Hi there, Starting with iOS 26.2 RC, all my DeviceActivityMonitor.eventDidReachThreshold get activated immediately as I pick up my iPhone for the first time, two nights in a row. Feedback: FB21267341 There's always a chance something odd is happening to my device in particular (although I can't recall making any changes here and the debug logs point to the issue), but just getting this out there ASAP in case others are seeing this (or haven't tried!), and it's critical as this is the RC. DeviceActivityMonitor.eventDidReachThreshold issues also mentioned here: https://developer.apple.com/forums/thread/793747; but I believe they are different and were potentially fixed in iOS 26.1, but it points to this part of the technology having issues and maybe someone from Apple has been tweaking it.

I am an open source developer, who just switched to macOS a few weeks ago. I am basically looking for an alternative to Linux' /etc/nsswitch.conf. Not for custom DNS resolution, that's an easy problem to solve, but for users / groups / hosts resolution via custom network modules. Basically looking for a way how I can hook up into the OS in kind of the same way as an LDAP client would do, and provide my own NSS modules. Just for reference, I am developing rauthy which can do PAM authn / authz in combination with rauthy-pam-nss. It works perfectly fine on Linux systems, and I now want to make it work on macOS as well. I already know that macOS is running its mDNSResponder for DNS instead of having the nsswitch.conf, but I have not found an answer for users, groups and hosts.

We first discovered this issue in our own product, but we were able to reproduce it even when using Apple’s official demo: https://developer.apple.com/documentation/alarmkit/scheduling-an-alarm-with-alarmkit Reproduction Steps: Set an alarm on iOS 26.1 using AlarmKit. Upgrade the device to iOS 26.2 beta 3 or later. The alarm will no longer ring. Based on our testing, versions prior to 26.2 beta 2 do not exhibit this issue, so it appears that something introduced in beta 3 has caused the regression. The results are as follows: iOS 26.1 → iOS 26.2 beta 2 or earlier: Alarms ring normally iOS 26.1 / iOS 26.2 beta 2 → iOS 26.2 beta 3 / iOS 26.2 RC: Alarms fail to ring iOS 26.2 beta 3 → iOS 26.2 RC: Alarms ring normally This issue is critical. Users currently on iOS 26.1 may experience alarms failing to ring after updating their system, which can cause real-life disruptions (e.g., being late for work). We strongly recommend addressing this as soon as possible. Xcode Version: Version 26.1.1 (17B100) Feedback ID: FB21273655

I'm seeking clarification on how Requirement 4.1 ("Card Issuers with a Mobile App must support In-App provisioning") applies when the card issuer uses a third-party mobile banking platform rather than a self-developed app. Our situation: We are a small credit union (the card issuer) Our mobile banking app is provided by a third-party digital banking vendor (white-label, but branded with our name) Card processing is handled by a separate vendor The ambiguity: The Apple Pay Specifications define "Card Issuer Mobile App" as: "The Card Issuer-branded, iOS software application made available on a Device that is used by such Card Issuer's customers to manage, administer, or use Cards." Our mobile banking app meets this definition—it's branded with our name and used by our members to manage their accounts and cards. However, we don't develop or directly control the app; our digital banking vendor does. The webinar FAQ stated: "Do we have to implement in-app provisioning? Yes, if you have an app." Our digital banking vendor interprets this as not applying to them because they are "not the issuer." They've stated: "Apple's requirements are at the card-processor level... our credit unions and, by extension, we are not required to support Apple Pay's in-app provisioning." Our card processor has indicated they will support in-app provisioning integrations but notes "this would be digital provisioning and we would need the digital banking vendor to work with us to enable." Specific questions: When a card issuer uses a third-party mobile banking app (branded for the issuer but developed/maintained by a vendor), does Requirement 4.1 apply? If yes, who bears compliance responsibility—the issuer, the mobile app vendor, or both? If the mobile app vendor does not implement in-app provisioning by January 15, 2026, what is the issuer's exposure? Does the issuer face suspension from the Program due to vendor non-compliance? Is there an alternative compliance path under Requirement 4.8 (Web Provisioning) for issuers whose mobile app vendors cannot deliver in-app provisioning by the deadline? This scenario likely affects hundreds of small financial institutions using shared digital banking platforms. Clarity on vendor vs. issuer responsibility would help the entire ecosystem prepare appropriately. Thank you.

