Hello team, I am developing a security app where I am denying certain flows/packets if the are communicating with known malicious endpoints. Therefore I want to make use of NetworkExtensions such as the new URLFilter or ContentFilter (NEURLFilterManager, NEFilterDataProvider, NEFilterControlProvider). Does NEURLFilterManager require the user's device to be at a minimun of ios 26? Does any of these APIs/Extensions require the device to be managed/supervised or can it be released to all consumers? Thanks,

There is a project that has been running online for years. A few months ago, a player reported that after making their first successful IAP at a specific purchase point, any subsequent attempts to purchase the same item do not trigger the payment window. Instead, they get the error:"This in-app purchase has already been bought".​After contacting Apple Support once, the player was able to make a payment, but the issue reappeared on the next attempt. So far, this is the only user reporting the problem, other people can purchase normally. Question1:​ Here’s what I’ve tried: I reviewed the code and ensured that TransactionObserveris correctly called. I’ve also added **[[SKPaymentQueue defaultQueue] finishTransaction:transaction]**in all possible places, but the issue persists. According to the logs, after the user’s first purchase, every subsequent IAP attempt returns the same receipt from the initial successful transaction, even though I’m certain finishTransactionis being called. It seems like this method isn’t having the intended effect. Question2:​ I asked the player to manually trigger the Restore Purchases​ button by calling [[SKPaymentQueue defaultQueue] restoreCompletedTransactions]. the restoreCompletedTransactionsFailedWithErrorcallback returned the following error: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." The player has already checked their device time and tried switching between Wi-Fi and 4G, but the error remains. Is this SSL error related to the "already bought" error?​ Note that this SSL issue occurred during a separate restore process, not during a purchase attempt. Question: 3:​ I noticed that I’m not calling finishTransaction​ inside the restoreCompletedTransactionsFailedWithErrorcallback. Should I add it there?​ Purchase Logs: ​The player clicked "Restore Purchases" and then attempted another purchase. The purchase flow appears normal, but the IAP returns an old, already-used receipt. [2025-12-10 17:41:38:995] Restore transaction failed: Error > Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a > secure connection to the server cannot be made." [2025-12-10 17:41:40:010] Restore transaction failed: Error > Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a > secure connection to the server cannot be made." [2025-12-10 17:41:42:011] buy method called... productID: > huoxiancj_648 orderID: 22674511 [2025-12-10 17:41:42:107] ----Log Observers ID---- [2025-12-10 17:41:42:108] ObserverID: 0x109968890 [2025-12-10 17:41:42:108] Processing unfinished transactions... [2025-12-10 17:41:42:108] Finished processing unfinished > transactions. [2025-12-10 17:41:42:108] Allowing in-app purchase... [2025-12-10 17:41:42:215] Requesting product info... [2025-12-10 17:41:42:989] productsRequest didReceiveResponse: [2025-12-10 17:41:43:066] Invalid Product ID: ( [2025-12-10 17:41:43:066] Purchase quantity: 1 [2025-12-10 17:41:43:066] Product info: [2025-12-10 17:41:43:067] Price: 648 [2025-12-10 17:41:43:067] Product ID: huoxiancj_648 [2025-12-10 17:41:43:067] Validating product info... [2025-12-10 17:41:43:067] Sending payment request... [2025-12-10 17:41:43:067] requestDidFinish [2025-12-10 17:41:43:132] paymentQueue updatedTransactions. [2025-12-10 17:41:43:133] updatedTransactions case > SKPaymentTransactionStatePurchasing [2025-12-10 17:41:43:208] [payment.applicationUsername] > userid=50306496 appid=1045 instid=12844 reserve=xxxx > productID=22674511 [2025-12-10 17:43:16:008] paymentQueue updatedTransactions. [2025-12-10 17:43:16:008] updatedTransactions case > SKPaymentTransactionStatePurchased [2025-12-10 17:43:16:008] productIdentifier= huoxiancj_648 [2025-12-10 17:43:16:113] Sending receipt to server for validation. [2025-12-10 17:43:16:113] Transaction completed. Any help or suggestions would be greatly appreciated! Thanks in advance.

