I've understood that SwiftData is not abled to share the whole content of a cloudkit database. So I'm trying to rewrite everything. Does someone knows id Sharing is coming on SwiftData at WWDC 26? Anyway, can someone can point me an example a a configured coredata stack that share all its content with other icloud users (with sharing pane and accept invitation code). At this step, on the owner side, I see some data in the default zone of my private container but nothing is visible on the shared zone. Maybe I don't understand where and when I should check shared data in cloudkit console. Need Help also here. See below by configuration stack: // Core Data container public lazy var container: NSPersistentContainer = { switch delegate.usage() { case .preview : return previewContainer() case .local : return localContainer() case .cloudKit : return cloudKitContainer() } }() private func cloudKitContainer() -> NSPersistentContainer { let modelURL = delegate.modelURL() let modelName = modelURL.deletingPathExtension().lastPathComponent guard let model = NSManagedObjectModel(contentsOf: modelURL) else { fatalError("Could not load Core Data model from \(modelURL)") } let container = NSPersistentCloudKitContainer( name: modelName, managedObjectModel: model ) let groupIdentifier = AppManager.shared.groupIdentifier guard let appGroupURL = FileManager.default.containerURL ( forSecurityApplicationGroupIdentifier: groupIdentifier ) else { fatalError("App Group not found: \(groupIdentifier)") } // MARK: - Private Store Configuration let privateStoreURL = appGroupURL.appendingPathComponent("\(modelName).sqlite") let privateStoreDescription = NSPersistentStoreDescription(url: privateStoreURL) // Persistent history tracking (MANDATORY) privateStoreDescription.setOption(true as NSNumber, forKey: NSPersistentHistoryTrackingKey) privateStoreDescription.setOption(true as NSNumber, forKey: NSPersistentStoreRemoteChangeNotificationPostOptionKey) // CloudKit options for private database // Core Data automatically uses the default zone: com.apple.coredata.cloudkit.zone let privateCloudKitOptions = NSPersistentCloudKitContainerOptions(containerIdentifier: delegate.cloudKitIdentifier()) privateCloudKitOptions.databaseScope = .private privateStoreDescription.cloudKitContainerOptions = privateCloudKitOptions // MARK: - Shared Store Configuration guard let sharedStoreDescription = privateStoreDescription.copy() as? NSPersistentStoreDescription else { fatalError("Create shareDesc error") } // The shared store receives zones that others share with us via CloudKit's shared database sharedStoreDescription.url = appGroupURL.appendingPathComponent("\(modelName)-shared.sqlite") // Persistent history tracking (MANDATORY) sharedStoreDescription.setOption(true as NSNumber, forKey: NSPersistentHistoryTrackingKey) sharedStoreDescription.setOption(true as NSNumber, forKey: NSPersistentStoreRemoteChangeNotificationPostOptionKey) // CloudKit options for shared database // This syncs data from CloudKit shared zones when we accept share invitations let sharedCloudKitOptions = NSPersistentCloudKitContainerOptions(containerIdentifier: delegate.cloudKitIdentifier()) sharedCloudKitOptions.databaseScope = .shared sharedStoreDescription.cloudKitContainerOptions = sharedCloudKitOptions // Configure both stores // Private store: com.apple.coredata.cloudkit.zone in private database // Shared store: Receives shared zones we're invited to container.persistentStoreDescriptions = [privateStoreDescription, sharedStoreDescription] container.loadPersistentStores { storeDescription, error in if let error = error as NSError? { fatalError("DB init error:\(error.localizedDescription)") } else if let cloudKitContiainerOptions = storeDescription.cloudKitContainerOptions { switch cloudKitContiainerOptions.databaseScope { case .private: self._privatePersistentStore = container.persistentStoreCoordinator.persistentStore(for: privateStoreDescription.url!) case .shared: self._sharedPersistentStore = container.persistentStoreCoordinator.persistentStore(for: sharedStoreDescription.url!) default: break } } let scope = storeDescription.cloudKitContainerOptions?.databaseScope == .shared ? "shared" : "private" print("✅ \(scope) store loaded at: \(storeDescription.url?.path ?? "unknown")") } // Auto-merge container.viewContext.automaticallyMergesChangesFromParent = true container.viewContext.mergePolicy = NSMergeByPropertyObjectTrumpMergePolicy do { try container.viewContext.setQueryGenerationFrom(.current) } catch { fatalError("Fail to pin viewContext to the current generation:\(error)") } return container }

