Hi, I would like to reset system window private picker alert with ScreenCapture kit. i can reset the ScreenCapture permission with tccutil reset ScreenCapture. but it does not reset the system window private picker alert. i tried deleting the application directory from container and it does not help. the system window private picker alert uses the old approval i gave and it does not prompt a new alert. How can i starta with fresh screencapture kit settings for an app in testing? Thanks

We integrated DeviceCheck framework into our app to prevent fraudulent call to our app service around one year ago. Recently, we received a few cases related to this function over Christmas Eve period. Based on the logs we have, it indicated both the following two functions returned errors. But we don't have the exactly errors logged and now we cannot replicate. DCAppAttestService.shared.attestKey() DCAppAttestService.shared.generateAssertion() The other finding we have is some users reporting this issue recently upgraded their devices from iOS 18 to iOS 26. So we are suspecting it's due to either the OS upgrading, or Apple's app attest service degrading. Anyone encountered the similar issues before, or have any idea regarding the root cause? Thanks!

After a user has launched an App Clip Experience from Safari and is done with the activity that the App Clip provides – is there a way for the App Clip to programatically close itself so the user returns to Safari?

Some Apple URL schemes are documented for third-party use. It’s fine to use those URL schemes for their intended purpose. Other Apple URL schemes are not officially documented. Their use is unsupported. If you rely on such implementation details, things might work, or they might not, and that state might change over time. IMPORTANT If you ship via the App Store, pay attention to clause 2.5.1 of the App Review Guidelines. The Apple URL scheme documentation is not always easy to find. I’m aware of the following: Apple URL Scheme Reference QA1924 Opening Keyboard Settings from a Keyboard Extension [This Q&A was retired years ago.] Preparing your app to be the default messaging app The doc comments for es_new_client in <EndpointSecurity/ESClient.h> Developer > Bug Reporting describes the applefeedback scheme Additionally, as questions about this most commonly crop up in the context of opening Settings (System Settings on macOS), I wanted to highlight the following: UIApplication.openSettingsURLString property (in Objective-C this is UIApplicationOpenSettingsURLString) UIApplication.openNotificationSettingsURLString property (in Objective-C this is UIApplicationOpenNotificationSettingsURLString) UIApplication.openDefaultApplicationsSettingsURLString property (in Objective-C this is UIApplicationOpenDefaultApplicationsSettingsURLString) AccessibilitySettings.openSettings(for:) method FIFinderSyncController.showExtensionManagementInterface() class method SMAppService.openSystemSettingsLoginItems() class method VSOpenTVProviderSettingsURLString global CXCallDirectoryManager.openSettings(completionHandler:) method SFSafariSettings.openExportBrowsingDataSettings() method SFSafariSettings.openExtensionsSettings(forIdentifiers:) method If your app needs to perform some action that’s not covered by the above, file an enhancement request for a supported way to do that. Make sure to describes your use case in detail. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Revision History 2026-01-07 Added a reference to the SFSafariSettings methods. 2025-10-28 Added a reference to UIApplication.openDefaultApplicationsSettingsURLString. Made other minor editorial changes. 2025-04-21 Added a reference to CXCallDirectoryManager.openSettings(completionHandler:). 2024-10-25 Added a reference to UIApplication.openNotificationSettingsURLString and VSOpenTVProviderSettingsURLString. Added a link to Preparing your app to be the default messaging app. 2024-10-01 Added info about the applefeedback URL scheme. 2024-09-29 Added a reference to SMAppService.openSystemSettingsLoginItems(). 2024-09-27 Added a titbit for Finder Sync extension developers. Added an invitation to file feedback. 2024-08-05 First posted.

AgeRangeService is the burning topic right now. Needless to say, Everything is so unclear. We got our app finally into the TestFlight for QA and the product to test. only to find out that AgeAssurance for sandbox testing does not work. There is no document confirming or denying whether and when age assurance for the App with the release configuration in test flight would work. There isn't any guidance from Apple on whether an app that sells physical goods, such as an e-commerce app, can continue doing business as usual. Also, there is no clarity that the Age assurance options are off, 13, unverified, 13 verified, and so on. How those should be used.

