I'm seeking help troubleshooting a persistent com.apple.IdentityLookup.error.messagefilter Code=3 error when my Message Filter Extension tries to defer to network. I’ve exhausted Apple documentation and forum posts, and Apple Support has asked me to escalate this via the forums to reach engineering. ✅ My Setup: Xcode: 16.2 macOS: Sequoia 15.3.1 (Apple Silicon Mac mini) Device: iPhone 14 Pro iOS: 18.3.2 (Developer Mode enabled) Tested via: TestFlight install on real device 📦 App Structure: Main App Target (minimal "hello world" logic) Message Filter Extension Target Messages Extension Target Message Reporting Extension Target Notifications Extension Target ✅ Capabilities & Configurations Main App Capabilities: App Groups: group.com.example.shared Network Extensions: Content Filter Associated Domains: messagefilter:my-api.example.com applinks:my-api.example.com Message Filter Capabilities: App Groups: same as main app Network Extensions: Content Filter Associated Domains: same as above 📄 Info.plist Config Main App Info.plist: NSAppTransportSecurity with: NSAllowsArbitraryLoads = YES Exception domain my-api.example.com with: NSIncludesSubdomains = YES NSTemporaryExceptionAllowsInsecureHTTPLoads = YES NSTemporaryExceptionMinimumTLSVersion = TLSv1.2 MessageFilter Info.plist: Same ATS settings as above NSExtension block: <key>NSExtension</key> <dict> <key>NSExtensionAttributes</key> <dict> <key>ILMessageFilterExtensionNetworkURL</key> <string>https://my-api.example.com/api/sms-filter</string> <key>ILClassificationExtensionSMSReportDestination</key> <string>+10000000000</string> </dict> <key>NSExtensionPointIdentifier</key> <string>com.apple.identitylookup.message-filter</string> <key>NSExtensionPrincipalClass</key> <string>$(PRODUCT_MODULE_NAME).MessageFilterExtension</string> </dict> 📜 Entitlements Main App Entitlements <key>com.apple.developer.associated-domains</key> <array> <string>messagefilter:my-api.example.com</string> <string>applinks:my-api.example.com</string> </array> <key>com.apple.developer.networking.networkextension</key> <array> <string>content-filter-provider</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.com.example.shared</string> </array> Message Filter Extension Entitlements Identical to main app’s, scoped to the extension. 📄 AASA File (Hosted on https://my-api.example.com/.well-known/apple-app-site-association) Serves as application/json, returns 200 OK, and is reachable on device via Safari. Logs confirm AASA is downloaded and installed successfully during TestFlight install. { "applinks": { "apps": [], "details": [ { "appID": "TEAMID.com.example.app", "paths": ["*"] }, { "appID": "TEAMID.com.example.app.MessageFilter", "paths": ["*"] } ] }, "messagefilter": { "apps": [], "details": [ { "appID": "TEAMID.com.example.app", "filterType": "URL", "domains": ["my-api.example.com"] }, { "appID": "TEAMID.com.example.app.MessageFilter", "filterType": "URL", "domains": ["my-api.example.com"] } ] }, "classificationreport": { "apps": [], "details": [ { "appID": "TEAMID.com.example.app", "domains": ["my-api.example.com"] }, { "appID": "TEAMID.com.example.MessageReporting", "domains": ["my-api.example.com"] } ] } } ❌ The Problem When the extension launches and receives an SMS to classify, logs show: deferQueryRequestToNetwork failed: The operation couldn’t be completed. (com.apple.IdentityLookup.error.messagefilter error 3.) The extension loads, network URL is available, the AASA is installed, and yet the extension is not allowed to defer to network. This occurs every time. 🧪 Other Notes Tried rebuilding everything from scratch Archiving to TestFlight, not running via Xcode Clean entitlements verified using codesign -d --entitlements :- Console logs show no issues with AASA download or validation Any help or insights from Apple engineering or others in the community who have successfully deployed a working Message Filter Extension would be hugely appreciated. Thanks in advance 🙏

We are developing a parental control application in SwiftUI with features like app blocking and screen time management. We are using the Family Control API along with Apple Family Sharing, allowing parents to add multiple children to the family group. We have followed the apple documentation still we are facing following issues: App Blocking Issue: The family picker does not display each child's name separately or their apps individually. Instead, it shows all children's apps together, making it difficult to block apps for a specific child. Screen Time Data Issue: We receive the total screen time usage for all children combined rather than separate screen time data for each child. Syncing Delay: When a new child is added to the Family Sharing group, we are unsure how long it takes for their apps to sync and appear on the parent’s device.