When I tap on one of the buttons in the ShieldAction extension I want to close the shield and open the parent app instead of the shielded app. Is there any way of doing this using the Screen Time API? class ShieldActionExtension: ShieldActionDelegate {      override func handle(action: ShieldAction, for application: ApplicationToken, completionHandler: @escaping (ShieldActionResponse) -> Void) {     // Handle the action as needed.           let store = ManagedSettingsStore()               switch action {     case .primaryButtonPressed:       //TODO - open parent app       completionHandler(.defer)     case .secondaryButtonPressed:       //remove shield       store.shield.applications?.remove(application)       completionHandler(.defer)         @unknown default:       fatalError()     }   }   }

Environment: iOS 26.4 beta Xcode 26.4 beta Framework: AccessoryNotifications, AccessorySetupKit, AccessoryTransportExtension Description: I'm implementing notification forwarding to a custom BLE accessory using the new AccessoryNotifications framework in iOS 26.4. I've set up an AccessoryDataProvider extension following the documentation, but I'm unclear about how the data is actually transmitted to the BLE accessory. Current Implementation: Main App - Uses AccessorySetupKit to discover and pair accessories: let descriptor = ASDiscoveryDescriptor() descriptor.bluetoothServiceUUID = CBUUID(string: "FEE0") let displayItem = ASPickerDisplayItem( name: "Notification Accessory", productImage: UIImage(systemName: "applewatch")!, descriptor: descriptor ) accessorySession.showPicker(for: [displayItem]) { error in // Handle error } AccessoryDataProvider Extension - Implements NotificationsForwarding.AccessoryNotificationsHandler: @main struct AccessoryDataProvider: AccessoryTransportExtension.AccessoryDataProvider { @AppExtensionPoint.Bind static var boundExtensionPoint: AppExtensionPoint { Identifier("com.apple.accessory-data-provider") Implementing { AccessoryNotifications.NotificationsForwarding { NotificationHandler() } } } } // NotificationHandler sends messages via: let message = AccessoryMessage { AccessoryMessage.Payload(transport: .bluetooth, data: data) } try await session?.sendMessage(message) Info.plist Configuration: EXExtensionPointIdentifier com.apple.accessory-data-provider NSAccessorySetupBluetoothServices FEE0 Questions: What BLE Service and Characteristic should the accessory advertise? - The documentation mentions specifying transport: .bluetooth, but doesn't explain what Service/Characteristic the accessory needs to implement to receive the notification data. 2. How does AccessoryMessage with transport: .bluetooth actually transmit data? - Is there a specific Apple-defined BLE protocol? - Does the accessory need to run specific firmware or support a particular protocol stack? 3. Is there any documentation about the accessory-side implementation? - The iOS-side documentation is clear, but I couldn't find information about what the BLE peripheral needs to implement. 4. Is MFi certification required for the accessory? - The documentation doesn't explicitly mention MFi, but it's unclear if custom third-party accessories can use this framework. Any guidance on how the BLE communication works under the hood would be greatly appreciated.

I'm using NEPacketTunnelProvider to intercept DNS queries, forward them upstream, and inject the responses back via writePacketObjects(). This works correctly for responses under ~500 bytes. For larger responses (~893 bytes, e.g. DNS CERT records), writePacketObjects() returns without error but mDNSResponder never receives the packet — it retries 3–4 times and then times out. What I have verified: IP and UDP checksums are correct UDP length and IP total length fields are correct Maximum packet size (MTU) set to 1500 in NEIPv4Settings/NEIPv6Settings Approaches tried: Injecting the full 921-byte packet — writePacketObjects() succeeds but the packet never reaches mDNSResponder IP-level fragmentation — fragments appear to be silently dropped Setting the TC (truncation) bit — mDNSResponder does not retry over TCP Truncating the response to ≤512 bytes — the packet arrives but the data is incomplete Questions: Is there a supported way to deliver a DNS response larger than 512 bytes through NEPacketTunnelFlow? Does NEPacketTunnelProvider impose an undocumented packet size limit below the configured MTU? Does mDNSResponder silently discard responses larger than 512 bytes when the original query had no EDNS0 OPT record? Is there a way to signal that larger responses are supported? Are IP-level fragments reliably delivered through writePacketObjects()? Tested on iOS 26.3, physical device.

