We are developing an MDM agent app that uses FamilyControls with .individual authorization to enforce Screen Time restrictions (app blocking, domain blocking via ManagedSettingsStore and DeviceActivityCenter). The Problem We are actively subscribing to AuthorizationCenter.shared.$authorizationStatus to detect authorization changes. However, when the user revokes the app's FamilyControls authorization through Settings (either via Settings > Screen Time > Apps With Screen Time Access, or Settings > Apps > [Our App]), the publisher does not emit any value. All ManagedSettingsStore restrictions are lifted immediately by the system, but our app receives no notification of this change. The only scenario where the publisher reliably emits is when a debugger is attached (i.e., running directly from Xcode). Without the debugger, the publisher is completely silent — even when the app returns to foreground. Code Example We tried subscribing directly to AuthorizationCenter.shared.$authorizationStatus with no intermediary, exactly as shown in the documentation: AuthorizationCenter.shared.$authorizationStatus .sink { status in print("[DIRECT] authorizationStatus emitted: \(status)") } .store(in: &cancellables) This subscription is set up at app launch and stored in cancellables. The result is the same — the publisher does not emit when the user revokes authorization in Settings without a debugger attached. Documentation Reference The documentation for authorizationStatus states: "The status may change due to external events, such as a child graduating to an adult account, or a parent or guardian changing the status in Settings." And: "The system sets this property only after a call to requestAuthorization(for:) succeeds. It then updates the property until a call to revokeAuthorization(completionHandler:) succeeds or your app exits." This suggests the publisher should emit when the status is changed via Settings, but in our testing it does not — unless a debugger is attached. What We Verified We tested with a development-signed build (which includes the com.apple.developer.family-controls entitlement), launched from Xcode, then disconnected the debugger, killed the app, and relaunched from the home screen. Scenario Publisher emits on revocation? Running from Xcode (debugger attached) Yes, immediately Development-signed build (no debugger) No — silent even on foreground return We also confirmed: MDM configuration profiles can disable Screen Time entirely, but cannot restrict the per-app authorization toggle — the user can always freely revoke the app's Screen Time access The Security Gap This creates a significant gap for parental controls use cases: User leaves the app (app goes to background) User goes to Settings and disables Screen Time access for the app All restrictions are immediately lifted User uses the device freely User re-enables Screen Time access and opens the app Everything syncs back to normal — administrator never knows Questions Is there any supported mechanism to receive a notification (background or foreground) when FamilyControls individual authorization is revoked? We are subscribing to AuthorizationCenter.shared.$authorizationStatus but it does not emit. Is the $authorizationStatus publisher expected to work only when a debugger is attached? Is this a known limitation or a bug? Can DeviceActivityMonitor extension detect authorization revocation? Based on documentation it appears limited to schedule/threshold events, but we haven't confirmed this. Is there a planned API improvement to address this gap? Environment iOS 26.2 Xcode 26.3 Swift 6.2.4 FamilyControls .individual authorization Related Threads Screen time API can be disabled easily Changing Screen Time Passcode does not protect apps

I am building an iOS mobile application using Flutter, with native Swift integration for accessing Apple HealthKit instead of a Flutter plugin. The primary goal is to capture and sync specific HealthKit data types, namely Respiratory Rate and Sleeping Wrist Temperature, and send this data to a backend API as close to real-time as possible after it is written to HealthKit. The application needs to support both foreground and background syncing. Data should be synced when the app is opened, but also in the background when the device is locked. Additionally, there are reliability constraints to consider: the user may not open the app for extended periods, the device may remain locked, and Low Power Mode or other system restrictions may impact background execution. I have explored a few possible approaches. One option is using BGTaskScheduler to periodically fetch and sync data. However, based on my understanding, background tasks are not guaranteed to execute frequently and may be throttled or stopped by the system after some time. Another approach is to use HKObserverQuery along with HKAnchoredObjectQuery. In this setup, observer queries would be registered for the required data types, background delivery would be enabled, and whenever triggered, anchored queries would fetch incremental updates which would then be sent to the backend. This seems closer to a real-time model, but I am unsure how reliable and timely these background updates are in practice. I have also looked into newer APIs like HKQueryDescriptor, but it is not clear whether they provide any advantage over the observer plus anchored query approach for this use case. My main questions are: what is the recommended architecture for achieving near real-time syncing of HealthKit data for these metrics? Does HealthKit background delivery provide any guarantees or expectations around delivery timing, or can updates be significantly delayed depending on system conditions? How should edge cases be handled, such as when the device remains locked for long durations or when Low Power Mode is enabled? Would it be advisable to combine observer queries with BGTaskScheduler as a fallback mechanism? Finally, apps like Athlytic appear to show updated data immediately when opened. I am curious whether this is primarily achieved through background delivery or by fetching data on demand when the app becomes active. The goal is to design a system that is as close to real-time as possible while remaining reliable and compliant with iOS background execution constraints. Any recommended patterns, best practices, or references would be greatly appreciated.