Hello, I’m experiencing a strange issue with a newly created Subscription Group in my iOS app. For all my existing subscription groups, everything works perfectly — initial purchase, renewals, cancellations, all notifications arrive normally. But for this one newly created group, the first purchase never triggers any server notification from App Store Server Notifications (ASSN). ⸻ 📘 Problem Summary • I created a new Subscription Group in App Store Connect. • The products are all Approved and Published for over a week. • Users can successfully purchase the subscription in production. • The purchase is shown as Purchased in the App Store purchase UI. • The receipt can be fetched locally on device. • But my server receives no notifications, including: • DID_RENEW • DID_CHANGE_RENEWAL_STATUS • SUBSCRIBED • ONE_TIME_CHARGE • CONSUMPTION_REQUEST • etc. The old subscription groups still send notifications normally, so the notification URL and server infrastructure are correct.

Honestly, don't know how to test it in sandbox. I'm confused on if I need a sandbox to actually test out my in app purchase. Do I need to download something? Someone please help.

I am developing a running training app that coaches can use to create interval workout plans. I can use HKWorkout to get information about Splits similar to that in Fitness app, but I can't get information about Intervals. My idea is to show interval details when users view their completed custom interval workout plans. Can I use Healthkit (or another feasible method) to get the actual distance or time of exercise in intervals workout ? (I know the workoutPlan property, but it doesn't reflect the segments of a real interval training workout.) Any insights or suggestions would be greatly appreciated! Thanks in advance!

I have a watch only app that display an open/close park status and the current temperature with a current condition icon. That's it. On second submission the watch app was rejected due to no WeatherKit attribution. I have a lack of clarity of what's needed. With my single view that display my content I don't want WeatherKit attribution to overwhelm what's being presented to the user. I've tried looking for watch apps in the store that provide attribution and I'm not finding any. Looking for advice on how to meet this requirement without attribution overpowering my content.

Hi, I am experiencing an issue where my in-app purchase products cannot be fetched from App Store Connect during sandbox testing, despite all products being properly configured. ERROR MESSAGE: When testing on a physical iOS device, I receive the following error: "Error fetching offerings - The operation couldn't be completed. (RevenueCat.OfferingsManager.Error error 1.) There's a problem with your configuration. None of the products registered in the RevenueCat dashboard could be fetched from App Store Connect (or the StoreKit Configuration file if one is being used)." All products show status "READY_TO_SUBMIT" with the warning: "This product's status (READY_TO_SUBMIT) requires you to take action in App Store Connect before using it in production purchases." I have 2 subscriptions and 4 Consumable in-app purchases set up in App Store Connect. VERIFICATION COMPLETED: Bundle ID matches exactly in App Store Connect, Xcode project, and RevenueCat dashboard Product IDs match exactly between App Store Connect, RevenueCat, and application code Paid Applications Agreement is signed and active (Signed on 12/9 morning, everything shows as active) All products are in "Ready to Submit" status with complete metadata All products are properly linked to the app in App Store Connect Testing on physical iOS device (not simulator) with sandbox account signed in via Settings > Developer section Products have been in "Ready to Submit" status for 8 hours I have researched this error and verified the common causes (Paid Agreements, Product ID mismatches, Bundle ID mismatches) are all correctly configured on my end. QUESTION: Is this an issue on Apple's end, or are there additional requirements for products in "Ready to Submit" status to be available in sandbox testing? I have been unable to test my in-app purchases despite all configuration appearing correct. Thank you for your assistance.

