Is there a recommended way, from the Apple side, to verify that a given .mobileprovision (the one I’m base64-encoding and installing in CI) definitely includes the aps-environment entitlement for my bundle ID? i.e., a canonical method to inspect the profile and confirm that APNs is included before using it in CI? Are there any known edge cases where: The project entitlements include aps-environment, The App ID has Push Notifications enabled, But the final signed app still has no aps-environment, due to profile mismatch or signing configuration? Given that I’m on Windows and can’t open Xcode to manage signing directly, I’d really appreciate guidance on how to ensure that the correct push-enabled provisioning profile is being used in this CI/manual-signing setup, and how to debug why aps-environment is being stripped or not applied. CodeMagic Signing/Export Step: Signing / entitlements output from Codemagic Dumping effective entitlements for Runner.app in archive... /Users/builder/clone/build/ios/archive/Runner.xcarchive/Products/Applications/Runner.app: code object is not signed at all Failed to dump entitlements Exporting IPA with exportOptions.plist... 2025-11-20 22:25:00.111 xcodebuild[4627:42054] [MT] IDEDistribution: -[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path "/var/folders/w2/rrf5p87d1bbfyphxc7jdnyvh0000gn/T/Runner_2025-11-20_22-25-00.110.xcdistributionlogs". 2025-11-20 22:25:00.222 xcodebuild[4627:42054] [MT] IDEDistribution: Command line name "app-store" is deprecated. Use "app-store-connect" instead. ▸ Export Succeeded Dumping entitlements from signed Runner.app inside exported IPA... Executable=/private/var/folders/w2/rrf5p87d1bbfyphxc7jdnyvh0000gn/T/tmp.LHkTK7Zar0/Payload/Runner.app/Runner warning: Specifying ':' in the path is deprecated and will not work in a future release application-identifier.com.zachspizza.app beta-reports-active com.apple.developer.team-identifier get-task-allow As you can see, the signed app’s entitlements do not contain aps-environment at all, even though Runner.entitlements in the project has aps-environmentproduction and the App ID has Push Notifications enabled. Thanks in advance for any help and pointers.

I’m building a firefighter app that needs to automatically check in a firefighter when they arrive at the station and check them out when they leave — even if the app is killed. We need reliable enter/exit detection, low latency, and only one fixed location per user. We’re evaluating Region Monitoring, which works in the killed state but may introduce delays and inconsistent accuracy. To ensure mission-critical reliability, we are considering the Location Push Service Extension, since it can fetch precise location on demand and wake the extension even when the app is terminated. Before requesting the restricted entitlement, we need clarification on Apple’s expectations: Is Region Monitoring recommended for this fixed-location use case? Would Apple consider approving the Location Push Service Extension for a public-safety workflow? What prerequisites do we need before submitting the entitlement request (Always permission, prototype, privacy disclosures, etc.)? What details should be included in the justification form? Our goal is to follow the most reliable and Apple-approved approach for firefighter check-in/out. Any guidance would be greatly appreciated.

We are encountering the following issue with our VoIP application for iPhone, published on the App Store, and would appreciate your guidance on possible countermeasures. The VoIP application (callee side) utilizes a Wi-Fi network. The sequence leading to the issue is as follows: VoIP App (callee): Launches iPhone (callee): Locks (e.g., by short-pressing the power button) VoIP App (callee): Transitions to a suspended state VoIP App (caller): Initiates a VoIP call VoIP App (callee): Receives a local push notification VoIP App (callee): Creates a UDP socket for call control (for SIP send/receive) VoIP App (callee): Creates a UDP socket for audio stream (for RTP send/receive) VoIP App (callee): Exchanges SIP messages (INVITE, 100 Trying, 180 Ringing, etc.) using the call control UDP socket VoIP App (callee): Answers the incoming call VoIP App (callee): Executes performAnswerCallAction() Immediately after executing performAnswerCallAction() in the above sequence, the sendto() function for both the "UDP socket for call control (SIP send/receive)" and the "UDP socket for audio stream (RTP send/receive)" occasionally returns errno = 57 (ENOTCONN). (of course The VoIP app itself does not close the sockets in this timing) Given that the user has performed an answer operation, the iPhone is in an active state, and the VoIP app is running, what could be the possible reasons why the sockets suddenly become unusable? Could you please provide guidance on how to avoid such socket closures? Our VoIP app uses SCNetworkReachabilitySetCallback to receive network change notifications, but no notifications regarding network changes were received at the time errno = 57 occurred. Is it possible for sockets used by an application to be closed without any notification to the application itself?

