Given that we can't use isEligibleForAgeFeatures property on macOS, the documentation states that In macOS, isEligibleForAgeFeatures returns false because the system doesn’t require Age Assurance for the person or device. However, you can still call requestAgeRange in macOS to get the declared age range. But in unsuitable region the requestAgeRange request always returns DeclaredAgeRange.AgeRangeService.Error.notAvailable which is vague, as it might stand for API being unavailable just as well as "You receive this error when the system prompts a person and they decide not to share their age range with your app. ", as per documentation. Unfortunately, this error fires immediately instead of showing any kind of prompt for user, so the description is definitely wrong (or incomplete) in here. Possible solutions: expand Error cases to separate not available API and not available response expand isEligibleForAgeFeatures to properly support macOS Moreover, unlike iOS, there is still no usable tool or algorithm to test given feature for macOS (mock region, mock age, mock source of approval, revoke declared range, etc). Now I get a review with rejection, stating that I don't have age verification mechanisms present in my app. Also I found out that after filling the App Information regarding Age Ratings it spreads to all fresh releases, so even though my newest macOS release doesn't contain age verification mechanisms yet, it should, as iOS release has got this functionality up and running already and I had to check this when filling Age Ratings questionnaire. Now I'm stuck between removing this capability from App Information, so the macOS release can pass and stalling macOS releases until there is a proper usable API to implement Declared Age Range verification properly (at least the same way as on iOS). How should I properly develop and test this feature for macOS before releasing it publicly?

Dear Apple, while implementing Declared Age Range API in my app, I've noticed a mistake in documentation: the isEligibleForAgeFeatures property is marked 26.0+ in documentation, but 26.2+ in Xcode, which ultimately leads to inability to use it with OS below 26.2. Moreover, I'm thoroughly confused by this quote from documentation: This flag returns true on iOS and iPadOS based on a person’s eligibility and always returns false on macOS. It leads me to two questions: Is it possible to use Declared Age Range API for macOS apps? Will it be possible to use it in future? Will there be any changes regarding this matter in a meantime (especially after Jan 1st)? If yes - when should we expect these changes? If no - why this API declares macOS 26+ support alongside iOS/iPadOS, if it simply doesn't work for macOS now? As of now, my iOS app works flawlessly with given API (on iOS 26.2) while macOS app returns isEligibleForAgeFeatures = false and requestAgeRange request always throws AgeRangeService.Error.notAvailable. Also, does it mean that one should not use isEligibleForAgeFeatures boolean while implementing Declared Age Range API for apps below iOS 26.2 (I mean 26.0+)? Or implementing given API for iOS 26.2+ is a sufficient way to go? So shouldn't the whole API be marked as 26.2+? The minimum iOS version in my app is 16.0 and minimum macOS version is 13.0 anyway, so the significant part of users is left out of these updates, but the main goal here is legal compliance.

Our watchOS App isn't opened when tapping on a Live Activity. Added the following to our Info.plist and still get the Open on iPhone option. <key>WKSupportsLiveActivityLaunchAttributeTypes</key> <array/> Is there something else we need to configure?

We are experiencing an issue where Apple’s CDN is not fetching the updated apple-app-site-association (AASA) file correctly for our domain. Domain - app.myloft-stage.com AASA File Locations (Both Return Correct JSON): https://app.myloft-stage.com/.well-known/apple-app-site-association https://app.myloft-stage.com/apple-app-site-association Both endpoints: Return HTTP 200 Return valid JSON Content-Type: application/json No redirects Valid SSL certificate JSON validated and correctly formatted Apple CDN URL - https://app-site-association.cdn-apple.com/a/v1/app.myloft-stage.com Error Returned by Apple CDN - {"cause":"invalid character '\u003c' looking for beginning of value"} This error indicates that Apple CDN is receiving HTML content (starting with <) instead of JSON, even though the origin server returns proper JSON. Observations : Direct access to AASA file returns correct JSON. Apple CDN appears to be caching an older or incorrect response. The CDN response does not match the current server response. Universal Links fail due to this incorrect AASA retrieval.