As a developer I have a question I would like cleared up. We offer two tiers of annual subscriptions in our apps. These subscriptions are under the same subscription group in App Store connect. My question is, if a user purchases tier 1 of the annual subscription for $10.00, and uses it for 6 months; then chooses to upgrade to tier 2 which costs $20.00 per year. Would the user be pro-rated the difference in price i.e. charge only another $10.00 at the time of the upgrade., or are they charged $20.00 and then refunded the difference in their remaining lower tier subscription? I keep finding inconsistent answers across the Apple community forums on this.

Running Tahoe 26.1 in a virtual machine, I can't sign into my Apple account. There is an error message saying "Could not communicate with the server." Internet access otherwise seems to be working in the VM. I tried both UTM and VirtualBuddy. Is this supposed to work?

I have an iOS and iPadOS app that also runs on macOS Catalyst. The user is able to view their subscription using the SubscriptionStoreView with two SubscriptionOptionGroups. The documentation does not mention these are supported on macOS Catalyst and the app crashes when attempting to show the SubscriptionStoreView on macOS Catalyst. If not supported, how can the user manage their subscription on macOS?

"We are developing an application use case that requires us to prompt the user to restart their device. We plan to use the system uptime value provided by [NSProcessInfo processInfo].systemUptime to determine if a restart has occurred. Apple's documentation defines this API as 'The amount of time the system has been awake since the last time it was restarted.' Our questions are: Can we reliably use this API, in conjunction with persistent storage, to detect a device restart? Are there any known limitations or considerations when accessing or relying on this API while the application is running in the background?"

My son uses an iPhone XS running iOS 18.7.2. He is able to bypass all Screen Time app limits by manually changing the date under Settings → General → Date & Time. When he sets the date/time forward or backward, the configured Screen Time restrictions no longer apply. Please make it possible on iOS 18.7.2 (and future versions) to prevent manual date and time changes when Screen Time is enabled, so that children cannot use this method to circumvent app limits.

I’m using an NETransparentProxyProvider where I add UDP-53 rules to intercept DNS queries from a private application. These queries are resolved locally on the endpoint by returning a custom DNS response. Example Rules look like this: NENetworkRule(destinationHost: NWHostEndpoint(hostname: "mypaapp.com", port: 53),protocol:.UDP) This works as expected through browser and ping. handleNewUDPFlow/handleNewFlow with NEAppProxyUDPFlow gets called where custom dns response get written. Using nslookup mypaapp.com doesn't works. Why does this behaves differently for nslookup?

I created my app with the wrong name and deleted it 3 days ago. When I want to create a new app, I can't use the old app's bundle id, even though I removed it. I opened a support case 2 days ago, but so far nothing changed.

I am using SwiftData with CloudKit to synchronize data across multiple devices, and I have encountered an issue: occasionally, abnormal sync behavior occurs between two devices (it does not happen 100% of the time—only some users have reported this problem). It seems as if synchronization between the two devices completely stops; no matter what operations are performed on one end, the other end shows no response. After investigating, I suspect the issue might be caused by both devices simultaneously modifying the same field, which could lead to CloudKit's logic being unable to handle such conflicts and causing the sync to stall. Are there any methods to avoid or resolve this situation? Of course, I’m not entirely sure if this is the root cause. Has anyone encountered a similar issue?

