Every now and then I talk to someone who’s trying to use Bonjour and just can’t get over the first hurdle. That happened today, and so I decided to share my write-up for the benefit of others. Questions or comments? Put them in a new thread here on DevForums, tagging it with Bonjour so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Getting Started with Bonjour Bonjour is an Apple term for a variety of Internet standards [1]. Bonjour allows your app to browse for and connect to services on the network without infrastructure support. For example, Bonjour lets you find and connect to a printer even if the network has no DHCP server to hand out IP addresses. If you’re new to Bonjour, a good place to start is the Bonjour Overview. It’s in the documentation archive, so it hasn’t been updated in a while, but the fundamentals haven’t changed. There are, however, two things that have changed: Network framework has new Bonjour APIs, and the old ones are now deprecated. iOS 14 introduced local network privacy. This post shows how to get started with Bonjour, taking into account these new developments. [1] Specifically: RFC 3927 Dynamic Configuration of IPv4 Link-Local Addresses RFC 6762 Multicast DNS RFC 6763 DNS-Based Service Discovery Start Browsing Let’s start by implementing a service browser. To simplify things, this browses for SSH services. That way you can get started with the browser without first having to implement a server to register your service. If you don’t already have an SSH service registered on your network, start one by enabling System Settings > General > Sharing > Remote Login on your Mac. The SSH service type is, unsurprisingly, _ssh._tcp. First, on your Mac, run the dns-sd tool to confirm that you have an SSH service visible on your network: % dns-sd -B "_ssh._tcp" "local." % dns-sd -B "_ssh._tcp" "local." … Timestamp A-R Flags if Domain Service Type Instance Name … 11:54:43.315 Add 2 6 local. _ssh._tcp. Fluffy … 11:54:43.725 Add 2 6 local. _ssh._tcp. SAM the Robot 12 ^C This shows that I have two services, one called Fluffy and the other called SAM the Robot 12. Let’s write some iOS code to browse for those. To start, create an app from the iOS > App template and connect a button to the startStop() method of a class like this: import Foundation import Network class AppModel { var browserQ: NWBrowser? = nil func start() -> NWBrowser { print("browser will start") let descriptor = NWBrowser.Descriptor.bonjour(type: "_ssh._tcp", domain: "local.") let browser = NWBrowser(for: descriptor, using: .tcp) browser.stateUpdateHandler = { newState in print("browser did change state, new: \(newState)") } browser.browseResultsChangedHandler = { updated, changes in print("browser results did change:") for change in changes { switch change { case .added(let result): print("+ \(result.endpoint)") case .removed(let result): print("- \(result.endpoint)") case .changed(old: let old, new: let new, flags: _): print("± \(old.endpoint) \(new.endpoint)") case .identical: fallthrough @unknown default: print("?") } } } browser.start(queue: .main) return browser } func stop(browser: NWBrowser) { print("browser will stop") browser.stateUpdateHandler = nil browser.cancel() } func startStop() { if let browser = self.browserQ { self.browserQ = nil self.stop(browser: browser) } else { self.browserQ = self.start() } } } Note I’m using SwiftUI, but if you chose to use UIKit you could add this code directly to your view controller. Of course, whether you want to add networking code to your view controller is another question. The answer is, natch, “No”, except when creating a tiny test project like this one (-: Now build and run in the simulator and click your buton. It’ll print something like this: browser will start browser did change state, new: ready browser results did change: + SAM the Robot 12._ssh._tcp.local. + Fluffy._ssh._tcp.local. As you can see, it’s found our two SSH services. Yay! Run on the Device Now stop the app and run it on a