Summary I'm implementing NEURLFilter with the com.apple.developer.networking.networkextension.url-filter-provider entitlement for a system-wide URL filtering feature. The feature works perfectly in development-signed builds (connecting successfully to my PIR server over extended testing) but every production-signed build fails before any network call is made. NEURLFilterManager reports .serverSetupIncomplete (code 9). After installing the NetworkExtension debug profile, the unredacted com.apple.CipherML logs reveal the cause: no privacy proxy is provisioned for this bundle identifier, and the connection is configured proxy fail closed. Environment iOS 26 Entitlement: com.apple.developer.networking.networkextension.url-filter-provider Extension point: com.apple.networkextension.url-filter-control PIR server configured via NEURLFilterManager.setConfiguration(...) Privacy Pass issuer configured Dev-signed builds: working correctly, connecting to the PIR server Production-signed builds (both TestFlight and distribution): failing identically The Error Chain Surfaced to the app via NEURLFilterManager.lastDisconnectError: NEURLFilterManager.Error.serverSetupIncomplete (code 9) ← NEAgentURLFilterErrorDomain Code 3 ← com.apple.CipherML Code 1100 "Unable to query status" ← com.apple.CipherML Code 1800 (error details were logged and redacted) After installing the VPN (NetworkExtension) debug profile, the unredacted com.apple.CipherML subsystem shows: queryStatus(for:options:) threw an error: Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." UserInfo={ _NSURLErrorNWPathKey = satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, uses wifi, LQM: good, NSErrorFailingURLKey = https://<my-pir-server>/config, NSUnderlyingError = { Error Domain=NSPOSIXErrorDomain Code=50 "Network is down" }, _NSURLErrorPrivacyProxyFailureKey = true, NSLocalizedDescription = "The Internet connection appears to be offline." } The critical diagnostic line in the com.apple.network subsystem is: nw_endpoint_proxy_handler_should_use_proxy Proxies not present, but required to fail closed And the connection setup shows the proxy fail closed flag is mandatory for the connection: [C... ... Hostname#...:443 quic, bundle id: <my-bundle-id>, attribution: developer, using ephemeral configuration, context: NWURLSession (sensitive), proxy fail closed] start The network path itself is healthy (Wi-Fi good, DNS resolves correctly), but the connection is explicitly configured to fail closed if no proxy is present, and no proxy is provisioned for this bundle identifier. The entire failure happens in approximately 18 ms, far too fast for any network round-trip, confirming no traffic ever leaves the device. What I've Verified The entitlement is present in the distribution build The NEURLFilterControlProvider extension loads and returns a valid Bloom filter prefilter (with a tag that round-trips correctly between extension and framework) NEURLFilterManager.setConfiguration(pirServerURL:pirPrivacyPassIssuerURL:pirAuthenticationToken:controlProviderBundleIdentifier:) accepts all four parameters without error Development-signed builds of the same bundle identifier connect successfully to the same PIR server On production-signed builds, zero requests reach the PIR server — failure is purely client-side, before any network activity The Question How does the OHTTP privacy proxy get provisioned for a bundle identifier so that production builds can successfully use NEURLFilter? Specifically: Is there a Capability Request form I need to submit for url-filter-provider? I cannot find one in the Capability Requests section of my developer portal. Should I be running my own OHTTP gateway (for example using swift-nio-oblivious-http), and if so, does Apple then need to provision routing from their OHTTP relay to my gateway URL? Is the OHTTP relay path meant to be automatic once the entitlement is active, and if so, is there a specific activation step I'm missing? Is there any way to verify the current provisioning state for a specific bundle identifier from the developer portal? I can provide the full sysdiagnose and unredacted bundle/server details privately to an Apple engineer if that would help diagnose. I'd prefer to keep them out of a public post. Thanks!

We're developing a Mac App Store application that embeds the V8 JavaScript engine (via Electron). The application has shipped successfully on macOS 15.x with the following entitlements: com.apple.security.app-sandbox = true com.apple.security.cs.allow-jit = true com.apple.security.cs.allow-unsigned-executable-memory = true com.apple.security.cs.disable-library-validation = true On macOS 26 Tahoe, the exact same signed binary crashes deterministically within ~1.5 seconds on Apple Silicon with EXC_BREAKPOINT (SIGTRAP), ESR 0xf2000000. The crash is in V8's background JIT compilation thread when it attempts to manage memory page protections (transitioning pages between Read-Write and Read-Execute states via mprotect). The crash does not occur in these configurations: macOS 26 + App Sandbox + Intel x86_64 — works macOS 26 + Hardened Runtime (no sandbox) + ARM64 — works macOS 15.x + App Sandbox + ARM64 — works This appears to be a regression in how the XNU kernel handles mprotect calls for sandboxed processes on ARM64 under macOS 26, specifically in the context of the allow-jit entitlement. Has the behavior of allow-jit changed in macOS 26 with respect to runtime code generation memory management on ARM64? Is there a new API or entitlement that V8-style JIT engines should use instead of mprotect-based RW↔RX page transitions?