Good morning, We are implementing Live Activities in a push-to-start flow. We wrap the listener for push to start tokens in a high priority task: if ptsListenerTask == nil || ptsListenerTask?.isCancelled == true { ptsListenerTask = Task(priority: .high) { [weak self] in for await pushToken in Activity<LiveAuctionAttributes>.pushToStartTokenUpdates { //Send token to back-end } } I've tried a few variations of this and they work well on most devices. I have seen a couple of devices that refuse to issue a push to start token. The user will have logging for the init flow and starting the PTS listener then the logs just go silent, nothing happens. One thing that seemed to work was getting the user to start a Live Activity manually (from our debugging tool) then the PTS token gets issued. This is not very reliable and working a mock live activity into the flow for obtaining a PTS token is a poor solution. Is anyone else seeing this and is there a known issue with obtaining PTS tokens? Thanks! Brad

Hi, We recently updated our app icon, but the push notification icon has not been updated on some devices. It still shows the old icon on: • iPhone 16 Pro — iOS 26 • iPhone 14 — iOS 26 • iPad Pro 11” (M4) — iOS 18.6.2 • iPhone 16 Plus — iOS 18.5 After restarting these devices, the push notification icon is refreshed and displays the new version correctly. Could you advise how we can ensure the push notification icon updates properly on all affected devices without requiring users to restart? Thank you.

Provisioning profiles created for my App ID are not including the Push Notifications capability, even though Push Notifications is enabled in the App ID configuration in Apple Developer Portal. I have enabled Push Notifications for my App ID (com.abc.app) in the Apple Developer Portal. The capability shows as enabled and saved. However, when provisioning profiles are generated (either manually or through third-party tools like Expo Application Services), they do not include: The Push Notifications capability The aps-environment entitlement This results in build failures with the following errors: Provisioning profile "*[expo] com.abc.app AppStore [timestamp]" doesn't support the Push Notifications capability. Provisioning profile "*[expo] com.abc.app AppStore [timestamp]" doesn't include the aps-environment entitlement. Steps Taken ✅ Enabled Push Notifications in App ID configuration (com.mirova.app) ✅ Saved the App ID configuration multiple times ✅ Waited for Apple's systems to sync (waited 5-10 minutes) ✅ Removed and re-added Push Notifications capability (unchecked, saved, re-checked, saved) ✅ Created Push Notification key in Apple Developer Portal ✅ Verified Push Notifications is checked and saved in App ID ❌ Provisioning profiles still created without Push Notifications capability Expected Behavior When Push Notifications is enabled for an App ID, any provisioning profiles created for that App ID should automatically include: Push Notifications capability aps-environment entitlement (set to production or development) Actual Behavior Provisioning profiles are created without Push Notifications capability, even though: Push Notifications is enabled in App ID App ID configuration is saved Sufficient time has passed for sync Additional Information Push Notification Key: Created and valid (Key ID: 3YKQ7XLG9L and 747G8W2J68) Distribution Certificate: Valid and active Provisioning Profile Type: App Store distribution Third-party Tool: Using Expo Application Services (EAS) for builds, but issue persists with manually created profiles as well Questions Is there a delay or sync issue between enabling Push Notifications in App ID and it being available for provisioning profiles? Are there any additional steps required to ensure Push Notifications is included in provisioning profiles? Is there a known issue with Push Notifications capability not being included in provisioning profiles? Should I create the provisioning profile in a specific way to ensure Push Notifications is included? Environment Platform: iOS Build Type: App Store distribution Xcode Version: (via EAS cloud build) Thank you for your assistance. I've been unable to resolve this issue and would appreciate any guidance. iOS Deployment Target: Latest

