Hello, After submitting onboarding form for Live Caller ID Lookup feature, we received rejection response that our OHTTP gateway doesn't support HTTP/2. We have run provided command openssl s_client -alpn h2 -connect with our domain several times from different machines and environments, and our results consistently confirm that HTTP/2 is indeed supported by our OHTTP gateway. The output clearly shows ALPN protocol: h2, indicating successful HTTP/2 negotiation. Here is the log chunk from the command-line response: No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 4393 bytes and written 406 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE ALPN protocol: h2 Early data was not sent Verify return code: 0 (ok) --- DONE We have also tried different 3rd-party services to check the HTTP/2 support and they also confirmed that HTTP/2 is supported. Is it possible to provide additional details on the specific criteria or test conditions that led to its non-approval? I'm happy to provide any further diagnostic information or engage in more detailed technical discussion.

I've been trying to add a CoreSpotlight indexer to my macOS application. The new template for the indexer uses the new appex CSImportExtension style importer. I've been following this -> https://developer.apple.com/documentation/corespotlight/csimportextension I changed the CSSupportedContentTypes in the Info.plist file to the correct file type uti. I added a dummy value into the attributes (see code below) - just setting contentDescription to 'noodle' (easy to search for) class ImportExtension: CSImportExtension {   override func update(_ attributes: CSSearchableItemAttributeSet, forFileAt: URL) throws {     // Add a dummy value, and see whether spotlight finds it     attributes.contentDescription = "noodle" } } I have a number of files on disk that match the uti (and can be found when I search by the file name) Yet, when I build and run my app, the a spotlight search for 'noodle' finds no results. Can anyone give me any advice? I cannot find any indication that the ImportExtension is called (although when I put a log message at the start of the update() call there's no message in the console which seems to suggest it's not being called). Is there any way of debugging this? Cheers and thanks -- Darren.

We have a subscription WeatherKit app which has been on the App Store since December 2023. I am getting intermittent JWT auth failures on customer devices. In the great majority of cases, the request succeeds, but sometimes it fails, and sometimes it fails and never recovers. I’m working with a customer right now who is unable to get any weather data at all, and the logs he sends me show WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors error 2 The app uses the WeatherKit SDK (we are not using the REST API directly). We know we have the project setup as it has been working since launch, and I can verify weatherkit using security cms -D -i embedded.mobileprovision It it not a problem with the specific query, since I can get data for the dates and locations they are requesting. I can’t replicate the problem on my test devices. In case there is a rate limit issue: this app is a bit unusual and downloads an unusual amount of data at once using multiple queries in parallel using a TaskGroup. When the user creates a location, the app downloads a 10 day block of weather (7 days in the past + 3 day forecast) using WeatherService.shared.weather( for: location, including: WeatherQuery.daily( startDate: startDate, endDate: endDate ), WeatherQuery.hourly( startDate: startDate, endDate: endDate ) ) It also downloads about 2 months of daily precipitation data using multiple parallel calls to dailySummary in 10 day blocks: WeatherService.shared.dailySummary( for: location, forDaysIn: DateInterval(start: startDate, end: endDate), including: .precipitation ) In almost every case, including on my test devices, this works. But some users get WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors error 2 on every request. The two users yesterday that had this problem were both on iOS 18.5 for what that's worth, though the app supports 17.2+ Is anyone else seeing this? And can anyone suggest anything else to explore? It's obviously a terrible experience for customers who pay for the service and are unable to get any data. I did submit this info to Apple as FB18276275