We put the apple-app-site-association file at https://ourdomain.com.tr/.well-known/apple-app-site-association. When we send a request to url, we get 200 response code every time and we can see the file. But sometimes when we try to access https://app-site-association.cdn-apple.com/a/v1/ourdomain.com.tr url with browser or CMD tool, we are facing with 404 response code. There isn't any ip adress filter in our systems and we tried using vpn for sending same request from different locations(america and europe) but nothing changed. In addition, can anyone provide the ip list of apple cdn servers to check the F5 Load balancer WAF logs? CMD output: C:\Users\Name>curl -Lv https://app-site-association.cdn-apple.com/a/v1/ourdomain.com.tr Host app-site-association.cdn-apple.com:443 was resolved. IPv6: (none) IPv4: 17.253.122.197, 17.253.15.210, 17.253.122.196, 17.253.107.201, 17.253.57.203, 17.253.15.198, 17.253.57.200 Trying 17.253.122.197:443... Connected to app-site-association.cdn-apple.com (17.253.122.197) port 443 schannel: disabled automatic use of client certificate ALPN: curl offers http/1.1 ALPN: server accepted http/1.1 using HTTP/1.x GET /a/v1/ourdomain.com HTTP/1.1 Host: app-site-association.cdn-apple.com User-Agent: curl/8.9.1 Accept: / Request completely sent off schannel: remote party requests renegotiation schannel: renegotiating SSL/TLS connection schannel: SSL/TLS connection renegotiated < HTTP/1.1 404 Not Found < Apple-Failure-Details: {"cause":"context deadline exceeded (Client.Timeout exceeded while awaiting headers)"} < Apple-Failure-Reason: SWCERR00301 Timeout < Apple-From: https://ourdomain.com.tr/.well-known/apple-app-site-association < Apple-Try-Direct: true < Cache-Control: max-age=3600,public < Content-Length: 10 < Content-Type: text/plain; charset=utf-8 < Date: Mon, 14 Apr 2025 12:52:04 GMT < Expires: Mon, 14 Apr 2025 12:52:14 GMT < Age: 1770 < Via: http/1.1 uklon5-vp-vst-004.ts.apple.com (acdn/268.14469), https/1.1 uklon5-vp-vfe-002.ts.apple.com (acdn/268.14469), http/1.1 frmrs1-edge-mx-008.ts.apple.com (acdn/268.14469), http/1.1 frmrs1-edge-fx-005.ts.apple.com (acdn/268.14469) < X-Cache: hit-fresh, hit-stale, hit-fresh, hit-fresh < CDNUUID: 9e72cf99-1503-4644-9ea3-173328a25c94-31496306226 < Connection: keep-alive < Not Found Connection #0 to host app-site-association.cdn-apple.com left intact