We have an iOS/iPadOS (mixed use of UIKit/SwiftUI) app on the App Store since a couple of years. Over the last month or so, we are receiving many user reports complaining about app freezing and behaving very bad generally. The common denominator for all of these users (~10) is that they are using iPad Pro M4, 13 inch, and they are on at least iPadOS 26.2 - some have updated to 26.2.1, 26.3 etc but the problems remain. Some of the users say that they were using our app normally, until the release of 26.2, or perhaps 26.2.1, from when the problems seem to have started. Some report the problems that go away when they "use another WiFi", or when they hold the device in portrait mode (it seems that many complaints seem to suggest that the problem is in when holding the device in landscape). Other say the app works fine if they start it without network enabled, and after enabling network, continue in the app. While we currently do not have an iPad Pro M4 13 inch to test with, we haven't been able to reproduce the problem on any other device. We haven't heard of any similar problems from users of other devices. While we have no idea what is causing these problems, my feeling is that there might be a possibility that there is some kind of problem with iPad Pro M4 and the recent iPadOS versions. Just reaching out to see if anyone else have seen anything similar.

Hello Apple Developer Technical Support Team, I’m working on an iOS banking/security SDK and we’re trying to match an Android feature that reads payment cards via NFC (EMV). On Android, this is implemented using an NFC scanning screen (e.g., “NfcScanActivity”) that can read EMV data from contactless credit/debit cards. Could you please clarify the current iOS capabilities and App Store policy around this? On iOS, is it currently possible for a third-party App Store app to read contactless credit/debit cards using Core NFC (i.e., accessing EMV application data/AIDs from payment cards)? If this is possible, what are the supported APIs/frameworks and any entitlement requirements (if applicable)? If this is not possible for App Store apps, could you recommend the closest acceptable alternatives for achieving a similar user outcome? For example: Using Apple Pay / PassKit flows for payment-related experiences Card scanning alternatives (camera-based OCR) for capturing card details (if allowed) Using an external certified card reader accessory (MFi) and required approach/entitlements Any other Apple-recommended approach for “card verification / identification” without reading EMV NFC data Our goal is not to bypass security restrictions, but to provide a compliant solution on iOS comparable to Android’s NFC-based card reading, or to adopt an Apple-approved alternative if direct EMV reading is not supported. If helpful, I can share a brief technical summary of the Android behavior and the exact data we need to obtain (e.g., whether it’s card presence verification vs. reading specific EMV tags). Thank you for your guidance. Best regards, Anis

Hello Apple Developer Technical Support Team, I’m working on an iOS banking/security SDK and we’re trying to match an Android feature that reads payment cards via NFC (EMV). On Android, this is implemented using an NFC scanning screen (e.g., “NfcScanActivity”) that can read EMV data from contactless credit/debit cards. Could you please clarify the current iOS capabilities and App Store policy around this? On iOS, is it currently possible for a third-party App Store app to read contactless credit/debit cards using Core NFC (i.e., accessing EMV application data/AIDs from payment cards)? If this is possible, what are the supported APIs/frameworks and any entitlement requirements (if applicable)? If this is not possible for App Store apps, could you recommend the closest acceptable alternatives for achieving a similar user outcome? For example: Using Apple Pay / PassKit flows for payment-related experiences Card scanning alternatives (camera-based OCR) for capturing card details (if allowed) Using an external certified card reader accessory (MFi) and required approach/entitlements Any other Apple-recommended approach for “card verification / identification” without reading EMV NFC data Our goal is not to bypass security restrictions, but to provide a compliant solution on iOS comparable to Android’s NFC-based card reading, or to adopt an Apple-approved alternative if direct EMV reading is not supported. If helpful, I can share a brief technical summary of the Android behavior and the exact data we need to obtain (e.g., whether it’s card presence verification vs. reading specific EMV tags). Thank you for your guidance. Best regards, Imran

Rosetta 2 Deadlock on M4 Pro January 2026 Blizzard update causes a deadlock in Rosetta 2 on M4 chips. CodeWeavers (the developer of CrossOver) has analyzed the issue and identified it as a Rosetta translation failure, not a CrossOver application-level bug. Hardware: M4 Pro Mac Book Pro System: Tahoe 26.2 Impacted Software: CrossOver 25.1.1 Diablo II: Resurrected

