I've completed the setup required for in-app push provisioning on the iOS platform. Encountering an issue at the completion handler step while sending data back to the PassKit framework. The delegate method used is: func addPaymentPassViewController(completionHandler handler: @escaping (PKAddPaymentPassRequest) -> Void) The error observed is: Error Domain=PKPassKitErrorDomainCode=2 which is PKUnsupportedVersionError The device used for testing is running iOS version 17.4.1.

Hello, I am building a pretty large database (~40MB) to be used in my SwiftData iOS app as read-only. While inserting and updating the data, I noticed a substantial increase in size (+ ~10MB). A little digging pointed to ACHANGE and ATRANSACTION tables that apparently are dealing with Persistent History Tracking. While I do appreciate the benefits of that, I prefer to save space. Could you please point me in the right direction?

works perfectly on android but doesn't work at all on IOS and i have used the same bundle id and product ids on both stores. The error that i get on IOS is : "IAP initialization failed: NoProductsAvailable - No Product returned from store" Here are the things that i've done: Created an App ID on the apple developer portal with the correct capabilities I have enabled the correct capabilities on the xcode project Unity Framework is embed and signed, Storekit (do not embed) In singin and capabilities in-app purchases is there I am using testflight to submit the app with a distribution certificate that appears to be valid I've checked the the bundle identifier and it's the same everywhere (unity project, xcode project, App ID) All of the products are cleared for sale and are in the status "ready to submit" I always uninstall the old app version before testing the new one My banking updates are still processing does this effect TestFlight IAP Paid Apps Agreement is in Pending User Info state does this effect also I still haven't filled out the tax forms, so I'm wondering if I need to complete them before my app's in-app purchases (IAPs) work in TestFlight.

Hello everyone, Our team is currently developing an iOS application requiring real-time audio communication and evaluating the most suitable frameworks. Options include CallKit, custom solutions using AVAudioEngine/Audio Units, and the PushToTalk framework. Regarding the PushToTalk framework, we have some questions about its core design and capabilities that we'd appreciate clarification on from the community or Apple engineers. Based on the PushToTalk framework documentation, its API design (e.g., methods like requestBeginTransmission, endTransmission which imply explicitly requesting transmission rights), and its system UI integration, it strongly appears oriented towards half-duplex communication scenarios, similar to traditional walkie-talkies where only one participant transmits audio at a time. Is this understanding accurate? Is the PushToTalk framework's design strictly limited to managing half-duplex audio interactions? Or, does the framework itself also provide built-in mechanisms or APIs to manage simultaneous, bi-directional (full-duplex) audio streaming between participants? To be clear, we are asking about the inherent capabilities of the PushToTalk framework itself. We understand it's possible to use PushToTalk for signaling and UI management, and separately implement the actual full-duplex audio stream using AVAudioEngine or other audio APIs. However, we want to confirm if the framework itself is designed to support or simplify full-duplex audio communication. Have other developers investigated the specific limitations or capabilities of the PushToTalk framework regarding audio transmission modes (half-duplex vs. full-duplex)? Are there any official documentation references or WWDC sessions that explicitly clarify the framework's support (or lack thereof) for full-duplex operation? If PushToTalk is indeed limited to half-duplex, what are the generally accepted best practices for apps requiring full-duplex calls – transitioning directly to CallKit (where applicable) or building custom audio processing pipelines? Clarifying this point is crucial for us to select the correct technology stack for our application. Any relevant insights, documentation pointers, or shared development experiences would be greatly appreciated. Thank you for your help!