Hi everyone, I have a question about Live Activity start tokens and update tokens. After reading the documentation, it is still not very clear to me how often these tokens are invalidated, and whether their expiration is time-based or event-based. My current understanding is that the update token is generated when the Live Activity starts, and that it becomes invalid when the activity ends or is dismissed by the user. What I am not clear on is whether the update token can also become invalid at any point while the Live Activity is still active. I have a similar question about the start token. I have noticed that it is generated on the initial app launch, but I have also seen it get regenerated at what seems like random times. I would like to better understand what events or conditions cause a new start token to be issued. Is there any official guidance on the lifecycle of these tokens, specifically: whether they expire based on time, whether they are only invalidated by specific events, and what conditions trigger regeneration of the start token or update token? Any clarification would be appreciated. Thanks.

I've seen a number of similar posts from other network system extension developers reporting kernel panics on M5 devices in macOS. These kernel panics occur when network system extensions are enabled and are not observed on earlier mac platforms or versions of macOS. Reference: https://developer.apple.com/forums/thread/821372 In this post, it appears like Apple is aware of a problem as noted by Kevin Elliott in versions of macOS. Do we know if there is any way to work around this problem (short of not enabling a network filter) until a fix is available?

Hi, Overview: I get the following error when trying to save / read from SwiftData It happens when I try to save color to SwiftData (code below) Error 'NSKeyedUnarchiveFromData' should not be used to for un-archiving and will be removed in a future release Questions How can I resolve the error? I am not directly using data, I am using just Float values, swift types. Why am I getting this error? Is there a way to add a breakpoint to stop at the exact type causing the error? (Symbolic breakpoint doesn't seem to help) Or is the below code ok and not responsible for the error? Code import SwiftUI nonisolated struct ColorRepresentation: Codable { let red: Float let green: Float let blue: Float let opacity: Float init(colorResolved: Color.Resolved) { red = colorResolved.red green = colorResolved.green blue = colorResolved.blue opacity = colorResolved.opacity } func color() throws -> Color { Color( red: Double(red), green: Double(green), blue: Double(blue), opacity: Double(opacity) ) } } extension ColorRepresentation: Equatable {}

Hello, We are planning to shut down our mobile app service and need to discontinue our auto-renewable subscription product. Our service termination date is July 31, and we are currently preparing the backend implementation for this. We have reviewed the official documentation and Apple Developer Forums, but there are several behaviors we cannot confirm through sandbox testing, as the "Remove from Sale" setting does not appear to affect the sandbox environment. We would greatly appreciate clarification on the following: Server notification at the moment of "Cleared for Sale" being unchecked When we uncheck "Cleared for Sale" in App Store Connect, is any App Store Server Notification (V2) sent to our server immediately at that moment? If yes, what is the exact notificationType and subtype value sent? If no, when is the first notification triggered for existing active subscribers after this action? 2. Notification sequence from product removal through final expiration For existing active subscribers, what is the exact sequence of notificationType and subtype values our server should expect — from the moment we remove the product from sale through the subscriber's final expiration? Based on our research, we believe the sequence may be: (1) Cleared for Sale unchecked → (2) No immediate notification → (3) At next renewal attempt → EXPIRED with subtype PRODUCT_NOT_FOR_SALE Could you confirm whether this is correct, or provide the accurate sequence? 3. Whether DID_CHANGE_RENEWAL_STATUS is sent before EXPIRED Is a DID_CHANGE_RENEWAL_STATUS notification sent to our server at the moment of removal from sale, before the EXPIRED notification at the renewal date? If yes, what is the subtype of this notification? 4. Recommended server-side handling per notification For each notification in the sequence above, what is the recommended server-side action? For example: On EXPIRED with subtype PRODUCT_NOT_FOR_SALE → revoke entitlement immediately? On DID_CHANGE_RENEWAL_STATUS (if sent) → update status only, do not revoke entitlement yet? Sandbox testing limitations We have confirmed that the "Remove from Sale" setting does not affect the sandbox environment. Is there any recommended way to test this scenario before applying it in production? If sandbox testing is not possible for this case, is there any official confirmation of this limitation? We have a fixed service termination schedule and need to ensure our backend handles this correctly. Any clarification or pointers to official documentation would be greatly appreciated. Thank you.