When updating an existing advanced app clip experience, the change doesn't actually apply. It shows the correct image in the UI, but when you use the app clip it shows the old image. Looking into it more, the status has "UPDATE_SUBMITTED". Seems related to this issue (https://developer.apple.com/forums/thread/810544) and this issue (https://developer.apple.com/forums/thread/810351).

I am trying to port my sandboxed macOS app completely over to iOS using a Catalyst target and SwiftUI. There appears to be an issue when trying to drag to the Finder in Catalyst (and in SwiftUI in General). For some reason, the Finder will not accept multiple file drops, only a single file. On my macOS (non-Catalyst AppKit target), I overcame this by dropping multiple files to a UTType of .folder, and the OS accepted the folder. This workaround is not available for iOS because .folder is a macOS-only option. I have a test app to illustrate the issue. Hopefully someone can help. Download Test App

I want to localize the app name, user the String Catalog to set en, en-US, en-CA, however, when the phone language is set to English (United States), the app name is displayed in English, while when the phone language is set to French, the app name is displayed in English-United States. However, the base language of the app settings is English. How can I make it right?

Hey there! So, I'm trying to see what I'm able to do with the Device Activity Report Extension, and I have a few questions about the following quote: To protect the user’s privacy, your extension runs in a sandbox. This sandbox prevents your extension from making network requests or moving sensitive content outside the extension’s address space. In particular, what constitutes the address space for this extension? Can I save data to a UserDefaults object that only the extension can access? (Apps like Opal allow the user to label apps as "distracting" and "non-distracting", and I'm wondering how they do that!) From what I've read, I believe it cannot write to a shared app group or model (and I just want to confirm this) It also seems that there's nothing preventing it from reading data from the main app, so I'm just wondering if it's able to read data from an app group or model with no problem. Thanks in advance!

Hey all, Running into an issue with a WeatherKit. Whenever I make a WeatherKit API call, I get this error: Details: { domain: WeatherDaemon.WDSClientErrors, localizedDescription: invalidAuthorization: 401, underlyingError: Unknown, code: 3 } This only happens when calling via the Swift package: swift WeatherService.shared.weather(for: location).currentWeather When I was calling the WeatherKit REST API directly from Dart, everything worked fine. So far I’ve: Enabled WeatherKit in the Apple Developer account Added the WeatherKit capability to the app Refreshed provisioning profiles Installed the app fresh on device/simulator Has anyone seen this specific invalidAuthorization: 401 from WeatherDaemon.WDSClientErrors when using WeatherService in Swift, and know what might be missing or misconfigured?

Hi everyone, I’m currently developing a parental control app that uses the Screen Time API (FamilyControls, ManagedSettings, DeviceActivity). I have a question regarding the customization limits of the Shield UI in ManagedSettingsUI. From the documentation, I understand that we can customize the ShieldConfiguration (background color, blur style, icon, title, subtitle, button labels, etc.). However, I’d like to clarify a few points before finalizing the design: 1. Is it allowed (or technically possible) to display custom media content, such as videos, animations, or interactive elements, inside a custom Shield? 2. Are there limitations on the text length for the title and subtitle fields (e.g. maximum number of characters, multiline support, truncation behavior)? 3. Can the Shield be personalized per user (for example, showing a different title or color scheme based on user preferences or device state)? 4. Are there App Store Review restrictions or UI guidelines that define what a Shield should or should not contain (for instance, whether the Shield can resemble a mini-app experience)? I want to ensure that the implementation fully complies with Apple’s technical and design expectations before submission. Thanks in advance for any official clarification or best practices on how far we can go with Shield customization! Best regards, Ferdinand

Hi all, I'm trying to set up universal links for my app but it's not working. What I want: cogover.com → Safari (website) - NOT my app *.cogover.com (any subdomain like abc.cogover.com) → My app What I did: Added applinks:*.cogover.com in Xcode Put AASA files on all subdomains They work fine (checked with curl) Problem: All links still open in Safari, not my app. I do not put AASA on my root domain cogover.com because I don't want open my app with root domain. I have checked TN3155: Debugging universal links | Apple Developer Documentation but it only say about universal link works with both root domain and subdomains. Weird thing I found: I checked how Salesforce does it - their *.force.com subdomains work perfectly. But when I tried to check their setup, (https://force.com/.well-known/apple-app-site-association) doesn't seem to exist either! So how does theirs work? Even stranger - Apple's CDN has their file cached at (https://app-site-association.cdn-apple.com/a/v1/force.com) but the actual domain doesn't serve it. Can Apple's CDN have a file cached even if it's not on the website anymore? Thanks for any help!

