Team-scoped keys introduce the ability to restrict your token authentication keys to either development or production environments. Topic-specific keys in addition to environment isolation allow you to associate each key with a specific Bundle ID streamlining key management. For detailed instructions on accessing these features, read our updated documentation on establishing a token-based connection to APNs.

We are observing unexpected behavior in Apple Wallet for transactions processed via an online delivery platform. Here is the specific flow: Initial Authorization: The original order was placed for $22.30. Order Amendment: The user added an item 10 minutes later for $6.20, bringing the total to $28.50. The Issue: Apple Wallet only displays the $6.20 transaction. The initial $22.30 amount is not visible in the transaction list. Technical Verification: We confirmed that both backend authorization messages for the original amount and the add-on were approved. We verified that the final settlement amounts correctly reflect the sum of both charges ($28.50). We have confirmed the transaction lifecycle completed successfully on our end. Despite this, the customer only sees the $6.20 entry in their Wallet history, which creates confusion as it doesn't reflect the total spent. Has anyone encountered this sync issue between settlement totals and Wallet display, or is there a specific way we should be linking these related authorizations? Thanks!

We’re evaluating a Bluetooth device that supports Hands Free Profile (HFP) as the “Hands-Free Unit”. You can think of this as a Bluetooth telephone headset. This device interacts with our iOS application. We observed the following. The iPhone 17 HFP Wide-Band Speech (WBS) mSBC decoder requires the WBS packet (H2 header + mSBC frame) to be sent aligned. Aligned meaning, the H2 header must be first in every packet. The WBS packet cannot span multiple eSCO packets or else the iPhone will discard the audio. This is a different implementation than the iPad (iPad Pro 11-inch M4) , presumably due to Apple’s new N1 chip. In other words, we’ve identified that older iPhones and iPads do not require this alignment. They have implemented a stateful parser/decoder of the HFP WBS audio. A quick picture to help illustrate. The iPhone 17 requires: | Frame | Frame | Frame | Frame | However, a Bluetooth implementation we are evaluating does: | me Fra | me Fra | me Fra | me Fra | Does Apple intend to keep this implementation and continue discarding audio frames that are not aligned? Page 115 of the Bluetooth HFP 1.8 specification mentions at the bottom that this behavior is “left up to the implementation” but that the “synchronization header enables unaligned codec audio frames to be recovered by the receiving side.” We understand and acknowledge that one whole frame per eSCO packet is the intended, optimal method for delivering WBS mSBC audio for reduced jitter, latency, and memory usage. However, the more robust solution would be to maintain a stateful receiver as previously implemented. Any input would be appreciated.

We’re having an iPad issue accessing the local network with iPadOS 26.3. We have an automation system that tests our app on an iPad using accessibility tags. the XCTest test code sends messages from the iPad via TCP/IP to setup external test equipment. The messages abruptly stopped transmitting across the iPad blood-brain barrier with iPadOS 26.3 (26.2.1 and earlier works fine). The technique that worked involved installing a helper app with the same bundleID as our app, allowing the helper app to access the network, and when our app runs it has network access through the helper. It’s clever and kludgey. Forums that we referenced in the past: https://developer.apple.com/forums/thread/663858 TN3179: Understanding local network privacy | Apple Developer Documentation I suspect that something was changed in 26.3 that closed our window. I need two things: ID what is different in 26.3 and fix the automation system. If there’s a new way for XCUITest code to access the local network I’m happy to try it out.