Issue with Universal Links and App Extension (ShieldAction Handler) I'm currently working on a POC app using the FamilyControls framework and facing an issue when trying to open a Universal Link from an app extension, specifically from a ShieldAction handler. When I try to open a Universal Link, I encounter the following error: Failed to open URL https://sixteen-server-c008110f8759.herokuapp.com/.well-known/apple-app-site-association: Error Domain=FBSOpenApplicationServiceErrorDomain Code=1 "The request to open 'com.apple.mobilesafari' failed." UserInfo={BSErrorCodeDescription=RequestDenied, NSUnderlyingError=0x14f2d90b0 {Error Domain=FBSOpenApplicationErrorDomain Code=3 "Application com.sixteen.life is neither visible nor entitled, so may not perform un-trusted user actions." UserInfo={BSErrorCodeDescription=Security, NSLocalizedFailureReason=Application com.sixteen.life is neither visible nor entitled, so may not perform un-trusted user actions.}} Context: I’m using a ShieldAction handler as part of an App Extension to trigger the action (e.g., "Break in Shield") in my app. The app extension (ShieldAction handler) is responsible for trying to open the Universal Link. I’m encountering the error because the app is not visible or entitled to perform this action, which seems to be related to security restrictions when using App Extensions. Questions: App Extension and Universal Link Interaction: Is it possible for an App Extension (like ShieldAction handler) to open a Universal Link or trigger an external app, such as Safari, even though it is not the foreground app? Entitlements for App Extensions: Are there any specific entitlements or permissions required to allow an app extension (ShieldAction handler) to open Universal Links or perform actions like opening Safari from the background? App Visibility and State: How can I ensure that my app is in the right state (visible/active) and has the necessary entitlements to trigger these actions when running in the context of an app extension? Workaround: If this behavior is restricted due to app extension limitations, what would be the recommended workaround to handle launching external apps (like Safari) or Universal Links from within an app extension?

I have tried multiple time through multiple channels and you have yet to respond to my request. I am developing an App on xcode APP Bundle ID: garymdmd.MediaPace Apple ID: 6740823496 Apple has granted me distribution use of the Family Control/Screentime module for my main app. According to your engineer's post here: https://developer.apple.com/forums/thread/764919 That permission should be extended to your extensions that are part of the app. When you try to setup the extension identifiers they do not show the "added capabilities" column that sow sup when getting permission for the main app so you are not able to endow the extension with these permissions which seem to be needed to work with the app. I am trying to add these bundle identifier extensions: garymdmd.MediaPace.ScreenTimeMonitorDuo garymdmd.MediaPace.DeviceActivityReport Can you please tell me how to get this to work or to add permissions to these extensions. I have sent in the request form multiple times (here - https://developer.apple.com/contact/request/family-controls-distribution) and Apple simply writes back that I have permission after a few weeks but nothing changes for the extension capabilities.

In my app, I implemented a screen recording functionality. But there was an unexpected crash. 0 CoreFoundation _CFRelease.cold.1 + 16 1 CoreFoundation ___CFTypeCollectionRelease 2 ReplayKit ___56-[RPScreenRecorder captureHandlerWithSample:timingData:]_block_invoke + 148 3 libdispatch.dylib __dispatch_call_block_and_release + 32 4 libdispatch.dylib __dispatch_client_callout + 16 5 libdispatch.dylib __dispatch_lane_serial_drain + 740 6 libdispatch.dylib __dispatch_lane_invoke + 388 7 libdispatch.dylib __dispatch_root_queue_drain_deferred_wlh + 292 8 libdispatch.dylib __dispatch_workloop_worker_thread + 540 9 libsystem_pthread.dylib __pthread_wqthread + 292

Hi, We've noticed that this issue occurs more frequently after upgrading to iOS 18.4.1 and can result in one-way audio. Our app uses CallKit with WebRTC to establish VoIP connections. However, on iOS 18.4.1, CallKit no longer triggers: func provider(_ provider: CXProvider, didActivate audioSession: AVAudioSession) We're currently comparing the occurrence rate across different iOS versions to better understand the impact. Could you please help analyze the root cause of this issue?

Hi Team, We are currently working on phone number lookup functionality for iOS 18 and have a few queries: When the extension sends a request to our backend server using the PIR encryption process, is the user's phone number visible to our server?