real device. This time the Test button results in: browser will start … browser did change state, new: failed(-65555: NoAuth) This is local network privacy kicking in. There are two things you need to do: Add a NSBonjourServices property to your Info.plist to declare what service types you’re using. Add a NSLocalNetworkUsageDescription property to your Info.plist to explain what you’re doing with the local network. Do that and run your app again. On tapping the Test button you’ll see an alert asking you to grant your app access to the local network. Tap Allow and the browser will start generating results as before. Respond to Updates When working with Bonjour it’s important to keep your browser running to update your app’s state. To test this, start a Remote Login on a different machine and look for a new result being printed: browser results did change: + Slimey._ssh._tcplocal. And then turn it off: browser results did change: - Slimey._ssh._tcplocal. If you don’t have another Mac to test this with, start a dummy service using dns-sd: % dns-sd -R "Guy Smiley" "_ssh._tcp" "local." 12345 Registering Service Test._ssh._tcp.local. port 12345 … Press control-C to stop the dns-sd tool, which unregisters the service. Connect When the user choose a service, it’s time to connect. There are two ways to do this, depending on the networking API you use to run your connection. NWConnection can connect directly to a Bonjour service endpoint. For example, you might have code that connects to a DNS name and port: func makeConnection(host: String, port: UInt16) -> NWConnection { let host = NWEndpoint.Host(host) let port = NWEndpoint.Port(rawValue: port)! let endpoint = NWEndpoint.hostPort(host: host, port: port) return NWConnection(to: endpoint, using: .tcp) } Replace that with code that takes the endpoint you get back from the browser: func makeConnection(endpoint: NWEndpoint) -> NWConnection { return NWConnection(to: endpoint, using: .tcp) } If you’re using a legacy API, like BSD Sockets, you’ll need to resolve the Bonjour service endpoint to a DNS name and then pass that DNS name into your connection code. Network framework does not support resolving Bonjour service endpoints out of the box, so you’ll have to do that yourself. For an example of how you might do this, see this post. IMPORTANT For this to work reliably, your BSD Sockets code must support Happy Eyeballs. See TN3151 Choosing the right networking API for specific advice on that front. Register a Service Now let’s look at the server side. To listen for connections with Network framework, you might write code like this: import Foundation import Network class AppModel { var listenerQ: NWListener? = nil func start() -> NWListener? { print("listener will start") guard let listener = try? NWListener(using: .tcp) else { return nil } listener.stateUpdateHandler = { newState in print("listener did change state, new: \(newState)") } listener.newConnectionHandler = { connection in connection.cancel() } listener.start(queue: .main) return listener } func stop(listener: NWListener) { print("listener will stop") listener.stateUpdateHandler = nil listener.cancel() } func startStop() { if let listener = self.listenerQ { self.listenerQ = nil self.stop(listener: listener) } else { self.listenerQ = self.start() } } } To register your service with Bonjour, add these lines before the call to start(queue:): listener.service = .init(type: "_ssh._tcp") listener.serviceRegistrationUpdateHandler = { change in print(change) } The listener calls your service registration update handler to tell you the name of the service. Typically you display this value somewhere in your UI. For more about this, see Showing Connection Information in an iOS Server. To confirm that your service is running, open Terminal and choose Shell > New Remote Command. Your service should show up in the Secure Shell (ssh) list. Alternatively, browse for SSH services using the dns-sd tool, as illustrated in the Start Browsing section above.

