We are pushing some Chrome settings through Directory Services command line utility /usr/bin/dscl /usr/bin/dscl /Local/Default -mcximport /Computers/local_computer chrome_settings.plist /usr/bin/mcxrefresh -n root These commands created com.google.Chrome.plist in /Library/Managed Preferences on previous macOS versions. However on macOS 15.x Sequoia these commands intermittently fail to create the file in /Library/Managed Preferences though there is no error reported or any log entries that could indicate an error. There could be other component on Sequoia that is preventing directory services tool to push the preferences but I am unable to locate it. It is not MDM because the machines are not enrolled (also have a setup where dscl and MDM both work). This is happening on a clean macbook setup but I have never seen it happen on mac mini. Anyone have an idea what could be interfering with directory services to complete its task of pushing managed settings? DDM?

I work as the end user compute engineer at my employer. My test managed shared iPad Pro was on iOS 18.0.1 and from the sign in screen I was able to double click the lock/wake button twice to open the Wi-Fi picker. I upgraded it to the latest iOS 18.1 update and the Wi-Fi picker screen no longer comes up when double clicking the lock/wake button. Has this feature been removed? If so, this will pose a huge issue when it comes to new users signing in when not on a known Wi-Fi network.

I have two time machines one is a western digital and the other is a Q Nap that ever since I upgraded to Sequoia, I cannot use. It’s an NAS device and Macke says that I have to contact the manufacturer of the product. They’re too old for me to contact them. My MacBook is new and it was working up until I had upgraded to Sequoia so I’m just trying to find out if that is a software glitch or an OS glitch. It is happening on both Max that I have so this is begging me the question that it’s an iOS update causation. It just sits and spins at the Time Machine preparing to back up and that is all that it does the first time it backed up probably until 25% and now it’s just doing this preparing to back up. I also have tried to wipe out the shares on both NAS machines and deleted the the files within the share to set it up again, and it still does not work.

Hello, I'm currently facing some technical difficulties in implementing features related to application restrictions using the ScreenTime API. In our app, we allow users to set up restrictions for specific apps and app categories, with scheduled times and days (for example, Mondays and Thursdays, from 2pm to 5pm). The blocking sessions must run independently and simultaneously, allowing different sets of applications to be restricted at different times. However, I ran into two main problems: 1. Applying restrictions in the DeviceActivityMonitor extension: Although I can enable and disable restrictions, I haven't found an effective way to apply multiple FamilyActivitySelections directly in the DeviceActivityMonitor extension. The extension has to manage different blocking sessions independently, restricting different sets of applications and categories simultaneously or separately. I would like to know if it is possible to transmit this list of selected applications via UserDefaults or CoreData to the extension in order to facilitate this integra To better illustrate, here is a snippet of the code I am using: import Foundation import FamilyControls import ManagedSettings import DeviceActivity class AppBlockManager: ObservableObject { private let store = ManagedSettingsStore() private let center = DeviceActivityCenter() @Published var activitySelection: FamilyActivitySelection private var activityName: DeviceActivityName private var schedule: DeviceActivitySchedule init(selection: FamilyActivitySelection, activityName: DeviceActivityName, schedule: DeviceActivitySchedule) { self.activitySelection = selection self.activityName = activityName self.schedule = schedule } func startBlock() { do { try center.startMonitoring(activityName, during: schedule) if let applications = activitySelection.applications.isEmpty ? nil : activitySelection.applicationTokens { store.shield.applications = applications } if let categories = activitySelection.categories.isEmpty ? nil : activitySelection.categoryTokens { store.shield.applicationCategories = ShieldSettings .ActivityCategoryPolicy .specific(categories) store.shield.webDomainCategories = ShieldSettings .ActivityCategoryPolicy .specific(categories) } if let webDomains = activitySelection.webDomains.isEmpty ? nil : activitySelection.webDomainTokens { store.shield.webDomains = webDomains } } catch { print("Error starting monitoring: \(error)") } } func stopBlock() { store.shield.applications = nil store.shield.webDomains = nil store.shield.applicationCategories = nil store.shield.webDomainCategories = nil center.stopMonitoring([activityName]) } } Currently, this AppBlockManager is part of the main app target, not within the DeviceActivityMonitor extension, which is currently empty. With this configuration, I can only have one blocking session active at a time, and when it is deactivated, all restrictions are removed. I tried using different ManagedSettingsStore instances, each named individually, but without success. 2. Problems with scheduling restrictions: Currently, when setting up scheduled monitoring via DeviceActivitySchedule, the restrictions are activated immediately, ignoring the specific times scheduled (e.g. starting at 2pm and ending at 5pm). I need the schedule to work correctly, applying the restrictions only during the defined periods. Alternatively, I've considered running a background task that checks whether active sessions (up to a maximum of 3) should apply the restrictions at that time, but I'm still looking for a more suitable solution. In view of these challenges, I would like some guidance on the following points: What would be the best way to configure the DeviceActivityMonitor extension to receive and apply different FamilyActivitySelections, ensuring that the blocking sessions are independent and can run simultaneously? Is there a recommended approach to ensure that restrictions scheduled via DeviceActivitySchedule are applied and removed according to the times and days defined by the user, ensuring that applications are restricted only during the scheduled periods?