Dear Apple Developer Support Team, I hope you are doing well. We are reaching out to request clarification and guidance regarding the In-App Purchase (IAP) requirements for our upcoming iOS application. Our app offers paid access to digital video content. Each video has a dynamic price determined by our backend based on multiple factors (such as duration, category, and promotions). Additionally, users are allowed to select and purchase multiple videos at the same time, which results in a combined total price that varies per transaction. Challenges we face with IAP on iOS Dynamic pricing: Apple requires IAP products to have static pricing defined in App Store Connect. Our video prices change frequently and cannot be represented by fixed IAP product SKUs. Multiple-item purchases: iOS does not support a single purchase that includes multiple different IAP products. Processing many separate IAP transactions in sequence results in a poor user experience and is likely to cause failures. Product creation limitations: Since our catalog contains many videos with frequently changing prices, it is not feasible to create individual IAP products per video. Given these restrictions, we are unclear how to remain compliant while still providing a functional purchase flow for our users. Question In this scenario, where: video prices are dynamic, users may purchase multiple videos together, and IAP does not support multi-item purchases or dynamic pricing, are we allowed to use Stripe or another external payment provider to handle these purchases? If not, we would appreciate Apple’s guidance on what the recommended and compliant approach would be for apps that must price digital content dynamically and allow bulk purchasing. We want to ensure full compliance with App Store Review Guidelines and would like confirmation on the correct implementation strategy before proceeding. Thank you for your time, and we look forward to your clarification. Kind regards, Muhammad Adnan Koderlabs

Hello fellow developers...first time posting. I wrote a small app that I'm currently testing. However, I inadvertently built the Swift code using my "free" account and did not use my "paid" account. Aside from the restrictions of a free account, I want to migrate the project to the paid developer account. Is there an easy way to do this short of rebuilding from scratch??? Thanks in advance. s

I want to add more cipher suites. I use NWConnection to make a connection. Before I use sec_protocol_options_append_tls_ciphersuite method to add more cipher suites, I found that Apple provided 20 cipher suites shown in the client hello packet. But after I added three more cipher suites, I found that nothing changed, and still original 20 cipher suites shown in the client hello packet when I made a new connection. The following is the code about connection. I want to add three more cipher suites: tls_ciphersuite_t.ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, tls_ciphersuite_t.ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, tls_ciphersuite_t.ECDHE_RSA_WITH_AES_256_CBC_SHA384 Can you give me some advice about how to add more cipher suites? Thanks. By the way, I working on a MacOS app. Xcode version: 16 MacOS version: 15.6

Hello, We are developing a content filter solution which includes both a content filter and a packet filter (NEFilterControlProvider and NEFilterPacketProvider). We've observed that if the packet filter is enabled (both by itself or in conjunction with the content filter) we are having issues with bridged thunderbolt connections - traffic on that interface stops in both directions. We've tested on bridges to other MacOS devices or Windows devices, but both exhibit the same behavior. Even if the packet provider is reduces to "allow all" in the callback the issue remains. Our handler is not called at all anyway so we can't allow or deny packets. We've tested this on Macos 15 and 26 but it behaves the same. If we only enable the NEFilterControlProvider everything works fine. All other types of network interfaces work fine as well. Is this a known issue? Is there an workaround? Thanks.