Hello Apple Developer Technical Support Team, I’m working on an iOS banking/security SDK and we’re trying to match an Android feature that reads payment cards via NFC (EMV). On Android, this is implemented using an NFC scanning screen (e.g., “NfcScanActivity”) that can read EMV data from contactless credit/debit cards. Could you please clarify the current iOS capabilities and App Store policy around this? On iOS, is it currently possible for a third-party App Store app to read contactless credit/debit cards using Core NFC (i.e., accessing EMV application data/AIDs from payment cards)? If this is possible, what are the supported APIs/frameworks and any entitlement requirements (if applicable)? If this is not possible for App Store apps, could you recommend the closest acceptable alternatives for achieving a similar user outcome? For example: Using Apple Pay / PassKit flows for payment-related experiences Card scanning alternatives (camera-based OCR) for capturing card details (if allowed) Using an external certified card reader accessory (MFi) and required approach/entitlements Any other Apple-recommended approach for “card verification / identification” without reading EMV NFC data Our goal is not to bypass security restrictions, but to provide a compliant solution on iOS comparable to Android’s NFC-based card reading, or to adopt an Apple-approved alternative if direct EMV reading is not supported. If helpful, I can share a brief technical summary of the Android behavior and the exact data we need to obtain (e.g., whether it’s card presence verification vs. reading specific EMV tags). Thank you for your guidance. Best regards, Anis

Hello Apple Developer Technical Support Team, I’m working on an iOS banking/security SDK and we’re trying to match an Android feature that reads payment cards via NFC (EMV). On Android, this is implemented using an NFC scanning screen (e.g., “NfcScanActivity”) that can read EMV data from contactless credit/debit cards. Could you please clarify the current iOS capabilities and App Store policy around this? On iOS, is it currently possible for a third-party App Store app to read contactless credit/debit cards using Core NFC (i.e., accessing EMV application data/AIDs from payment cards)? If this is possible, what are the supported APIs/frameworks and any entitlement requirements (if applicable)? If this is not possible for App Store apps, could you recommend the closest acceptable alternatives for achieving a similar user outcome? For example: Using Apple Pay / PassKit flows for payment-related experiences Card scanning alternatives (camera-based OCR) for capturing card details (if allowed) Using an external certified card reader accessory (MFi) and required approach/entitlements Any other Apple-recommended approach for “card verification / identification” without reading EMV NFC data Our goal is not to bypass security restrictions, but to provide a compliant solution on iOS comparable to Android’s NFC-based card reading, or to adopt an Apple-approved alternative if direct EMV reading is not supported. If helpful, I can share a brief technical summary of the Android behavior and the exact data we need to obtain (e.g., whether it’s card presence verification vs. reading specific EMV tags). Thank you for your guidance. Best regards, Imran

Hi, I’m looking for clarification on what concurrency and consistency guarantees Apple provides when multiple targets (main app + Widget extensions) access shared storage. Specifically: 1. UserDefaults (App Group / suiteName:) • If multiple processes (app + multiple widget instances) read and write the same shared UserDefaults, what guarantees are provided? • Is access serialized internally to prevent corruption? • Are read–modify–write operations safe across processes, or can lost updates occur? 2. Core Data (shared SQLite store in App Group container) • Is it officially supported for multiple processes to open and write to the same Core Data SQLite store? • Are there recommended configurations (e.g. WAL mode) for safe multi-process access? • Is Apple’s recommendation to have a single writer process? 3. FileManager (shared container files) • If two processes write to the same file in an App Group container, what guarantees are provided by the system? • Is atomic replaceItemAt the recommended pattern for safe cross-process updates? Additionally: • Do multiple widget instances count as separate processes with respect to these guarantees? • Is there official guidance on best practices for shared persistence between app and widget extensions? I want to ensure I’m following the correct architecture and not relying on undefined behavior. Thanks.

What is screen studio: Screen studio is a screen recording app that lets users record screen and then edit the recording and add custom background image and it includes many apple wallpapers. I seen this in tons of other apps as well

We are operating an application that uses WeatherKit. Despite revoking a specific WeatherKit key on the Apple Developer website, the number of API calls associated with that key continues to increase. We are looking for a way to completely disable this particular key. Any advice or suggestions would be greatly appreciated.