I created a ShieldConfigurationExtension in Xcode 14.3 with File > New > Target > ShieldConfigurationExtension. This created the extension with all the necessary Info.plist values (correct NSExtensionPrincipalClass, etc.), with the extension included in embedded content in the host app target. No matter what I try, the extension is not getting invoked when I shield applications from my host app. The custom UI does not show as the shield, and looking at the debugger, an extension process is never invoked. I am shielding categories like this: let managedSettings = ManagedSettingsStore() ... managedSettings.shield.applicationCategories = .all() And my extension code overrides all the ShieldConfigurationDataSource functions. class ShieldConfigurationExtension: ShieldConfigurationDataSource { override func configuration(shielding application: Application) -> ShieldConfiguration { return ShieldConfiguration( backgroundBlurStyle: UIBlurEffect.Style.systemThickMaterial, backgroundColor: UIColor.white, icon: UIImage(systemName: "stopwatch"), title: ShieldConfiguration.Label(text: "You are in a Present Session", color: .yellow) ) } override func configuration(shielding application: Application, in category: ActivityCategory) -> ShieldConfiguration { return ShieldConfiguration( backgroundBlurStyle: UIBlurEffect.Style.systemThickMaterial, backgroundColor: UIColor.white, icon: UIImage(systemName: "stopwatch"), title: ShieldConfiguration.Label(text: "You are in a Present Session", color: .yellow) ) } override func configuration(shielding webDomain: WebDomain) -> ShieldConfiguration { return ShieldConfiguration( backgroundBlurStyle: UIBlurEffect.Style.systemThickMaterial, backgroundColor: UIColor.white, icon: UIImage(systemName: "stopwatch"), title: ShieldConfiguration.Label(text: "You are in a Present Session", color: .yellow) ) } override func configuration(shielding webDomain: WebDomain, in category: ActivityCategory) -> ShieldConfiguration { return ShieldConfiguration( backgroundBlurStyle: UIBlurEffect.Style.systemThickMaterial, backgroundColor: UIColor.white, icon: UIImage(systemName: "stopwatch"), title: ShieldConfiguration.Label(text: "You are in a Present Session", color: .yellow) ) } } What am I missing?

I'm encountering a strange behavior with one of my home's on Home app while I'm off network. When I launch the app it indicates that the hub is not responding and all of my devices are unavailable. However, on the menu bar at the bottom if I switch to "Automation" and back to "Home" the pop-up goes away and my devices are accessible again (sometimes this take a few attempts). Siri is also able to consistently control my devices without an issue. The same behavior occurs with Home app on other devices (e.g. Mac) and with other members that have access to the household. 3rd party HomeKit app like "Controller" does not have an issue. This issue began with iOS 26 and I haven't had much luck resolving the issue. I already tried rebooting everything, including removing and re-adding an Apple TV (home hub). I have other homes shared with me in Home App with similar network/environment that are still working. The home I'm having issues has the most number of devices though (over 100+).

Could someone please explain how to use a custom sound when setting up an alarm using AlarmKit? It keeps playing a default sound. Also, I keep having an issue where the alarm sound plays but doesn’t show the alarm interface buttons unless the screen is locked.

Hello, I’m building an app that helps people spend less time on social media apps. For that, I make heavy use of Apple’s Screen Time APIs, such as ManagedSettings and FamilyControls. When an app is locked using a ShieldConfiguration, the user has to open my app in order to unlock it (e.g. enter a code). This is very cumbersome because no documented API exists to open the parent app (=my app) from the ShieldActionDelegate (also part of my app) when the user presses a button of the ShieldConfiguration. The ShieldActionDelegate callback just offers three options in its ShieldActionResponse: .none .defer .close .openParentApp is missing. We are working around this limitation by sending a local push notification that the user has to tap on. This has multiple drawbacks: It has to be ensured that notification permission has been granted. It has to be ensured that notifications can be delivered even while focus is enabled. Features such as Apple Intelligence notification summaries and notification prioritization can heavily delay delivering notifications and thus frustrate the user. Neither my users nor myself do understand why this is not possible in a smoother way, at least according to the documentation. There are 3rd party apps that have such functionality, they can directly open their own app from a button press in the Shield, see here: https://apps.apple.com/us/app/applocker-passcode-lock-apps/id1132845904 It would be great if Apple could level the playfield for all developers and document how this is achievable, because technically it clearly is. Thanks a lot and have a great day!

Hi, I have a released screentime app ScreenZen. The last few days I've seen a disturbing spike in bug reports coming from people with 17.4.1 and 17.5.1 phones with no update to the app itself. People reported they saw the issue immediately after updating their iOS version. Unfortunately it is not replicable on all phones with those versions, so we haven't been able to replicate it on our test phones. It appears the issue is the ApplicationToken passed into ShieldActionExtension and ShieldConfigurationExtension does not match any of the ApplicationTokens that the user selected to block through FamilyControls. (The selected ApplicationTokens are being loaded through a group UserDefaults and they are indeed being loaded in the ShieldActionExtension in the bug reports).This is preventing the app from loading the correct settings and handling the blocking accordingly. I am trying to isolate this better with a new release with better logging, but would appreciate any help on this issue.