Hello, My app was rejected on iPad (iPad Air 11-inch M3, iPadOS 26.2.1) with two related issues: Guideline 2.1 – Performance – App Completeness “The app exhibited one or more bugs that would negatively impact users. Bug description: the premium subscription cannot be loaded properly.” Guideline 3.1.2 – Business – Payments – Subscriptions “The submission did not include all the required information for apps offering auto-renewable subscriptions.” I am using StoreKit 2 with SubscriptionStoreView to present the auto-renewable subscription. During development: Subscriptions load correctly in the simulator (sandbox). On real devices, I test without a local StoreKit configuration file to fetch products from App Store Connect. The subscription UI (title, duration, price) displays correctly when products are returned. At the time of review, the Paid Apps Agreement was not active. I suspect this may have caused the subscription products to fail loading on the review device. Since then: Paid Apps Agreement is now Active. SubscriptionStoreView should automatically show required metadata. Because the subscription failed to load on iPad during review, the required information (title, price, duration) was not visible, which likely triggered the 3.1.2 rejection. Additionally, in TestFlight I sometimes see inconsistent behavior where the app appears but cannot be installed (“App Not Available”). Also, my app was rejected, but the subscription is still waiting for review. I would really appreciate guidance on the following: Am I potentially missing any required configuration that could prevent products from loading in production? Is there any propagation delay after activating the Paid Apps Agreement that could affect product availability? If I am overlooking something in configuration or testing, please let me know what I should specifically verify before resubmitting. Thank you very much for your help.

We are implementing promo/offer codes for our iOS app’s subscription in-app purchases and have several technical questions regarding validation, receipt data, and integration. Could you please provide guidance on the following points? Testing/Validating Custom Codes Without Production Release: How can we validate custom promo/offer codes in a non-production environment? Current documentation indicates promo codes only work in production, requiring app submission and future release date setup for testing. Receipt Data for Redeemed Codes: The receipt currently includes only offer_code_ref_name, not the exact redeemed code (e.g., “ABC123”) entered by the user. Is there a way to retrieve the specific offer code used via receipts, App Store Server API, or other endpoints? Server-Side Validation Best Practices: What are the recommended best practices for server-side validation of offer codes, including using App Store Server API for transaction verification? Passing appAccountToken for Coupons: How can we pass an appAccountToken when users redeem coupon/offer codes (e.g., via presentOfferCodeRedeemSheet or redemption flows)? StoreKit purchase options support it for regular purchases but not redemption sheets. Callbacks on Coupon Redemption: Is there a client-side callback or notification (e.g., via updatedTransactions or StoreKit observers) when a user successfully redeems a coupon code in the app? Server notifications are received, but app-side feedback appears unreliable.

Hello there, Starting from iOS 18.4, support was included for QWAC Validation and QCStatements. Using the official QWAC Validator at: https://eidas.ec.europa.eu/efda/qwac-validation-tool I was able to check that the domain "eidas.ec.europa.eu" has a valid QWAC certificate. However, when trying to obtain the same result using the new API, I do not obtain the same result. Here is my sample playground code: import Foundation import Security import PlaygroundSupport PlaygroundPage.current.needsIndefiniteExecution = true @MainActor class CertificateFetcher: NSObject, URLSessionDelegate { private let url: URL init(url: URL) { self.url = url super.init() } func start() { let session = URLSession(configuration: .ephemeral, delegate: self, delegateQueue: nil) let task = session.dataTask(with: url) { data, response, error in if let error = error { print("Error during request: \(error)") } else { print("Request completed.") } } task.resume() } nonisolated func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -&gt; Void) { guard let trust = challenge.protectionSpace.serverTrust else { completionHandler(.cancelAuthenticationChallenge, nil) return } if let certificates = SecTrustCopyCertificateChain(trust) as? [SecCertificate] { self.checkQWAC(certificates: certificates) } let credential = URLCredential(trust: trust) completionHandler(.useCredential, credential) } nonisolated func checkQWAC(certificates: [SecCertificate]) { let policy = SecPolicyCreateSSL(true, nil) var trust: SecTrust? guard SecTrustCreateWithCertificates(certificates as CFArray, policy, &amp;trust) == noErr, let trust else { print("Unable to create SecTrust") return } var error: CFError? guard SecTrustEvaluateWithError(trust, &amp;error) else { print("Trust evaluation failed") return } guard let result = SecTrustCopyResult(trust) as? [String : Any] else { print("No result dictionary") return } let qwacStatus = result[kSecTrustQWACValidation as String] let qcStatements = result[kSecTrustQCStatements as String] print("QWAC Status: \(String(describing: qwacStatus))") print("QC Statements: \(String(describing: qcStatements))") } } let url = URL(string: "https://eidas.ec.europa.eu/")! let fetcher = CertificateFetcher(url: url) fetcher.start() Which prints: QWAC Status: nil QC Statements: nil Request completed. Am I making a mistake while using the Security framework? I would greatly appreciate any help or guidance you can provide.