Environment: iOS 26.4 beta Xcode 26.4 beta Framework: AccessoryNotifications, AccessorySetupKit, AccessoryTransportExtension Description: I'm implementing notification forwarding to a custom BLE accessory using the new AccessoryNotifications framework in iOS 26.4. I've set up an AccessoryDataProvider extension following the documentation, but I'm unclear about how the data is actually transmitted to the BLE accessory. Current Implementation: Main App - Uses AccessorySetupKit to discover and pair accessories: let descriptor = ASDiscoveryDescriptor() descriptor.bluetoothServiceUUID = CBUUID(string: "FEE0") let displayItem = ASPickerDisplayItem( name: "Notification Accessory", productImage: UIImage(systemName: "applewatch")!, descriptor: descriptor ) accessorySession.showPicker(for: [displayItem]) { error in // Handle error } AccessoryDataProvider Extension - Implements NotificationsForwarding.AccessoryNotificationsHandler: @main struct AccessoryDataProvider: AccessoryTransportExtension.AccessoryDataProvider { @AppExtensionPoint.Bind static var boundExtensionPoint: AppExtensionPoint { Identifier("com.apple.accessory-data-provider") Implementing { AccessoryNotifications.NotificationsForwarding { NotificationHandler() } } } } // NotificationHandler sends messages via: let message = AccessoryMessage { AccessoryMessage.Payload(transport: .bluetooth, data: data) } try await session?.sendMessage(message) Info.plist Configuration: EXExtensionPointIdentifier com.apple.accessory-data-provider NSAccessorySetupBluetoothServices FEE0 Questions: What BLE Service and Characteristic should the accessory advertise? - The documentation mentions specifying transport: .bluetooth, but doesn't explain what Service/Characteristic the accessory needs to implement to receive the notification data. 2. How does AccessoryMessage with transport: .bluetooth actually transmit data? - Is there a specific Apple-defined BLE protocol? - Does the accessory need to run specific firmware or support a particular protocol stack? 3. Is there any documentation about the accessory-side implementation? - The iOS-side documentation is clear, but I couldn't find information about what the BLE peripheral needs to implement. 4. Is MFi certification required for the accessory? - The documentation doesn't explicitly mention MFi, but it's unclear if custom third-party accessories can use this framework. Any guidance on how the BLE communication works under the hood would be greatly appreciated.

Hi all I have a problem with core data, where when a new user login that is different from the previous user i delete all of core data by using "destroyPersistentStore". Then i recreate the persistent store, this works when i am testing. When it does not work for one of my users when she test. I am not sure why this should not work, i have added the code i use to destroy the persistent store below. This code is run after login but before the view changes away from my login view. // Retrieves the shared `AppDelegate` instance guard let appDelegate = UIApplication.shared.delegate as? AppDelegate else { return } appDelegate.destroyDataSyncBackground() // Get a reference to a NSPersistentStoreCoordinator let storeContainer = appDelegate.persistentContainer.persistentStoreCoordinator // Delete each existing persistent store for store in storeContainer.persistentStores { if let url = store.url { do { try storeContainer.destroyPersistentStore( at: url, ofType: store.type, options: nil ) } catch { print("Failed to deleted all") } } else { print("Failed to deleted all") } } // Re-create the persistent container appDelegate.persistentContainer = NSPersistentContainer( name: "CueToCue" // the name of // a .xcdatamodeld file ) // Calling loadPersistentStores will re-create the // persistent stores appDelegate.persistentContainer.loadPersistentStores { (store, error) in // Handle errors let description = NSPersistentStoreDescription() description.shouldMigrateStoreAutomatically = true description.shouldInferMappingModelAutomatically = true appDelegate.persistentContainer.persistentStoreDescriptions = [description] } // Reapply context configuration let viewContext = appDelegate.persistentContainer.viewContext viewContext.automaticallyMergesChangesFromParent = true viewContext.mergePolicy = NSMergeByPropertyObjectTrumpMergePolicy do { try viewContext.save() appDelegate.recreateDataSyncBackground() } catch { print("Debug: saving delete all failed.") } } The function "destroyDataSyncBackground" just set the my sync class to nil so stop any changes to core data while the code is running. The function "recreateDataSyncBackground" recreate the sync class so fetch, post and patch requests is made again.

