Hello, A quick background: I am developing an App that receives a data stream from a device through its Wi-Fi network. The device itself is not connected to the internet, so the app won't be either. Now, I am adding a new feature to the App that would require internet connection during the data stream. Consequently, my users would need to use their cellular data. On later versions of iPhone, the phone would occasionally detect the lack of internet connection and asks the user via a pop-up if they want to use their cellular data. However, this behavior is not consistent. So my question is- can we programmatically invoke this pop-up so the user can connect to the internet? Or even better- can we program the App to use cellular data while still being connected to a Wi-Fi network? Note: I have seen mixed answers on the internet whether this is doable or not, and I know that users are able do it themselves by manually configuring their IP in their WiFi settings page, but I doubt this operation can be done through the App for security reasons. Thanks!

I am learning how to use DNS-SD from swift and have created a basic CLI app, however I am not getting callback results. I can get results from cli. Something I am doing wrong here? dns-sd -G v6 adet.local 10:06:08.423 Add 40000002 22 adet.local. FE80:0000... dns-sd -B _adt._udp. 11:19:10.696 Add 2 22 local. _adt._udp. adet import Foundation import dnssd var reference: DNSServiceRef? func dnsServiceGetAddrInfoReply(ref: DNSServiceRef?, flags: DNSServiceFlags, interfaceIndex: UInt32, errorCode: DNSServiceErrorType, hostname: UnsafePointer<CChar>?, address: UnsafePointer<sockaddr>?, ttl: UInt32, context: UnsafeMutableRawPointer?) { print("GetAddr'd") print(hostname.debugDescription.utf8CString) print(address.debugDescription.utf8CString) } var error = DNSServiceGetAddrInfo(&reference, 0, 0, DNSServiceProtocol(kDNSServiceProtocol_IPv6), "adet.local", dnsServiceGetAddrInfoReply, nil) print("GetAddr: \(error)") func dnsServiceBrowseReply(ref: DNSServiceRef?, flags: DNSServiceFlags, interfaceIndex: UInt32, errorCode: DNSServiceErrorType, serviceName: UnsafePointer<CChar>?, regType: UnsafePointer<CChar>?, replyDomain: UnsafePointer<CChar>?, context: UnsafeMutableRawPointer?) { print("Browsed") print(serviceName.debugDescription.utf8CString) print(replyDomain.debugDescription.utf8CString) } error = DNSServiceBrowse(&reference, 0, 0, "_adt._udp", nil, dnsServiceBrowseReply, nil) print("Browse: \(error)") Foundation.RunLoop.main.run() Info.plist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NSLocalNetworkUsageDescription</key> <string>By the Hammer of Grabthor</string> <key>NSBonjourServices</key> <array> <string>_adt._udp.</string> <string>_http._tcp.</string> <string>_http._tcp</string> <string>_adt._udp</string> </array> </dict> </plist>

Hello, I'm trying to get a list of all network devices (device audit for DLP system). CFMutableDictionaryRef matchingDictionary = IOServiceMatching(kIONetworkControllerClass); if (matchingDictionary == nullptr) { std::cerr << "IOServiceMatching() returned empty matching dictionary" << std::endl; return 1; } io_iterator_t iter; if (kern_return_t kr = IOServiceGetMatchingServices(kIOMasterPortDefault, matchingDictionary, &iter); kr != KERN_SUCCESS) { std::cerr << "IOServiceGetMatchingServices() failed" << std::endl; return 1; } io_service_t networkController; while ((networkController = IOIteratorNext(iter)) != IO_OBJECT_NULL) { std::cout << "network device: "; if (CFDataRef cfIOMACAddress = (CFDataRef) IORegistryEntryCreateCFProperty(networkController, CFSTR(kIOMACAddress), kCFAllocatorDefault, kNilOptions); cfIOMACAddress != nullptr) { std::vector<uint8_t> data(CFDataGetLength(cfIOMACAddress)); CFDataGetBytes(cfIOMACAddress, CFRangeMake(0, data.size()), data.data()); std::cout << std::hex << std::setfill('0') << std::setw(2) << (short)data[0] << ":" << std::hex << std::setfill('0') << std::setw(2) << (short) data[1] << ":" << std::hex << std::setfill('0') << std::setw(2) << (short) data[2] << ":" << std::hex << std::setfill('0') << std::setw(2) << (short) data[3] << ":" << std::hex << std::setfill('0') << std::setw(2) << (short) data[4] << ":" << std::hex << std::setfill('0') << std::setw(2) << (short) data[5]; CFRelease(cfIOMACAddress); } std::cout << std::endl; IOObjectRelease(networkController); } IOObjectRelease(iter); The Wi-Fi controller shows up in I/O Registry Explorer, but IOServiceGetMatchingServices() does not return any information about it. Any way to retrieve Wi-Fi controller info in daemon code? Thank you in advance!