Hi, We’re building an iOS app that uses the Screen Time APIs (FamilyControls and DeviceActivity) to display a user’s own usage metrics inside the app. With the appropriate permissions granted, we are successfully reading and presenting metrics such as: Total screen time Device pickups These metrics are already visible to the user inside our app. We would now like to introduce a user-initiated “Share” feature. The idea is to: Render selected Screen Time metrics into a shareable image card generated locally on device. Present the standard iOS share sheet (UIActivityViewController). Allow the user to share that image to Messages, social apps, etc., if they choose. Important clarifications: This is fully user-initiated. The app does not automatically transmit Screen Time data. The metrics are already displayed in-app with user permission. The share asset would be generated locally. No background export or server-side posting would occur unless explicitly triggered by the user via the share sheet. We are seeking clarification on whether there are any policy or API restrictions around: Rendering Screen Time-derived metrics into a user-facing share card Allowing user-initiated export of those metrics via the standard iOS share flow Are there any additional privacy requirements, entitlement constraints, or App Review considerations we should be aware of when implementing this? Thanks in advance for any guidance.

Hi! We’ve had Live Caller ID Lookup in production for a while. We’re seeing backend RPS on our /queries endpoint much higher than our expected incoming call volume. While testing with Console.app during an incoming call, it looks like iOS may still hit our service even when the caller number is already in the user’s Contacts - but I’m not 100% sure from logs alone. Can you confirm: Does iOS invoke Live Caller ID Lookup (i.e. call /queries) for every incoming call, including calls from saved Contacts? If yes, is this simply expected framework behavior? Thanks!

We are experiencing an issue where Apple’s CDN is not fetching the updated apple-app-site-association (AASA) file correctly for our domain. Domain - app.myloft-stage.com AASA File Locations (Both Return Correct JSON): https://app.myloft-stage.com/.well-known/apple-app-site-association https://app.myloft-stage.com/apple-app-site-association Both endpoints: Return HTTP 200 Return valid JSON Content-Type: application/json No redirects Valid SSL certificate JSON validated and correctly formatted Apple CDN URL - https://app-site-association.cdn-apple.com/a/v1/app.myloft-stage.com Error Returned by Apple CDN - {"cause":"invalid character '\u003c' looking for beginning of value"} This error indicates that Apple CDN is receiving HTML content (starting with <) instead of JSON, even though the origin server returns proper JSON. Observations : Direct access to AASA file returns correct JSON. Apple CDN appears to be caching an older or incorrect response. The CDN response does not match the current server response. Universal Links fail due to this incorrect AASA retrieval.

We are operating an application that uses WeatherKit. Despite revoking a specific WeatherKit key on the Apple Developer website, the number of API calls associated with that key continues to increase. We are looking for a way to completely disable this particular key. Any advice or suggestions would be greatly appreciated.

Hi all, From what I’ve seen on forums and other sources, it appears that nothing can be done to set the contact poster programmatically. Setting the imageData property affects only the thumbnail image. Does anyone know if this is explicitly documented somewhere? I need this information for a POC document. I watched the iOS 17 keynote (where it was introduced), the Platform State of Union, and other WWDC videos, but I couldn’t find any mention of it. The Contacts framework documentation only explains what can be retrieved from this property and doesn’t mention any way to set the contact poster. If anyone has any information on this, please help! Thanks in advance!