在iOS 26.4 beta3版本中，当前支付完成，获取的票据是上次支付的票据，在拉起一笔支付成，获取的又是上次支付的票据

Our game application is developed based on StoreKit 1, and an exception occurs on iOS 26.4: after players complete a payment, the finishTransaction method fails to properly remove the transaction from the SKPaymentQueue; as a result, when players restart the app, the system still triggers the retry process for this transaction (reconciliation of unpaid orders). Has anyone encountered this issue? If there is a solution, we would appreciate it if you could share it with us.

Hello, I am facing a validation error when uploading a macOS app with a Network Extension. The Error: Invalid system extension. The system extension at “[T] TEXT.app/Contents/Library/SystemExtensions/company_name.network-extension.systemextension” resides in an unexpected location. The Problem: Validation fails only when the app's Product Name contains square brackets: [T] TEXT. If I remove the brackets from the Product Name, validation passes. What I've tried: Setting Product Name to TEXT (without brackets) and CFBundleDisplayName to [T] TEXT. Cleaning Derived Data and rebuilding the archive. Verified that the extension is physically located at Contents/Library/SystemExtensions/. It seems the Apple validation tool fails to parse the bundle path correctly when it contains characters like [ or ]. Question: How can I keep the app name with brackets for the user (in System Settings and Menu Bar) while ensuring the Network Extension passes validation? Is there a way to escape these characters or a specific Info.plist configuration to satisfy the validator?"

<Apple Developer Program许可协议>已更新并需要查阅。若要更新现有App和提交新 App，账户持有人必须登录账户，查看并接受更新后的协议。 apple 会费到期 续费以后 无法获取app内购数据，经排查可能是这个协议没有签署，签署后多久可以重新获取到app内购数据。

Hello, I am facing a validation error when uploading a macOS app with a Network Extension. The Error: Invalid system extension. The system extension at “[T] TEXT.app/Contents/Library/SystemExtensions/company_name.network-extension.systemextension” resides in an unexpected location. The Problem: Validation fails only when the app's Product Name contains square brackets: [T] TEXT. If I remove the brackets from the Product Name, validation passes. What I've tried: Setting Product Name to TEXT (without brackets) and CFBundleDisplayName to [T] TEXT. Cleaning Derived Data and rebuilding the archive. Verified that the extension is physically located at Contents/Library/SystemExtensions/. It seems the Apple validation tool fails to parse the bundle path correctly when it contains characters like [ or ]. Question: How can I keep the app name with brackets for the user (in System Settings and Menu Bar) while ensuring the Network Extension passes validation? Is there a way to escape these characters or a specific Info.plist configuration to satisfy the validator?"

I'm building an app that uses the Family Controls / Screen Time APIs (FamilyControls, ManagedSettings). My app has three targets, each with a distinct Bundle ID: Main App Shield Configuration Extension ShieldAction Extension All three have com.apple.developer.family-controls in their entitlements files, and they share an App Group. My question is about the distribution entitlement request form at developer.apple.com/contact/request/family-controls-distribution: does the form need to be submitted once per Bundle ID, or is a single submission for the main app sufficient to then enable Family Controls (Distribution) for the extension Bundle IDs in the developer portal as well? I've seen conflicting reports in other forum threads — some developers say one submission covers all targets, others say separate submissions are needed per Bundle ID. I've already submitted the main app, but now I am wondering whether I should submit one for each Shield extension. Thanks!

Hi! We’ve had Live Caller ID Lookup in production for a while. We’re seeing backend RPS on our /queries endpoint much higher than our expected incoming call volume. While testing with Console.app during an incoming call, it looks like iOS may still hit our service even when the caller number is already in the user’s Contacts - but I’m not 100% sure from logs alone. Can you confirm: Does iOS invoke Live Caller ID Lookup (i.e. call /queries) for every incoming call, including calls from saved Contacts? If yes, is this simply expected framework behavior? Thanks!

