Hi, I am developing a Screen Time App and I am having issues with the ShieldConfigurationExtension (ShieldConfigurationDataSource). I know this extensions is sandboxed but I should be able to read data from the main app. I am using SwiftData as my database, but I am unable to initialize it in the extensions with an error indicating insufficient file permissions. I have App Group set up and I am able to share data using UserDefaults but that is just inconvenient. Is there any way I could just open the SwiftData in read only mode so that I could display the user some info on the shield? SwiftData Init: private func setupContainer() throws { let schema = Schema([ DogEntity.self, HouseEntity.self ]) // Use app group container if available let config: ModelConfiguration if let containerURL = FileManager.default.containerURL( forSecurityApplicationGroupIdentifier: "group.\(Bundle.app.bundleIdentifier ?? "")" ) { config = ModelConfiguration(schema: schema, url: containerURL.appendingPathComponent("default.sqlite")) } else { config = ModelConfiguration(schema: schema) } self.container = try ModelContainer(for: schema, configurations: [config]) } Error in extension: fault: Attempt to add read-only file at path file:///private/var/mobile/Containers/Shared/AppGroup/51431199-5919-4AE6-940C-6FE3C53EEB46/default.sqlite read/write. Adding it read-only instead. This will be a hard error in the future; you must specify the NSReadOnlyPersistentStoreOption. error: (3) access permission denied error: Encountered exception error during prepareSQL for SQL string 'SELECT TBL_NAME FROM SQLITE_MASTER WHERE TBL_NAME = 'Z_METADATA'' : access permission denied with userInfo { NSFilePath = "/private/var/mobile/Containers/Shared/AppGroup/51431199-5919-4AE6-940C-6FE3C53EEB46/default.sqlite"; NSSQLiteErrorDomain = 3; } while checking table name from store: <NSSQLiteConnection: 0x154100300> error: Store failed to load. <NSPersistentStoreDescription: 0x15402d590> (type: SQLite, url: file:///private/var/mobile/Containers/Shared/AppGroup/51431199-5919-4AE6-940C-6FE3C53EEB46/default.sqlite) with error = Error Domain=NSCocoaErrorDomain Code=256 "The file “default.sqlite” couldn’t be opened." UserInfo={NSFilePath=/private/var/mobile/Containers/Shared/AppGroup/51431199-5919-4AE6-940C-6FE3C53EEB46/default.sqlite, NSSQLiteErrorDomain=3} with userInfo { NSFilePath = "/private/var/mobile/Containers/Shared/AppGroup/51431199-5919-4AE6-940C-6FE3C53EEB46/default.sqlite"; NSSQLiteErrorDomain = 3; } Any help appreciated 🙂

Hello, I am thinking of developing a parental control app but I do not know if I need to request the api for using "Time Screen API". In positive case, where it should be? Is there anyway to use this for educational centers? Not just for families? Kind regards.

Hello! I am a relatively new Apple developer and am almost done with my first app. I am implementing the Screen Time API to my app because the app is designed to help the user digitally detox and I am trying to make it so the user can select which apps they would like to monitor from a list of their apps on their phone so I am using the family activity picker but I just can't extract the data needed to track the apps. I am wondering how to do this. Thank you!

How to programmatically check if ApplicationToken or ActivityCategoryToken is expired in FamilyActivityPicker? I'm building a Screen Time-based parental control app using FamilyControls and ManagedSettings. We use FamilyActivityPicker to allow the user to select apps and categories to restrict, and we apply the shield using: store.shield.applications = .specific(selection.applicationTokens) store.shield.applicationCategories = .specific(selection.categoryTokens) Sometimes, we observe that the shield silently fails to apply — no error is thrown, but the restrictions aren't enforced. I suspect this may be due to expired or invalid tokens, possibly if the app was removed or the selection became stale. My Questions: Can ApplicationToken or ActivityCategoryToken expire or become invalid over time? If yes, is there a supported or recommended way to detect whether a token is still valid before applying it to the shield? Is comparing the current shield values (store.shield.applications and store.shield.applicationCategories) after applying them a reliable validation method? What's the best practice to handle expired tokens (e.g. re-prompt the FamilyActivityPicker, or show a fallback)? What Is the Expiration Duration of Tokens from FamilyActivityPicker? Any guidance or insight from the Screen Time/FamilyControls team would be greatly appreciated! Thank you!

Hello everyone, I’m developing an app using the FamilyControls framework, I distributed through TestFlight the other day using the “Family Controls” distribution (not Development). Everything works as expected in dev builds — but for external TestFlight testers, nothing in the FamilyControls framework seems to function. I'm using the correct Family Controls capability in Xcode (added via Signing & Capabilities). The com.apple.developer.family-controls entitlement is present in my .entitlements file. All the users who reported the issue had correctly given screen time permissions to the app. Would really appreciate some help regarding where the issue could come from.