Is it possible for an iOS app to programmatically detect if its built for TestFlight/App Store distribution versus built for development? The motivation for doing this is so that the app can detect if a push server should send pushes using the Apple production server or the sandbox server - when the app sends the push token to the server, I'd like it to additionally send an indicator to the server so the server knows which of the Apple servers to use. Is there a way to achieve this? TIA

We are observing an issue where the iOS Notification Service Extension (NSE) is terminated by the system during startup, before either didReceive(_:withContentHandler:) or serviceExtensionTimeWillExpire(_:) is invoked. When this occurs, the notification is delivered without modification (for example, an encrypted payload is shown to the user). System logs frequently contain the message “Extension will be killed because it used its runtime in starting up”. During testing, we observed that CPU-intensive operations or heavy initialization performed early in the extension lifecycle — especially inside init() or directly on the main thread in didReceive often cause the system to kill the NSE almost immediately. These terminations happen significantly earlier than the commonly observed ~30-second execution window where the OS normally invokes serviceExtensionTimeWillExpire(_:) before ending the extension. When these early terminations occur, there is no call to the expiry handler, and the process appears to be forcefully shut down. Moving the same operations to a background thread changes the behavior: the extension eventually expires around the usual 30-second window, after which the OS calls serviceExtensionTimeWillExpire(_:). We also observed that memory usage plays a role in early termination. During tests involving large memory allocations, the system consistently killed the extension once memory consumption exceeded a certain threshold (in our measurements, this occurred around 150–180 MB). Again, unlike normal time-based expiration, the system did not call the expiry handler and no crash report was produced. Since Apple’s documentation does not specify concrete CPU, memory, or startup-cost constraints for Notification Service Extensions or any other extensions beyond the general execution limit, we are seeking clarification and best-practice guidance on expected behaviors, particularly around initialization cost and the differences between startup termination. NSE Setup: class NotificationService: UNNotificationServiceExtension { static var notificationContentHandler: ((UNNotificationContent) -> Void)? static var notificationContent: UNMutableNotificationContent? static var shoudLoop = true override func didReceive(_ request: UNNotificationRequest, withContentHandler contentHandler: @escaping (UNNotificationContent) -> Void) { NotificationService.notificationContentHandler = contentHandler NotificationService.notificationContent = request.content.mutableCopy() as? UNMutableNotificationContent NotificationService.notificationContent!.title = "Weekly meeting" NotificationService.notificationContent!.body = "Updated inside didReceive" // Failing scenarios } override func serviceExtensionTimeWillExpire() { NotificationService.shoudLoop = false guard let handler = NotificationService.notificationContentHandler, let content = NotificationService.notificationContent else { return } content.body = "Updated inside serviceExtensionTimeWillExpire()" handler(content) } }

I’m testing remote push notifications on macOS, and although notifications are received and displayed correctly, my Notification Service Extension (NSE) never gets invoked. The extension is properly added as a target in the same app, uses the UNNotificationServiceExtension class, and implements both didReceive(_:withContentHandler:) and serviceExtensionTimeWillExpire(). I’ve also set "mutable-content": 1 in the APNS payload, similar to how it works on iOS — where the same code correctly triggers the NSE. On macOS, however, there’s no sign that the extension process starts or the delegate methods are called. import UserNotifications class NotificationService: UNNotificationServiceExtension { override func didReceive(_ request: UNNotificationRequest, withContentHandler contentHandler: @escaping (UNNotificationContent) -> Void) { let modified = (request.content.mutableCopy() as? UNMutableNotificationContent) modified?.title = "[Modified] " + (modified?.title ?? "") contentHandler(modified ?? request.content) } override func serviceExtensionTimeWillExpire() { // Called if the extension times out before finishing } } And the payload used for testing: { "aps": { "alert": { "title": "Meeting Reminder", "body": "Join the weekly sync call" }, "mutable-content": 1 }, "MEETING_ORGANIZER": "Alex Johnson" } Despite all correct setup steps, the NSE never triggers on macOS (while working fine on iOS). Can anyone confirm whether UNNotificationServiceExtension is fully supported for remote notifications on macOS, or if additional configuration or entitlement is needed?