Hello, I have an app that is using iOS 26 Network Framework APIs. It is using QUIC, TLS 1.3 and Bonjour. For TLS I am using a PKCS#12 identity. All works well and as expected if the devices (iPhone with no cellular, iPhone with cellular, and iPad no cellular) are all on the same wifi network. If I turn off my router (ie no more wifi network) and leave on the wifi toggle on the iOS devices - only the non cellular iPhone and iPad are able to discovery and connect to each other. My iPhone with cellular is not able to. By sharing my logs with Cursor AI it was determined that the connection between the two problematic peers (iPad with no cellular and iPhone with cellular) never even makes it to the TLS step because I never see the logs where I print out the certs I compare. I tried doing "builder.requiredInterfaceType(.wifi)" but doing that blocked the two non cellular devices from working. I also tried "builder.prohibitedInterfaceTypes([.cellular])" but that also did not work. Is AWDL on it's way out? Should I focus my energy on Wi-Fi Aware? Regards, Captadoh

Hi team, I’m having an issue with my iOS app related to local network communication and connecting to a Wi-Fi speaker. My app works similar to the “4Stream” application. The speaker and the mobile device must be on the same Wi-Fi network so the app can discover and connect to the speaker. What’s happening: When I run the app directly from Xcode in debug mode, everything works perfectly. The speaker gets discovered. The speaker gets connected successfully. The connection flow completes without any problem. But when I upload the same build to TestFlight, the behaviour changes completely. The app gets stuck on the “Connecting…” screen. The speaker is not discovered. But the same code is working fine on Android It never moves forward from that state. So basically: Debug Mode: Speaker is detected and connected properly TestFlight: Stuck at “Connecting…”, speaker does NOT get connected This makes me believe something related to local network access, multicast, Wi-Fi info permissions, or Bonjour discovery is not being applied correctly in the release/TestFlight environment. Below is my current Info.plist and Entitlements file, which already include Local Network Usage, Bonjour services, Location usage for SSID, multicast entitlements, wifi-info, etc. My Info.plist <key>CADisableMinimumFrameDurationOnPhone</key> <true/> <key>CFBundleDevelopmentRegion</key> <string>en</string> <key>CFBundleDisplayName</key> <string>Wanwun</string> <key>CFBundleExecutable</key> <string>$(EXECUTABLE_NAME)</string> <key>CFBundleIdentifier</key> <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>$(PRODUCT_NAME)</string> <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> <string>$(MARKETING_VERSION)</string> <key>CFBundleSignature</key> <string>????</string> <key>CFBundleVersion</key> <string>$(CURRENT_PROJECT_VERSION)</string> <key>LSRequiresIPhoneOS</key> <true/> <!-- Allow HTTP to devices on LAN --> <key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> <key>NSExceptionDomains</key> <dict> <key>local</key> <dict> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> <key>NSIncludesSubdomains</key> <true/> </dict> <key>localhost</key> <dict> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> <key>NSIncludesSubdomains</key> <true/> </dict> </dict> </dict> <!-- Local Network Usage --> <key>NSLocalNetworkUsageDescription</key> <string>This app needs local network access to discover and control your sound system device over Wi-Fi.</string> <!-- Bonjour services for discovery --> <key>NSBonjourServices</key> <array> <string>_http._tcp.</string> <string>_wrtn._tcp.</string> <string>_services._dns-sd._udp.</string> </array> <!-- Location for SSID Permission --> <key>NSLocationWhenInUseUsageDescription</key> <string>This app requires location access to read the connected Wi-Fi information.</string> <!-- Camera / Photos --> <key>NSCameraUsageDescription</key> <string>This app needs camera access to capture attendance photos.</string> <key>NSPhotoLibraryAddUsageDescription</key> <string>This app saves captured photos to your gallery.</string> <key>NSPhotoLibraryUsageDescription</key> <string>This app needs access to your gallery to upload existing images.</string> <!-- Bluetooth --> <key>NSBluetoothAlwaysUsageDescription</key> <string>This app uses Bluetooth to discover nearby sound system devices.</string> <key>NSBluetoothPeripheralUsageDescription</key> <string>This app uses Bluetooth to connect with your sound system.</string> <!-- Launch screen --> <key>UILaunchStoryboardName</key> <string>LaunchScreen</string> <!-- Device Capabilities --> <key>UIRequiredDeviceCapabilities</key> <array> <string>arm64</string> </array> <!-- Orientation --> <key>UISupportedInterfaceOrientations</key> <array> <string>UIInterfaceOrientationPortrait</string> <string>UIInterfaceOrientationLandscapeLeft</string> <string>UIInterfaceOrientationLandscapeRight</string> </array> <key>UIViewControllerBasedStatusBarAppearance</key> <false/> My Entitlements What I need help with: I want to understand why the app behaves correctly in debug mode (where the speaker connects without issues), but the same functionality fails in TestFlight. Is there something additional required for: Local network discovery on TestFlight? Multicast networking? Reading the Wi-Fi SSID? Bonjour, service scanning? Release build / TestFlight network permissions? If any extra entitlement approval, configuration, or specific service type is needed for TestFlight builds, please guide me. Thank you for your help.

Hello, I am studying the Building peer-to-peer apps codebase https://developer.apple.com/documentation/wifiaware/building-peer-to-peer-apps and am wondering why no connection is ever started? I searched the codebase and didn't find .start() be called once. Start function I'm referencing https://developer.apple.com/documentation/network/networkconnection/start() Are NetworkConnections started automatically? Note that I am using QUIC NetworkConnections (NetworkConnection) in what I'm trying to do.

Hi, I'm new to swift programming and right now writing an app for esp8266-controlled lamp device. My lamp is broadcasting it's own IP through bonjour. So all I want is to discover any lamps in my network (http.tcp) and to read name and value. Is there any example of such implementation? All I found so far is old or a lit bit complicated for such simple question. Thanks in advance!