I’m hitting a WeatherKit JWT failure (WDSJWTAuthenticatorServiceListener Code = 2) at runtime even though the entitlement is present in both the signed binary and the embedded provisioning profile. Environment Team ID 5SZLQLQ9MD Bundle ID ParkProfessor.ParkProfessorDisneyland Device / OS iPhone 15 Pro · iOS 17.4.1 (hardware, not simulator) Xcode 15.3 (15E204a) Console output Failed to generate jwt token for: com.apple.weatherkit.authservice Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" Entitlement & profile snippets codesign -d --entitlements :- WeatherKitTest.app | grep -A2 weatherkit com.apple.developer.weatherkit security cms -D -i embedded.mobileprovision | grep -A2 weatherkit com.apple.developer.weatherkit What I’ve already tried Regenerated a new development certificate and a new iOS App Development provisioning profile with WeatherKit enabled. Confirmed the capability is selected in Certificates ▸ Identifiers ▸ Profiles and added in Xcode target settings. WeatherKit Terms of Service accepted in the portal. Deleted the app, removed any device management profiles, rebooted the phone, clean-built & ran again. Reproduced the issue in a minimal SwiftUI app that calls: WeatherService.shared.weather(for: CLLocation(latitude: 33.8121, longitude: -117.9190), including: .current) – same Code 2 error. Request It looks like the App ID may need a backend entitlement sync. Could someone from the WeatherKit team please check the status for Team 5SZLQLQ9MD, Bundle ID ParkProfessor.ParkProfessorDisneyland and enable WeatherKit token generation? Thanks!

Hi all, I'm trying to add Spotlight support to a macOS app that handles custom virtual machine bundles with the .vpvm extension. I’ve followed the current documentation and used the modern CSImportExtension approach with a Spotlight Importer extension target. Here’s what I’ve done: App Info.plist: Declared com.makeprog.vpvm as a UTI conforming to com.apple.package. Registered it under UTExportedTypeDeclarations and CFBundleDocumentTypes. Spotlight Importer Extension: Added a new macOS target using the Spotlight Import Extension template. Set the NSExtensionPointIdentifier to com.apple.spotlight.import. Used CSSupportedContentTypes = com.makeprog.vpvm. Implemented a minimal update(_ attributes:forFileAt:) method that sets displayName, title, and contentDescription. Other steps: Verified that the .appex is embedded under Contents/PlugIns/. Confirmed it appears in mdimport -e output with correct UTI. Used mdimport -m -d2 -t /path/to/file.vpvm, but I still get: Imported '/path/to/file.vpvm' of type 'com.makeprog.vpvm' with no plugIn. The extension is never invoked. I’ve also tried: Ensuring the .vpvm file is a valid directory bundle. Restarting Spotlight / rebuilding index. Ensuring the app and extension are properly signed. Tried installing the app in test virtual machine Question: Has anyone successfully used CSImportExtension for custom UTIs? Is there something additional I need to do for the extension to be recognized and triggered? Any advice or examples would be greatly appreciated! Thanks in advance.

Noticing a few issues with Screen Savers in macOS Tahoe developer beta 1 : The command open x-apple.systempreferences:com.apple.ScreenSaver-Settings.extension no longer works to open the Screen Savers preference pane. The reason? There is no longer a Screen Saver preference pane - it still exists, but it's now a Modal dialog (that can not be resized) that is opened from within the Wallpaper preference pane, by clicking a button. Something funny is happening with legacyScreensaver - I think that ScreenSaverView.Init(frame:isPreview) may be passing wrong values, e.g. the isPreview boolean is false in Preview mode? I've submitted Feedback # FB17895600 about some of these, and will report back more as I figure things out. Please feel free to add to this thread, thanks!

Hello! I am a relatively new Apple developer and am almost done with my first app. I am implementing the Screen Time API to my app because the app is designed to help the user digitally detox and I am trying to make it so the user can select which apps they would like to monitor from a list of their apps on their phone so I am using the family activity picker but I just can't extract the data needed to track the apps. I am wondering how to do this. Thank you!

Hello, How do apps like App Lock implement app-opening from a shield? Is this supported for 3rd-party apps or limited to partners? https://apps.apple.com/us/app/app-lock/id6448239603

My app already has UI that allows the user to show/hide a menubar icon. If the user disallows my app's icon via System Settings > Menu Bar > Allow in the menu bar, I'd like to customize my own UI to reflect that. Does macOS provide a way for me to determine the "Allow in the menu bar" state for my application?