I am looking for advice for debugging a wallet pass not updating for some customers after successfully posting an APNS notification (pass identifier as topic, no expiration, priority 10). Is there an exhaustive list of reasons for a wallet pass not updating or a guide for making sure updates happen reliably? Are there are any guarantees made as to when the pass is updated? We noticed it is either never updating or the update happens much later for some customers. Usually toggling "Automatic Updates" in Pass Details updates the pass immediately for affected customers. Can it be caused by an error in the implementation of the Wallet Passes Web Service? We generate passes on the fly as a response to /v1/passes/{passTypeIdentifier}/{serialNumber}. I noticed that we also sometimes receive HEAD requests to this endpoint despite the documentation only mentioning the GET method. I was previously returning a HTTP status code 405 (Method Not Allowed). I have now updated it to also respond with headers (Content-Type, Content-Disposition and Last-Modified) for the pass for HEAD requests, but I don't know if it makes a difference. Here is a list of issues on the customer side I was thinking of: No connection to the internet Low power mode (does it prevent or throttle updates?) What happens if there is an error? Does it keep trying or does it just fail silently? In the latter case it might make sense to keep sending APNS notifications until the pass is requested successfully. I know that you can use the PassKit framework in iOS apps to update (replace) passes. Would this be more reliable than a stand-alone Wallet pass?

We are observing an weird behaviour where a user uninstalled the app back in February (more than a month ago) but APNs is still accepting push notifications are returning success responses. We know that using APNs response codes for uninstall tracking is not reliable and that Apple will use fuzzy schedule to invalidate tokens. However, showing successful responses for month+ old tokens seems a bit misleading and results in wasted token processing for both us and Apple. Could you please confirm that invalidation (or fuzzy schedule) could take more than months to invalidate tokens on the APNs side? Is that expected or is this a bug somewhere?

Having some discussion about when we should clear out a token from our servers. Docs say: Don’t retry notification responses with the error code BadDeviceToken, DeviceTokenNotForTopic, Forbidden, ExpiredToken, Unregistered, or PayloadTooLarge. You can retry with a delay, if you get the error code TooManyRequests. The way I see it is that with the exception of PayloadTooLarge, all other errors means you should remove the token from your server. Either because: The token is no longer good The token is good, but this is just not the right: environment (sandbox vs production) topic (the token is from a different bundle id or developer team) target (app vs live activity appex) Do I have it right? Extra context: when using the "JSON Web Token Validator" tool, a colleague reported that a 410 -Expired token (from couple days back) was still valid today. This raises questions about when tokens should actually be deleted and how these error codes should be interpreted. Also is it possible for the docs to get updated for us to explicitly know if a token should get removed and not leave it for interpretation?

Hi everyone, I'm developing a custom Apple Wallet pass using a Django backend and exposing my local server through ngrok during development. For the first ~30 minutes, everything works exactly as expected: the pass registers correctly, silent push notifications trigger instant updates, Wallet immediately performs the GET request to fetch the new .pkpass, and the changeMessage displays almost instantly on the lock screen. At some point, however, the pass stops updating entirely. Apple APNs continues to return 200 OK for every silent push I send, but the device never performs the required GET /v1/passes// call to download the updated pass. As a result, even the internal content of the pass (ex: points/balance fields) no longer updates, which confirms that Wallet is not fetching the new .pkpass at all. No changeMessage appears either. This behavior has been described informally by other developers as Apple Wallet Pass Update Throttling, where the Wallet daemon begins ignoring silent pushes after repeated updates or certain internal conditions. I’m trying to confirm whether this is indeed throttling, what triggers it, and how to avoid it during development.