Hello, I have an app that was using the iOS 18 Network Framework APIs. It used Peer to Peer, QUIC and Bonjour. It was all working as expected. I wanted to upgrade to the new iOS 26 Network Framework APIs (NetworkBrowser, NetworkListener, NetworkConnection...). I have things working (multiple devices can discover each other, connection to each other and send messages to each other) but my app crashes when I go to toggle of all the networking stuff. In the iOS 18 Network Framework API NWConnection had a .cancel() function I could use to tell the other side the connection was done. I dont see a cancel function for NetworkConnection. My question is - how do I properly close down a NetworkConnection and also properly tell the other side the connection is done.

Hello, I have a peer to peer networking setup in my app that uses Network Framework with Bonjour and QUIC via NWBrowser, NWListener, NWConnection, and NWEndpoint and all works as expected. I watched the videos about the new iOS 26 Networking stuff (NetworkBrowser, NetworkListener, NetworkConnection) and wanted to try and migrate all my code to use the the new APIs (still use Bonjour and NOT use Wi-Fi Aware) but hit some issues. I was following how the Wi-Fi Aware example app was receiving messages for try await messageData in connection.messages { but when I got things setup with QUIC in a similar fashion I got the following compile error Requirement from conditional conformance of '(content: QUIC.ContentType, metadata: QUIC.Metadata)' to 'Copyable' Requirement from conditional conformance of '(content: QUIC.ContentType, metadata: QUIC.Metadata)' to 'Escapable' Requirement from conditional conformance of '(content: QUIC.ContentType, metadata: QUIC.Metadata)' to 'Copyable' Requirement from conditional conformance of '(content: QUIC.ContentType, metadata: QUIC.Metadata)' to 'Escapable' When I asked Cursor about what I was facing its response was as follows: "The connection.messages stream changed in the new Network APIs: it now yields typed (content, metadata) tuples. Iterating with for try await incoming in connection.messages asks the compiler to conform that tuple to Copyable/Escapable; for QUIC the tuple isn’t copyable, so you hit the conditional-conformance error." I am curious if you've been able to use the new iOS 26 network APIs with QUIC? Thank you, Captadoh

I am seeking assistance with how to properly handle / save / reuse NWConnections when it comes to the NWBrowser vs NWListener. Let me give some context surrounding why I am trying to do what I am. I am building an iOS app that has peer to peer functionality. The design is for a user (for our example the user is Bob) to have N number of devices that have my app installed on it. All these devices are near each other or on the same wifi network. As such I want all the devices to be able to discover each other and automatically connect to each other. For example if Bob had three devices (A, B, C) then A discovers B and C and has a connection to each, B discovers B and C and has a connection to each and finally C discovers A and B and has a connection to each. In the app there is a concept of a leader and a follower. A leader device issues commands to the follower devices. A follower device just waits for commands. For our example device A is the leader and devices B and C are followers. Any follower device can opt to become a leader. So if Bob taps the “become leader” button on device B - device B sends out a message to all the devices it’s connected to telling them it is becoming the new leader. Device B doesn’t need to do anything but device A needs to set itself as a follower. This detail is to show my need to have everyone connected to everyone. Please note that I am using .includePeerToPeer = true in my NWParameters. I am using http/3 and QUIC. I am using P12 identity for TLS1.3. I am successfully able to verify certs in sec_protocal_options_set_verify_block. I am able to establish connections - both from the NWBrowser and from NWListener. My issue is that it’s flaky. I found that I have to put a 3 second delay prior to establishing a connection to a peer found by the NWBrowser. I also opted to not save the incoming connection from NWListener. I only save the connection I created from the peer I found in NWBrowser. For this example there is Device X and Device Y. Device X discovers device Y and connects to it and saves the connection. Device Y discovers device X and connects to it and saves the connection. When things work they work great - I am able to send messages back and forth. Device X uses the saved connection to send a message to device Y and device Y uses the saved connection to send a message to device X. Now here come the questions. Do I save the connection I create from the peer I discovered from the NWBrowser? Do I save the connection I get from my NWListener via newConnectionHandler? And when I save a connection (be it from NWBrowser or NWListener) am I able to reuse it to send data over (ie “i am the new leader command”)? When my NWBrowser discovers a peer, should I be able to build a connection and connect to it immediately? I know if I save the connection I create from the peer I discover I am able to send messages with it. I know if I save the connection from NWListener - I am NOT able to send messages with it — but should I be able to? I have a deterministic algorithm for who makes a connection to who. Each device has an ID - it is a UUID I generate when the app loads - I store it in UserDefaults and the next time I try and fetch it so I’m not generating new UUIDs all the time. I set this deviceID as the name of the NWListener.Service I create. As a result the peer a NWBrowser discovers has the deviceID set as its name. Due to this the NWBrowser is able to determine if it should try and connect to the peer or if it should not because the discovered peer is going to try and connect to it. So the algorithm above would be great if I could save and use the connection from NWListener to send messages over.