Hello, I am in a very similar situation as described in the thread: https://developer.apple.com/forums/thread/655183 Context: I am working on an app that receives data from a hardware device through its Wifi network, and the hardware is not connected to the internet. Now, I would need to call some API while still connected to hardware so I would need to use the cellular data. As mentioned on the thread, I can achieve this via Network framework, using the requiredInterfaceType property. But Is there any other way I can achieve this? I can also do some suggestion on the hardware if that's helpful. Thank you!

Hi, I’m trying out my app with Xcode 26, running on an iOS 26 simulator. I'm having issues with URLSessions, it crashes when I set the URLSessionConfiguration to default, and if I don’t use the URLSessionConfiguration, it crashes if I use URLSession.shared. When running in a real device, it doesn't crash, but any network request will hang and time out after a while. Is it a known issue in the latest beta versions?

CarPlay woes. I think it's unacceptable that it silently kills an ongoing WiFi connection that has been established using ASAccessoryKit and NEHotspotHelper which is in active use. This is responsible for angry clients because their processes break a lot when they are in reach of the connected car. (And yes, they have to be in the reach of the car, because it is a diagnostic/maintenance app for cars…) Do I really need to ask my clients to unpair from CarPlay before using our app or is there another way?

Did iOS 18.4 ( and 18.5) with iPhone 14 or 15 introduce new network connectivity or battery optimization policies that would break Local Push Connectivity? (suspend PushProvider in a new way that prevents it from listening and reponding to incoming messages from private network server)? We have a private app using local push connectivity for real time local alerts on a local private network & server. The current application version works on prev devices including iPhone 12, iOS 14-18.1 that we know of. A new(er) installation with iPhone 14s & 15s on iOS 18.4 is having new connectivity problems that seem to occur along with sleep. Previously NEAppPushProvider could listen and reply to incoming messages from server for local notifications, incoming sip invites, and connection health messages. We'll be performing addtional testing to narrow the issue in the meantime, but it would be VERY helpful to have clarification regarding any iOS minor patches since 18.1 that are now breaking existing Local Push Connectivity applications. If so what are the recommendations or remedies. Are known issues with Network Extensions patched in 18.5? Are existing applications expected to redesign their networking solutions for 18.3 & 18.4? Did iOS18 versions later than 18.1 begin requiring new entitlements or exceptions for private apps in app store?

Here's what the documentation says https://developer.apple.com/documentation/networkextension/maintaining-a-reliable-network-connection Confirm that your NEAppPushProvider implementation doesn’t create a retain cycle with itself. After you call the completionHandler that the system passes to stop(with:completionHandler:), the Network Extension framework releases your NEAppPushProvider instance. This instance typically deallocates from memory when released, but if the instance has a retain cycle with itself, it fails to deallocate and wastes memory. Failure to deallocate can also cause the system to have two or more instances of your push provider, leading to inconsistent behavior. Use Instruments or add a logging statement to deinit to verify that your NEAppPushProvider deinitializes when expected. I observe that when I turn off the wifi, the AppPushProvider subclass fully deinitializes. But when I call removeFromPreferences on the NEAppPushManager from the app, it calls stop() on my AppPushProvider subclass, but it does not initialize. Should I be alarmed by this behavior? Will this cause a memory leak? Will this cause multiple Extension/AppPushProviders to be operating concurrently? For testing, I've removed everything except for logs and some singleton calls. No closures capturing self, and no strong references of self being passed anywhere. I am also not using the debugger, and am using the console to debug.

I've just watched Scott Herschel's WWDC 25 session "Use structured concurrency with Network framework" and I am more than overjoyed to see said framework offer these new features. However, the documentation has not yet been updated (or it's not where I expect to find it) .. Is there more that I can read about the enhancements to the framework? One specific question is whether the structured concurrency portion of the framework's enhancement is backward compatible to before "26"?