I'm experiencing a critical regression on iOS 26 with a Notification Content Extension. extensionContext.open(uri) fails to open external URLs with LSApplicationWorkspaceErrorDomain Code=115 under specific conditions. Problem: When the main app is killed, and a rich push notification is received and expanded, tapping a button (specifically one with a transparent background, cornerRadius=0, clipsToBounds=false) fails to open its associated URL. Key Details: iOS 26 Only: Works perfectly on iOS 17, 18, etc. App Killed State Only: Works if the app is running (foreground/background). Works on Subsequent Notifications: The link will open if a second notification is received. LSApplicationQueriesSchemes: Confirmed to be correctly configured in the main app's Info.plist and present in the app bundle. Delay No Help: Adding a 1s delay before open(uri) does not fix it. My os_log statements confirm the button tap

We have been getting several reports in the past 2 weeks of APNs notifications being either heavily delayed or not delivered at all. We have two apps, one of which has a Notification Service Extension and one of which does not. We have had users of both reporting sporadic notification problems. Looking at the sysdiagnose logs from one example, it looks like the notification was actually processed by our notification extension in a timely fashion, but was not displayed to the user. An example event we investigated it the following (now perhaps a little long in the tooth): 2025-10-31T14:32:54 apnsId=EE3E002D-26DE-B4F5-5E9B-5E0C1E1B6B3D We think we have correlated this with device logs: default 2025-10-31 10:32:54.472054 -0400 [EDE9521D-8A65-4588-8AE8-D3D78B9E5EA5] Received replacement content for notification request 859D-ABC7 [ hasContent: 1 attachments: 0 ] However there is no other reference until the app was launched about 1.5 minutes later: default 2025-10-31 10:34:26.875327 -0400 [..] Got 1 delivered notifications [ hasCompletionHandler: 1 ] When trying to reproduce, when I saw notifications bannered, the trace I saw was "Got 0 delivered notifications". What's the significance of "Got 1 delivered notifications" in this case? Historically, SpringBoard logs have shown detailed trace about the handling of notifications (which was very useful in narrowing down the slowness of notifications due to Apple Intelligence, reported on our side as FB16253547, which doesn't seem to have been triaged but it looks like was resolved around iOS 18.2.1 or iOS 18.3); however it seems that now sysdiagnoses are only containing <1 minute of trace from SpringBoard. Is there any way to extend the trace from SpringBoard that is included in sysdiagnoses? I see there was also https://developer.apple.com/forums/thread/806367 around the same time we started receiving reports. However I think my hypothesis is that this is a client-side issue, and notifications are being delivered to devices, just not presented correctly. Will try and collect a bit more data and file some Feedbacks and provide them here, but wanted to also flag here in case there are any others experiencing similar.

For our Live Activity Tokens, when we fire a payload, often apns is returning a response of 410 unregistered. Docs are saying: The device token is inactive for the specified topic. There is no need to send further pushes to the same device token, unless your application retrieves the same device token, refer to Registering your app with APNs Questions: Why does this happen? Does it only happen because the user changed their permission? Or there are other reasons? And when it does happen, what should we do about it? A. Should we keep the token on the server? Because perhaps the user will change their permission and the token becomes valid? That could leave us with lots of invalid tokens and us firing at them unnecessarily. Docs do say: Don’t retry notification responses with the error code BadDeviceToken, DeviceTokenNotForTopic, Forbidden, ExpiredToken, Unregistered, or PayloadTooLarge. B. Or should we remove the token from the server? That then requires app to re-register the token. But the problem with that is: When I went into App's settings from OS settings and toggled push notifications to on, the app was not launched into the background nor killed i.e. it requires explicit app launch by the user to re-register itself which isn't ideal... It means a user may turn on notifications from the OS settings and then assume that their push notifications should be back in business, but that won't happen if you toggle things from OS settings.