My application (using a nested framework for networking) was working correctly on iPadOS 18, but failed to perform a UDP broadcast operation after upgrading the device to iPadOS 26. The low-level console logs consistently show a "Permission denied" error. Symptoms & Error Message: When attempting to send a UDP broadcast packet using NWConnection (or a similar low-level socket call within the framework), the connection fails immediately with the following error logged in the console: nw_socket_service_writes_block_invoke [C2:1] sendmsg(fd 6, 124 bytes) [13: Permission denied] (Error code 13 corresponds to EACCES). Verification Steps (What I have checked): Multicast Networking Entitlement is Approved and Applied: The necessary entitlement (com.apple.developer.networking.multicast) was granted by Apple. The Provisioning Profile used for signing the Host App Target has been regenerated and explicitly includes "Multicast Networking" capability (see attached screenshot). I confirmed that Entitlements cannot be added directly to the Framework Target, only the Host App Target, which is the expected behavior. Local Network Privacy is Configured: The Host App's Info.plist contains the NSLocalNetworkUsageDescription key with a clear usage string. Crucially, the Local Network Access alert does not reliably appear when the Broadcast function is first called (despite a full reinstall after OS upgrade). Even when Local Network Access is manually enabled in Settings, the Broadcast still fails with EACCES. Code Implementation: The Broadcast is attempted using NWConnection to the host 255.255.255.255 on a specific port. Request: Since all required entitlements and profiles are correct, and the failure is a low-level EACCES on a newly updated OS version, I suspect this may be a regression bug in the iPadOS 26 security sandbox when validating the Multicast Networking Entitlement against a low-level socket call (like sendmsg). Has anyone else encountered this specific Permission denied error on iPadOS 26 with a valid Multicast Entitlement, and is there a known workaround aside from switching to mDNS/Bonjour?

My application (using a nested framework for networking) was working correctly on iPadOS 18, but failed to perform a UDP broadcast operation after upgrading the device to iPadOS 28. The low-level console logs consistently show a "Permission denied" error. Symptoms & Error Message: When attempting to send a UDP broadcast packet using NWConnection (or a similar low-level socket call within the framework), the connection fails immediately with the following error logged in the console: nw_socket_service_writes_block_invoke [C2:1] sendmsg(fd 6, 124 bytes) [13: Permission denied] (Error code 13 corresponds to EACCES). Verification Steps (What I have checked): Multicast Networking Entitlement is Approved and Applied: The necessary entitlement (com.apple.developer.networking.multicast) was granted by Apple. The Provisioning Profile used for signing the Host App Target has been regenerated and explicitly includes "Multicast Networking" capability (see attached screenshot). I confirmed that Entitlements cannot be added directly to the Framework Target, only the Host App Target, which is the expected behavior. Local Network Privacy is Configured: The Host App's Info.plist contains the NSLocalNetworkUsageDescription key with a clear usage string. Crucially, the Local Network Access alert does not reliably appear when the Broadcast function is first called (despite a full reinstall after OS upgrade). Even when Local Network Access is manually enabled in Settings, the Broadcast still fails with EACCES. Code Implementation: The Broadcast is attempted using NWConnection to the host 255.255.255.255 on a specific port. Request: Since all required entitlements and profiles are correct, and the failure is a low-level EACCES on a newly updated OS version, I suspect this may be a regression bug in the iPadOS 28 security sandbox when validating the Multicast Networking Entitlement against a low-level socket call (like sendmsg). Has anyone else encountered this specific Permission denied error on iPadOS 28 with a valid Multicast Entitlement, and is there a known workaround aside from switching to mDNS/Bonjour?