On a device with approx 800 contacts, the sheet presented when tapping ContactAccessButton with multiple matches briefly appears (.25 seconds) before disappearing, leaving the view below in a dimmed, slightly zoomed out, non-interactive state as if a sheet were being presented. Swiping down dismisses the invisible sheet returns the underlying view to a normal state. Is there a way to avoid this? It appears possibly similar to https://developer.apple.com/forums/thread/762077 Logs (exact duplicates removed) #ContactsButton response after touch -- Should show UI LaunchServices: store (null) or url (null) was nil: Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} Attempt to map database failed: permission was denied. This attempt will not be retried. Failed to initialize client context with error Error Domain=NSOSStatusErrorDomain Code=-54 "process may not map database" UserInfo={NSDebugDescription=process may not map database, _LSLine=72, _LSFunction=_LSServer_GetServerStoreForConnectionWithCompletionHandler} Error returned from iconservicesagent image request: <ISBundleIdentifierIcon: 0x11c0378c0> BundleID: (null) digest: 7749FEEE-F663-39B4-AD68-A18CFF762CCC - <ISImageDescriptor: 0x111cfeb20> - (64.00, 64.00)@2x v:4 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: DF83A970-D4C9-3D90-BB7D-0BC21FC22E03 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} Error returned from iconservicesagent image request: <ISTypeIcon: 0x11c055d10>,Type: com.apple.appprotection.badge.faceid - <ISImageDescriptor: 0x111cfdfe0> - (32.00, 32.00)@3x v:0 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: E988236A-DCCF-30CB-83D0-D901CB1A5499 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} Error returned from iconservicesagent image request: <ISBundleIdentifierIcon: 0x11c037840> BundleID: (null) digest: 7749FEEE-F663-39B4-AD68-A18CFF762CCC - <ISImageDescriptor: 0x111cfd900> - (64.00, 64.00)@2x v:4 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: DF83A970-D4C9-3D90-BB7D-0BC21FC22E03 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} -[RTIInputSystemClient remoteTextInputSessionWithID:performInputOperation:] perform input operation requires a valid sessionID. inputModality = Keyboard, inputOperation = <null selector>, customInfoType = UIEmojiSearchOperations [C:6] Error received: Connection interrupted. VS terminated with error: Error Domain=_UIViewServiceInterfaceErrorDomain Code=3 "(null)" UserInfo={Message=Service Connection Interrupted} -[RTIInputSystemClient remoteTextInputSessionWithID:performInputOperation:] perform input operation requires a valid sessionID. inputModality = Keyboard, inputOperation = <null selector>, customInfoType = UIEmojiSearchOperations Error returned from iconservicesagent image request: <ISBundleIdentifierIcon: 0x117fb3440> BundleID: (null) digest: 7749FEEE-F663-39B4-AD68-A18CFF762CCC - <ISImageDescriptor: 0x117efe120> - (64.00, 64.00)@2x v:4 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: DF83A970-D4C9-3D90-BB7D-0BC21FC22E03 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} Error returned from iconservicesagent image request: <ISTypeIcon: 0x117decd50>,Type: com.apple.appprotection.badge.faceid - <ISImageDescriptor: 0x117efd400> - (32.00, 32.00)@3x v:0 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: E988236A-DCCF-30CB-83D0-D901CB1A5499 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} Error returned from iconservicesagent image request: <ISBundleIdentifierIcon: 0x117fb2200> BundleID: (null) digest: 7749FEEE-F663-39B4-AD68-A18CFF762CCC - <ISImageDescriptor: 0x117effa20> - (64.00, 64.00)@2x v:4 l:5 a:0:0:0:0 t:() b:0 s:2 ps:0 digest: DF83A970-D4C9-3D90-BB7D-0BC21FC22E03 error: Error Domain=NSOSStatusErrorDomain Code=-609 "Client is disallowed from making such an icon request" UserInfo={NSLocalizedDescription=Client is disallowed from making such an icon request} -[RTIInputSystemClient remoteTextInputSessionWithID:performInputOperation:] perform input operation requires a valid sessionID. inputModality = Keyboard, inputOperation = <null selector>, customInfoType = UIEmojiSearchOperations [C:6] Error received: Connection interrupted. VS terminated with error: Error Domain=_UIViewServiceInterfaceErrorDomain Code=3 "(null)" UserInfo={Message=Service Connection Interrupted} -[RTIInputSystemClient remoteTextInputSessionWithID:performInputOperation:] perform input operation requires a valid sessionID. inputModality = Keyboard, inputOperation = <null selector>, customInfoType = UIEmojiSearchOperations

I'm trying to understand the IAP development process. I created my first Product on App Store Connect and am trying to build my app to use it. However it keeps failing with "Invalid product ID.". From what I've read, this is because the product has not yet gone through review. But what I don't understand is, of course it hasn't gone through review yet, because trying to use it in any capacity fails, even though I'm using a real physical device and using a Sandbox User. Is this the correct workflow? It seems very backwards that I have to submit the product for review, even before I know how it's going to be used. I'm still building the screen for the product page, and haven't even started touching any backend APIs, yet it's asking for screenshots. Am I misunderstanding something here?