From the Developer Guide page 12 for the entitlements. The footnote mentions that CarPlay EV charging app and CarPlay fueling app entitlements may be combined in a single app Does this mean that i can implement both fuelling and EV charging feature in the same app ? How will the entitlement process to get this be done ? should i make 2 request for each of the entitlement ?

I have an MKMapView displaying realistic elevation. As soon as I call "mapView.addOverlays([polylines])" which then trigger: func mapView(_ mapView: MKMapView, rendererFor overlay: MKOverlay) -> MKOverlayRenderer { if let polyline = overlay as? MKPolyline { let view = MKPolylineRenderer(polyline: polyline) // ... return view } return MKOverlayRenderer(overlay: overlay) } The map instantly turn flat until I remove all the overlays.

I've encountered an issue where we need multiple domain associations with separate Apple Pay implementations. Briefly, we have a /.well-known/apple-developer-merchantid-domain-association already setup with Stripe, and now we need another, different version of the file to get setup with FreedomPay. FreedomPay insists this file represents a three-way relationship between all parties and I have no reason to disbelieve them. I'm wondering if anyone has encountered this or if there is a standard procedure. I'm currently trying to find documentation on the exact way Apple Pay verification interacts with this file to see if we can produce it dynamically.

It seems that with the latest update ellipsoidalAltitude of the CLLocation is always 0.0 where it had the correct value before. Also, velocity used to be -1 when not moving. The regular altitude still has sensible values. Did anybody else experience this ? Rgds Lob

We get this error in our App when users try to purchase a subscription. "Invalid Product ID" The respons from Apple backend is: (NOBRIDGE) LOG {"code": "E_DEVELOPER_ERROR", "debugMessage": "Invalid product ID.", "message": "Invalid product ID.", "productId": "com.familycal.daysi.one.month.version71"}

Hello everyone, I've really been enjoying SwiftData's approach to handling DBs, however sharing data between users has caused me quite some headaches. I am currently developing an app for my local theatre that will help the assistant directors with production planning and would need a way to share data. On some big productions we have 2 ADs, so they'd need to be able to share the project and do collaborative work on it. I don't need fancy real-time editing or anything. However, SwiftData exposing an equivalent to Core Data’s NSPersistentCloudKitContainer sharing APIs for CKShare-based user-to-user collaboration would be amazing. As the only thing supported is per-user private data sync, I’m currently considering a hybrid approach until the full project could be shared: SwiftData for the main private app data a small separate Core Data + CloudKit sharing stack only for the shared timetables for cast and crew Is that the recommended implementation today, or is there a better SwiftData-friendly way to do this? I also filed Feedback Assistant request FB22712510 asking for native SwiftData support for user-to-user CloudKit sharing. Thanks for any pointers or help! Best regards, Aedan

Summary We are activating a Network Extension system extension (filter-data) from a signed and notarized macOS app. Activation consistently fails with: OSSystemExtensionErrorDomain code=4 Extension not found in App bundle. Unable to find any matched extension with identifier: com.seaskylight.yksmacos.ExamNetFilter.data At the same time, sysextd logs: no policy, cannot allow apps outside /Applications However, our host app and executable real paths are already under /Applications, and the extension bundle physically exists in the expected app bundle location. Environment macOS: Darwin 25.4.0 Host app: /Applications/xxx.app Host bundle id: com.seaskylight.yksmacos System extension bundle id: com.seaskylight.yksmacos.ExamNetFilter.data Team ID: BVU65MZFLK Device management: Enrolled via DEP: No MDM enrollment: No Reproduction Steps Install host app to /Applications. Launch host app via Finder or: open -a "/Applications/xxx.app" Trigger OSSystemExtensionRequest activationRequestForExtension for: com.seaskylight.yksmacos.ExamNetFilter.data Observe failure callback (code=4). Collect logs: log show --last 2m --style compact --info --debug --predicate 'process == "sysextd"' systemextensionsctl list (shows 0 extension(s)) Observed Results sysextd client activation request for com.seaskylight.yksmacos.ExamNetFilter.data attempting to realize extension with identifier com.seaskylight.yksmacos.ExamNetFilter.data no policy, cannot allow apps outside /Applications App-side diagnostics (captured at failure) pid=3249 bundlePath=/Applications/xxx.app bundlePathReal=/Applications/xxx.app execPath=/Applications/xxx.app/Contents/MacOS/xxx execPathReal=/Applications/xxx.app/Contents/MacOS/xxx extPath=/Applications/xxx.app/Contents/Library/SystemExtensions/ExamNetFilterData.systemextension extExists=true runningFromHelper=false Error callback NSError{domain=OSSystemExtensionErrorDomain code=4 desc=Extension not found in App bundle...} Additional Validation We reproduced the same failure using a minimal native host app (SysExtProbe) in /Applications that only submits the activation request for the same extension identifier. It also fails with OSSystemExtensionErrorDomain code=4, indicating this is not specific to Electron app logic. Signing / Packaging Notes Host app and system extension are signed with the same Team ID (BVU65MZFLK). System extension bundle exists under: /Applications/xxx.app/Contents/Library/SystemExtensions/ExamNetFilterData.systemextension Extension Info.plist contains bundle id: com.seaskylight.yksmacos.ExamNetFilter.data Host app includes NSSystemExtensionUsageDescription. Questions for DTS In non-MDM personal-device scenarios, what exact conditions trigger sysextd to emit: no policy, cannot allow apps outside /Applications even when both bundlePath and realpath are in /Applications? Can code=4 (“Extension not found in App bundle”) be returned for policy/state reasons even when extension bundle is present and identifier matches? Are there known sysextd policy/cache states that cause this behavior, and what is the recommended recovery procedure?

I see that in the link https://developer.apple.com/documentation/virtualization/vzvirtualmachineconfiguration/graphicsdevices?changes=late_7_8 graphicsDevices accepts and array. So it is possible to have multiple displays for a virtual machine. But when i tried it with multiple displays it does not work. Why do we have it as an array if it does not support multiple displays.? or how to get it work with multiple displays.

Hi everyone, I have two questions about Live Activity push notifications that we send from our backend server to iPhones. First, I would like to understand the expected behavior when lowering the APNs priority of a Live Activity update from 10 to 6. How does this affect delivery timing, reliability, or system handling of the notification? Second, my team has been seeing significant delays with some messages sent to the device. In some cases, notifications take anywhere from 1 to 3 hours to arrive on the phone. We are trying to understand what might cause this kind of delay. Is this expected under certain conditions, such as device state, system throttling, network conditions, or APNs behavior? Also, is there any way to inspect logs or delivery details for messages sent to the app so we can better diagnose where the delay is happening? Any guidance would be appreciated. Thanks.

Is there any way to start a cycling navigation in Maps.app from another app? This seems to work with walking and driving directions, but nothing I've tried has gotten it to work with cycling.

We are so interested in AlarmKit which is presented at WWDC25. While we planning our app using AlarmKit, We had a few questions come to mind and were hoping you could provide some clarity. Please excuse the rather long list of questions, as we don't currently have a device available to test these features ourselves. System Actions Related Is there a limit to the number of alarms that can be scheduled using AlarmKit? Are alarms scheduled with AlarmKit persistent across device reboots? When an alarm is dismissed (either by swiping or pressing the power button), can our app detect this action and execute code in response? Can we control the behavior of the physical Lock Screen buttons when an AlarmKit alarm is active, for instance, to trigger a snooze action? Does AlarmKit function correctly during Do Not Disturb or Low Power Mode? What is the expected behavior when an alarm from our app (using AlarmKit) overlaps with an alarm from another app that also uses AlarmKit? Which one is going to get its priority? Thank you for your help. Sincerely