I've made working Spotlight Import Extension with in macOS 15.5 (24F74). mdimport confirm it's installed, and working. The problem is related to accessing data inside document bundles (package directory) class ImportExtension: CSImportExtension { override func update(_ attributes: CSSearchableItemAttributeSet, forFileAt url: URL) throws { // ERROR: The file "QuickSort.notepad" couldn't be opened because you don't have permission to view it. let fileWrapper = try FileWrapper(url: url) } } forFileAt url points to a bundle. In order to read the metadata the extension needs to load the bundle from url and access its content, however in the sandbox environment,t the url allows only access to the bundle directory itself in particular NSFileWrapper(url: url) fails with error "The file "name.extension" couldn't be opened because you don't have permission to view it.", and effectively prevent from providing useful metadata. Is there a way to access the Document Bundle content in order to read the metadata for Spotlight?

How to programmatically check if ApplicationToken or ActivityCategoryToken is expired in FamilyActivityPicker? I'm building a Screen Time-based parental control app using FamilyControls and ManagedSettings. We use FamilyActivityPicker to allow the user to select apps and categories to restrict, and we apply the shield using: store.shield.applications = .specific(selection.applicationTokens) store.shield.applicationCategories = .specific(selection.categoryTokens) Sometimes, we observe that the shield silently fails to apply — no error is thrown, but the restrictions aren't enforced. I suspect this may be due to expired or invalid tokens, possibly if the app was removed or the selection became stale. My Questions: Can ApplicationToken or ActivityCategoryToken expire or become invalid over time? If yes, is there a supported or recommended way to detect whether a token is still valid before applying it to the shield? Is comparing the current shield values (store.shield.applications and store.shield.applicationCategories) after applying them a reliable validation method? What's the best practice to handle expired tokens (e.g. re-prompt the FamilyActivityPicker, or show a fallback)? What Is the Expiration Duration of Tokens from FamilyActivityPicker? Any guidance or insight from the Screen Time/FamilyControls team would be greatly appreciated! Thank you!

Hi All, I’m puzzled by this issue: my app uses WeatherKit to fetch hourly UV-index and temperature forecasts. The same build, running on the latest iOS, succeeds on most devices but consistently fails on a few. Strangely, the paired Apple Watch version retrieves the data without problems. Could WeatherKit be applying per-user throttling? Any insight would be greatly appreciated.

Could someone please explain how to use a custom sound when setting up an alarm using AlarmKit? It keeps playing a default sound. Also, I keep having an issue where the alarm sound plays but doesn’t show the alarm interface buttons unless the screen is locked.

I have a SwiftUI document-based app that for the sake of this discussion stores accounting information: chart of accounts, transactions, etc. Each document is backed by a SwiftData DB. I'd like to incorporate search into the app so that users can find transactions matching certain criteria, so I went to Core Spotlight. Indexing & search within the app seem to work well. The issue is that Spotlight APIs appear to be App based & not Document based. I can't find a way to separate Spotlight data by document. I've tried having each document maintain a UUID as a document-specific identifier and include the identifier in every CSSearchableItem. When performing a query I filter the results with CSUserQueryContext.filterQueries that filter by the document identifier. That works to limit results to the specific file for search operations. Index updates via CSSearchableIndexDelegate.reindex* methods seem to be App-centric. A user may have file #1 open, but the delegate is being asked to update CSSearchableItems for IDs in other files. Is there a proper way to use Spotlight for in-app search with a document-based app? Is there a way to keep Spotlight-indexed data local within the app & not make it available across the system? I.e. I'd like to search within the app only. System-level searches should not surface this data.

All of my apps stopped working with WeatherKit this morning. They all return an "Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2" error. I am certain that the WeatherKit capability added (in project) and enabled as a Capability & App Service (on developer portal for the identifier). All other iCloud features of my apps are working as expected. I have also done all the normal troubleshooting using codesign / security cms, etc. to verify entitlements. I created the following simple project to verify the integration. import WeatherKit import CoreLocation struct ContentView: View { @State private var temp: Measurement<UnitTemperature>? = nil var body: some View { VStack { if let t = temp { Text("\(t.value.rounded())°\(t.unit.symbol)") } else { Text("Fetching…") .task { let service = WeatherService() do { let location = CLLocation(latitude: 50.318668, longitude: -114.917710) let weather = try await service.weather(for: location, including: .current) temp = weather.temperature } catch { print("Error:", error) } } } } } } Any ideas what may be happening?