Feedback Ticket: FB13812251 Problem Statement: We are currently facing internet connectivity issue with our VPN application where we try to disconnect the VPN from the Packet Tunnel Network Extension using - (void)cancelTunnelWithError:(nullable NSError *)error. Which API to use to disconnect the VPN from Packet Tunnel as VPN app is not running such that device retains its internet connectivity as soon as VPN disconnects. Configuration: We have configured PacketTunnelProvider with the following settings: (NETunnelProviderManager *)tunnelProvider.protocolConfiguration.includeAllNetworks = YES; (NETunnelProviderManager *)tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; (NETunnelProviderManager *)tunnelProvider.protocolConfiguration.enforceRoutes = NO; These settings are applied from the VPN app and allow us to successfully establish a VPN connection, with all traffic being routed through the tunnel as expected.We are setting above properties to address local net attack. Issue we are facing: However, we encounter a problem when we attempt to disconnect the VPN from. When we call the following method from PacketTunnel network extension: (void)cancelTunnelWithError:(nullable NSError *)error Upon calling this method, the VPN disconnects as expected, but the device loses all internet connectivity and is unable to access any resources. This is not the desired behavior. Observation : Interestingly, when we call the following method from the app side. The VPN disconnects and the device retains its internet connectivity. [enabledConfig.connection stopVPNTunnel]; We would like to achieve the same behavior when disconnecting the VPN from the Network Extension. So we are looking for an API that could be called from NE without causing any internet connectivity issue. Any guidance on how to resolve this issue would be greatly appreciated.

I have an iOS app that connects to a server running on macOS by leveraging NWListener & NWBrowser. It also makes use of the peerToPeer functionality / AWDL offered via the Network framework. This works great in the iOS app. Now I would like to add support for Shortcuts / App Intents in general. The NWConnection on its own is also working great in the App Intent, but only if I provide the host/port manually, which means I can't use the peer to peer functionality. If I try to run my NWBrowser in the AppIntent it immediately changes its state to failed with a NoAuth (-65555) error: nw_browser_cancel [B1517] The browser has already been cancelled, ignoring nw_browser_cancel(). nw_browser_fail_on_dns_error_locked [B1518] DNSServiceBrowse failed: NoAuth(-65555) NWClientManager: Browser failed: -65555: NoAuth I haven't found documentation/information on whether NWBrowser should work in an AppIntent extension or not.

Hello! I'm writing a System Extension that is an Endpoint Security client. And I want to Deny/Allow executing some XPC Service processes (using the ES_EVENT_TYPE_AUTH_EXEC event) depending on characteristics of a process that starts the XPC Service. For this purpose, I need an API that could allow me to obtain an execution context of the XPC Service process. I can obtain this information using the "sudo launchctl procinfo <pid>" command (e.g. I can use the "domain = pid/3428" part of the output for this purpose). Also, I know that when the xpcproxy process is started, it gets as the arguments a service name and a pid of the process that requests the service so I can grasp the execution context from xpcproxy launching. But are these ways to obtain this info legitimate?

I'm running a Node.js server on my MacBook with Apple M4 Pro chip, macOS Sequoia 15.4, and Node.js v23.10.0. The server starts normally on port 5000 and logs show that it's listening correctly. However, when I try to access it via browser or Postman (http://localhost:5000/api/...), I get a 403 Forbidden error. After checking with lsof -i :5000, I noticed that the ControlCenter process is listening on port 5000 under the name commplex-main. Interestingly, this doesn't happen on M3 Pro machines. On those devices, Node.js runs fine on port 5000 and can be accessed from Postman and browsers. Is port 5000 now internally reserved by macOS or used by some system-level service in Sequoia or Apple Silicon (M4 Pro)? Should I avoid using this port going forward? Any official clarification would be appreciated.