Hello fellow Screen Time developers! I have bee experimenting with the ActivityCategoryPolicy.all(except: allowList) API of the ManagedSettings framework in order to provide a digital detox feature to my app, where ALL apps would be blocked, except some important ones (phone, messages, maps). The apps to be exempted can be configured by the user via the FamilyActivitySelection(). However, I am experiencing a strange bug, where all apps are restricted / blocked, even the ones that are set to be exempted and are part of the allowList Set. Instead of not restricting allowed apps at all, these apps are restricted with a generic shield (screenshot below) – a concrete shield is not requested for them from my ShieldConfigurationDataSource. I have also filed a radar under this number, attached is a minimalistic sample project and video that shows how to reproduce this: FB15500605 (no response so far) I have also seen other people report on this issue, but couldn't find any useful information there: https://forums.developer.apple.com/forums/thread/750988 https://forums.developer.apple.com/forums/thread/762287 Thanks a lot for your help, and have a nice day!

Hello, I think it is quite a common use-case to open the parent app that owns the ShieldActionDelegate when the user selects an action in the Shield. There are only three options available that we can do in response to an action: ShieldActionResponse.none ShieldActionResponse.close ShieldActionResponse.defer It would be great if this new one would be added as well: ShieldActionResponse.openParentApp While finding a workaround for now, the problem is that the ShieldActionDelegate is not a normal app extension. That means, normal tricks do not work to open the parent app from here. For example, UIApplication.shared.open(url) does not work because we can’t access UIApplication from the ShieldActionDelegate unfortunately. NSExtensionContext is also not available in the ShieldActionDelegate unfortunately, so that’s also not possible. There are apps however, that managed to find a workaround, in my research I stumbled across these two: https://apps.apple.com/de/app/applocker-passcode-lock-apps/id1132845904?l=en-GB https://apps.apple.com/us/app/app-lock/id6448239603 Please find a screen recording (gif) attached. Their workaround is 100% what I’m looking for, so there MUST be a way to do so that is compliant with the App Store guidelines (after all, the apps are available on the App Store!). I had documented my feature request more than 2 years ago in this radar as well: FB10393561

Hello fellow Screen Time Fans! I am encountering a strange problem since I started working with the Screen Time framework, and I don’t know what I’m doing wrong: Imagine the app has two ManagedSettingsStores: one to block apps during work hours (let’s say from 9am to 5pm) and one to block apps in the evening (let’s say from 5:30pm till midnight). Imagine, the user has blocked Instagram in both. When the user has Instagram open at 4:59pm it shows the Block during Work Hours Shield (so far, so good). At 5pm, the shield is removed, and the user can use Instagram. Then, at 5:30 the a shield is activated again: this time, the Instagram token is added to the evening store. However, there is no new ShieldConfiguration requested from the ShieldConfigurationDataSource. Instead, the previous shield from the work hour block is re-used and shown. To me, it appears that the Framework does not request new shields, when the token is moved from one store to another while the app remains in foreground. The Shield is only re-rendered when the user closes the shielded app and re-opens it. This is really confusing behavior and I would like to fix it. Did anyone here encounter something similar, and has a suggestion or workaround? My feedback is also documented in FB14237883.