Hi, I run a PacketTunnelProvider embedded within a system extension. We have been having success using this; however we have problems with accessing certificates/private keys manually imported in the file-based keychain. As per this, we are explicitly targeting the file-based keychain. However when attempting to access the certificate and private key we get the following error: System error using certificate key from keychain: Error Domain=NSOSStatusErrorDomain Code=-25308 "CSSM Exception: -2147415840 CSSMERR_CSP_NO_USER_INTERACTION" (errKCInteractionNotAllowed / errSecInteractionNotAllowed: / Interaction is not allowed As per the online documentation, I would expect to be prompted for the access to the application: When an app attempts to access a keychain item for a particular purpose—like using a private key to sign a document—the system looks for an entry in the item’s ACL containing the operation. If there’s no entry that lists the operation, then the system denies access and it’s up to the calling app to try something else or to notify the user. If there is an entry that lists the operation, the system checks whether the calling app is among the entry’s trusted apps. If so, the system grants access. Otherwise, the system prompts the user for confirmation. The user may choose to Deny, Allow, or Always Allow the access. In the latter case, the system adds the app to the list of trusted apps for that entry, enabling the app to gain access in the future without prompting the user again But I do not see that prompt, and I only see the permission denied error in my program. I can work around this one of two ways Change the access control of the keychain item to Allow all applications to access this item. This is not preferable, as it essentially disables any ACLs for this item. Embed the certificate in a configuration profile that is pushed down to the device via MDM or something similar. This works at a larger scale, but if I'm trying to manually test out a certificate, I don't always want to have to set this up. Is there another way that I go about adding my application to the ACL of the keychain item? Thanks!

I've had no problem running my app in a simulator or on a device, but today my app is failing on a URLRequest to my local machine (in a sim). From the same simulator I can go to Safari and manually enter the URL that the app is using (and that appears in the error message), and it works fine. I think there was a recent Xcode update; did something change in this regard?

On "Accessory Interface Specification CarPlay Addendum R10", it says that it is recommended that the accessory uses a MIMO (2x2) hardware configuration, does this imply that WiFi 5 and SISO (1X1) will be phased out in the near future? When will WiFi 6 MIMO (2x2) become mandatory? On "Accessory Interface Specification CarPlay Addendum R10", it says that Spatial Audio is mandatory. However, for aftermarket in-vehicle infotainment (IVI) system due to the number of speakers are less than 6, is it allowed not to support spatial audio for this type of aftermarket IVI system?

While trying to use Bonjour, i am encountering an issue. I was following the setup of Bonjour as described here: (https://developer.apple.com/forums/thread/735862) the response is this : nw_browser_fail_on_dns_error_locked [B2] nw_browser_dns_service_browse_callback failed: PolicyDenied(-65570) browser did change state, new: waiting(-65570: PolicyDenied) i tried modifying the info.plist to include NSLocalNetworkUsageDescription and NSBonjourServices but still getting the same a workout or solution is much appreciated !

Hi all. I'm exploring the new URL Filter framework that supports filtering URLs in encrypted HTTPS traffic. I'm particularly interested in understanding how we can leverage this in System Extensions on macOS. Can URL Filter be implemented within a macOS System Extension? The documentation seems to focus primarily on iOS implementations. I've attempted to evaluate the "Filtering traffic by URL" sample code by running PIRService on localhost (tried both macOS native binary, and Linux container) and SimpleURLFilter on the iOS simulator (26.0 23A5260l). However, the app fails to apply the configuration with NetworkExtension.NEURLFilterManager.Error 8, and PIRService doesn't receive any requests. Is this functionality supported in the simulator environment? Does Keyword Private Information Retrieval support pattern matching or wildcards? For example, would it be possible to create rules that block URLs like "object-storage.example[.]org/malicious-user/*"? Regarding enterprise use cases: While I understand URL filtering uses Private Information Retrieval to enhance user privacy, enterprise security teams often need visibility into network traffic for security monitoring and incident response. Are there supported approaches for enterprises to monitor HTTPS URLs? Any insights or clarification would be greatly appreciated. Shay

I pushed a configuration to my iPhone through MDM to run the content filter. However, when I modify the configuration by adding some vendor-configuration , I lose connection to the debugger and can no longer see logs or the updated configuration in Xcode. I have to build the app again. Could this be an issue with Xcode, or is it related to MDM or the configuration itself?