On a MacBook Pro, 16GB of RAM, 500 GB SSD, OS Sequoia 15.7.1, M3 chip, I am running some python3 code in a conda environment that requires lots of RAM and sure enough, once physical memory is almost exhausted, swapfiles of about 1GB each start being created, which I can see in /System/Volumes/VM. This folder has about 470 GB of available space at the start of the process (I can see this through get info) however, once about 40 or so swapfiles are created, for a total of about 40GB of virtual memory occupied (and thus still plenty of available space in VM), zsh kills the python process responsible for the RAM usage (notably, it does not kill another python process using only about 100 MB of RAM). The message received is "zsh: killed" in the tmux pane where the logging of the process is printed. All the documentation I was able to consult says that macOS is designed to use up to all available storage on the startup disk (which is the one I am using since I have only one disk and the available space aforementioned reflects this) for swapping, when physical RAM is not enough. Then why is the process killed long before the swapping area is exhausted? In contrast, the same process on a Linux machine (basic python venv here) just keeps swapping, and never gets killed until swap area is exhausted. One last note, I do not have administrator rights on this device, so I could not run dmesg to retrieve more precise information, I can only check with df -h how the swap area increases little by little. My employer's IT team confirmed that they do not mess with memory usage on managed profiles, so macOS is just doing its thing. Thanks for any insight you can share on this issue, is it a known bug (perhaps with conda/python environments) or is it expected behaviour? Is there a way to keep the process from being killed?

Our team is in the process of updating our apps to comply with Texas's new state law. In order to minimize user confusion and provide the most ideal flow to access the app as possible, we have a few questions we would like answered. Summary of questions: Is isEligibleForAgeFeatures intended to be accurate and accessible before the user has accepted the Age Range permissions prompt? As other US states and/or other countries adopt a similar law going forward, will this instance variable cover those locations? Will the runtime crashes on isEligibleForAgeFeatures and other symbols in the DeclaredAgeRange framework be addressed in a future RC or in the official release? Details and Investigations: With regards to isEligibleForAgeFeatures, our team has noticed that this value is always false before the age range prompt has been accepted. This has been tested on the XCode RC 26.2 (17C48). Assuming the request needs to be accepted first, isEligibleForAgeFeatures does not get updated immediately when the user chooses to share their age range (updated to true, when our sandbox test account is a Texas resident). Only upon subsequent relaunches of the app does this return a value that reflects the sandbox user's location. Is isEligibleForAgeFeatures intended to be accurate and accessible before the user has accepted the Age Range permissions prompt? This leads to our follow-up question to clarify whether isEligibleForAgeFeatures explicitly correlates to a user in an affected legal jurisdiction–if future US states and/or other countries adopt a similar law going forward, will this instance variable cover those locations? Can we also get confirmation about whether the runtime crash on isEligibleForAgeFeatures and other symbols in the DeclaredAgeRange framework will be addressed in a future RC or in the official release? Thank you.

Hi everyone, I have a question regarding the intended privacy limits of the DeviceActivityReportExtension. According to the documentation and the WWDC21 session "Meet the Screen Time API", this extension was created specifically to prevent the host application from accessing the user's underlying activity data (websites visited, app usage, screen time, etc). But I have found that my host app is actually able to reconstruct this raw activity data from the activity report. I am able to extract specific visited websites and app usage durations back into the main app. I reported this to Apple Security (Case ID: OE1100504480881 ), assuming it was a sandbox bypass. However, they closed the ticket stating that this is "expected behavior" and requires no fix. My question for Screen Time Engineers: Is the documentation incorrect? If my host app is expected to be able to read this data, is there a formal API we should be using instead of extracting it from the report extension? The current behavior contradicts the privacy limits described in the documentation, so I am confused if I should rely on this data access for my app features or if it will be patched later. Thanks.

Hello, I have a problem with a subscription: it is not recognised by my application (under TestFlight); it is as if it did not exist. I have two subscriptions in the same group, a premium subscription that works perfectly and a basic subscription that is not recognised. I have checked everything at least twenty times. Its status is ‘Ready to submit’. I asked GPT 5.1 and Claude AI, but clearly both of their AIs are out of date and are giving me an obsolete procedure with App Store Connect options that don't exist.

Hello, I'm using PassKit with to perform Apple Pay payment in a financial application. Our approach are: On iOS application, define PKMerchantCapability threeDSecure and credit, perform apple pay experience and get the encrypted response. On PCI service, receive the encrypted data Payment token, decrypt this data, and use to perform the payment. The problem is, in MasterCard transaction the eciIndicator is missing. I want to know if has some rule or problem about it.