Hi everyone, I’m using Core Data in several extensions (DeviceActivityMonitor, ShieldAction, and ShieldConfiguration). It works perfectly in DeviceActivityMonitor and ShieldAction. I’m able to successfully fetch data and log the correct count using a fetch request. However, when I try the same setup in the ShieldConfiguration extension, the fetch request always returns 0 results. The CoreData and App Group setup appears to be correct since the first two extensions fetch the expected data. I’ve also previously tested storing the CoreData objects separately in a JSON-FIle using FileManager and it worked without issues—though I’d prefer not to handle manual encoding/decoding if possible. The documentation mentions that the extension runs in a sandbox, restricting network requests or moving sensitive content. But shouldn’t reading data (from a shared App Group, for instance) still be possible within the sandbox, as it is the case with the Files, what is the difference there? In my case, I only need to read the data, as modifications can be handled via ShieldActionExtension. Any help would be greatly appreciated!

Hello all, I recently shared a post to Reddit r/iCloud "Apple Alias Converted to Primary Apple Account" about an experience I had with changing my primary iCloud address to my alias after a name change. All the outlets have picked up on this story which may be misleading. I was under the impression this may be a bug, and now everyone's replicating this process without precaution. My question to the amazing Apple Developers and potentially Apple as well: Is the ability to change your Primary Apple Account to an Apple Alias (permanently) a known, previously discussed, upcoming feature? All Apple docs & support state otherwise. Really just seeking confirmation and I greatly appreciate expert input. Also happy to change Tags based on feedback (if possible). Thanks all! Caol

Family activity picker looses icon and incudes parent apps after 20 seconds...and you never see the kids icons again until you reboot. Any ideas? family controls authorized on both apps Share across devices activated Web & activity activated. Before... ...and after 22 seconds.

Can someone confirm this is supposed to be happening after all these years. I have noticed that now when I delete the messages from my Apple Watch (IOS11) they are now deleting from my phone (IOS18). I was glad I noticed and was able to recover them but I almost lost some impoRyan messages. I did do a test and confirm this is true. But the question is, is this supposed to be happening and if so is there a way to disable only this sync? I like to try and keep the messages icon on the watch clean since when I read the messag on my phone it does sync read on the watch and leaves the unread number on the icon.

Hi, I run a midsize business. Apple recommends for company owned devices and for other reasons to use Apple Business managed Apple IDs for the employees. After that, you have to use a MDM System for e.g. deploying apps and licenses. Testflight is an app that can be deployed too. But....Testflight can not more than to say "Hello" on a managed device. The use of Testflight and to test our developed apps is not possible with a managed ID. Can anyone explain to me this thinking or what is recommended than. Setting up a private Apple ID for that purpose...which on the other hand, Apple do not want or does not recommend.

Hi everyone, I'm working on a Swift application and trying to determine whether an application has exceeded its limit based on an ApplicationToken. I have the following function to check if the current app's token matches any of the tokens stored when the app limit is reached: private func isAppLimitExceeded(for application: Application?) -> Bool { guard let application = application, let appToken = application.token else { return false } let exceededTokens = configManager.getAppLimitExceededTokens() return exceededTokens.contains { exceededToken in appToken == exceededToken } } The function configManager.getAppLimitExceededTokens() returns a list of [ApplicationToken] that were saved in UserDefaults when an app limit is reached. The goal is to use the isAppLimitExceeded method to verify if the current shield for the app is triggered due to a limit/threshold being exceeded. This function is part of a class that conforms to the ShieldConfigurationDataSource protocol: class ShieldConfigurationExtension: ShieldConfigurationDataSource { // ... } My concern is whether comparing two ApplicationToken instances using == is a reliable method for determining if they are equal. Are ApplicationToken objects guaranteed to be comparable with == out of the box, or do I need to implement Equatable or another method of comparison? Could there be issues with tokens stored in UserDefaults not matching due to reference or serialization differences? Any guidance on how to ensure proper comparison of these tokens would be appreciated! Thanks!