Hi everyone, I’m working on an iOS project where an iPhone needs to connect to external scanners (dedicated hardware devices) over Wi-Fi. The goal is to: Discover available Wi-Fi networks from the scanner devices (broadcasting their own networks). Allow the user to seamlessly connect to the chosen scanner network. Network Discovery: Is there a way to programmatically list available Wi-Fi networks (SSIDs) on iOS without private APIs? If not, are there workarounds (e.g., Bonjour/mDNS)? Seamless Connection: As I see, we can use NEHotspotConfigurationManager to connect to and disconnect from specified networks and there will always be a system alert asking about do we really want to join this network Hardware/Firmware/Software Alternatives: If iOS restrictions prevent this, what alternatives exist? For example: Hardware: Scanners supporting Bluetooth LE for initial pairing, then Wi-Fi provisioning. Firmware: Scanners acting as clients on the same network as the iPhone (e.g., via user’s home/office Wi-Fi). Software: A companion app for the scanner that shares network credentials via QR code/NFC, or a local web server on the scanner for setup. Context: Target: iOS 16+ No jailbreaking; App Store compliance is a must. Scanners can be configured to act as APs or clients.

Starting on macOS Sequoia, flows originated in Firefox have an empty sourceAppAuditToken. Other apps contain a valid token. Background: in order to fetch process info for a certain NEFilterFlow, my content filter extension uses sourceAppAuditToken, audit_token_to_pid() and proc_* (as recommended in #126820). When that fails, we use SecCodeCopyGuestWithAttributes, recommended in some other thread as a better alternative. Both approaches break when the sourceAppAuditToken is empty since they need the pid. Debugging: My logging shows audit token is empty for Firefox Typical logs from com.apple.networkextension also indicate it fails to fetch the same info I'm looking for: com.apple.networkextension debug 11:22:07.024588-0300 Fetching appInfo from cache for pid: 948 uuid: 5C40B765-C6C9-3641-A822-2BC44D264361 bundle id: (null) com.apple.networkextension debug 11:22:07.024657-0300 Calling delegate lookup handler with pid: 948, uuid: 5C40B765-C6C9-3641-A822-2BC44D264361, bundleID: (null) com.apple.networkextension debug 11:22:07.025856-0300 Could not look up appInfo for pid: 948 bundle id: (null) uuid: 5C40B765-C6C9-3641-A822-2BC44D264361 com.apple.networkextension error 11:22:07.025897-0300 Could not find app info, return the original flow without filling in app info Handling new flow: identifier = D89B5B5D-793C-4940-D992-4E90F2AD1900 procPID = 953 eprocPID = 948 direction = outbound inBytes = 0 outBytes = 0 signature = {length = 32, bytes = 0x4afeafde b484aa0c c5cb8698 0567343d ... 7cdee33e 135666dd } socketID = 19adf2904e92d9 localEndpoint = 0.0.0.0:0 remoteEndpoint = 17.33.202.170:443 protocol = 6 family = 2 type = 1 procUUID = 0C68E603-967E-3643-B225-378BD2A655F7 eprocUUID = 5C40B765-C6C9-3641-A822-2BC44D264361 Perhaps there's a bug when generating the audit token or could it be something with the Firefox signature? I double-checked Firefox and it seems fine: $ codesign --verify --verbose /Applications/Firefox.app /Applications/Firefox.app: valid on disk /Applications/Firefox.app: satisfies its Designated Requirement Not sure if relevant, but codesign with -dv showed different flags in CodeDirectory when compared to chrome: codesign -dv /Applications/Firefox.app ... CodeDirectory v=20500 size=863 flags=0x10000(runtime) hashes=18+5 ... Versus chrome CodeDirectory v=20500 size=1821 flags=0x12a00(kill,restrict,library-validation,runtime) hashes=46+7 location=embedded