Hi Apple Engineers and fellow developers, I'm a student developer working on an educational focus management app that helps users hide distracting apps during study sessions. The app consists of: macOS app: Simple "Hide apps" button that triggers app hidding sessions iOS app: Uses Screen Time API to temporarily hide selected apps from home screen Communication: Bonjour networking between Mac and iPhone for session coordination The Challenge My app requires two entitlements that aren't available with Personal Developer Teams: com.apple.developer.family-controls (for Screen Time API) com.apple.developer.networking.multicast (for Bonjour device discovery) Current Error Messages text Cannot create a iOS App Development provisioning profile for "focuser.focuser-app". Personal development teams, including "My Name", do not support the Family Controls (Development) capability. Provisioning profile doesn't include the com.apple.developer.family-controls and com.apple.developer.networking.multicast entitlements. My Question for Apple Engineers Is there any legitimate way to test these privacy-sensitive APIs on my own devices for educational/learning purposes without purchasing the $99/year Apple Developer Program membership? I understand the security reasons behind these restrictions, but as a student just learning iOS development, it creates a significant barrier to experimenting with these technologies.

I have some confusion around the usage of DeviceDiscoveryUI. The documentation suggests that it is available only on TVOS. But with the recent announcement of WifiAware, it has been used in iOS devices as well. Within DeviceDiscoveryUI, the DevicePicker or the DevicePairingView documentation seems to be available with iOS. Is this just a documentation mistake? Followup - Can I use DeviceDiscoveryUI's DevicePicker/ DevicePairingView to discover devices through Bonjour and then establish a connection through Network framework?

Our product (rockhawk.ca) uses the Multipeer Connectivity framework for peer-to-peer communication between multiple iOS/iPadOS devices. My understanding is that MC framework communicates via three methods: 1) infrastructure wifi (i.e. multiple iOS/iPadOS devices are connected to the same wifi network), 2) peer-to-peer wifi, or 3) Bluetooth. In my experience, I don't believe I've seen MC use Bluetooth. With wifi turned off on the devices, and Bluetooth turned on, no connection is established. With wifi on and Bluetooth off, MC works and I presume either infrastructure wifi (if available) or peer-to-peer wifi are used. I'm trying to overcome two issues: Over time (since iOS 9.x), the radio transmit strength for MC over peer-to-peer wifi has decreased to the point that range is unacceptable for our use case. We need at least 150 feet range. We would like to extend this support to watchOS and the MC framework is not available. Regarding #1, I'd like to confirm that if infrastructure wifi is available, MC uses it. If infrastructure wifi is not available, MC uses peer-to-peer wifi. If this is true, then we can assure our customers that if infrastructure wifi is available at the venue, then with all devices connected to it, range will be adequate. If infrastructure wifi is not available at the venue, perhaps a mobile wifi router (battery operated) could be set up, devices connected to it, then range would be adequate. We are about to test this. Reasonable? Can we be assured that if infrastructure wifi is available, MC uses it? Regarding #2, given we are targeting minimum watchOS 7.0, would the available networking APIs and frameworks be adequate to implement our own equivalent of the MC framework so our app on iOS/iPadOS and watchOS devices could communicate? How much work? Where would I start? I'm new to implementing networking but experienced in using the MC framework. I'm assuming that I would write the networking code to use infrastructure wifi to achieve acceptable range. Many thanks! Tim

Hi, I am developing the browser based on Chromium, which initially relies on the nw_browser stack for discovering locally available network resources. We have observed an issue where, after each software update—specifically, whenever additional files are written into the application bundle—a popup appears requesting the user to allow local network access, even if this permission was already granted. The behavior is reproducible: simply overwriting files in the app bundle (we are using rsync as Chromium), even while the application is already running, causes the prompt to reappear. We have also noticed that Chromium itself exhibits the same behavior. Also I found the mess in system settings, it has several Google Chrome for example: https://www.loom.com/share/da401f39ab134628807d77f1ca3185f5?from_recorder=1&focus_title=1 We would like to provide a smoother experience for our users and avoid confusing them with repeated permission prompts. Could you please advise on possible approaches or best practices to improve our update mechanism in this regard?