I want to create an app to control a child's device. As I understand it, I need to follow this logic: I have one app for both the child and the parent. For the child, I request authorization with the following code: try await AuthorizationCenter.shared.requestAuthorization(for: .child) For the parent, I show functions like: familyActivityPicker Are these settings automatically applied to the child's device, or do I need to send a silent push notification to apply the new settings? Additionally, how can I get statistics from the child's device to the parent's device?

I've been working a lot with the FamilyControls API and App Shield recently but have encountered a problem with no documentation. I used the FamilyActivitySelection to select the app store to shield(This is just for testing), and then printed out the application token: 1wfY¸êB ò S« öi #×(É?âðw ù/jQ ¿ J ïE¢? ·¿ º<Òd?ý r7¥Ãn N átJ¹ÿ85B_{VAF fC8. ,,¸¯3 T7F ±õü; ¹?v@¯ô Ä \-õ# Ò I know the application token is a Codable object so I was wondering, How do I create an application token using the Token<Application> initializer init(from: any Decoder) throws Creates a new instance by decoding from the given decoder. Using the above data? Do I have to encode first in order to decode it? For reference, the code I tried to use is: newValue.applicationTokens.encode(to: JSONEncoder) if let encoded = try? JSONEncoder().encode(newValue.applicationTokens) { data = encoded print(String(data: data, encoding: .utf8)!) } if let app = try? JSONDecoder().decode(Token<Application>.self, from: data) { let token = Application(token: app) print(token) } else { print("didn't work") } But it prints didn't work every time. What should I do differently?

Hi everyone, I’m encountering an issue with shield.applicationCategories = .all(except: applications.applicationTokens) when trying to shield all apps except a specified few. Despite using this configuration, all apps are getting shielded, including those that should be exempt. I’ve verified that the correct applicationTokens are being used and ensured that there are no conflicting schedules that might override this configuration. Interestingly, the ShieldConfiguration appears for the apps that are supposed to be blocked, but not for the ones in the exception list. Has anyone else experienced this issue, or does anyone have insights into what might be causing this behavior? Thanks in advance!

Hi there, My app uses all the Screen Time API's with individual FamilyControls authorization. I've been using the API's for over 2 years (since they came out). In iOS 18 Beta (maybe started in Beta 3?), I've been experiencing random issues. I tracked it down to where it seems like DeviceActivityMonitor extension is more likely to deadlock in iOS 18. To reproduce: when DeviceActivityMonitorExtension.intervalDidEnd gets called, IF you call DeviceActivityCenter.startMonitoring for that SAME DeviceActivityName from the DeviceActivityMonitorExtension , the startMonitoring call deadlocks (if I pause debugger, it does not advance past DeviceActivityCenter.startMonitoring). The bug is reported in FB14664238. It also contains a sample project where you can reproduce this. I also note in the comment section that this is not the only way to encounter this problem. My application code (which is a lot more complicated) seems to deadlock on calling DeviceActivityCenter.activities. As a result, there seems to be an "overall trend" where, due to some changes, DeviceActivityMonitor extension is more likely to deadlock. The steps are not reproducible on iOS 17.6. This is built using Xcode 17.4. Thank you! 🙏