I'm experiencing a contradictory validation issue with DeviceActivityReportExtension that creates an impossible situation: The Problem: Without NSExtensionPrincipalClass in Info.plist → App Store Connect rejects upload with: "Missing Info.plist values. No values for NSExtensionMainStoryboard or NSExtensionPrincipalClass found" With NSExtensionPrincipalClass → Local install fails with: "defines either an NSExtensionMainStoryboard or NSExtensionPrincipalClass key, which is not allowed for the extension point com.apple.deviceactivityui.report-extension" Setup: Extension point: com.apple.deviceactivityui.report-extension Using SwiftUI with @main attribute and DeviceActivityReportExtension protocol Xcode 16.2, iOS 17.6 deployment target Code structure: @main struct SpoolReport: DeviceActivityReportExtension { var body: some DeviceActivityReportScene { // Report scenes here } } The extension builds and runs perfectly without NSExtensionPrincipalClass, but cannot be uploaded to App Store Connect. Adding the key allows upload but breaks local installation. Is this a known issue? Is there a workaround or correct Info.plist configuration for DeviceActivityReportExtension? Thank you!

We’re evaluating a Bluetooth device that supports Hands Free Profile (HFP) as the “Hands-Free Unit”. You can think of this as a Bluetooth telephone headset. This device interacts with our iOS application. We observed the following. The iPhone 17 HFP Wide-Band Speech (WBS) mSBC decoder requires the WBS packet (H2 header + mSBC frame) to be sent aligned. Aligned meaning, the H2 header must be first in every packet. The WBS packet cannot span multiple eSCO packets or else the iPhone will discard the audio. This is a different implementation than the iPad (iPad Pro 11-inch M4) , presumably due to Apple’s new N1 chip. In other words, we’ve identified that older iPhones and iPads do not require this alignment. They have implemented a stateful parser/decoder of the HFP WBS audio. A quick picture to help illustrate. The iPhone 17 requires: | Frame | Frame | Frame | Frame | However, a Bluetooth implementation we are evaluating does: | me Fra | me Fra | me Fra | me Fra | Does Apple intend to keep this implementation and continue discarding audio frames that are not aligned? Page 115 of the Bluetooth HFP 1.8 specification mentions at the bottom that this behavior is “left up to the implementation” but that the “synchronization header enables unaligned codec audio frames to be recovered by the receiving side.” We understand and acknowledge that one whole frame per eSCO packet is the intended, optimal method for delivering WBS mSBC audio for reduced jitter, latency, and memory usage. However, the more robust solution would be to maintain a stateful receiver as previously implemented. Any input would be appreciated.

Our app is using the CLLocationManager to wake up the app near an iBeacon and then tries to connect to the accessory via bluetooth and UWB. For this to work in the background we need to create a Live Activity and show the user that the app is doing something. When the app is in the foreground or just recently got into the inactivity mode this works fine and we can use CoreBluetooth/NearbyInteraction even when the app then enters the background mode. But when the app is longer in the background creating a Live Activity via Activity.request() throws an ActivityAuthorizationError.visibility. According to the documentation the LiveActivityIntent is able to workaround this background restriction but I get the same exception when I create the LiveActivity from the perform() method. Is there another API to create Live Activities? Do I need to prepare the LiveActivityIntent somehow?

Situation: We have an app that only uses location UIBackgroundModes key to restart our app on significant change events as we need it to connect with a BLE device (mounted in the car) when someone starts driving. We cannot use geofence as the car might be used by multiple people so position changes and we don't want to store locations and sent them to multiple users via our servers. So currently we use significant change and just ignore all other location data. During app review we got the following feedback: If the app does not require persistent real-time location updates, please remove the "location" setting from the UIBackgroundModes key. You may wish to use the significant-change location service or the region monitoring location service if persistent real-time location updates are not required for the app features. Question: How to use the significant-change location service without the "location" setting from the UIBackgroundModes key or is there any other way to start the app / connect with the BLE device when it is fully terminated/swiped away? Because the docs state that AuthorizationStatusAuthorizedAlways is required and without the UIBackgroundModes key location that wouldn't be triggered when app is in the background/swiped away. Reference: https://developer.apple.com/library/archive/documentation/UserExperience/Conceptual/LocationAwarenessPG/CoreLocation/CoreLocation.html#//apple_ref/doc/uid/TP40009497-CH2-SW8

Hello, I have a iOS app I was looking at porting to Mac. I'm having an issue with both the Mac (Designed for iPad) and Mac Catalyst Destinations. I can't test Mac due to too many build issues. I'm trying to assign a new NSManagedObject into a NSPersistentStore. let object = MyObject(context: context) context.assign(object, to: nsPersistentStore) This works fine for iOS/iOS Simulator/iPhone/iPad. But on the Mac it's crashing with FAULT: NSInvalidArgumentException: Can't assign an object to a store that does not contain the object's entity.; { Thread 1: "Can't assign an object to a store that does not contain the object's entity."