I’m configuring App Clip launch behavior and would appreciate some clarification. In my setup, the App Clip launch URL is the same as the deep link used to open the full app. Both are configured in the Apple App Site Association (AASA) file. Observed behavior: Scanning a QR code with this URL correctly launches the App Clip. Tapping the same URL when it’s shared (for example, via Messages) launches the full app via the deep link instead of the App Clip experience. I’m reviewing the documentation here: https://developer.apple.com/documentation/appclip/configuring-the-launch-experience-of-your-app-clip#Choose-App-Clip-experiences-you-want-to-support The table mentions that an App Clip can be invoked via “A shared link to an App Clip in the Messages app.” However, when I tap the shared link in Messages, the deep link experience is triggered instead of the App Clip. My questions are: Is this behavior expected when the App Clip URL and the app’s deep link URL are the same? Does launching an App Clip from a shared Messages link require a distinct URL or additional configuration beyond what’s in the AASA file? Are there specific constraints or priorities between universal links for the full app and App Clip invocation in this scenario? Any clarification or guidance would be greatly appreciated. Thank you.

Hello, I’m developing a third-party VoIP app called Heyno and trying to support Siri-initiated calls so they behave like WhatsApp / FaceTime, especially from the lock screen. Target behavior From the locked device, the user says: “Hey Siri, call <contact> using Heyno” Expected result: • System CallKit audio-call UI appears. • No “continue in ” sheet, no forced unlock or foregrounding. • Our app handles the VoIP leg in the background via CXProviderDelegate. WhatsApp already does this with: “Hey Siri, call <contact> on WhatsApp” I’m trying to reproduce that behavior for Heyno using public APIs. I have followed the SiriKit + CallKit VoIP docs but cannot get a clean Siri → CallKit → app flow from the lock screen without either: Being forced into .continueInApp (unlock + foreground), or Hitting CallKit transaction errors when starting the call from the app in response to the intent. Current implementation Intents extension (INStartCallIntentHandling) • resolveContacts(for:with:) normalizes to E.164 and returns INPersonResolutionResult.success. • resolveDestinationType → .success(.normal). • resolveCallCapability → .success(.audioCall). Confirm / handle currently: func confirm(intent: INStartCallIntent, completion: @escaping (INStartCallIntentResponse) -> Void) { completion(INStartCallIntentResponse(code: .ready, userActivity: nil)) } func handle(intent: INStartCallIntent, completion: @escaping (INStartCallIntentResponse) -> Void) { completion(INStartCallIntentResponse(code: .ready, userActivity: nil)) } Earlier, I used .continueInApp with an NSUserActivity carrying the normalized number and metadata, but that always produced a “Continue in Heyno” sheet that requires unlock and foreground, which breaks the lock-screen Siri flow. App target – CallKit provider In the app I have CXProvider + CXProviderDelegate, which work correctly when calls are initiated from inside the app: func provider(_ provider: CXProvider, perform action: CXStartCallAction) { let handle = action.handle.value // Start VoIP / WebRTC / LiveKit / Asterisk call here provider.reportOutgoingCall(with: action.callUUID, startedConnectingAt: Date()) provider.reportOutgoingCall(with: action.callUUID, connectedAt: Date()) action.fulfill() } If I construct a CXStartCallAction and submit it via CXCallController.request(...) from the app, CallKit UI appears and our pipeline runs correctly. What I tried and what fails Starting CallKit from the Intents extension Calling CXCallController.request(...) directly from handle(intent:completion:) in the extension always yields: com.apple.CallKit.error.requesttransaction error 1 (unentitled) The extension does not have the CallKit entitlement, and the docs say not to initiate calls from the extension, so this path seems unsupported. Using .continueInApp + NSUserActivity Pattern: • handle(intent:) builds NSUserActivity (activityType = NSStringFromClass(INStartCallIntent.self), title = "Heyno Start Call", userInfo with E.164 handle, etc.). • Returns INStartCallIntentResponse(code: .continueInApp, userActivity: activity). • App receives the activity, then starts CallKit + VoIP. Functionally this works, but iOS always requires unlock + foreground (“Continue in Heyno”), which is not acceptable for a Siri lock-screen call. App group + Darwin