Hi All, We are trying to integrate Promotional Offer in our app, We have a React Native app and are using react-native-iap for handling our in app purchases, as per the documentation we are generating signature in our BE and passing the proper details to the function as well, but for subscription request which have offer applied we are getting the apple pop up properly as well with offer details but when trying to subscribe it gives us SKErrroDomain: 12, for subscription without applying offer the subscription goes through but when we apply the offer we get the above error. Our app is currently in Development Stages and has not been sent for review sam for our subscription plans as well. Please let me know what could be the probable cause for this and help us resolve the issue. This is the code snippet of ours for the front end : export const buySubscription = async (subscriptionData: any) => { try { if (subscriptionData.offer_id) { const response = await getSubscriptionSignature( subscriptionData.productId, subscriptionData.offer_id, ); const offerData = response?.data; const offer = { identifier: offerData?.offer_id, keyIdentifier: offerData?.key_id, nonce: offerData?.nonce, signature: offerData?.signature, timestamp: Number(offerData?.timestamp), }; await requestSubscription({ sku: subscriptionData.productId, withOffer: offer, }); } else { await requestSubscription({ sku: subscriptionData.productId }); } } catch (err) { logger.error('Subscription error: ' + JSON.stringify(err)); throw err; } }; and 
from my python Backend which generates the signature:

def generate_signature(self, product_id: str, offer_id: str) -> dict: """ Generate signature for Apple StoreKit promotional offers. Args: product_id: The product identifier from App Store Connect offer_id: The promotional offer identifier Returns: dict: Contains signature and required metadata Reference: https://developer.apple.com/documentation/storekit/in-app_purchase/original_api_for_in-app_purchase/subscriptions_and_offers/implementing_promotional_offers_in_your_app """ try: # Generate UUID without dashes and use as nonce nonce = str(uuid.uuid4()) timestamp = get_current_time_ms() # milliseconds # Create the payload string in exact order required by Apple payload_components = [ self.bundle_id, # App Bundle ID self.key_id, # Key ID from App Store Connect product_id, # Product identifier offer_id, # Promotional offer identifier nonce, # UUID without dashes str(timestamp) # Current timestamp in milliseconds ] payload_str = "\u2063".join(payload_components) # Use Unicode separator logger.debug(f"Signing payload: {payload_str}") # Create SHA256 hash of the payload digest = hashes.Hash(hashes.SHA256()) digest.update(payload_str.encode('utf-8')) payload_hash = digest.finalize() # Sign the hash using ES256 (ECDSA with SHA-256) signature = self.private_key.sign( data=payload_hash, signature_algorithm=ec.ECDSA(hashes.SHA256()) ) # Encode signature in base64 signature_b64 = base64.b64encode(signature).decode('utf-8') logger.info(f"Generated signature for product {product_id} and offer {offer_id}") return { "key_id": self.key_id, # Changed to match Apple's naming "nonce": nonce, # UUID without dashes "timestamp": timestamp, # As integer "signature": signature_b64, # Base64 encoded signature "product_id": product_id, # Changed to match Apple's naming "offer_id": offer_id # Changed to match Apple's naming } except Exception as e: logger.error(f"Failed to generate signature: {str(e)}") raise HTTPException( status_code=500, detail=f"Failed to generate signature: {str(e)}" )

My CoreSpotlight extension seems to exceed the 6 MB memory limit. What’s the best way to debug this? I've tried to attach the debugger on the Simulator but the extension seems to be never launched when I trigger the reindex from Developer settings. Is this supposed to work? On device, I am able to attach the debugger. However, I can neither transfer the debug session to Instruments, nor display the memory graph. So I've no idea how the memory is used. Any recommendations how to move forward? Is there a way to temporarily disable the memory limit since even with LLDB attached, the extension is killed.