If I have two iOS apps, with bundle ids com.mycompany.A and com.mycompany.B, and they both have the shared group id of group.com.mycompany.B, then they can read/write data to same file (in shared defaults or, for example, a Realm database saved to the same shared group location). What I have noticed is that if both apps get installed and some data X written to shared defaults (but data which isn't accessed by both apps i.e. if only app A uses this data), then if app A is deleted and reinstalled then X is not deleted in this situation (unless both apps A and B are deleted). I guess that is to be expected as they both use the same group id and the OS won't clear that area out unless both apps are deleted. However I think I am seeing a situation where if app A has group.com.mycompany.A as its group and app B has group.com.mycompany.B as its group, then this is still the same situation - data written by app B for doesn't get deleted if only app B is deleted/reinstalled on the phone. It won't get deleted unless both app B and A are deleted from the phone. This is not what I was expecting. I need to perform some more checks (its more complex to verify as app A is developed by one company and app B by another), but if this were to be the case would this be unexpected behavior by the OS? Presumably it would be unexpected as the container should be identified by the full group id and not a partial portion of the group id right?

We are facing a DNS resolution issue with a specific ISP, where our domain name does not resolve correctly using the system DNS. However, the same domain works as expected when a custom DNS resolver is used. On Android, this is straightforward to handle by configuring a custom DNS implementation using OkHttp / Retrofit. I am trying to implement a functionally equivalent solution in native iOS (Swift / SwiftUI). **Android Reference (Working Behavior) : ** val dns = DnsOverHttps.Builder() .client(OkHttpClient()) .url("https://cloudflare-dns.com/dns-query".toHttpUrl()) .bootstrapDnsHosts(InetAddress.getByName("1.1.1.1")).build() OkHttpClient.Builder().dns(dns).build() **Attempted iOS Approach ** I attempted the following approach : Resolve the domain to an IP address programmatically (using DNS over HTTPS) Connect directly to the resolved IP address Set the original domain in the Host HTTP header **DNS Resolution via DoH : ** func resolveDomain(domain: String) async throws -> String { guard let url = URL( string: "https://cloudflare-dns.com/dns-query?name=\(domain)&type=A" ) else { throw URLError(.badURL) } var request = URLRequest(url: url) request.setValue("application/dns-json", forHTTPHeaderField: "accept") let (data, _) = try await URLSession.shared.data(for: request) let response = try JSONDecoder().decode(DNSResponse.self, from: data) guard let ip = response.Answer?.first?.data else { throw URLError(.cannotFindHost) } return ip } **API Call Using Resolved IP : ** func callAPIUsingCustomDNS() async throws { let ip = try await resolveDomain(domain: "example.com") guard let url = URL(string: "https://\(ip)") else { throw URLError(.badURL) } let configuration = URLSessionConfiguration.ephemeral let session = URLSession( configuration: configuration, delegate: CustomURLSessionDelegate(originalHost: "example.com"), delegateQueue: .main ) var request = URLRequest(url: url) request.setValue("example.com", forHTTPHeaderField: "Host") let (_, response) = try await session.data(for: request) print("Success: \(response)") } **Problem Encountered ** When connecting via the IP address, the TLS handshake fails with the following error: Error Domain=NSURLErrorDomain Code=-1200 "A TLS error caused the secure connection to fail." This appears to happen because iOS sends the IP address as the Server Name Indication (SNI) during the TLS handshake, while the server’s certificate is issued for the domain name. **Custom URLSessionDelegate Attempt : ** class CustomURLSessionDelegate: NSObject, URLSessionDelegate { let originalHost: String init(originalHost: String) { self.originalHost = originalHost } func urlSession( _ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void ) { guard challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust, let serverTrust = challenge.protectionSpace.serverTrust else { completionHandler(.performDefaultHandling, nil) return } let sslPolicy = SecPolicyCreateSSL(true, originalHost as CFString) let basicPolicy = SecPolicyCreateBasicX509() SecTrustSetPolicies(serverTrust, [sslPolicy, basicPolicy] as CFArray) var error: CFError? if SecTrustEvaluateWithError(serverTrust, &error) { completionHandler(.useCredential, URLCredential(trust: serverTrust)) } else { completionHandler(.cancelAuthenticationChallenge, nil) } } } However, TLS validation still fails because the SNI remains the IP address, not the domain. I would appreciate guidance on the supported and App Store–compliant way to handle ISP-specific DNS resolution issues on iOS. If custom DNS or SNI configuration is not supported, what alternative architectural approaches are recommended by Apple?