⬇️ ANYONE ON APPLE'S SCREEN TIME TEAM, PLEASE READ THIS ⬇️ Let's summarize the situation. 3rd-party apps with screen time access can be disabled by going to Settings > Screen Time > Apps with Screen Time Access. That's fine. Now, if I want to make it harder to remove my restrictions, I can ask a friend to enter a Screen Time Passcode for me. Great idea! The problem is my Screen Time Passcode isn't requested when disabling permissions for a third-party app. It's required for modifying any other Screen Time setting EXCEPT permissions for 3rd party apps. This is frustrating. The Screen Time passcode is a great feature. Making it compatible with permissions granted through the Family Controls framework is our NUMBER ONE REQUEST from tens of thousands of users. This feature has been requested for a long time (iOS 16, iOS 17, …): https://forums.developer.apple.com/forums/thread/714651 https://forums.developer.apple.com/forums/thread/727291 https://discussions.apple.com/thread/255421819 FB13548526
 If you're a developer working on Screen Time, share your feedback below or file one using Feedback Assistant. It is very disappointing to see it wasn't implemented for iOS 18. I can't believe this would require tremendous work from the Screen Time team to make it happen, but it would be a significant improvement for the Family Controls Framework and a ray of sunshine for all the developers who have worked really hard to deliver high-quality apps using the Screen Time API. Could an Apple engineer or a Screen Time team member give us any updates? Implementing this before the public release of iOS 18 would make A LOT of developers happy.

Some of our users encounter an issue after updating their iPhone/iPad to iOS 17.5.1. The tokens passed in the Shield Configuration extension don't match the tokens they selected in my app using the FamilyPicker before updating to iOS 17.5.1. It seems the tokens changed for no reason. My app can't match the token from the ShieldConfigurationDataSource to any tokens stored on my end, causing my shield screens to turn blank. The same applies to tokens in the Device Activity Report extension. The only workaround I've found is to tell affected users to unselect and reselect apps and websites to block in my app. This gets them new tokens from the FamilyActivityPicker, which solves the issue. However, for some users, the bug reoccurs a few days later. Tokens seem to change again, causing the same issue in the Shield Configuration extension. I am not able to reproduce the issue on my test devices so I have no sysdiagnose to attach. However, this issue is affecting other screen time apps: https://developer.apple.com/forums/thread/732845 https://forums.developer.apple.com/forums/thread/756440 FB14082790 FB14111223 A change in iOS 17.5.1 must have triggered this behaviour. Could an Apple engineer give us any updates on this?

I created a ShieldConfigurationExtension in Xcode 14.3 with File > New > Target > ShieldConfigurationExtension. This created the extension with all the necessary Info.plist values (correct NSExtensionPrincipalClass, etc.), with the extension included in embedded content in the host app target. No matter what I try, the extension is not getting invoked when I shield applications from my host app. The custom UI does not show as the shield, and looking at the debugger, an extension process is never invoked. I am shielding categories like this: let managedSettings = ManagedSettingsStore() ... managedSettings.shield.applicationCategories = .all() And my extension code overrides all the ShieldConfigurationDataSource functions. class ShieldConfigurationExtension: ShieldConfigurationDataSource { override func configuration(shielding application: Application) -> ShieldConfiguration { return ShieldConfiguration( backgroundBlurStyle: UIBlurEffect.Style.systemThickMaterial, backgroundColor: UIColor.white, icon: UIImage(systemName: "stopwatch"), title: ShieldConfiguration.Label(text: "You are in a Present Session", color: .yellow) ) } override func configuration(shielding application: Application, in category: ActivityCategory) -> ShieldConfiguration { return ShieldConfiguration( backgroundBlurStyle: UIBlurEffect.Style.systemThickMaterial, backgroundColor: UIColor.white, icon: UIImage(systemName: "stopwatch"), title: ShieldConfiguration.Label(text: "You are in a Present Session", color: .yellow) ) } override func configuration(shielding webDomain: WebDomain) -> ShieldConfiguration { return ShieldConfiguration( backgroundBlurStyle: UIBlurEffect.Style.systemThickMaterial, backgroundColor: UIColor.white, icon: UIImage(systemName: "stopwatch"), title: ShieldConfiguration.Label(text: "You are in a Present Session", color: .yellow) ) } override func configuration(shielding webDomain: WebDomain, in category: ActivityCategory) -> ShieldConfiguration { return ShieldConfiguration( backgroundBlurStyle: UIBlurEffect.Style.systemThickMaterial, backgroundColor: UIColor.white, icon: UIImage(systemName: "stopwatch"), title: ShieldConfiguration.Label(text: "You are in a Present Session", color: .yellow) ) } } What am I missing?