Hi I am developing the packet tunnel extension on a SIP enabled device. If I build the app and notarize and install it on the device, it works fine. If I modify, build and execute the App (which contains the system extension), it fails with below error. 102.3.1.4 is production build. And 201.202.0.101 is for XCode build. SystemExtension "&lt;&lt;complete name&gt;&gt;.pkttunnel" request for replacement from 102.3.1.4 to 201.202.0.101 Packet Tunnel SystemExtension "&lt;&lt;complete name&gt;&gt;.pkttunnel" activation request did fail: Error Domain=OSSystemExtensionErrorDomain Code=8 "(null)" If SIP is disabled, it works fine. Is there a way the system extension can be developed even if SIP remains enabled?

We are attempting to update our app to use the PTT framework, as it has been made clear that this will be required in a future iOS version as opposed to using the Unrestricted VoIP entitlement we are using for several features of our app. However, the behavior of this framework poses some problems with implementing our app's functionality: It is not possible to programmatically join a channel when the app is not in the foreground. This hinders our ability to implement the Automatically activate radio stream feature of our app, which allows users who have opted into this feature to immediately begin hearing live PTT audio from their agency following an incident alert. Having the app constantly "joined to a channel" and using the restoration delegate could potentially work, however this is not ideal as this would result in the PTT UI needing to be displayed at all times, even when no radio stream is activated. We have a "Text to Speech" option that, when enabled, reads out the content of an incident alert after the alert sound has played. This currently happens by triggering an AVSpeechSynthesizer in the PushKit incoming push callback. It may be possible to render TTS audio on the fly in a Notification Service Extension and assign it as the notification's sound, if that is possible this is less of a problem. We also use the PushKit callback to, again if the user has enabled it, activate a "Shake to Respond" feature, allowing a short period of time after receiving an incident alert in which the user can shake their device to indicate that they are responding to the incident. There does not appear to be any way to have the level of background execution required to implement this using an NSE, and this is of course beyond the scope of the PTT framework. What options do we have to be able to continue to provide this functionality, without risk of it being disabled in a future iOS version?

I have tried to make colored annotations in mapView (shown in the commented sections) but they always appear in black. Any help would be appreciated. func mapView(_ mapView: MKMapView, viewFor annotation: MKAnnotation) -> MKAnnotationView? { let annotationView = MKAnnotationView(annotation: annotation, reuseIdentifier: "TempAnnotationView") annotationView.canShowCallout = true annotationView.rightCalloutAccessoryView = UIButton(type: .detailDisclosure) let configuration = UIImage.SymbolConfiguration(pointSize: 10, weight: .thin, scale: .default) if annotation.title == "Start" { // let config = UIImage.SymbolConfiguration.preferringMulticolor() // let image = UIImage(systemName: "flag.fill", withConfiguration: config) // // palette // let config2 = UIImage.SymbolConfiguration(paletteColors: [.systemRed, .systemGreen, .systemBlue]) // let image2 = UIImage(systemName: "person.3.sequence.fill", withConfiguration: config2) // // hierarchical symbols // let config3 = UIImage.SymbolConfiguration(hierarchicalColor: .systemIndigo) // let image3 = UIImage(systemName: "square.stack.3d.down.right.fill", withConfiguration: config3) // // color // let image4 = UIImage(systemName: "cone.fill")?.withTintColor(.systemRed, renderingMode: .alwaysTemplate) // annotationView.image = image4 annotationView.image = UIImage(systemName: "poweron", withConfiguration: configuration) } return annotationView }

I am working with a watchOS app in SwiftUI, and I am using the following code to dial a phone number from the watch: var number = "123456789" if let telURL = URL(string: "tel:\(number)") { let wkExtension = WKExtension.shared() wkExtension.openSystemURL(telURL) } The issue is that when I try to dial a number starting with a * (asterisk) or # (hash), it doesn't work. When dialing a regular number, it works fine. Is there any way to get this to work?