Hi, i have a crash received in my Firebase Crashlytics. I couldn't figure out the root cause of the issue. Could anyone please help me with it. Crashed: com.apple.CFNetwork.Connection 0 libobjc.A.dylib 0x20b8 objc_retain_x19 + 16 1 CFNetwork 0x47398 HTTP3Fields::appendField(NSString*, NSString*) + 72 2 CFNetwork 0x41250 invocation function for block in HTTP3Stream::_buildRequestHeaders() + 240 3 CoreFoundation 0x249f0 __NSDICTIONARY_IS_CALLING_OUT_TO_A_BLOCK__ + 24 4 CoreFoundation 0x565dc ____NSDictionaryEnumerate_block_invoke_2 + 56 5 CoreFoundation 0x55b10 CFBasicHashApply + 148 6 CoreFoundation 0x8abfc __NSDictionaryEnumerate + 520 7 CFNetwork 0x793d4 HTTP3Stream::scheduleAndOpenWithHandler(CoreSchedulingSet const*, void (__CFHTTPMessage*, NSObject<OS_dispatch_data>*, CFStreamError const*) block_pointer, void (unsigned char) block_pointer) + 1120 8 CFNetwork 0x1665c HTTPProtocol::useNetStreamInfoForRequest(MetaNetStreamInfo*, HTTPRequestMessage const*, unsigned char) + 4044 9 CFNetwork 0x80c80 HTTP3ConnectionCacheEntry::enqueueRequestForProtocol(MetaConnectionCacheClient*, HTTPRequestMessage const*, MetaConnectionOptions) + 2540 10 CFNetwork 0x7fab8 HTTP3ConnectionCacheWrapper::ingestTube(Tube*, bool) + 2924 11 CFNetwork 0x257dc TubeManager::newTubeReady(Tube*, CFStreamError) + 4284 12 CFNetwork 0x57b64 invocation function for block in TubeManager::_onqueue_createNewTube(HTTPConnectionCacheKey*) + 72 13 CFNetwork 0x2fe30 Tube::_onqueue_invokeCB(CFStreamError) + 360 14 CFNetwork 0x2fc20 NWIOConnection::_signalEstablished() + 652 15 CFNetwork 0x4ba1c invocation function for block in NWIOConnection::_handleEvent_ReadyFinish() + 748 16 CFNetwork 0x4b5b0 invocation function for block in Tube::postConnectConfiguration(NSObject<OS_tcp_connection>*, NSObject<OS_nw_parameters>*, void () block_pointer) + 860 17 CFNetwork 0x4b220 BlockHolderVar<std::__1::shared_ptr<NetworkProxy>, bool, CFStreamError>::invoke_normal(std::__1::shared_ptr<NetworkProxy>, bool, CFStreamError) + 64 18 CFNetwork 0x32f2c ProxyConnectionEstablishment::postProxyConnectionConfiguration(__CFAllocator const*, std::__1::shared_ptr<TransportConnection>, NSObject<OS_nw_parameters>*, __CFHTTPMessage*, HTTPConnectionCacheKey*, std::__1::shared_ptr<MetaAuthClient>, SmartBlockWithArgs<std::__1::shared_ptr<NetworkProxy>, bool, CFStreamError>) + 664 19 CFNetwork 0x32bbc Tube::postConnectConfiguration(NSObject<OS_tcp_connection>*, NSObject<OS_nw_parameters>*, void () block_pointer) + 744 20 CFNetwork 0xc19b0 invocation function for block in NWIOConnection::_setupConnectionEvents() + 2360 21 libdispatch.dylib 0x132e8 _dispatch_block_async_invoke2 + 148 22 libdispatch.dylib 0x40d0 _dispatch_client_callout + 20 23 libdispatch.dylib 0xb6d8 _dispatch_lane_serial_drain + 744 24 libdispatch.dylib 0xc214 _dispatch_lane_invoke + 432 25 libdispatch.dylib 0xd670 _dispatch_workloop_invoke + 1732 26 libdispatch.dylib 0x17258 _dispatch_root_queue_drain_deferred_wlh + 288 27 libdispatch.dylib 0x16aa4 _dispatch_workloop_worker_thread + 540 28 libsystem_pthread.dylib 0x4c7c _pthread_wqthread + 288 29 libsystem_pthread.dylib 0x1488 start_wqthread + 8 [Here is the complete crash report.](https://developer.apple.com/forums/content/attachment/58b5bb7d-7c90-4eec-906c-4fb76861d44b)

The CA/Browser Forum has voted (cf. https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/9768xgUUfhQ?pli=1) to eventually reduce the maximum validity period for a SSL certificate from 398 days to 47 days by March 2029. This makes statically pinning a leaf certificate rather challenging. What are the consequences for App Transport Security Identity Pinning as it exists today?

I upgraded my Mac to Sequoia 15.4.1 an i hat to upgrade XCode to Version 16.3. I access a MQTT Broker by an sending an mosquitto_sub request to the Broker. Now its no longer possible the request fails i granted Network permission to my App