I'm experiencing a contradictory validation issue with DeviceActivityReportExtension that creates an impossible situation: The Problem: Without NSExtensionPrincipalClass in Info.plist → App Store Connect rejects upload with: "Missing Info.plist values. No values for NSExtensionMainStoryboard or NSExtensionPrincipalClass found" With NSExtensionPrincipalClass → Local install fails with: "defines either an NSExtensionMainStoryboard or NSExtensionPrincipalClass key, which is not allowed for the extension point com.apple.deviceactivityui.report-extension" Setup: Extension point: com.apple.deviceactivityui.report-extension Using SwiftUI with @main attribute and DeviceActivityReportExtension protocol Xcode 16.2, iOS 17.6 deployment target Code structure: @main struct SpoolReport: DeviceActivityReportExtension { var body: some DeviceActivityReportScene { // Report scenes here } } The extension builds and runs perfectly without NSExtensionPrincipalClass, but cannot be uploaded to App Store Connect. Adding the key allows upload but breaks local installation. Is this a known issue? Is there a workaround or correct Info.plist configuration for DeviceActivityReportExtension? Thank you!

Hi everyone, I’ve filed a Feedback report (FB20986470) for a serious issue affecting the Call Directory database when add phone numbers for call blocking. When adding blocking numbers to a Call Directory extension, the system’s CallKit database (/private/var/mobile/Library/CallDirectory/CallDirectory.db) becomes corrupted. The reload call (reloadExtensionWithIdentifier) fails with error code 11 when the system tries to insert blocking entries, and the Console app on macOS shows the following errors: database corruption page 2265525 of /private/var/mobile/Library/CallDirectory/CallDirectory.db at line 81343 of [f0ca7bba1c] database corruption at line 79387 of [f0ca7bba1c] Error Domain=com.apple.callkit.database.sqlite Code=11 "sqlite3_step for query 'INSERT INTO PhoneNumberBlockingEntry (extension_id, phone_number_id) VALUES (?, (SELECT id FROM PhoneNumber WHERE (number = ?))), (?, (SELECT id FROM PhoneNumber WHERE (number = ?))),...)'" After this happens, CallKit becomes fully corrupted on the device and no further numbers can be added, even after: Disabling and re-enabling the extension Restarting the device (either force or soft restart) Reinstalling the app Waiting for a couple of minutes after this issue happens (that CallKit could possibly self-recovered) I also tested other call-blocking apps, and they all fail with the same error. The only thing that recovers the system is a full “Reset All Settings.” This issue has been reported by many users of my app, across multiple iOS versions and devices. Similar related issue reported by another developer: https://developer.apple.com/forums/thread/806129 Steps to Reproduce: Enable the Call Directory extension from a call-blocking app. Add and reload blocking numbers (a few thousand entries). Perform multiple reloads between additions. Check the Console, the corruption errors appear. From this point, all insert attempts fail system-wide. Expected Result: Entries should be inserted successfully, or the system should self-recover without persistent corruption. Actual Result: sqlite3_step fails with Code=11, and the Call Directory database remains corrupted until the user resets all settings. Additional Notes: All numbers are sorted and deduplicated before insertion. Happens intermittently after multiple reloads. The system log always shows internal database failure. Environment: Device: iPhone 16 Plus iOS 18.2 Beta (23C5027f) Xcode 16.1 (17B55) Attachments (included in Feedback FB20986470): sysdiagnose captured immediately after the failure (with Phone app General Profile) It seems like a system-level corruption affecting all Call Directory extensions once it occurs.