Hello Apple Developer Technical Support Team, I’m working on an iOS banking/security SDK and we’re trying to match an Android feature that reads payment cards via NFC (EMV). On Android, this is implemented using an NFC scanning screen (e.g., “NfcScanActivity”) that can read EMV data from contactless credit/debit cards. Could you please clarify the current iOS capabilities and App Store policy around this? On iOS, is it currently possible for a third-party App Store app to read contactless credit/debit cards using Core NFC (i.e., accessing EMV application data/AIDs from payment cards)? If this is possible, what are the supported APIs/frameworks and any entitlement requirements (if applicable)? If this is not possible for App Store apps, could you recommend the closest acceptable alternatives for achieving a similar user outcome? For example: Using Apple Pay / PassKit flows for payment-related experiences Card scanning alternatives (camera-based OCR) for capturing card details (if allowed) Using an external certified card reader accessory (MFi) and required approach/entitlements Any other Apple-recommended approach for “card verification / identification” without reading EMV NFC data Our goal is not to bypass security restrictions, but to provide a compliant solution on iOS comparable to Android’s NFC-based card reading, or to adopt an Apple-approved alternative if direct EMV reading is not supported. If helpful, I can share a brief technical summary of the Android behavior and the exact data we need to obtain (e.g., whether it’s card presence verification vs. reading specific EMV tags). Thank you for your guidance. Best regards, Anis

Could you please provide guidance on the following points: Start Token Throttling Are there any throttling limits or rate restrictions applied to Start Tokens? Token Invalidation Scenarios Under what specific conditions can a Start Token become invalidated? Are there known scenarios that trigger invalidation? Token Regeneration Timeline Once a Start Token is invalidated, how long does it typically take before a new token can be successfully generated and validated? Frequency of Invalidation Is there any documented or expected frequency with which Start Tokens may become invalid, assuming a normal development workflow? Impact on Push Notification Token When a live activity Start Token becomes invalid, does this also cause APNs Push Notification Tokens to be invalidated or refreshed automatically?

We are trying to intercept raw reports from the built-in MacBook haptic trackpad using a DriverKit IOUserHIDEventDriver dext. Our dext installs and activates successfully: OSSystemExtensionRequest finishes with result 0 systemextensionsctl list shows the dext as activated enabled the dext is embedded correctly in the app bundle However, it never attaches to the built-in trackpad IOHIDInterface. ioreg shows the built-in trackpad interface still matched only by Apple’s HID dext. We also observed that Apple’s own HID dext appears to use com.apple.developer.driverkit.builtin, while that entitlement is not available in our provisioning profile. Our dext specifically relies on: IOUserHIDEventDriver::handleReport(...) SetProperties() with kIOHIDEventDriverHandlesReport Questions: Is com.apple.developer.driverkit.builtin required for a third-party IOUserHIDEventDriver to match a built-in internal trackpad IOHIDInterface? Is that entitlement public/requestable, or Apple-internal only? At what stage is it enforced: activation, personality matching, provider attach, or before Start()? If builtin is not available to third parties, is there any officially supported way to receive raw reports from the built-in MacBook trackpad in DriverKit? Our conclusion so far is that activation succeeds, but provider binding to the built-in trackpad fails due to built-in-only authorization/matching.

A macOS privileged helper tool that uses SubProcess crashes on intel Macs (running macOS 13 - 15: unable to test on macOS 26 on intel) with the error that libswiftCompatibilitySpan.dylib cannot be loaded when built with XCode 26.3. The same helper tool works as expected with XCode 26.2. The helper is installed using SMAppService. When I remove the dependency for SubProcess, the crash no longer occurs (but important functionality is also disabled).