Hi, In my app, I have an option to remove a contact from a contact group (using the Contacts framework), and it's been working fine till recently users of the macOS version reported that it's not working. I have been using the CNSaveRequest removeMember(contact, from: group) API. The same API works fine on iOS. I'm not sure when it started but it seems to be affecting macOS14.6 as well as 15.1. I was able to reproduce it in a small test project as well, and have the same experience (the API works on iOS but not on macOS), so it definitely seems like a problem with the framework. Can someone confirm this, and/or suggest a workaround? Here's the code I run to test it out ...a simple SwiftUI view that has 4 buttons: Create contact and group Add contact to group Remove contact from group (optional) cleanup by deleting contact and group It's the 3rd step that seems to fail on macOS, but works fine on iOS. Here's the code to test it out: struct ContentView: View { let contactsModel = ContactsStoreModel() var body: some View { VStack (alignment: .center, spacing: 15){ Button ("1. Add Contact And Group") { print("add contact button pressed") contactsModel.addTestContact() if let _ = contactsModel.createdContact { print("created contact success") } } Button ("2. Add Contact To Group") { print("add to group button pressed") contactsModel.addContactToGroup() } Button ("3. Remove Contact From Group") { print("remove from group button pressed") contactsModel.removeContactFromGroup() } Button ("4. Delete Contact and Group") { print("remove from group button pressed") contactsModel.deleteContactAndGroup() } } .padding() } } #Preview { ContentView() } @available(iOS 13.0, *) @objc final class ContactsStoreModel: NSObject, ObservableObject { let contactStore = CNContactStore() var createdContact : CNContact? var createdGroup : CNGroup? public func addTestContact() { let storeContainer = contactStore.defaultContainerIdentifier() let contact = CNMutableContact() contact.givenName = "Testing" contact.familyName = "User" contact.phoneNumbers = [CNLabeledValue(label: "Cell", value: CNPhoneNumber(stringValue: "1234567890"))] let group = CNMutableGroup() group.name = "Testing Group" print("create contact id = \(contact.identifier)") print("create group id = \(group.identifier)") do { let saveRequest = CNSaveRequest() saveRequest.transactionAuthor = "TestApp" saveRequest.add(contact, toContainerWithIdentifier: storeContainer) saveRequest.add(group, toContainerWithIdentifier: storeContainer) try contactStore.execute(saveRequest) createdContact = contact createdGroup = group } catch { print("error in store execute = \(error)") } } public func addContactToGroup() { if let contact = createdContact, let group = createdGroup { do { let saveRequest = CNSaveRequest() saveRequest.transactionAuthor = "TestApp" saveRequest.addMember(contact, to: group) try contactStore.execute(saveRequest) } catch { print("error in store execute = \(error)") } } } public func removeContactFromGroup() { if let contact = createdContact, let group = createdGroup { do { let saveRequest = CNSaveRequest() saveRequest.transactionAuthor = "TestApp" saveRequest.removeMember(contact, from: group) try contactStore.execute(saveRequest) } catch { print("error in store execute = \(error)") } } } public func addGroupAndContact() { let storeContainer = contactStore.defaultContainerIdentifier() let group = CNMutableGroup() group.name = "Test Group" print("create group id = \(group.identifier)") if let contact = createdContact { do { let saveRequest = CNSaveRequest() saveRequest.transactionAuthor = "TestApp" saveRequest.add(group, toContainerWithIdentifier: storeContainer) saveRequest.addMember(contact, to: group) try contactStore.execute(saveRequest) createdGroup = group } catch { print("error in store execute = \(error)") } } } public func deleteContactAndGroup() { if let contact = createdContact, let group = createdGroup { do { let mutableGroup = group.mutableCopy() as! CNMutableGroup let mutableContact = contact.mutableCopy() as! CNMutableContact let saveRequest = CNSaveRequest() saveRequest.transactionAuthor = "TestApp" saveRequest.delete(mutableContact) saveRequest.delete(mutableGroup) try contactStore.execute(saveRequest) } catch { print("error in deleting store execute = \(error)") } } } }

We are operating an application that uses WeatherKit. Despite revoking a specific WeatherKit key on the Apple Developer website, the number of API calls associated with that key continues to increase. We are looking for a way to completely disable this particular key. Any advice or suggestions would be greatly appreciated.