I have universal links configured for my iOS app which work as expected when the app is installed. When the app is not installed the universal link will go to the browser as expected. What I want to do is redirect to the app store, allow the user to install the app, then redirect them to the initial universal link. Redirecting them to the app store isn't the hard part I can achieve that from the webpage, however I don't know how to save a reference to that initial link to redirect them once they instal the app. What I want the flow to be for a user who doesn't have the app is: visit a universal link (example.com/UUID) redirect to the app store and install the app open the app and redirect to example.com/UUID I've seen some ways people are doing this with the clipboard but I don't love that solution, I also don't want to use a 3rd party service if I can avoid it - how are the 3rd party services making this happen?

On iOS 26.2 (23C55), DeviceActivityMonitor.eventDidReachThreshold fires intermittently for a daily schedule (00:00–23:59) even when iOS Screen Time shows 0 minutes for the selected apps that day. This causes premature shielding via ManagedSettings. Environment: iPhone 13 Pro Max, iOS 26.2 (23C55). Event selection: 2 apps. Threshold: 30 minutes. Multiple TestFlight users report the same behavior across various app selections and thresholds. Intermittent (~50% of days); sometimes multiple days in a row. Not observed in testing prior to iOS 26.2. Evidence: sysdiagnose + Screen Time screenshots (with 0 screen time on selected apps) + unified logs show UsageTrackingAgent notifying the extension that “unproductive from activity daily reached its threshold,” followed immediately by ManagedSettings shield being applied (extension reacting to the callback). Filed Feedback Assistant: FB21450954. Questions: Are others seeing this on 26.2? Does it correlate with restarting monitoring at interval boundaries or includesPastActivity settings?

We are integrating Apple’s DeclaredAgeRange SDK. To comply with relevant regulatory requirements, our understanding is as follows: The app is only required to obtain the declared age range for users located in Texas. For users outside of Texas, we should not proactively request age range information. Accordingly, we would like to confirm the following: Are we required to present the age range request prompt to all users in the United States? If yes, we are concerned that this may significantly impact the overall user experience. If it is permissible to request age range only for Texas users, how can we reliably determine whether a user is located in Texas on the client side? For example, does Apple provide an API or recommended method for accurately identifying a user’s region (specifically Texas)?

Hello, I’m working on implementing SB2420 compliance using the Declared Age Range framework. While referring to the documentation at https://developer.apple.com/documentation/declaredagerange, I couldn’t find details on how the TX region (transaction region or territory) is determined when using Declared Age Range. Specifically, I’d like to confirm the following points: How does the system determine the TX region when the user’s declared age range is retrieved? Is it based on the App Store region, the device locale, or the user’s Apple ID country? If the app’s backend needs to verify or log the TX region, is there a way to obtain or infer it from the API response or receipt data? Is there any difference in TX region determination between Sandbox and Production environments? If anyone has experience implementing Declared Age Range (SB2420) and handling region determination, I’d appreciate your insights or best practices. Thank you.

0 CoreText TDecorationRun::CalculateGlyphIntersections(CGAffineTransform, TRun const&, double, double, std::__1::function<void (double, double)> const&) const + 1704 1 CoreText TDecorationRun::CalculateGlyphIntersections(CGAffineTransform, TRun const&, double, double, std::__1::function<void (double, double)> const&) const + 1440 2 CoreText void TDecorationRun::DrawDecorationRun<(anonymous namespace)::TRunAdapter>(CGContext*, (anonymous namespace)::TRunAdapter, (anonymous namespace)::TRunAdapter, double)::'lambda'(CGPoint, CGPoint)::operator()(CGPoint, CGPoint) const + 508 3 CoreText TDecorator::DrawDecoration(TLineDrawContext const&, TLine const&, TInlineVector<DecorationOverride, 30ul> const*) + 2356 4 CoreText TLine::DrawUnderlines(CGContext*) const + 104 5 CoreText TLine::DrawGlyphs(CGContext*) const + 292