Hello, Having bad times with Development Postback copies receival on our custom server. Current setup: App is configured to be advertised (https://developer.apple.com/documentation/adattributionkit/configuring-an-advertised-app) AdAttributionKit - Opt in for Reengagement Postback Copies ✅ AdAttributionKit - Postback Copy URL ✅ AdAttributionKit - Ad Network Identifiers ✅ Configured backend https://{name}.com/.well-known/appattribution/report-attribution/ (POST) ✅ Devices with iOS 18.4 (with Postaback Development tool and AdAttribution developer mode Enabled) Tried different Postback setup combinations, with different app builds (debug, release installed from xcode/testflight) and with AdAttribution developer mode Enabled/Disabled - doesn't make any difference. Console log: Found 0 postbacks eligible for transmission for environments: Any advise is very much appreciated

I have my both app and fskit sandboxed &lt;key&gt;com.apple.security.app-sandbox&lt;/key&gt; &lt;true/&gt; Which means that I can read files only in app container. First, is sandboxing required for fskit modules? Second, there are docs which implies that it's possible to explicitly allow fskit module to access external files, by passing their paths to mount params. https://developer.apple.com/documentation/fskit/fstaskoptions/url(foroption:) and also options: Options to apply to the activation. These can include security-scoped file paths. There are no defined options currently. I've tried this, but haven't success. My Info.plist is &lt;key&gt;FSActivateOptionSyntax&lt;/key&gt; &lt;dict&gt; &lt;key&gt;shortOptions&lt;/key&gt; &lt;string&gt;g:m:&lt;/string&gt; &lt;key&gt;pathOptions&lt;/key&gt; &lt;dict&gt; &lt;key&gt;m&lt;/key&gt; &lt;string&gt;file&lt;/string&gt; &lt;key&gt;g&lt;/key&gt; &lt;string&gt;directory&lt;/string&gt; &lt;/dict&gt; &lt;/dict&gt; I'm mounting with mount -F -t MyFS -o -m=./build.sh,-g=./ /dev/disk5 /tmp/TestVol Getting them via options.url(forOption: "m"), options.url(forOption: "g") Both nulls. I also see that options are presented in options.taskOptions But they are not expanded to absolute pathes or urls, which makes me think that pathOptions declaration is incorrect. Docs says This dictionary uses the command option name as a key, and each entry has a value indicating what kind of entry to create. What entry kind means in this context? Can you send example of correct pathOptions?