I'm running into a contradictory requirement involving the DeviceActivity Report extension (com.apple.deviceactivityui.report-extension) that makes it impossible to both: upload the app to App Store Connect, and install the app on a physical device. This creates a complete catch-22. 📌 Overview My extension: Path: Runner.app/PlugIns/LoADeviceActivityReport.appex Extension point: com.apple.deviceactivityui.report-extension Implementation (SwiftUI): import SwiftUI import DeviceActivity @main struct LoADeviceActivityReport: DeviceActivityReportExtension { var body: some DeviceActivityReportScene { // ... } } This is the standard SwiftUI @main DeviceActivityReportExtension template. 🟥 Side A — iOS runtime behavior (device installer) If I add either of these keys to the extension's Info.plist: NSExtensionPrincipalClass NSExtensionMainStoryboard then the app cannot be installed on a real iPhone/iPad. The device installer fails with: Error 3002 AppexBundleContainsClassOrStoryboard NSExtensionPrincipalClass and NSExtensionMainStoryboard are not allowed for extension point com.apple.deviceactivityui.report-extension. To make the app install and run, I must remove both keys completely. This leaves the extension Info.plist like: NSExtension NSExtensionPointIdentifier com.apple.deviceactivityui.report-extension With this, the app installs and runs correctly. 🟥 Side B — App Store Connect upload validator However, when I upload the IPA with the runtime-correct Info.plist, App Store Connect rejects it: State: STATE_ERROR.VALIDATION_ERROR (HTTP 409) Missing Info.plist values. No values for NSExtensionMainStoryboard or NSExtensionPrincipalClass found in extension Info.plist for Runner.app/PlugIns/LoADeviceActivityReport.appex. So ASC requires that at least one of those keys be present. 💥 The catch-22 If I add PrincipalClass / MainStoryboard: ✔ App Store Connect validation passes ❌ But the app can NOT be installed on any device (Error 3002) If I remove PrincipalClass / MainStoryboard: ✔ The app installs and runs correctly ❌ ASC rejects the upload with “Missing Info.plist values” There is currently NO Info.plist configuration that satisfies both: Runtime: "NSExtensionPrincipalClass and NSExtensionMainStoryboard are not allowed." App Store Connect: "You must include NSExtensionPrincipalClass or NSExtensionMainStoryboard." 📌 Expected behavior For SwiftUI @main DeviceActivityReportExtension, the documentation and examples suggest the correct configuration is: NSExtensionPointIdentifier com.apple.deviceactivityui.report-extension with no principal class or storyboard at all. If that is correct for runtime, ASC seems to need updated validation rules for this extension type. ❓My Questions What is the officially correct Info.plist configuration for a SwiftUI DeviceActivityReportExtension? Should principal class / storyboard not be required for this extension type? Is this a known issue with App Store Connect validation? Is there currently a workaround that allows: installation on device and successful App Store Connect upload, without violating runtime restrictions?

I am facing a persistent issue with an Endpoint Security (ES) extension that is crashing only when processing the ES_EVENT_TYPE_AUTH_OPEN event. Other event types, including ES_EVENT_TYPE_NOTIFY_OPEN and ES_EVENT_TYPE_NOTIFY_MMAP, work without any problems. func startMonitoring() { guard !isMonitoring else { return } let result = es_new_client(&gClient) { (client, message) in guard message.pointee.action_type == ES_ACTION_TYPE_AUTH else { return } let pid = audit_token_to_pid(message.pointee.process.pointee.audit_token) if pid == gSelfPID { es_respond_flags_result(client, message, 0x7FFFFFFF, true) var token = message.pointee.process.pointee.audit_token es_mute_process(client, &token) return } guard message.pointee.event_type == ES_EVENT_TYPE_AUTH_OPEN else { es_respond_auth_result(client, message, ES_AUTH_RESULT_ALLOW, true) return } let pathData = message.pointee.event.open.file.pointee.path guard let pathPtr = pathData.data else { es_respond_flags_result(client, message, 0x7FFFFFFF, true) return } if shouldSkipPath(pathPtr, length: pathData.length) { es_respond_flags_result(client, message, 0x7FFFFFFF, true) return } if !hasBlockedExtension(pathPtr, length: pathData.length) { es_respond_flags_result(client, message, 0x7FFFFFFF, true) return } guard let execPathPtr = message.pointee.process.pointee.executable.pointee.path.data else { es_respond_flags_result(client, message, 0x7FFFFFFF, true) return } if isGoogleChrome(execPathPtr) { es_respond_auth_result(client, message, ES_AUTH_RESULT_DENY, true) } else { es_respond_flags_result(client, message, 0x7FFFFFFF, true) var token = message.pointee.process.pointee.audit_token es_mute_process(client, &token) } } guard result == ES_NEW_CLIENT_RESULT_SUCCESS, let client = gClient else { return } es_clear_cache(client) muteNoisyPaths(client: client) let events: [es_event_type_t] = [ES_EVENT_TYPE_AUTH_OPEN] let subResult = es_subscribe(client, events, UInt32(events.count)) guard subResult == ES_RETURN_SUCCESS else { es_delete_client(client) gClient = nil return } isMonitoring = true }