Hi there! I've been getting this error when I've checked multiple times that I've included the right entitlements as well as provisiong profile. My one concern is that perhaps I'm unable to submit to internal or external TestFlight with Family Controls (Development) and need the one for distrubution, but have yet to submit my appplication for this ability. If anyone has any inisght into this issue lmk!

I am trying to create an app that allows users to opt in and apply a shield to all of their apps during a specified amount of time each day, but they can always turn the shield off from our app or directly ignore the shield for 1 minute from a shield button. It is important that the user doesn't choose what apps to apply a shield to through the activity picker, as some users might not apply it to all apps. Currently I am doing everything I described in my app and shield all apps and webdomain categories with this: store.shield.applicationCategories = .all() store.shield.webDomainCategories = .all() But the, store.shield.applicationCategories = .all(), seems to block everything except for some system apps like Messages, Phone, FaceTime, Maps, Clock, Settings, Safari, Find My, Clock, Compass, Health, etc. It does block some system apps like Weather, Photos, Camera, Measure, App Store, etc. I know I can fully block applications from it's bundle identifier but I do not want to remove apps from the home screen. I only want to apply a shield to all of them. I have read every apple documentation possible about this and can't see a way to do it, currently how I am doing it seems to be the best way but it is still not enough. Even blocking a specific category token taken from the activity picker won't apply to some system level applications under it unless you get all the application tokens and apply the shield by applications and not category. I am really looking for help to see if there is something I can do to achieve my app's goal.

Hello, my app is frequently loosing / forgetting the Screen Time Permission that had been granted previously on iOS 26. I have experienced it myself, sysdiagnose is in this radar: FB18997699 But also also my App Store users who have updated to iOS 26 already have reported this bug. It would be great if Apple could ensure that this bug is addressed before iOS 26 is released to the public.

So when we select an app that needs to have a shield configured for family controls (managed settings), when selecting an individual application (say like Instagram), it works well but when I select a whole category (say like Social) it doesn't work well. here's the exact code for how I choose which application needs to be shielded: class ShieldConfigurationExtension: ShieldConfigurationDataSource { override func configuration(shielding application: Application) -> ShieldConfiguration { return ShieldConfiguration( backgroundBlurStyle: .systemChromeMaterial, backgroundColor: UIColor(red: 220.0/255, green: 20.0/255, blue: 60.0/255, alpha: 1.00), icon: iconImage, title: ShieldConfiguration.Label(text: "You CAN'T give up now!", color: .white), subtitle: ShieldConfiguration.Label(text: "Just a little bit more you got this", color: .white), primaryButtonLabel: ShieldConfiguration.Label(text: "GRINDSET", color: .white), primaryButtonBackgroundColor: .black, secondaryButtonLabel: ShieldConfiguration.Label(text: "Move Fast", color: .black) ) } Now this works well for application selection alone, but there isn't any for category selection as such. And the same is shown in its execution that a category goes back to default shielding. What API should I use for category shielding?

I already waited 4 weeks to get family control entitlement for my bundle ID : com.company.my-cool-app While trying to distribute the app, Its forcing me to have provisioning profile for com.company.my-cool-app.ReportExtension and when I create the provisioning profile it says : doesn't include the com.apple.developer.family-controls entitlement.

Hello, I am trying to display basic screen time data on my main screen. On the initial load of the screen, the DeviceActivityReport renders correctly and visible, but after being in the background and coming back to the app, the whole view is just blank. I don't think I'm doing anything special. Is this a known bug? @main struct MyActivityReportExtension: DeviceActivityReportExtension { var body: some DeviceActivityReportScene { // Create a report for each DeviceActivityReport.Context that your app supports. TotalActivityReport { totalActivity in TotalActivityView(totalActivity: totalActivity) } // Add more reports here... } } extension DeviceActivityReport.Context { // If your app initializes a DeviceActivityReport with this context, then the system will use // your extension's corresponding DeviceActivityReportScene to render the contents of the // report. static let totalActivity = Self("Total Activity") } struct TotalActivityReport: DeviceActivityReportScene { // Define which context your scene will represent. let context: DeviceActivityReport.Context = .totalActivity // Define the custom configuration and the resulting view for this report. let content: (String) -> TotalActivityView func makeConfiguration(representing data: DeviceActivityResults<DeviceActivityData>) async -> String { // Reformat the data into a configuration that can be used to create // the report's view. let formatter = DateComponentsFormatter() formatter.allowedUnits = [.day, .hour, .minute] formatter.unitsStyle = .abbreviated formatter.zeroFormattingBehavior = .dropAll let totalActivityDuration = await data.flatMap { $0.activitySegments }.reduce(0, { $0 + $1.totalActivityDuration }) return formatter.string(from: totalActivityDuration) ?? "No activity data" } } struct TotalActivityView: View { let totalActivity: String var body: some View { VStack(alignment: .center, spacing: 4) { Text("Screen Time") .font(.system(size: 14, weight: .regular)) .foregroundColor(.secondary) .frame(maxWidth: .infinity, // stretch to the full cell width alignment: .center) Text(totalActivity) .font(.system(size: 18, weight: .medium)) .foregroundColor(.primary) } } } And I am using it in my main view: private var analyticsSection: some View { HStack(spacing: 24) { // Some View DeviceActivityReport(DeviceActivityReport.Context(rawValue: "Total Activity"), filter: DeviceActivityFilter( segment: .weekly( during: Calendar.current.dateInterval( of: .weekOfYear, for: .now )! ), users: .all, devices: .init([.iPhone, .iPad]), )) .frame(maxWidth: .infinity) // another view } .frame(maxWidth: .infinity, maxHeight: showAnalytics ? 58 : 0) .padding(.horizontal, showAnalytics ? 24 : 0) .opacity(showAnalytics ? 1.0 : 0.0) .clipped() }