While the recent news says "Developers who are distributing apps in Brazil can use the updated Declared Age Range API to obtain a user’s age category.", the guidance in the API did not mention Brazil. Can we confirm that Should all iOS developers follow that guidance for Brazil compliance? Will IsEligibleForAgeFeatures return true for in scope users in Brazil? (We don't have any explicit confirmation on this, and we cannot test if this is the case today in sandbox)

I want to track down which part of an app contacts a given domain listed in its App Privacy Report. Following the instructions given here I am able to capture a packet trace, but traffic to the domain in question is encrypted using QUIC. Is there a way to insert e.g. mitmproxy into the capture process in order to get hold of the SSLKEYLOGFILE so that I can decrypt the traffic?

Hello, We're seeing a high rate of providerDidReset callbacks in production across a large user base (iOS 16, 17, 18, and 26). I'd like to understand both the correct way to handle this delegate method and strategies to reduce its frequency. Background The callback occurs across all iOS versions we support and is not isolated to a specific device or region. The callback can occur in any app state (foreground, background, inactive), however it is most dominant in the background state — particularly during VoIP push notification handling. The callback is more prevalent during long app sessions — for example, when the app has been running continuously for a day or overnight. We do not call CXProvider.invalidate() anywhere in our codebase explicitly. After providerDidReset fires, subsequent transactions fail with CXErrorCodeRequestTransactionErrorUnknownCallUUID (error code 4). Re-initializing the provider via initializeProvider() resolves this error. Our Implementation We use a singleton proxy class (CallKitProxy) that owns the CXProvider. Below is a simplified version — some logging and non-essential parts have been removed for brevity. @objcMembers public final class CallKitProxy: NSObject { private var cxProvider: CXProvider? private let cxCallController: CXCallController private let cxCallObserver: CXCallObserver private override init() { cxCallObserver = CXCallObserver() cxCallController = CXCallController() super.init() initializeProvider() cxCallObserver.setDelegate(self, queue: nil) } private func initializeProvider() { let configuration = providerConfiguration() cxProvider = CXProvider(configuration: configuration) cxProvider?.setDelegate(self, queue: nil) } private func providerConfiguration() -> CXProviderConfiguration { let soundName = SharedUDHelper.shared.string(forKey: .pushNotificationSoundNameForCall) let sound = CallNotificationSounds(name: soundName ?? "ringtoneDefault") let configuration = CXProviderConfiguration() configuration.supportsVideo = true configuration.maximumCallsPerCallGroup = 1 configuration.maximumCallGroups = 1 configuration.supportedHandleTypes = [.phoneNumber, .generic] configuration.iconTemplateImageData = UIImage( named: "callkit_mask", in: .main, compatibleWith: nil )?.pngData() configuration.ringtoneSound = sound.name return configuration } public func requestTransaction( action: CXCallAction, completion: @escaping (Error?) -> Void ) { let transaction = CXTransaction(action: action) cxCallController.request(transaction) { error in completion(error) } } } extension CallKitProxy: CXProviderDelegate { public func providerDidReset(_ provider: CXProvider) { // End any active calls, then re-initialize the provider initializeProvider() } } Questions 1. Is re-initializing the provider inside providerDidReset the correct approach? The documentation states that providerDidReset signals the provider has been reset and all calls should be considered terminated. Should we be calling CXProvider.invalidate() on the old instance before creating a new one? Or is assigning a new CXProvider to cxProvider (which releases the old instance) sufficient? 2. What could be causing providerDidReset to fire so frequently, and how can we reduce it? We're particularly concerned about cases triggered during VoIP push handling in the background and inactive states. Are there known conditions — such as provider configuration changes, app lifecycle events, or system memory pressure — that commonly trigger this callback? And are there any recommended patterns to make the provider more resilient in these scenarios? Thank you.