Several of my users are reporting on at lest recent and current versions of iOS the value from one characteristic can be swapped with another. Originally I thought this was a library issue but it doesn't happen on Android and now a user with two iPhones using the exact same app and iOS 26.3 on both has the issue on one phone but not the other. I've gone into more detail here which also includes a little data dumping to prove the values between characteristics can be mixed up. https://github.com/dotintent/react-native-ble-plx/issues/1316 One user reported cycling Bluetooth on/off fixed the issue but the latest user says it does not. For the peripheral the services can only change if the device enters firmware update mode (in which case the service UUID is different). Otherwise the characteristics on a service never change. This would make it a strange one to be caching related since the cache should always be correct.

<Apple Developer Program许可协议>已更新并需要查阅。若要更新现有App和提交新 App，账户持有人必须登录账户，查看并接受更新后的协议。 apple 会费到期 续费以后 无法获取app内购数据，经排查可能是这个协议没有签署，签署后多久可以重新获取到app内购数据。

We are getting vulnerabilities for passkit generator, used for apple wallet creation. Could you please suggest how to resolve this issue In our system we updated MIME with latest version but passkit is referring older version 1.4.1 npm audit report mime <1.4.1 Severity: high mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input - https://github.com/advisories/GHSA-wrvr-8mpx-r7pp No fix available node_modules/mime passkit * Depends on vulnerable versions of mime node_modules/passkit 2 high severity vulnerabilities Some issues need review, and may require choosing a different dependency.

I'm trying to understand the terminology around forward vs backward references in CloudKit. Say I have two record types: User LeaderboardScore (a score belongs to a user) The score record stores a user reference: score["user"] = CKRecord.Reference( recordID: userRecordID, action: .deleteSelf ) So: LeaderboardScore → User The user record does not store any references to scores From a data-model perspective: Is this considered a forward reference (child → parent)? Or a back reference, since the score is "pointing back" to its owner? My use case is having leaderboard in my app and so i have created a user table to store all the users and a score table for saving the scores of each user of the app.

Hello, We're seeing a high rate of providerDidReset callbacks in production across a large user base (iOS 16, 17, 18, and 26). I'd like to understand both the correct way to handle this delegate method and strategies to reduce its frequency. Background The callback occurs across all iOS versions we support and is not isolated to a specific device or region. The callback can occur in any app state (foreground, background, inactive), however it is most dominant in the background state — particularly during VoIP push notification handling. The callback is more prevalent during long app sessions — for example, when the app has been running continuously for a day or overnight. We do not call CXProvider.invalidate() anywhere in our codebase explicitly. After providerDidReset fires, subsequent transactions fail with CXErrorCodeRequestTransactionErrorUnknownCallUUID (error code 4). Re-initializing the provider via initializeProvider() resolves this error. Our Implementation We use a singleton proxy class (CallKitProxy) that owns the CXProvider. Below is a simplified version — some logging and non-essential parts have been removed for brevity. @objcMembers public final class CallKitProxy: NSObject { private var cxProvider: CXProvider? private let cxCallController: CXCallController private let cxCallObserver: CXCallObserver private override init() { cxCallObserver = CXCallObserver() cxCallController = CXCallController() super.init() initializeProvider() cxCallObserver.setDelegate(self, queue: nil) } private func initializeProvider() { let configuration = providerConfiguration() cxProvider = CXProvider(configuration: configuration) cxProvider?.setDelegate(self, queue: nil) } private func providerConfiguration() -> CXProviderConfiguration { let soundName = SharedUDHelper.shared.string(forKey: .pushNotificationSoundNameForCall) let sound = CallNotificationSounds(name: soundName ?? "ringtoneDefault") let configuration = CXProviderConfiguration() configuration.supportsVideo = true configuration.maximumCallsPerCallGroup = 1 configuration.maximumCallGroups = 1 configuration.supportedHandleTypes = [.phoneNumber, .generic] configuration.iconTemplateImageData = UIImage( named: "callkit_mask", in: .main, compatibleWith: nil )?.pngData() configuration.ringtoneSound = sound.name return configuration } public func requestTransaction( action: CXCallAction, completion: @escaping (Error?) -> Void ) { let transaction = CXTransaction(action: action) cxCallController.request(transaction) { error in completion(error) } } } extension CallKitProxy: CXProviderDelegate { public func providerDidReset(_ provider: CXProvider) { // End any active calls, then re-initialize the provider initializeProvider() } } Questions 1. Is re-initializing the provider inside providerDidReset the correct approach? The documentation states that providerDidReset signals the provider has been reset and all calls should be considered terminated. Should we be calling CXProvider.invalidate() on the old instance before creating a new one? Or is assigning a new CXProvider to cxProvider (which releases the old instance) sufficient? 2. What could be causing providerDidReset to fire so frequently, and how can we reduce it? We're particularly concerned about cases triggered during VoIP push handling in the background and inactive states. Are there known conditions — such as provider configuration changes, app lifecycle events, or system memory pressure — that commonly trigger this callback? And are there any recommended patterns to make the provider more resilient in these scenarios? Thank you.