I have an app using weatherkit and its currently live and up on the app store, recently I had some users report to me that they had been receiving errors loading weather data, I had error handling built in and it reported an issue with apples authentication server Failed to generate jwt token for: com.apple.weatherkit.authservice with error: Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" I have not come across this during the development lifecycle of my project, there where no codebase changes, it just stopped functioning. The app entitlements are valid and correct, Weatherkit is enabled in both xcode and across my Certs, identifiers and profiles. I was not experiencing this issue until I reinstalled the app from the app store completly by first removing it and then re-installing fresh. Hard reboots do not help and I do not want to start suggesting to my users to factory reset their devices. We are using WeatherKit in both our main app and widget, relying entirely on Apple’s framework for authentication and token management. We do not generate or inject our own JWT tokens; all token handling is managed by WeatherKit. We have implemented a debug menu with the following actions: Clear WeatherKit JWT tokens from the keychain Clear all related UserDefaults key Clear all app group data and all UserDefaults. Perform a “nuclear” cache clear (removes all app data, keychain, and cached files). We log all WeatherKit fetch attempts and failures, including authentication errors, both in the app and widget and get nothing but code 2. We have attempted all of the above steps, but continue to experience issues with WeatherKit JWT authentication We would appreciate any guidance or insight into what else could be causing persistent WeatherKit JWT/authentication issues, or if there are any additional steps we should try. P.S. - Tested and experiencing the same issues on an iPhone 15 Pro Max and iPhone 15 The Pro Max is on the iOS 26 Beta // and the 15 is on the latest iOS 18

I'm trying to digest and understand the new set of APIs relating age verification that were released last week. I have say that without some cohesive overview, example app, just a simple diagram showing the relationship of everything, its not at all clear to me what's going on nor what an app developer is expected to do to use these apis (I'm a senior engineer with 15 year's iOS experience, but hey maybe I'm just a bit slow in the head). I have a few questions, but the topic of this post is what is the relationship between age verification i.e. between the declared age range/significant change and Permission Kit? The documentation for the former mentions the Significant Change API/Topic (https://developer.apple.com/news/?id=2ezb6jhj / https://developer.apple.com/documentation/PermissionKit/SignificantAppUpdateTopic). Now the Significant Change Topic is documented as being part of PermissionKit, however the documentation for that (https://developer.apple.com/documentation/permissionkit) States emphatically at the top: "Communication experiences using the PermissionKit framework are only available using iMessage." Meaning you can't use PermissionKit for anything other than iMessage? If it doesn't mean that, then why does it state so? If it does mean that, then how does an app which has nothing to do with iMessage make use of Significant Change - because this documentation:https://developer.apple.com/news/?id=2ezb6jhj Is talking about using significant change for all apps, not iMessage. So there is a contradiction here.

Our app includes showing external web service with WebView or Safari and returning to the app with custom URL scheme or universal link. When we set "Hide and Require Face ID" feature which was available on iOS 18, neither custom URL scheme nor universal link activated the app. If we only set "Require Face ID", the deep link worked properly. Here is what we've tried: Define custom URL scheme or universal link in the app https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app https://developer.apple.com/documentation/xcode/supporting-universal-links-in-your-app Implement external web service with one of the following frameworks ASWebAuthenticationSession https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/ SFSafariViewController https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller Safari WKWebView https://developer.apple.com/documentation/webkit/wkwebview On iOS 18 device, install the app and set "Hide and Require Face ID" Access external web page and tap the link which activates custom URL scheme or universal link We expected the deep link to work, but the results were: Custom URL scheme &amp;amp; ASWebAuthenticationSession/SFSafariViewController/Safari The system shows "Cannot open the page because the address is invalid" Custom URL scheme &amp;amp; WKWebView Nothing happens when tapping the link Universal link Directed to the server with associated domain file, but the system doesn't call the app which is defined in the associated domain file We tested the feature with the app built with Xcode16 beta 6, and the device with iOS 18 Seed 8(22A5350a). Does hide app feature support custom URL scheme and universal link?

Hi, On iOS 26 beta, calls can no longer be reported by swiping left on a call. This is unfortunately a breaking change. I have submitted a report on this on June with Feedback Assistant: FB17893517 I hope it will get some more exposure by posting here.

Hello, The purpose of "Screen Time Passcode" under Settings/Screen Time is to protect Screen Time preferences and it is asked every time the user updates Downtime, App Limits, Content & Privacy Restrictions and so on. But the private passcode is not requested if the user disables Screen Time for a particular app (only Face ID or phone passcode is requested, but not the private Screen Time passcode). I think this is a mistake, I think the purpose of a private Screen Time passcode is to protect all settings, including apps that use this API, right? Is there any solution to this? Thank you.