I'm working on an app for iOS that will help people get tasks done. Within the app, we use a ManagedSettingsStore to let the user setup distracting apps. When the user opens any of those apps while it is being shielded, our ShieldConfiguration target opens and displays a screen that we configure with the description of the task they are supposed to do. On the bottom of the view, there are two buttons, one to start the task, and another to dismiss and return to their home screen. I want to have the button that starts the task open up the main application and deeplink to the focus view with the task that they started. Currently, the only thing that we can tell the system to do is via a ShieldActionResponse which is an enum with 3 cases: none, close, or defer. None of these three allow us to open the main application. I have found no workarounds that allow us to do it either. I've tried creating a custom URL scheme and calling UIApplication.shared.open(url), but there is no shared application available within the action extension. I have tried using a NSExtensionContext to open a url, but that does not work either. I have even tried starting a live activity to show the user what task they are working on and have a live timer, but that does not work either. I know it is technically possible, because an app I downloaded does it perfectly. The app is called "Ascent: Screen Time Control". Is there some sort of extension I am missing, or entitlement I have not requested? Any help would be very appreciated.

Do I need this permission to test out development on my local phone? I believe I do since I cannot get the monitor extension to embed AND sign, making it so i cannot test this feature. As in the class will not instantiate and trigger after specific time has happened

Hello, I have an Apple Developer Enterprise account, and Apple Support has already enabled MDM for my account. I successfully downloaded and installed my MDM Vendor Certificate (it shows up in Keychain as MDM Vendor: [My Company Name] with its private key). Here’s what I’ve done so far: Exported the Vendor Certificate + private key as a .p12, then converted to .pem and .key using OpenSSL. Generated an unsigned CSR with CN=com.apple.mgmt.External. using OpenSSL. Attempted to sign the CSR using: my Vendor certificate the Vendor private key Apple Worldwide Developer Relations (WWDR) intermediate certificate OpenSSL smime -sign command with DER output Problem: Every time I try to upload the vendor-signed CSR to the Apple Push Certificates Portal, I get an error (CSR rejected). Sometimes OpenSSL even fails with “unable to load certificates” depending on how the WWDR certificate is included. My Questions: What is the correct OpenSSL command and certificate chain Apple expects for signing the CSR? Do I need to include any additional intermediates besides WWDR? Is there an official Apple reference example for generating the vendor-signed CSR that the Push Certificates Portal will accept? Any guidance from the community (or someone who has successfully done this end-to-end) would be greatly appreciated. Thank you, Sergio Sanchez

I'm experiencing a conflict between Xcode 16's build requirements and App Store validation for DeviceActivityReport extensions. The Issue: Created a DeviceActivityReport extension using Xcode 16's template Extension builds and runs perfectly locally TestFlight upload fails with Apple saying EXAppExtensionAttributes is incorrect for widget extensions When I remove EXAppExtensionAttributes from Info.plist, local builds fail with: "Appex bundle does not define an EXAppExtensionAttributes dictionary" Current Info.plist (works locally, rejected by App Store): EXAppExtensionAttributes EXExtensionPointIdentifier com.apple.deviceactivityui.report-extension NSExtension NSExtensionPointIdentifier com.apple.deviceactivityui.report-extension NSExtensionPrincipalClass $(PRODUCT_MODULE_NAME).ActivityReportExtension The Problem: Xcode 16's "Device Activity Report Extension" template uses fileSystemSynchronizedGroups which appears to require the EX configuration format. But App Store validation rejects this format. Has anyone successfully uploaded a DeviceActivityReport extension created in Xcode 16? Any workarounds for this conflict between local build requirements and App Store validation? Using: Xcode 16.4, Family Controls entitlement (approved), iOS 18.5 SDK Thanks for any insights!

Hi, after updating to iOS 26 I'm encountering an issue where the FamilyActivityPicker no longer opens. No errors are shown in the console, it just never shows up. It works fine pre iOS 26. I've never had any issues with the picker showing up until iOS 26. My latest update was rejected because of this issue, but I've changed nothing in the code. Is anyone else experiencing this?