We’re having an iPad issue accessing the local network with iPadOS 26.3. We have an automation system that tests our app on an iPad using accessibility tags. the XCTest test code sends messages from the iPad via TCP/IP to setup external test equipment. The messages abruptly stopped transmitting across the iPad blood-brain barrier with iPadOS 26.3 (26.2.1 and earlier works fine). The technique that worked involved installing a helper app with the same bundleID as our app, allowing the helper app to access the network, and when our app runs it has network access through the helper. It’s clever and kludgey. Forums that we referenced in the past: https://developer.apple.com/forums/thread/663858 TN3179: Understanding local network privacy | Apple Developer Documentation I suspect that something was changed in 26.3 that closed our window. I need two things: ID what is different in 26.3 and fix the automation system. If there’s a new way for XCUITest code to access the local network I’m happy to try it out.

Hello, We are facing what we believe is a compatibility issue with two networking APIs. If the Network extension VPN configuration has includeAllNetworks flag enabled and the NEHotspotHelper is registered. The user has internet connection but it is blocked, and there user will get internet back only after restarting the device. VPN Configuration is as below while connecting to VPN, { localizedDescription = WLVPN WireGuard Configuration enabled = YES protocolConfiguration = { serverAddress = <18-char-str> passwordReference = {length = 20, bytes = 0x67656e70ed0d05c06b1b4896bf4fef2031e1a92d} disconnectOnSleep = NO includeAllNetworks = YES excludeLocalNetworks = YES excludeCellularServices = YES excludeAPNs = YES excludeDeviceCommunication = YES enforceRoutes = NO providerBundleIdentifier = com.wlvpn.ios.consumervpn.network-extension } onDemandEnabled = NO onDemandRules = () } After running the code shown below. Regardless if the VPN is connected or not, the user needs to restart his device to regain internet access. private let neHelperQueue = DispatchQueue(label: "com.wlvpn.ios.consumervpn.hotspot", attributes: DispatchQueue.Attributes.concurrent) let options: [String: NSObject] = [kNEHotspotHelperOptionDisplayName : "" as NSObject] let status = NEHotspotHelper.register(options: nil, queue: neHelperQueue) { cmd in NSLog("Received command: \(cmd.commandType.rawValue)") } We need to use the includeAllNetworks flag to prevent the novel "Tunnel vision" vulnerability. Can we please have some help getting confirmation if both functionalities are compatible or if there's a way to enable them at the same time?

Environment iOS Version: 26.4 Beta (Build 17E5170d) Xcode Version: 26.4 Beta Framework: AccessoryNotifications, AccessoryTransportExtension Description When implementing AccessoryNotifications.NotificationsForwarding.AccessoryNotificationsHandler, I'm unable to retrieve the URL for sourceIcon from AccessoryNotification. The file.url property throws AccessoryError error 0 with the message "unable to get file URL". Code Sample func add( notification: AccessoryNotification, alertingContext: AlertingContext, alertCoordinator: any AlertCoordinating ) { Task { if let sourceIcon = notification.sourceIcon { do { let url = try await sourceIcon.url // Throws AccessoryError error 0 let data = try Data(contentsOf: url) // Process icon data... } catch { print("Failed to get sourceIcon URL: (error)") // Error: The operation couldn't be completed. // (AccessoryNotifications.AccessoryError error 0.) } } } } Observed Behavior The sourceIcon property is present and its type is correctly reported as public.image: │ sourceIcon : present │ type.identifier : public.image │ type.description : image │ url : (error: The operation couldn't be completed. (AccessoryNotifications.AccessoryError error 0.)) Error details: Error: customError(message: "unable to get file URL") Type: AccessoryError Code: 0 Expected Behavior The file.url property should return a valid URL that allows reading the source icon image data, or the documentation should clarify any limitations or prerequisites for accessing this resource. Questions Is this a known limitation in the current beta? Are there additional entitlements or permissions required to access sourceIcon.url? Is there an alternative API to retrieve the actual image data for sourceIcon? Additional Context The same error occurs when accessing url in both describeNotification (debug logging) and sendAttachment methods contextIcon is typically nil for the notifications tested (e.g., WeChat messages) The notification metadata (title, body, actions, etc.) is correctly received

Hi forum! I’m currently following a series of videos about SwiftData. In the WWDC23 Build an app with SwiftData video, it mentions that you can follow up with a demo project. However, I’m encountering an issue (at least in my case) where there’s no link on the entire page to download the project. I can download the video and other resources (even using the Developer’s App), but there’s no link for the project. Does anyone else face this issue? Is it possible that the project has been removed? I’m using my developer (single user) account, by the way. Any guidance would be greatly appreciated!