Hi Apple Developer Community, I'm experiencing an issue with Family Controls entitlements for my iOS app that I'd like to discuss and see if others have encountered similar problems. Background: My app (BrightStart) uses Family Controls to help users build healthy morning routines by temporarily blocking distracting apps until they complete a sunlight exposure session. The core functionality relies on automatic time-based blocking (e.g., block social media apps from 6-8am daily). The Problem: I have Family Controls working perfectly in development builds, but I'm blocked from distributing via TestFlight due to entitlement issues with my Device Activity Monitor extension. Technical Details: Main app bundle ID: app.brightstart.app ✅ Has both "Family Controls (Development)" and "Family Controls (Distribution)" options available Extension bundle ID: app.brightstart.app.BrightStartMonitorExtension ❌ Only shows "Family Controls (Development)" - no Distribution option Error when archiving for TestFlight: ❌ Provisioning profile failed qualification Profile doesn't support Family Controls (Development). Family Controls (Development) feature is for development only. Please use Family Controls (Distribution) for distribution. Impact: Cannot upload to TestFlight for beta testing Native FamilyActivityPicker falls back to mock UI in distributed builds Automatic scheduled app blocking (via DeviceActivityMonitor) doesn't function in production Questions for the community: Has anyone successfully gotten "Family Controls (Distribution)" enabled for a Device Activity Monitor extension? Is this a known limitation, or should I expect this option to be available? Are there alternative approaches for time-based automatic app blocking that work in distribution builds? Should I contact Apple Support directly about enabling this entitlement for the extension? Btw, Cursor wrote this summary above, so it could be just hallucinating the issue? Would really appreciate anyone's thoughts here.

Hello everyone, I'm hoping to find a solution for a critical issue that is blocking my app's submission to the App Store. My app uses the Screen Time API and therefore has a main app and a DeviceActivityMonitor extension. The main app has been successfully granted the Family Controls (Distribution) entitlement. However, the DeviceActivityMonitor extension is stuck with only the Family Controls (Development) entitlement. This mismatch causes my build to fail during the archive/distribution process with the error: "Provisioning profile failed qualification. Profile doesn't support Family Controls (Development)." This is a hard blocker, as the extension is a mandatory part of the API. I have already filled out the entitlement request form and also contacted Developer Support (Case #102666581576), who confirmed they could not assist and directed me here. My question is: What is the correct procedure to escalate or resolve the issue of a required extension not receiving the distribution-level Family Controls entitlement after the main app has already been approved? Has anyone else encountered this specific "Development" vs. "Distribution" mismatch and found a definitive way to resolve it? Any guidance would be greatly appreciated. Thank you!

I'm working on an app for iOS that will help people get tasks done. Within the app, we use a ManagedSettingsStore to let the user setup distracting apps. When the user opens any of those apps while it is being shielded, our ShieldConfiguration target opens and displays a screen that we configure with the description of the task they are supposed to do. On the bottom of the view, there are two buttons, one to start the task, and another to dismiss and return to their home screen. I want to have the button that starts the task open up the main application and deeplink to the focus view with the task that they started. Currently, the only thing that we can tell the system to do is via a ShieldActionResponse which is an enum with 3 cases: none, close, or defer. None of these three allow us to open the main application. I have found no workarounds that allow us to do it either. I've tried creating a custom URL scheme and calling UIApplication.shared.open(url), but there is no shared application available within the action extension. I have tried using a NSExtensionContext to open a url, but that does not work either. I have even tried starting a live activity to show the user what task they are working on and have a live timer, but that does not work either. I know it is technically possible, because an app I downloaded does it perfectly. The app is called "Ascent: Screen Time Control". Is there some sort of extension I am missing, or entitlement I have not requested? Any help would be very appreciated.