Hi Apple Engineers and fellow developers, I'm a student developer working on an educational focus management app that helps users hide distracting apps during study sessions. The app consists of: macOS app: Simple "Hide apps" button that triggers app hidding sessions iOS app: Uses Screen Time API to temporarily hide selected apps from home screen Communication: Bonjour networking between Mac and iPhone for session coordination The Challenge My app requires two entitlements that aren't available with Personal Developer Teams: com.apple.developer.family-controls (for Screen Time API) com.apple.developer.networking.multicast (for Bonjour device discovery) Current Error Messages text Cannot create a iOS App Development provisioning profile for "focuser.focuser-app". Personal development teams, including "My Name", do not support the Family Controls (Development) capability. Provisioning profile doesn't include the com.apple.developer.family-controls and com.apple.developer.networking.multicast entitlements. My Question for Apple Engineers Is there any legitimate way to test these privacy-sensitive APIs on my own devices for educational/learning purposes without purchasing the $99/year Apple Developer Program membership? I understand the security reasons behind these restrictions, but as a student just learning iOS development, it creates a significant barrier to experimenting with these technologies.

class ShieldActionExtension: ShieldActionDelegate { override func handle(action: ShieldAction, for application: ApplicationToken, completionHandler: @escaping (ShieldActionResponse) -> Void) { // Handle the action as needed. switch action { case .primaryButtonPressed: if let url = URL(string: "blockfocusapp://") { let extensionContext = NSExtensionContext() extensionContext.open(url, completionHandler: nil) } // completionHandler(.defer) case .secondaryButtonPressed: let userDefaults = UserDefaults(suiteName: "group.in.appsquare.FocusApp.shieldExt") userDefaults?.set(false, forKey: "shouldOpenMainApp") completionHandler(.defer) @unknown default: fatalError() } } override func handle(action: ShieldAction, for webDomain: WebDomainToken, completionHandler: @escaping (ShieldActionResponse) -> Void) { // Handle the action as needed. completionHandler(.close) } override func handle(action: ShieldAction, for category: ActivityCategoryToken, completionHandler: @escaping (ShieldActionResponse) -> Void) { // Handle the action as needed. completionHandler(.close) } } I want to be able to open my app from ShieldActionExtension

Situation: I previously had Family Controls (Distribution) approved for a different bundle ID during initial development (for the same app I'm currently working on). I have since migrated to a new bundle ID to align with my app's branding and have already configured multiple third-party integrations (RevenueCat, backend services, etc.) with this new bundle ID. Request: In this scenario, can Apple please expedite the review process for Family Controls (Distribution) on the new bundle ID? The migration is necessary to maintain existing service integrations and avoid significant reconfiguration work for my app. Current Status: Submitted request for approval on new bundle ID over a week ago, still pending review.

I am building a screen time management app. It has the main app target, and then three extensions - those are the four targets in Xcode. The three extensions are: Shield Device Activity Monitor Device Activity Report Extension I requested "Family Controls (Distribution)" capability from Apple for the main app target / bundle ID, and it got approved. Do I need it for the extensions too? Because previously I had "Family Controls (Development)" for the extensions...

I'm developing a parental control app that needs to block adult/18+ websites using the Screen Time API. I've run into scaling issues with 'ManagedSettings.webContent.blockedByFilter`. Environment: iOS 18.x, real device (iPhone) ManagedSettings framework Screen Time permissions granted Current Behavior: The Question: Commercial parental control apps successfully block tens of thousands of domains. What API or architecture should I be using to scale beyond 30-50 domains? Approaches I'm considering: Safari Content Blockers (limited to Safari only) Multiple ManagedSettingsStore instances Network Extension / DNS filtering A different Screen Time API approach What's the recommended way to block large domain lists (1000-60000+) across all apps and browsers? Any guidance appreciated! //33 domains - Works perfectly let blockedSites: Set<WebDomain> = [ WebDomain(domain: "example1.com"), WebDomain(domain: "example2.com"), // ... 31 more domains ] store.webContent.blockedByFilter = .specific(blockedSites) // All 33 domains blocked successfully // 101 domains - Complete failure (no domains blocked at all) let blockedSites: Set<WebDomain> = [ WebDomain(domain: "example1.com"), // ... 100 more domains ] store.webContent.blockedByFilter = .specific(blockedSites) // No errors thrown, but ZERO domains are blocked

In my app I want to integrate a personilized Lock Screen. Does anybody know how that works?

Hi everyone, solo iOS dev here. I’ve built a small focus app (“Modo”) that uses Apple’s Screen Time APIs to help curb social-media overuse. In development everything works: FamilyActivityPicker for selection, a DeviceActivityMonitor extension for schedules, and ManagedSettings shields (plus uninstall guard only while “Blocked” is active). I requested the Family Controls distribution entitlement so I can ship, but my capability request has been pending for a while and I’m not sure what the usual path forward is. What I’ve already done • Submitted the capability request (Account Holder), describing the use case (self-control / digital well-being), user consent flow,. • Implemented app + DeviceActivityMonitor + ManagedSettingsUI extensions; verified the debug build has the right entitlements and behavior. • Regenerated profiles after the request; checked codesign entitlements on the built targets. • Filed a Developer Support ticket referencing the capability request. I really appreciate any timelines, examples, or advice you can share. If an Apple engineer needs specifics (Team ID, request number), I can provide them as well. Thanks in advance!