Hi all, I'm building an iOS alarm app on AlarmKit (iOS 26+) and running into reliability issues I can't find documented anywhere. Hoping someone here has insight. What we're doing We schedule a "fan-out" pattern, a single user-set alarm becomes a sequence of AlarmKit alarms firing at regular intervals over ~50 minutes. The density is needed because we require repeated wake-up alerts the user can't easily ignore until they complete an explicit dismissal action. A single AlarmKit alarm that auto-mutes after Apple's default duration doesn't solve the heavy-sleeper case. We've seen other iOS alarm apps use a similar approach reliably on iOS 26+, so the pattern seems achievable. We're clearly missing something about AlarmKit's behavior under dense scheduling. The issue AlarmKit alarms intermittently fail to enter .alerting at their scheduled times when the device is locked. Lateness varies from ~20 seconds up to 4+ minutes. The bug is intermittent ie. no deterministic reproducer. When the lateness is short (~15-22s), the next alarm in the sequence often fires only a few seconds later, suggesting the first two get bunched rather than firing independently. When the lateness is long (minutes), our AlarmManager.shared.alarmUpdates subscriber observes zero .alerting transitions during the gap, then receives a flurry of events when the device wakes. Verified via on-thread Swift logging, not a bridge or JS-suspension issue. Our setup AlarmManager.AlarmConfiguration with .fixed(date) schedule, AlarmAttributes + stop button, StopAlarmIntent, custom .named(...) sound No alerting duration specified (we don't believe one is exposed) NSAlarmKitUsageDescription set; AlarmKit authorized Registered WidgetExtension for the auto Live Activity No Critical Alerts entitlement (docs suggest AlarmKit doesn't need it) Questions Is there a documented or undocumented density limit for AlarmKit alarms scheduled in close succession? What is iOS's behavior when multiple AlarmKit alarms are simultaneously in .alerting state? Coalesce? Queue? Drop? Is there a supported way for the app to control per-alarm alerting duration before iOS auto-mutes? For locked-overnight scenarios, are there documented power-management or dasd interactions that defer AlarmKit fires? Does declaring UIBackgroundModes fetch/processing affect this? Any insight or a point in the right direction would be super appreciated!

Device: iPhone 15 Pro Max, iOS 26.4 Xcode: Latest version, development signing with "Automatically manage signing" Team: Registered Apple Developer Program (Organization) Problem DeviceActivityReport SwiftUI view renders completely blank. The Report Extension's makeConfiguration(representing:) is never called (confirmed via App Group counter that stays at 0). The DeviceActivityMonitorExtension callbacks (intervalDidStart, eventDidReachThreshold) also never fire. What works AuthorizationCenter.shared.requestAuthorization(for: .individual) → .approved DeviceActivityCenter().startMonitoring() → registers schedules successfully, center.activities returns them ManagedSettingsStore.shield.applications → blocks apps correctly from the main app process Screen Time is enabled and actively collecting data (Settings > Screen Time shows per-app usage: Clash Royale 2h 35m, etc.) App Group UserDefaults(suiteName:) read/write works from the main app What doesn't work DeviceActivityReportExtension.makeConfiguration() is never called (callCount stays 0 in App Group) DeviceActivityMonitorExtension.intervalDidStart() is never called No extension callbacks fire at all — the extension process is never launched by iOS Confirmed it's NOT our app's issue We created a brand new Xcode project from Apple's template: File > New > Project > App File > New > Target > Device Activity Report Extension Added Family Controls capability to both targets Embedded DeviceActivityReport view in ContentView with daily filter Built and ran on the same device Result: Same blank screen. The template project's Report Extension also never renders any data. Console errors Failed to locate container app bundle record. The process may not be entitled to access the LaunchServices database or the app may have moved. (501) personaAttributesForPersonaType for type:0 failed with error Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.mobile.usermanagerd.xpc was invalidated: Connection init failed at lookup with error 159 - Sandbox restriction." LaunchServices: store (null) or url (null) was nil: Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" Attempt to map database failed: permission was denied. This attempt will not be retried. Failed to initialize client context with error Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" What we've tried Deleting app, rebooting device, reinstalling Re-requesting FamilyControls authorization on every launch Embedding extensions with "Embed & Sign" (not just "Embed Without Signing") Verified all 3 .appex files are in PlugIns/ directory at runtime Verified App Group (group.com.parentguard.app) is accessible Verified all App IDs and capabilities registered in Apple Developer portal Tried different DeviceActivityFilter configurations (daily, hourly) Placed DeviceActivityReport view at root of view hierarchy Clean build, new provisioning profiles Extensions embedded [Diagnose] Found extension: DeviceActivityReportExtension.appex [Diagnose] Found extension: DeviceActivityMonitorExtension.appex [Diagnose] Found extension: ShieldConfigurationExtension.appex Question Has anyone gotten DeviceActivityReport or DeviceActivityMonitorExtension to work on iOS 26.4 with a development-signed build from Xcode? Is there a specific configuration or workaround that makes the extension process launch? The Sandbox restriction error (159) on usermanagerd.xpc seems to be the root cause — is there an entitlement or device setting we're missing?

Hello, According to the official documentation, the macOS Virtualization Framework currently supports only macOS and Linux guest operating systems. I would like to know if there is any way—officially or through a supported workaround—to run Windows 11 as a guest using this framework. Additionally, is there any indication or roadmap suggesting that support for Windows guests might be introduced in a future release, such as in macOS 16? Any insights or official clarification would be greatly appreciated. Thank you.