Do I need this permission to test out development on my local phone? I believe I do since I cannot get the monitor extension to embed AND sign, making it so i cannot test this feature. As in the class will not instantiate and trigger after specific time has happened

Hello, I have an Apple Developer Enterprise account, and Apple Support has already enabled MDM for my account. I successfully downloaded and installed my MDM Vendor Certificate (it shows up in Keychain as MDM Vendor: [My Company Name] with its private key). Here’s what I’ve done so far: Exported the Vendor Certificate + private key as a .p12, then converted to .pem and .key using OpenSSL. Generated an unsigned CSR with CN=com.apple.mgmt.External. using OpenSSL. Attempted to sign the CSR using: my Vendor certificate the Vendor private key Apple Worldwide Developer Relations (WWDR) intermediate certificate OpenSSL smime -sign command with DER output Problem: Every time I try to upload the vendor-signed CSR to the Apple Push Certificates Portal, I get an error (CSR rejected). Sometimes OpenSSL even fails with “unable to load certificates” depending on how the WWDR certificate is included. My Questions: What is the correct OpenSSL command and certificate chain Apple expects for signing the CSR? Do I need to include any additional intermediates besides WWDR? Is there an official Apple reference example for generating the vendor-signed CSR that the Push Certificates Portal will accept? Any guidance from the community (or someone who has successfully done this end-to-end) would be greatly appreciated. Thank you, Sergio Sanchez

I'm experiencing a conflict between Xcode 16's build requirements and App Store validation for DeviceActivityReport extensions. The Issue: Created a DeviceActivityReport extension using Xcode 16's template Extension builds and runs perfectly locally TestFlight upload fails with Apple saying EXAppExtensionAttributes is incorrect for widget extensions When I remove EXAppExtensionAttributes from Info.plist, local builds fail with: "Appex bundle does not define an EXAppExtensionAttributes dictionary" Current Info.plist (works locally, rejected by App Store): EXAppExtensionAttributes EXExtensionPointIdentifier com.apple.deviceactivityui.report-extension NSExtension NSExtensionPointIdentifier com.apple.deviceactivityui.report-extension NSExtensionPrincipalClass $(PRODUCT_MODULE_NAME).ActivityReportExtension The Problem: Xcode 16's "Device Activity Report Extension" template uses fileSystemSynchronizedGroups which appears to require the EX configuration format. But App Store validation rejects this format. Has anyone successfully uploaded a DeviceActivityReport extension created in Xcode 16? Any workarounds for this conflict between local build requirements and App Store validation? Using: Xcode 16.4, Family Controls entitlement (approved), iOS 18.5 SDK Thanks for any insights!

Hi, after updating to iOS 26 I'm encountering an issue where the FamilyActivityPicker no longer opens. No errors are shown in the console, it just never shows up. It works fine pre iOS 26. I've never had any issues with the picker showing up until iOS 26. My latest update was rejected because of this issue, but I've changed nothing in the code. Is anyone else experiencing this?

Hi Apple Engineers and fellow developers, I'm a student developer working on an educational focus management app that helps users hide distracting apps during study sessions. The app consists of: macOS app: Simple "Hide apps" button that triggers app hidding sessions iOS app: Uses Screen Time API to temporarily hide selected apps from home screen Communication: Bonjour networking between Mac and iPhone for session coordination The Challenge My app requires two entitlements that aren't available with Personal Developer Teams: com.apple.developer.family-controls (for Screen Time API) com.apple.developer.networking.multicast (for Bonjour device discovery) Current Error Messages text Cannot create a iOS App Development provisioning profile for "focuser.focuser-app". Personal development teams, including "My Name", do not support the Family Controls (Development) capability. Provisioning profile doesn't include the com.apple.developer.family-controls and com.apple.developer.networking.multicast entitlements. My Question for Apple Engineers Is there any legitimate way to test these privacy-sensitive APIs on my own devices for educational/learning purposes without purchasing the $99/year Apple Developer Program membership? I understand the security reasons behind these restrictions, but as a student just learning iOS development, it creates a significant barrier to experimenting with these technologies.

Situation: I previously had Family Controls (Distribution) approved for a different bundle ID during initial development (for the same app I'm currently working on). I have since migrated to a new bundle ID to align with my app's branding and have already configured multiple third-party integrations (RevenueCat, backend services, etc.) with this new bundle ID. Request: In this scenario, can Apple please expedite the review process for Family Controls (Distribution) on the new bundle ID? The migration is necessary to maintain existing service integrations and avoid significant reconfiguration work for my app. Current Status: Submitted request for approval on new bundle ID over a week ago, still pending review.