Good morning, I have been playing with he new Networking framework released in beta, and i think its amazing how powerful and simple it is. However i have been tackling some issues with it, it seems that the NetworkListener does not allow us to configure a specific endpoint for any of the protocols, UDP, TCP (QUIC, TLS) Is this intended or just not missing features as of the Beta ? I figured out how to use bonjour to get a port (as i am brand new to using Networking on macOS and Swift) I get that the use of this is mainly as a client to connect to servers, but it would make more sense to have a high level abstraction of what already exist, wouldn't it be more intuitive to configure a NetworkEndpoint that contains either a Bonjour Service or an endpoint with configured port that we can then configure on the Listener, instead of doing .service(...) ?

Hello everyone, Last year I built an application for tvOS and iPadOS that enables device-to-device communication. I based it on Apple’s sample code, available here: https://developer.apple.com/documentation/Network/building-a-custom-peer-to-peer-protocol At that time, everything worked flawlessly. However, this year I had to revisit the project to add new features, and now it no longer works as expected. The first time the app runs it connects fine, but if we relaunch it (on either the iPad, the Apple TV, or both), the connection fails. Most importantly, this is not an issue with my own code — I tested it directly with the original Apple sample code, and the exact same problem occurs there too. Here’s what I see in the logs: nw_endpoint_flow_setup_channel [C1 TicTacToe,65E91B02-890E-4D30-88B8-CE2AB9677BF9 in_progress channel-flow (satisfied (Path is satisfied), viable, interface: utun0, scoped, ipv6)] nexus assignment error Connection refused nw_endpoint_flow_failed_with_error [C1 TicTacToe,65E91B02-890E-4D30-88B8-CE2AB9677BF9 in_progress channel-flow (satisfied (Path is satisfied), viable, interface: utun0, scoped, ipv6)] already failing, returning code-block This happens right after I select the iPad from the device list and try to connect. What’s strange is that the interface being used is utun0. I don’t have a VPN or iCloud Private Relay enabled. I also tried running the app through the iPad’s personal hotspot, but I get the same error. The only workaround I’ve found so far is to restart the Apple TV. Has anyone else run into this problem? Is there any known solution or workaround? Tested on tvOS 18.6 and iPadOS 18.3.2 / 18.6.

I'm writing an application that implements a Bonjour service and browser for the purpose of connecting to Logic Pro and interacting with a MIDI Device Script. Because it's connecting to Logic Pro running on the same system as the application, the service and browser do not need to access anything else on the local network. I'm creating the service and browser with calls like this: err = DNSServiceRegister( &serviceRef, 0, kDNSServiceInterfaceIndexLocalOnly, "MyService", "_osc._udp", "local", nullptr, 52854, txtLen, txtRecord, static_cast<DNSServiceRegisterReply>(myCallback), context ); err = DNSServiceBrowse( &browserRef, 0, kDNSServiceInterfaceIndexLocalOnly, "_osc._udp", nullptr, static_cast<DNSServiceBrowseReply>(browserCallback), context ); Despite the fact that I'm passing in kDNSServiceInterfaceIndexLocalOnly for the network interface, it still triggers an "Allow 'Application' to find devices on local networks?" permissions prompt. How can I avoid that prompt? It is both a significant failure point (in case users don't notice it or click 'Don't Allow' by mistake) but it may also scare them away, since it strongly implies my application is scanning devices on the local network, even though it's doing no such thing!

Hi, I am trying to create an App which connects to a Device via Wifi and then has to do some HTTP Requests. Connecting to the Wifi is working properly but when I try to make an HTTP API Call I get the response that the Domain is unavailable (No Internet Connection). I created the App in Flutter on Android everything works perfectly. The packages are all iOS Compatible. But in Safari the URL works so it is probably a permission Issue. I have the Following permissions granted: NSAppTransportSecurity NSBonjourServices NSLocalNetworkUsageDescription I even have Multicast Networking When I test the App I get asked to grant the access to local Network which I am granting. I don´t know what I should do next can somebody help? Feel free to ask for more Information

I'm creating a simple p2p server to advertise a service: // server let txtRecord = NWTXTRecord(["key": "value"]) NWListener.Service(name: name, type: "_p2p._tcp", domain: nil, txtRecord: txtRecord) and client to look that service up: // client switch result.endpoint { case let .service(name: name, type: type, domain: domain, interface: interface): print(result.metadata) The client is getting the advertisement ok, but metadata is nil. I expected to see a txt record there, is that not supported? public let metadata: NWBrowser.Result.Metadata /// Additional metadata provided to the browser by a service. Currently, /// only Bonjour TXT records are supported. Is the above server making a Bonjour TXT record or something else? Basically what I want is to pass a short key/value data as part of advertisement.