Hi, I am submitting auto-renewable subscriptions for the first time for a brand new iOS app (never approved before). Setup: App ID has In-App Purchase capability enabled Subscriptions created under a subscription group All metadata (pricing, localization, availability) completed Subscriptions currently show In Review Testing via TestFlight build Bundle ID matches App Store Connect Using react-native-iap (StoreKit under the hood) When calling: await getSubscriptions({ skus }) I consistently get: products fetched: 0 ProductsUnavailableError Also, the app version page does not show the “In-App Purchases and Subscriptions” section. Question: For a brand new app, will StoreKit return empty products while the first subscriptions are in review? Do the first subscriptions need to be approved and/or attached to a new app version before they become available in TestFlight sandbox? Thanks for any clarification.

Description: I am developing a digital well-being application using the Screen Time API (FamilyControls, ManagedSettings, and DeviceActivity). I am encountering a critical issue where the ApplicationToken provided by the system to my app extensions suddenly changes, causing a mismatch with the tokens originally stored by the main application. The Problem: When a user selects applications via FamilyActivityPicker, we persist the FamilyActivitySelection (and the underlying ApplicationToken objects) in a shared App Group container. However, we are seeing frequent cases where the token passed into: ShieldConfigurationDataSource.configuration(shielding:in:) ShieldActionDelegate.handle(action:for:completionHandler:) ...does not match (using ==) any of the tokens previously selected and stored. IOS version: 26.2.1

While the recent news says "Developers who are distributing apps in Brazil can use the updated Declared Age Range API to obtain a user’s age category.", the guidance in the API did not mention Brazil. Can we confirm that Should all iOS developers follow that guidance for Brazil compliance? Will IsEligibleForAgeFeatures return true for in scope users in Brazil? (We don't have any explicit confirmation on this, and we cannot test if this is the case today in sandbox)

Hi! We’ve had Live Caller ID Lookup in production for a while. We’re seeing backend RPS on our /queries endpoint much higher than our expected incoming call volume. While testing with Console.app during an incoming call, it looks like iOS may still hit our service even when the caller number is already in the user’s Contacts - but I’m not 100% sure from logs alone. Can you confirm: Does iOS invoke Live Caller ID Lookup (i.e. call /queries) for every incoming call, including calls from saved Contacts? If yes, is this simply expected framework behavior? Thanks!

From the Feb 24 news, I understand that for all Apple users in Brazil with iOS26.2 and newer, isEligibleForAgeFeatures will eventually return true. Brazil is a "nonregulated region", and developers will need to handle all three situations of ask first/always share/never share. Please correct me if I'm wrong above. A few questions follow on the eligibility check: What's the return value of IsEligibleForAgeFeatures for a Brazilian user who has NOT touched the age range feature at all, thus hasn't picked one of the three options? How can we test these cases? From the updated sandbox doc, there's more information on declined/approved, will those the same behaviors as a future Brazilian user? The doc used to say Texas, now it doesn't say any region. On which date will Apple START to return true for IsEligibleForAgeFeatures for Brazilian users? I cannot find the exact date anywhere. Will ALL of Brazil return true overnight, or is there some ramp up that developers need to be aware of? Thanks a lot for sharing the guidance, and thanks in advance for more guidance to come!