I'm trying to enable Autonomous Single App Mode (ASAM) for my own app on a supervised iPhone, but UIAccessibility.requestGuidedAccessSession(enabled:) always returns false, even though the com.apple.asam profile installs without error.
Environment
- Device: iPhone 16 (iPhone18,5), iOS 26.5.1
- Supervised: yes (verified via DeviceInformation query → IsSupervised = true)
- MDM: self-hosted NanoMDM. Other payloads (com.apple.webcontent-filter, com.apple.applicationaccess) install and work correctly.
- App: development-signed, Bundle ID net.self-control-mdm.SessionLock, Team ID 9VH4G6KS29
Profile I'm sending (matches the AutonomousSingleAppMode documentation exactly):
<dict> <key>PayloadType</key> <string>com.apple.asam</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>net.self-control-mdm.asam.payload</string> <key>PayloadUUID</key> <string>...</string> <key>AllowedApplications</key> <array> <dict> <key>BundleIdentifier</key> <string>net.self-control-mdm.SessionLock</string> <key>TeamIdentifier</key> <string>9VH4G6KS29</string> </dict> </array> </dict>
What happens
- InstallProfile is Acknowledged with no ErrorChain.
- A ProfileList query shows the profile IS installed, but its payload type is reported as com.apple.unknown (display name is preserved).
- In Settings → General → VPN & Device Management, the profile shows the payload as "Unknown Payload".
- In the app, requestGuidedAccessSession(enabled: true) completion returns success = false.
- Rebooting the device does not change anything.
Questions
- Is the legacy com.apple.asam profile payload still honored on iOS 26, or has ASAM authorization moved to Declarative Device Management? If DDM is now required, which declaration/configuration should I use to allow-list an app for ASAM?
- Does com.apple.unknown in the ProfileList response indicate the payload was genuinely not recognized, or is that expected for this payload type?
- Are there additional requirements on iOS 26 (e.g., the app must be an MDM-managed app, or a non-development signature) for requestGuidedAccessSession to succeed?
Thanks in advance.