Hello, I'm experiencing a significant delay getting the Family Controls entitlement approved for my Shield Configuration Extension, and I'm hoping someone here can help or has experienced something similar. Background: I'm developing an app that uses the Screen Time API with Family Controls. My main app bundle (lukedev.Bloka) was approved for Family Controls (Distribution) and works perfectly. The Problem My Shield Configuration Extension (lukedev.Bloka.Shield) has been stuck waiting for approval for over 2 weeks: Request ID: 6C8LD22UVM Submitted: November 20, 2025 Status: Still "Submitted" Current State: Only shows "Family Controls (Development)" in capabilities What I've Tried ✅ Submitted entitlement request via the proper channels ✅ Contacted Apple Developer Support (case #102762028251) ✅ Verified the main app has full Family Controls approval ✅ Deleted and regenerated all provisioning profiles multiple times ✅ Confirmed the App ID configuration is correct in the Developer Portal The Issue Without Family Controls (Distribution) approval for the Shield extension, I cannot: Test the complete app functionality on physical devices Submit the app to App Store Connect Move forward with development The error I'm getting during provisioning: Provisioning profile failed qualification Profile doesn't include the com.apple.developer.family-controls entitlement Questions Has anyone experienced multi-week delays for Shield extension entitlements? Is this normal? Should Shield extensions automatically inherit entitlements from the main app, or do they really require separate approval? The documentation isn't clear on this. Are there any known workarounds to test Shield Configuration Extensions during development while waiting for distribution approval? How can I escalate this request? Developer Support initially told me I already had approval (for the main app) but didn't address the extension's separate bundle ID. Technical Details Xcode: 16.2 Target: iOS 18+ Main App: Family Controls (Distribution) ✅ Approved Shield Extension: Family Controls (Development only) ❌ Stuck Why This Matters The Shield Configuration Extension is a core component of Screen Time API apps - it's not optional. Without it, the app cannot properly display blocking interfaces. The fact that it requires a separate 2+ week approval process (after the main app was already approved) seems like a significant oversight in Apple's review process. Has anyone successfully navigated this situation or found a way to expedite the review? Any help or insights would be greatly appreciated! Thanks, Luca

Hi everyone, I submitted this feature request through Apple’s Feedback Assistant and wanted to share it here, because many families run into the same issue and Apple prioritizes features based on the number of reports they receive. Current limitation: Screen Time only allows one single Downtime period per day for child accounts. For families with separate school hours and bedtime, this is very impractical. My real-world use case: • Downtime 1: 08:00–13:00 (school) • Downtime 2: 20:00–06:00 (bedtime) Both serve completely different purposes, but are not possible to combine with the current system. My suggestions to Apple: Support multiple Downtime periods per day for child accounts. Allow custom exceptions per Downtime block (e.g., allow Phone app). Provide more flexibility overall for families using Screen Time. If you would benefit from this too, it would be great if you could submit the same request via the Feedback app – the more reports Apple receives, the higher the chance for implementation. My Feedback ID: FB21265678 Thank you! 🙏 Hallo zusammen, ich habe über die Feedback-App einen Vorschlag an Apple eingereicht und wollte ihn hier teilen, weil viele Familien dasselbe Problem haben und Apple mehr Rückmeldungen braucht, um das Thema zu priorisieren. Aktuelles Problem: In Bildschirmzeit kann für Kinder aktuell nur eine einzige Auszeit pro Tag eingerichtet werden. Für Familien mit getrennten Schul- und Schlafenszeiten ist das extrem unpraktisch. Mein Anwendungsfall: • Auszeit 1: 08:00–13:00 (Schule) • Auszeit 2: 20:00–06:00 (Schlafenszeit) Beides erfüllt unterschiedliche Zwecke, ist aber nicht kombinierbar. Mein Vorschlag an Apple: Mehrere Auszeiten pro Tag für Kinderaccounts. Pro Auszeit eigene Ausnahmen festlegen (z. B. Telefon erlauben). Allgemein mehr Flexibilität im Screen-Time-System für Familien. Wenn ihr das ebenfalls hilfreich findet, wäre es super, wenn ihr es auch über die Feedback-App meldet – je mehr, desto besser. Feedback-ID meines Vorschlags: FB21265678 Danke euch! 🙏

I'm stuck in an impossible situation with DeviceActivityReportExtension on iOS 18. THE ISSUE: Configuration that works on device (iOS 18.2): Info.plist has only NSExtensionPointIdentifier Swift code uses u/main attribute App installs and runs perfectly Extension works correctly App Store validation FAILS: "Missing NSExtensionPrincipalClass" Adding NSExtensionPrincipalClass (as validation requests): Device installation FAILS with Error 3002 Error says: "NSExtensionPrincipalClass key is not allowed for this extension point" Cannot test on device Validation would likely pass ENVIRONMENT: Xcode 16.2 iOS 18.2 Extension point: com.apple.deviceactivityui.report-extension EVIDENCE IT'S WIDESPREAD: Apple Forums (3 days ago): https://developer.apple.com/forums/thread/812380 Stack Overflow (1+ year): https://stackoverflow.com/questions/77866230/ ROOT CAUSE: iOS 18 changed this extension to use u/main pattern (no NSExtensionPrincipalClass needed). App Store validation hasn't been updated and still expects iOS 17 configuration. WHAT I'VE TRIED: ✅ All deployment targets set to iOS 18.3 ✅ Code follows Apple's WWDC 2022 guidance ✅ All entitlements correct ✅ Info.plist validated ✅ Clean builds ✅ Works perfectly on device No configuration satisfies both device runtime AND App Store validation. Has anyone successfully uploaded an app with DeviceActivityReportExtension to TestFlight on iOS 18? Any workarounds? This is blocking TestFlight deployment completely.

Hi, Submitted Family Controls entitlement requests yesterday for a digital wellness app (main app + 3 extensions). For those who've been through this: How long did approval take? Did Apple ask for more info? Any tips? Thanks!

I've been working a lot with the FamilyControls API and App Shield recently but have encountered a problem with no documentation. I used the FamilyActivitySelection to select the app store to shield(This is just for testing), and then printed out the application token: 1wfY¸êB ò S« öi #×(É?âðw ù/jQ ¿ J ïE¢? ·¿ º<Òd?ý r7¥Ãn N átJ¹ÿ85B_{VAF fC8. ,,¸¯3 T7F ±õü; ¹?v@¯ô Ä \-õ# Ò I know the application token is a Codable object so I was wondering, How do I create an application token using the Token<Application> initializer init(from: any Decoder) throws Creates a new instance by decoding from the given decoder. Using the above data? Do I have to encode first in order to decode it? For reference, the code I tried to use is: newValue.applicationTokens.encode(to: JSONEncoder) if let encoded = try? JSONEncoder().encode(newValue.applicationTokens) { data = encoded print(String(data: data, encoding: .utf8)!) } if let app = try? JSONDecoder().decode(Token<Application>.self, from: data) { let token = Application(token: app) print(token) } else { print("didn't work") } But it prints didn't work every time. What should I do differently?

I'm trying to accomplish the features in this video where the child device requests permission from parent to control scren time. Then the parent can choose apps on the childs phone from their phone. Everything on the childs device is working exactly like in the video. However, on the parents phone, when the FamilyActivityPicker appears, it's only the apps on the parents phone and when an app is selected, nothing changes in the FamilyActivitySelection. I found this forum post describe the same issue I am having. I have a physical device logged in the child and a simulator running as the parent. Why can't I see the child's apps on the parents phone? Is it cause I'm running one of them on a simulator?

I have noticed that when I select the app token of the youtube app to be blocked via a ManagedSettingsStore, the youtube website is blocked as well (which is a good and intended behavior IMO). But how do I know in the ShieldConfigurationDataSource’s override func configuration(shielding webDomain: WebDomain, in category: ActivityCategory) -> ShieldConfiguration to which ManagedSettingsStore the WebDomain’s token is related? We use different ManagedSettingsStores for different block purposes, which differentiate in their ShieldConfiguration. Thanks a lot and have a great day!

As discussed and acknowledged here, there is a known bug with the FamilyActivityPicker. When a user expands a category that contains enough tokens to exceed the 50mb memory limit, the FamilyActivityPicker crashes. This happens quite frequently for heavy Safari users. An apple engineer mentioned on this thread that WebDomains shown in the picker are present based on the last 30 days of usage data as surfaced by WebKit. Is there any way a user can clear these WebDomains? Either programatically through our app or any other process we can guide them to as a workaround while this issue is getting fixed?