I'm working on a Network Extension using NEDNSProxyProvider to inspect DNS traffic. However, I've run into a couple of issues: DNS Proxy is not capturing traffic when a public DNS (like 8.8.8.8 or 1.1.1.1) is manually configured in the WiFi settings. It seems like the system bypasses the proxy in this case. Is this expected behavior? Is there a way to force DNS traffic through the proxy even if a public DNS is set? Using DNS Proxy and DNS Settings simultaneously doesn't work. Is there a known limitation or a correct way to combine these? How to set DNS or DNSSettings using DNSProxy? import NetworkExtension import SystemExtensions import SwiftUI protocol DNSProxyManagerDelegate { func managerStateDidChange(_ manager: DNSProxyManager) } class DNSProxyManager: NSObject { private let manager = NEDNSProxyManager.shared() var delegate: DNSProxyManagerDelegate? private(set) var isEnabled: Bool = false { didSet { delegate?.managerStateDidChange(self) } } var completion: (() -> Void)? override init() { super.init() self.load() } func toggle() { isEnabled ? disable() : start() } private func start() { let request = OSSystemExtensionRequest .activationRequest(forExtensionWithIdentifier: Constants.extensionBundleID, queue: DispatchQueue.main) request.delegate = self OSSystemExtensionManager.shared.submitRequest(request) log.info("Submitted extension activation request") } private func enable() { update { self.manager.localizedDescription = "DNS Proxy" let proto = NEDNSProxyProviderProtocol() proto.providerBundleIdentifier = Constants.extensionBundleID self.manager.providerProtocol = proto self.manager.isEnabled = true } } private func disable() { update { self.manager.isEnabled = false } } private func remove() { update { self.manager.removeFromPreferences { _ in self.isEnabled = self.manager.isEnabled } } } private func update(_ body: @escaping () -> Void) { self.manager.loadFromPreferences { (error) in if let error = error { log.error("Failed to load DNS manager: \(error)") return } self.manager.saveToPreferences { (error) in if let error = error { return } log.info("Saved DNS manager") self.isEnabled = self.manager.isEnabled } } } private func load() { manager.loadFromPreferences { error in guard error == nil else { return } self.isEnabled = self.manager.isEnabled } } } extension DNSProxyManager: OSSystemExtensionRequestDelegate { func requestNeedsUserApproval(_ request: OSSystemExtensionRequest) { log.info("Extension activation request needs user approval") } func request(_ request: OSSystemExtensionRequest, didFailWithError error: Error) { log.error("Extension activation request failed: \(error)") } func request(_ request: OSSystemExtensionRequest, foundProperties properties: [OSSystemExtensionProperties]) { log.info("Extension activation request found properties: \(properties)") } func request(_ request: OSSystemExtensionRequest, didFinishWithResult result: OSSystemExtensionRequest.Result) { guard result == .completed else { log.error("Unexpected result \(result.description) for system extension request") return } log.info("Extension activation request did finish with result: \(result.description)") enable() } func request(_ request: OSSystemExtensionRequest, actionForReplacingExtension existing: OSSystemExtensionProperties, withExtension ext: OSSystemExtensionProperties) -> OSSystemExtensionRequest.ReplacementAction { log.info("Existing extension willt be replaced: \(existing.bundleIdentifier) -> \(ext.bundleIdentifier)") return .replace } } import NetworkExtension class DNSProxyProvider: NEDNSProxyProvider { var handlers: [String: FlowHandler] = [:] var isReady = false let queue = DispatchQueue(label: "DNSProxyProvider") override func startProxy(options:[String: Any]? = nil, completionHandler: @escaping (Error?) -> Void) { completionHandler(nil) } override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { completionHandler() } override func handleNewUDPFlow(_ flow: NEAppProxyUDPFlow, initialRemoteEndpoint remoteEndpoint: NWEndpoint) -> Bool { let id = shortUUID() handlers[id] = FlowHandler(flow: flow, remoteEndpoint: remoteEndpoint, id: id, delegate: self) return true } override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool { return false } } class FlowHandler { let id: String let flow: NEAppProxyUDPFlow let remoteEndpoint: NWHostEndpoint let delegate: FlowHandlerDelegate private var connections: [String: RemoteConnection] = [:] private var pendingPacketsByDomain: [String: [(packet: Data, endpoint: NWEndpoint, uniqueID: String, timestamp: Date)]] = [:] private let packetQueue = DispatchQueue(label: "com.flowhandler.packetQueue") init(flow: NEAppProxyUDPFlow, remoteEndpoint: NWEndpoint, id: String, delegate: FlowHandlerDelegate) { log.info("Flow received for \(id) flow: \(String(describing: flow))") self.flow = flow self.remoteEndpoint = remoteEndpoint as! NWHostEndpoint self.id = id self.delegate = delegate defer { start() } } deinit { closeAll(nil) } func start() { flow.open(withLocalEndpoint: flow.localEndpoint as? NWHostEndpoint) { error in if let error = error { self.delegate.flowClosed(self) return } self.readFromFlow() } } func readFromFlow() { self.flow.readDatagrams { packets, endpoint, error in if let error = error { self.closeAll(error) return } guard let packets = packets, let endpoints = endpoint, !packets.isEmpty, !endpoints.isEmpty else { self.closeAll(nil) return } self.processFlowPackets(packets, endpoints) self.readFromFlow() } } } Any insights or suggestions would be greatly appreciated. Thanks!

Hi everyone, I'm working on an app for parents and kids where parents can define screen time goals or restrict usage of certain app categories (like social media or games). If the kid follows those rules—for example, by using their device less or avoiding restricted categories—they would earn points or rewards in the app. I’ve been exploring if the Apple Screen Time API allows developers to access this kind of data (like total screen time, app usage by category, etc.) so that I can track the kid’s behavior and reward them accordingly. Is it possible to programmatically access this data and implement such a reward system within my app? If so, what’s the best way to get started or which APIs should I look into? Thanks in advance for your help!