notification (extension → app → CallKit) Experiment: • Extension writes the normalized number into an app-group UserDefaults. • Extension posts a Darwin notification. • App (if running) listens, reads the number, and initiates CXStartCallAction + VoIP. Observed: • Works only when the app is already running in the background; a killed app is not woken. • In some states I see CXErrorCodeRequestTransactionError.invalidAction (error 6) if I try to issue a CXStartCallAction while CallKit is already doing something as part of the Siri flow. • Siri sometimes replies “There was a problem with the app,” likely because CallKit rejects the transaction or sees duplicate/conflicting actions. My understanding so far • The Intents extension should resolve/confirm the intent but not start the call. • The source of truth for starting a call should be: Siri → CallKit → app’s CXProviderDelegate.provider(_:perform: CXStartCallAction) • The app then starts the VoIP leg, reports started/connected, and fulfills. Where I am stuck What is not clear is how Siri is supposed to route an INStartCallIntent into CallKit for a third-party VoIP app on a locked device without using .continueInApp. If my extension simply: • resolves the contact, • confirm → .ready, • handle → .ready (no NSUserActivity, no CallKit), I do not see a documented mechanism that causes: “Hey Siri, call <contact> using Heyno” on the lock screen to: • Present a CallKit audio call bound to Heyno, and • Deliver CXStartCallAction to my CXProviderDelegate while the app stays in the background. Questions For third-party VoIP apps today, is it recommended to implement INStartCallIntentHandling at all, or should we rely only on CallKit registration and Siri’s built-in support for “Call with ” (no SiriKit extension)? If an INStartCallIntentHandling extension is still the intended pattern: • Should confirm/handle simply return .ready and never start CallKit or set NSUserActivity? • In that case, is Siri expected to invoke CallKit on our behalf and create a CXStartCallAction targeting our provider, even when the device is locked and the app is not foreground? Is there any supported way for a Siri-triggered third-party VoIP call to start from the lock screen via CallKit without: • using .continueInApp (unlock + foreground), and • starting CallKit directly from the Intents extension (unentitled)? Is there any additional configuration, entitlement, provisioning profile flag, or Info.plist key required so that Siri can map “Call using Heyno” directly to our CallKit provider and background VoIP implementation? Current options: • .continueInApp + NSUserActivity → works, but always requires unlock + app UI. • Start CallKit from the extension → fails with “unentitled” and appears unsupported. • Extension → app-group + notification → app → CallKit → VoIP → fragile, with intermittent CXErrorCodeRequestTransactionError.invalidAction. • Remove the extension and hope Siri/CallKit auto-routes to our provider → unclear if this is supported for third-party VoIP apps or reserved for privileged apps. I would appreciate guidance on the intended architecture for this scenario, and whether the “Siri from lock screen → CallKit UI → background VoIP call” flow is achievable for an App Store VoIP app like Heyno using public APIs only.

We’re seeing unexpected NFC behavior once our app has 50+ Advanced App Clips created. Expected: Scanning an NFC tag with a URL that is NOT an App Clip invocation should show the standard “Open in Safari” notification. Actual: After we create ~50+ Advanced App Clips, scanning NFC tags for URLs on the same domain that are not associated with App Clips consistently shows “CPSErrorDomain error 2” instead of the Safari prompt.
 QR codes for the same non–App Clip URLs work as expected (shows Safari prompt). Clearing the App Clips “Experience Cache” sometimes helps briefly, but the error returns on consequent scans. Notes: Domain has valid AASA. App Clip invocation URLs work as expected.
 The issue appears tied to the number of Advanced App Clips configured. Below ~50, non–App Clip NFC scans behave correctly; above that, they fail.
 Affected across multiple devices and iOS versions tested. Repro steps: Configure 50+ Advanced App Clips for paths on a single domain.
 Encode a different URL on the same domain that is NOT listed as an App Clip invocation into an NFC tag.
 Scan the NFC tag on iPhone.
 Observe “CPSErrorDomain error 2” instead of the “Open in Safari” notification. Impact: blocks our NFC use case for regular web links once we scale App Clip experiences. Sysdiagnose #: FB20563121