Problem description Since macOS Sequoia, our users have experienced issues with multicast traffic in our macOS app. Regularly, the app starts but cannot receive multicast, or multicast eventually stops mid-execution. The app sometimes asks again for Local Network permission, while it was already allowed so. Several versions of our app on a single machine are sometimes (but not always) shown as different instances in the System Settings > Privacy & Security > Local Network list. And when several instances are shown in that list, disabling one disables all of them, but it does not actually forbids the app from receiving multicast traffic. All of those issues are experienced by an increasing number of users after they update their system from macOS 14 to macOS 15 or 26, and many of them have reported networking issues during production-critical moments. We haven't been able to find the root cause of those issues, so we built a simple test app, called "FM Mac App Test", that can reproduce multicast issues. This app creates a GCDAsyncUdpSocket socket to receive multicast packets from a piece of hardware we also develop, and displays a simple UI showing if such packets are received. The app is entitled with "Custom Network Protocol", is built against x86_64 and arm64, and is archived (signed and notarized). We can share the source code if requested. Out of the many issues our main app exhibits, the test app showcases some: The app asks several times for Local Network permission, even after being allowed so previously. After allowing the app's Local Network and rebooting the machine, the System Settings > Privacy & Security > Local Network does not show the app, and the app asks again for Local Network access. The app shows a different Local Network Usage Description than in the project's plist. Several versions of the app appear as different instances in the Privacy list, and behave strangely. Toggling on or off one instance toggles the others. Only one version of the app seems affected by the setting, the other versions always seem to have access to Local Network even when the toggle is set to off. We even did see messages from different app versions in different user accounts. This seems to contradicts Apple's documentation that states user accounts have independent Privacy settings. Can you help us understand what we are missing (in terms of build settings, entitlements, proper archiving...) so our app conforms to what macOS expects for proper Local Network behavior? Related material Local Network Privacy breaks Application: this issue seemed related to ours, but the fix was to ensure different versions of the app have different UUIDs. We ensured that ourselves, to no improvement. Local Network FAQ Technote TN3179 Steps to Reproduce Test App is developed on Xcode 15.4 (15F31d) on macOS 14.5 (23F79), and runs on macOS 26.0.1 (25A362). We can share the source code if requested. On a clean install of macOS Tahoe (our test setup used macOS 26.0.1 on a Mac mini M2 8GB), we upload the app (version 5.1). We run the app, make sure the selected NIC is the proper one, and open the multicast socket. The app asks us to allow Local Network, we allow it. The alert shows a different Local Network Usage Description than the one we set in our project's plist. The app properly shows packets are received from the console on our LAN. We check the list in System Settings > Privacy & Security > Local Network, it includes our app properly allowed. We then reboot the machine. After reboot, the same list does not show the app anymore. We run the app, it asks again about Local Network access (still with incorrect Usage Description). We allow it again, but no console packet is received yet. Only after closing and reopening the socket are the console packets received. After a 2nd reboot, the System Settings > Privacy & Security > Local Network list shows correctly the app. The app seems to now run fine. We then upload an updated version of the same app (5.2), also built and notarized. The 2nd version is simulating when we send different versions of our main app to our users. The updated version has a different UUID than the 1st version. The updated version also asks for Local Network access, this time with proper Usage Description. A 3rd updated version of the app (5.3, also with unique UUID) behaves the same. The System Settings > Privacy & Security > Local Network list shows three instances of the app. We toggle off one of the app, all of them toggle off. The 1st version of the app (5.1) does not have local network access anymore, but both 2nd and 3rd versions do, while their toggle button seems off. We toggle on one of the app, all of them toggle on. All 3 versions have local network access.

System Information in macOS from 26.0 to 26.2 RC no longer provides Wi-Fi SSIDs; instead, it displays "< redacted> " for every SSID on my two MacBooks. This issue has been fixed in macOS 26.1 beta and macOS 26.2 beta, but it returns in the RC and the Final Release versions. Is it an expected behaviour or a bug in the Release Candidate? MacBook Air 2025: MacBook Pro 2021: