Hello, We are working with an iOS app that is distributed as a Public Unlisted App Store app. Our MDM allows us to import the app by URL, but when added this way, the app is marked as unmanaged in the inventory. Because of that, we cannot assign a Managed App Configuration payload to it in the normal way. What we are trying to achieve: Deliver a configuration profile to all enrolled devices before the app is installed. When the user installs the app from the MDM catalog, the app should immediately see the configuration values. Questions we’re hoping to clarify: Is it technically feasible to pre-provision a Managed App Configuration for an app in this scenario, by pushing a .mobileconfig profile to all devices? If yes, what would be the correct payload format and content of such a .mobileconfig file? We’ve tested a profile format we found here that uses com.apple.managed-app-config PayloadType and a ManagedAppConfiguration key with the bundle ID nested inside, but iOS reports this as “payload not recognized.” From what we understand, that may not be part of Apple’s schema. Any guidance from Apple or the community on whether this use case is possible (and, if so, what the valid profile format should look like) would be very helpful. Note: For a complicated company policy, at the moment we are not able to participate in ABM. Thanks in advance!

We are currently working on a SCEP server implementation that operates in FIPS-approved mode. In this mode, RSA PKCS#1 v1.5 encryption is disallowed due to compliance requirements, and only FIPS-approved padding schemes such as RSA-OAEP are permitted. However, we have observed that the SCEP client functionality on Apple devices currently does not support RSA-OAEP for CMS EnvelopedData decryption. This creates a challenge for us in ensuring FIPS compliance while maintaining compatibility with Apple devices during certificate enrollment through SCEP. We would appreciate your guidance on the following: Are there any alternative FIPS-approved encryption algorithms or configurations supported by Apple devices for SCEP CMS EnvelopedData decryption? Is there any plan or timeline for future support of RSA-OAEP on Apple platforms for this use case? Feedback raised along with sysdiagnose logs as well : FB17655410

Hi all, I’m building a password manager app for iOS. The app implements an ASCredentialProviderExtension and has the entitlement com.apple.developer.authentication-services.autofill-credential-provider. From a UX perspective, I’d like to help users enable my app under: Settings → General → AutoFill & Passwords What I’ve observed: Calling UIApplication.openSettingsURLString only opens my app’s own Settings page, not the AutoFill list. Some apps (e.g. Google Authenticator) appear to redirect users directly into the AutoFill Passwords & Passkeys screen when you tap “Enable AutoFill.” 1Password goes even further: when you tap “Enable” in 1Password App, it shows a system pop-up, prompts for Face ID, and then enables 1Password as the AutoFill provider without the user ever leaving the app. Questions: Is there a public API or entitlement that allows apps to deep-link users directly to the AutoFill Passwords & Passkeys screen? Is there a supported API to programmatically request that my app be enabled as an AutoFill provider (similar to what 1Password seems to achieve)? If not, what is the recommended approach for guiding users through this flow? Thanks in advance!

I'm working on an app for iOS that will help people get tasks done. Within the app, we use a ManagedSettingsStore to let the user setup distracting apps. When the user opens any of those apps while it is being shielded, our ShieldConfiguration target opens and displays a screen that we configure with the description of the task they are supposed to do. On the bottom of the view, there are two buttons, one to start the task, and another to dismiss and return to their home screen. I want to have the button that starts the task open up the main application and deeplink to the focus view with the task that they started. Currently, the only thing that we can tell the system to do is via a ShieldActionResponse which is an enum with 3 cases: none, close, or defer. None of these three allow us to open the main application. I have found no workarounds that allow us to do it either. I've tried creating a custom URL scheme and calling UIApplication.shared.open(url), but there is no shared application available within the action extension. I have tried using a NSExtensionContext to open a url, but that does not work either. I have even tried starting a live activity to show the user what task they are working on and have a live timer, but that does not work either. I know it is technically possible, because an app I downloaded does it perfectly. The app is called "Ascent: Screen Time Control". Is there some sort of extension I am missing, or entitlement I have not requested? Any help would be very appreciated.

Hello, I have noticed that the ShieldConfiguration is only requested when opening a target app, and never when the application token is moved to a different shield while the target app remains in foreground. This causes problems because many times the wrong ShieldConfiguration is displayed (recycled) instead of requesting a new ShieldConfiguration. This bug has been around since the introduction of the Screen Time API in 2020 and is has not been addressed. Bug reports: FB14237883 FB17902392 Please fix asap!! Not acceptable to have bugs not being addressed for more than 5 years. Most concerning: This is still reproducing on iOS 26 beta 7!! Thanks a lot for your help.

Hi there, I'm presenting a FamilyActivityPicker inside of a sheet, and on some phones, the FamilyActivityPicker freezes and crashes when the user expands the "Other" category only. "Other" is the only category that exhibits this behavior, and it only does this on some phones, not in all cases. This issue is perfectly reproducible on those phones when using the FamilyActivityPicker for the "other" category only, but on those same phones it does not reproducible in the Native ScreenTime Picker in Settings → ScreenTime → App Limits → Add Limit. I don't have access to these phones as they are user reports, but any guidance here would be deeply appreciated. More broadly, there are several issues with the FamilyActivityPicker (categories expand on top of each other when multiple are opened, varying behavior with tapping rows vs tapping select bubbles depending on phone size, etc) that the Native ScreenTime Picker doesn't have. Grouping websites as a standalone category is preferable as well. Could we as developers just have access to that one?

Hello, I’m presenting the familyActivityPicker from a presented sheet in my application. When I select some apps, categories or websites and tap “Done”, the familyActivityPicker is dismissed but the presenting sheet is also dismissed on iOS 18.4, iOS 18.5, iOS 26 beta 1 and 2. If I tap on “Cancel” from the familyActivityPicker, the sheet is also dismissed on iOS 18.4, iOS 18.5, iOS 26 beta 1 and 2. The same code works perfectly fine on iOS 18.0, iOS 18.1, iOS 18.2 and iOS 18.3. Is this a known-issue? If opened the feedback FB18369821 for this. Regards, Axel

When using the ManagedSettings API to block apps everything is blocked as expected (the app itself, Notifications, Live Activities on the Lock Screen etc) except for Compact Live Activities of those apps (that are shown in the Dynamic Island). I feel the expected behavior would be to block also the Compact Live Activities. Our use case: In Spoilerblock we want to prevent users from being exposed to spoilers before they've had time to watch for example a sports game. Current workaround: Right now the best we can do is to ask the user to disable Live Activities for apps that could expose results, to not risk being exposed to a spoiler.

Some of our users encounter an issue after updating their iPhone/iPad to iOS 17.5.1. The tokens passed in the Shield Configuration extension don't match the tokens they selected in my app using the FamilyPicker before updating to iOS 17.5.1. It seems the tokens changed for no reason. My app can't match the token from the ShieldConfigurationDataSource to any tokens stored on my end, causing my shield screens to turn blank. The same applies to tokens in the Device Activity Report extension. The only workaround I've found is to tell affected users to unselect and reselect apps and websites to block in my app. This gets them new tokens from the FamilyActivityPicker, which solves the issue. However, for some users, the bug reoccurs a few days later. Tokens seem to change again, causing the same issue in the Shield Configuration extension. I am not able to reproduce the issue on my test devices so I have no sysdiagnose to attach. However, this issue is affecting other screen time apps: https://developer.apple.com/forums/thread/732845 https://forums.developer.apple.com/forums/thread/756440 FB14082790 FB14111223 A change in iOS 17.5.1 must have triggered this behaviour. Could an Apple engineer give us any updates on this?

So when we select an app that needs to have a shield configured for family controls (managed settings), when selecting an individual application (say like Instagram), it works well but when I select a whole category (say like Social) it doesn't work well. here's the exact code for how I choose which application needs to be shielded: class ShieldConfigurationExtension: ShieldConfigurationDataSource { override func configuration(shielding application: Application) -> ShieldConfiguration { return ShieldConfiguration( backgroundBlurStyle: .systemChromeMaterial, backgroundColor: UIColor(red: 220.0/255, green: 20.0/255, blue: 60.0/255, alpha: 1.00), icon: iconImage, title: ShieldConfiguration.Label(text: "You CAN'T give up now!", color: .white), subtitle: ShieldConfiguration.Label(text: "Just a little bit more you got this", color: .white), primaryButtonLabel: ShieldConfiguration.Label(text: "GRINDSET", color: .white), primaryButtonBackgroundColor: .black, secondaryButtonLabel: ShieldConfiguration.Label(text: "Move Fast", color: .black) ) } Now this works well for application selection alone, but there isn't any for category selection as such. And the same is shown in its execution that a category goes back to default shielding. What API should I use for category shielding?

Hello, my app is frequently loosing / forgetting the Screen Time Permission that had been granted previously on iOS 26. I have experienced it myself, sysdiagnose is in this radar: FB18997699 But also also my App Store users who have updated to iOS 26 already have reported this bug. It would be great if Apple could ensure that this bug is addressed before iOS 26 is released to the public.

Hello, I’m building an app that helps people spend less time on social media apps. For that, I make heavy use of Apple’s Screen Time APIs, such as ManagedSettings and FamilyControls. When an app is locked using a ShieldConfiguration, the user has to open my app in order to unlock it (e.g. enter a code). This is very cumbersome because no documented API exists to open the parent app (=my app) from the ShieldActionDelegate (also part of my app) when the user presses a button of the ShieldConfiguration. The ShieldActionDelegate callback just offers three options in its ShieldActionResponse: .none .defer .close .openParentApp is missing. We are working around this limitation by sending a local push notification that the user has to tap on. This has multiple drawbacks: It has to be ensured that notification permission has been granted. It has to be ensured that notifications can be delivered even while focus is enabled. Features such as Apple Intelligence notification summaries and notification prioritization can heavily delay delivering notifications and thus frustrate the user. Neither my users nor myself do understand why this is not possible in a smoother way, at least according to the documentation. There are 3rd party apps that have such functionality, they can directly open their own app from a button press in the Shield, see here: https://apps.apple.com/us/app/applocker-passcode-lock-apps/id1132845904 It would be great if Apple could level the playfield for all developers and document how this is achievable, because technically it clearly is. Thanks a lot and have a great day!

I found that in iOS 18.5, DeviceActivityCenter startMonitoring cannot start multiple monitors, even if their names and periods are different, and restarting the phone cannot solve it. My app uses DeviceActivityCenter, which makes the entire function unusable. (I have less than 20 monitors)

Issue with Universal Links and App Extension (ShieldAction Handler) I'm currently working on a POC app using the FamilyControls framework and facing an issue when trying to open a Universal Link from an app extension, specifically from a ShieldAction handler. When I try to open a Universal Link, I encounter the following error: Failed to open URL https://sixteen-server-c008110f8759.herokuapp.com/.well-known/apple-app-site-association: Error Domain=FBSOpenApplicationServiceErrorDomain Code=1 "The request to open 'com.apple.mobilesafari' failed." UserInfo={BSErrorCodeDescription=RequestDenied, NSUnderlyingError=0x14f2d90b0 {Error Domain=FBSOpenApplicationErrorDomain Code=3 "Application com.sixteen.life is neither visible nor entitled, so may not perform un-trusted user actions." UserInfo={BSErrorCodeDescription=Security, NSLocalizedFailureReason=Application com.sixteen.life is neither visible nor entitled, so may not perform un-trusted user actions.}} Context: I’m using a ShieldAction handler as part of an App Extension to trigger the action (e.g., "Break in Shield") in my app. The app extension (ShieldAction handler) is responsible for trying to open the Universal Link. I’m encountering the error because the app is not visible or entitled to perform this action, which seems to be related to security restrictions when using App Extensions. Questions: App Extension and Universal Link Interaction: Is it possible for an App Extension (like ShieldAction handler) to open a Universal Link or trigger an external app, such as Safari, even though it is not the foreground app? Entitlements for App Extensions: Are there any specific entitlements or permissions required to allow an app extension (ShieldAction handler) to open Universal Links or perform actions like opening Safari from the background? App Visibility and State: How can I ensure that my app is in the right state (visible/active) and has the necessary entitlements to trigger these actions when running in the context of an app extension? Workaround: If this behavior is restricted due to app extension limitations, what would be the recommended workaround to handle launching external apps (like Safari) or Universal Links from within an app extension?

Hello everyone, I’m developing an app using the FamilyControls framework, I distributed through TestFlight the other day using the “Family Controls” distribution (not Development). Everything works as expected in dev builds — but for external TestFlight testers, nothing in the FamilyControls framework seems to function. I'm using the correct Family Controls capability in Xcode (added via Signing & Capabilities). The com.apple.developer.family-controls entitlement is present in my .entitlements file. All the users who reported the issue had correctly given screen time permissions to the app. Would really appreciate some help regarding where the issue could come from.

Hello, I already have got approval from Apple for com.apple.developer.family-controls entitlement When I am building my app, there is one part where I need to check the list of applications which I have blocked with my app. To get the list I have to have com.apple.developer.managed-settings entitlement ... Now how and where show I get hold of it ? I already got permission for Family Control, how do I get hold of this now ?

Hello, How do apps like App Lock implement app-opening from a shield? Is this supported for 3rd-party apps or limited to partners? https://apps.apple.com/us/app/app-lock/id6448239603

How to programmatically check if ApplicationToken or ActivityCategoryToken is expired in FamilyActivityPicker? I'm building a Screen Time-based parental control app using FamilyControls and ManagedSettings. We use FamilyActivityPicker to allow the user to select apps and categories to restrict, and we apply the shield using: store.shield.applications = .specific(selection.applicationTokens) store.shield.applicationCategories = .specific(selection.categoryTokens) Sometimes, we observe that the shield silently fails to apply — no error is thrown, but the restrictions aren't enforced. I suspect this may be due to expired or invalid tokens, possibly if the app was removed or the selection became stale. My Questions: Can ApplicationToken or ActivityCategoryToken expire or become invalid over time? If yes, is there a supported or recommended way to detect whether a token is still valid before applying it to the shield? Is comparing the current shield values (store.shield.applications and store.shield.applicationCategories) after applying them a reliable validation method? What's the best practice to handle expired tokens (e.g. re-prompt the FamilyActivityPicker, or show a fallback)? What Is the Expiration Duration of Tokens from FamilyActivityPicker? Any guidance or insight from the Screen Time/FamilyControls team would be greatly appreciated! Thank you!

How to test ManagedAppConfigurationProvider without MDM ? Task { /* Configuration provider task */ for await configuration in configurationProvider.configurations(MyAppConfiguration.self) { self.configuration = configuration ?? MyAppConfiguration.defaultConfiguration } } Can the existence of a configuration be simulated, e.g. by storing a mocked configuration in UserDefaults? The UserDefaults key "com.apple.configuration.managed" seems not relevant here.

How can I use the Screen Time API to set a restriction for a child account from my app running on the parent’s account?