We attempted to run a burn-in test while connected to our MacBook Pro M4 Max, but this crashed about 10 minutes into testing. We tried to run a 2-hour burn-in on M4 Max host while charging the battery from below 5%, running six bus-powered drives (via ATTO/Black Magic/IOmeter), hitting the RJ45 port for 2.5Gbps (via JPerf), and streaming at least 4K60Hz video content to two display, however, M4 Max will crashed in 20 [minutes.]( https://www.example.com/)

We attempted to run a burn-in test while connected to our MacBook Pro M4 Max, but this crashed about 10 minutes into testing. Can Action Star see if you are able to run a 2-hour burn-in on your own M4 Max host while charging the battery from below 5%, running six bus-powered drives (via ATTO/Black Magic/IOmeter), hitting the RJ45 port for 2.5Gbps (via JPerf), and streaming at least 4K60Hz video content to two displays? Please measure the outer temperature on the hottest part of the enclosure as well.

After reading the news below, we are currently working on updating our app in preparation for the enforcement of Texas SB 2420. https://developer.apple.com/news/?id=2ezb6jhj Based on the information in the announcement, we understand that parents will be able to revoke their consent for apps. However, we are unsure how an app is supposed to obtain or verify the parent’s consent status in the first place. We reviewed the Declared Age Range API and PermissionKit’s Significant Change API, but could not find any functionality related to this. If anyone with expertise on this topic has insight, we would greatly appreciate your guidance. Thank you in advance.

After reading the news below, we are currently working on updating our app in preparation for the enforcement of Texas SB 2420. https://developer.apple.com/news/?id=2ezb6jhj Based on the information in the announcement, we understand that parents will be able to revoke their consent for apps. However, we are unsure how an app is supposed to obtain or verify the parent’s consent status in the first place. We reviewed the Declared Age Range API and PermissionKit’s Significant Change API, but could not find any functionality related to this. If anyone with expertise on this topic has insight, we would greatly appreciate your guidance. Thank you in advance.

操作步骤：1:调用let eligible = try await AgeRangeService.shared.isEligibleForAgeFeatures，返回YES后，再次调用 let response = try await AgeRangeService.shared.requestAgeRange(ageGates:18, in: viewController) switch response { case .declinedSharing: DispatchQueue.main.async { completion(.declinedSharing, nil, nil) } case .sharing(let swiftRange): DispatchQueue.main.async { let model = ARAgeRange(swiftRange: swiftRange) completion(.sharing, model, nil) }

[MTAgeRangeService requestEligibility:^(BOOL eligible) { if (eligible) { //您应用程序的用户所在的地区，需要执行特定年龄相关义务 [MTAgeRangeService requestAgeRangeWithAgeGates:18 in:[ViewU getCurrentVC] completion:^(enum ARResponseType responseType, ARAgeRange * _Nullable ageRange, NSError * _Nullable error) { [weakself.ageRangeLoadingView dissmiss]; self->_ageRangeLoadingView = nil; if (responseType == ARResponseTypeSharing) { //用户同意并分享了年龄范围 if ([ageRange.lowerBound intValue] >= 18) { //满18岁可以注册 }else{ //不到18岁不能注册，提示一下 } }else{ //用户拒绝或者其他未知错误，需要提示 }else{ } } }] ; }else{ }];