Is There a Reliable Way to Check Local Network Permission Status in 2025? I've read many similar requests, but I'm posting this in 2025 to ask: Is there any official or reliable method to check the current Local Network permission status on iOS 18.x? We need this to guide or navigate users to the appropriate Settings page when permission is denied. Background Our app is an IoT companion app, and Local Network access is core to our product's functionality. Without this permission, our app cannot communicate with the IoT hardware. Sadly, Apple doesn't provide any official API to check the current status of this permission. This limitation has caused confusion for many users, and we frequently receive bug reports simply because users have accidentally denied the permission and the app can no longer function as expected. Our App High Level Flow: 1. Trigger Permission We attempt to trigger the Local Network permission using Bonjour discovery and browsing methods. (see the implementation) Since there's no direct API to request this permission, we understand that iOS will automatically prompt the user when the app makes its first actual attempt to communicate with a local network device. However, in our case, this creates a problem: The permission prompt appears only at the time of the first real connection attempt (e.g., when sending an HTTP request to the IoT device). This results in a poor user experience, as the request begins before the permission is granted. The first request fails silently in the background while the permission popup appears unexpectedly. We cannot wait for the user's response to proceed, which leads to unreliable behavior and confusing flows. To avoid this issue, we trigger the Local Network permission proactively using Bonjour-based discovery methods. This ensures that the system permission prompt appears before any critical communication with the IoT device occurs. We’ve tried alternative approaches like sending dummy requests, but they were not reliable or consistent across devices or iOS versions. (see the support ticket) 2. Wi-Fi Connection: Once permission is granted, we allow the user to connect to the IoT device’s local Wi-Fi. 3. IoT Device Configuration: After connecting, we send an HTTP request to a known static IP (e.g., 192.168.4.1) on the IoT network to configure the hardware. I assume this pattern is common among all Wi-Fi-based IoT devices and apps. Problem: Even though we present clear app-level instructions when the system prompt appears, some users accidentally deny the Local Network permission. In those cases, there’s no API to check if the permission was denied, so: We can’t display a helpful message. We can’t guide the user to Settings → Privacy &amp; Security → Local Network to re-enable it. The app fails silently or behaves unpredictably. Developer Needs: As app developers, we want to handle negative cases gracefully by: Detecting if the Local Network permission was denied Showing a relevant message or a prompt to go to Settings Preventing silent failures and improving UX So the question is: What is the current, official, or recommended way to determine whether Local Network permission is granted or denied in iOS 18.x (as of 2025)? This permission is critical for a huge category of apps especially IoT and local communication-based products. We hope Apple will offer a better developer experience around this soon. Thanks in advance to anyone who can share updated guidance.

I have an iPad app that uses Network framework to allow iPads to wirelessly communicate via their built-in ad hoc network capability. However, our app is used in an enterprise environment and there's concern about them communicating wirelessly, so I've been tasked with looking into wired communication. Question: I've read that iOS can connect to a wifi network using an Ethernet adapter, but would this work for ad hoc networking? For ex, if I connect 2 iPads via Ethernet cables to each other (not to the wifi router), and have the NWListener start broadcasting itself, can the NWBrowser find it and establish an ad-hoc connection via the Ethernet cables (and not the wireless cards inside the iPads). The iPads don't have any wifi connections established so they wouldn't be able to communicate any other way. My guess is no...though if they did connect, how would I know it has happening via the cables and not via the wireless ad hoc capability, because I'm guessing there's no way to turn off just the wireless part of the ad hoc feature? If you disable the wifi on an iPad, you're also disabling ad hoc, right? I'm pretty sure there's no way to programmatically send data back and forth between iPads using a USB-C cable connection, so I'm trying to determine if Ethernet cables would work.