Hi everyone! I’m building Delta — an app designed to rethink time, because time is literally our most valuable currency. So the core mechanic involves earning time in useful apps and then spending it on apps that are a distraction. I already have a prototype that’s being actively tested in a closed beta, but I’ve started noticing that more and more testers are reporting the same bug. “Time is being counted even when I'm not in the app I marked as useful.” I suspect that Screen Time is also tracking background time, although this behavior isn't correct for my app. Does anyone know how to track specifically those moments when an app marked as useful and used for “time-earning” is in the foreground? Additionally, I hit a wall with Screen Time and had to accept that I can’t force a user away from another app if they’re active there, nor redirect them to my app to trigger the lock screen. Because of this, I had to resort to a penalty system, which is equal to the time the user spent additionally after their time ran out. And here, I run into the same problem I described at the beginning of the post. I can’t track the background status of another app, even though I’m trying really hard... Can anyone suggest any ways I can get out of this situation, or should I keep looking for a solution, or shift toward explaining this to the user?.. (However, I’m holding out until the very end before giving up on finding a solution)

noticed something here, dont underasand why. but here in Retrieve the registrations for a device in Apple Developer Documentation in Retrieve the registrations for a device. There is no Authorization in the header to include, however, other endpoints support that? Is this header will be sent from Walle? meaning that it has been missed in the documentation ? https://developer.apple.com/documentation/walletorders/retrieve-the-registrations-for-a-device

Hello team, We are using below example https://github.com/apple/pir-service-example as a starting point to setup PIR server for our backend, but I am not really understanding what else we need in this example to configure OHTTP gateway. Any help will be appreciated.

How do I make a basic request with URLSession? See https://stackoverflow.com/questions/30573898 for reference. Also https://developer.apple.com/documentation/ has details.

URLSession question

I’m experiencing a confusing issue with App Store Server Notifications (Version 2) in the Sandbox environment. I've configured my Sandbox URL, but I'm not receiving any notifications despite successful API responses. App Details: App ID: 6753059790 Bundle ID: com.xmojong.widgetTest Sandbox URL: https://webhook.site/97938287-07e8-4482-a053-b6ccfca76634 The Problem: I am calling the requestTestNotification endpoint via the App Store Server API. The API call is successful and consistently returns a 200 OK status code. However, no notification (Type: TEST) is ever delivered to my Webhook.site endpoint. What I've verified: Endpoint Accessibility: I tested the Webhook URL by sending a manual POST request directly from my iOS app; it was received instantly. Configuration: The URL is correctly entered in the Sandbox Server URL field (not Production) in App Store Connect. Notification Version: It is set to Version 2. Propagation Time: It has been over 3 hours since I updated the URL and saved the changes in App Store Connect. JWT Token: The JWT for the API call is valid (verified by the 200 response from Apple). My Question: If the requestTestNotification API returns a 200, doesn't that mean the App Store server has successfully queued the notification for my specific URL? Is there a known delay for Sandbox notification delivery or URL propagation recently? Or are there any hidden requirements for the Sandbox environment that I might have missed? Any help or insights would be greatly appreciated! Thanks in advance!

After a user successfully completes a purchase and later requests a refund, how long does it typically take for the refund to be processed and take effect? How does Apple notify developers when a refund has been issued for an in-app purchase? Are there specific mechanisms or recommended approaches to reliably receive such notifications? In cases where users may abuse the refund system (e.g., frequent or malicious refund requests), is there any way for developers to prevent or intervene in the refund process?

iPhone16PM Clean DFU, no restore, no tweaks. Started on iOS 26.4.3 and still happening on iOS 26.4. Triggers: ∙ Editing Home Screen widgets ∙ Heavy media in Safari ∙ ProMotion UI transitions Panic log — 0x8badf00d watchdog timeout: userspace watchdog timeout: no successful checkins from SpringBoard in 180 seconds. service: backboardd Drivers: com.apple.driver.AppleAVD + com.apple.iokit.IOSurface Is there a solution for this? Thank you.

HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct. I double checked every thing but still getting same error

Hello, We have a security solution which intercepts network traffic for inspection using a combination of Transparent Proxy Provider and Content filter. Lately we are seeing reports from the market that on M5 Macbooks and A18 Neos the system will kernel panic using our solution, even though it never happens on M1-M4 and no significant code changes were made in the mean time. All crashes seem to be related to an internal double free in the kernel: panic(cpu 0 caller 0xfffffe003bb68224): skmem_slab_free_locked: attempt to free invalid or already-freed obj 0xf2fffe29e15f2400 on skm 0xf6fffe2518aaa200 @skmem_slab.c:646 Debugger message: panic Memory ID: 0xff OS release type: User OS version: 25D2128 Kernel version: Darwin Kernel Version 25.3.0: Wed Jan 28 20:54:38 PST 2026; root:xnu-12377.91.3~2/RELEASE_ARM64_T6050 Additionally, from further log inspection, before panics we find some weird kernel messages which seem to be related to some DMA operations gone wrong in the network driver on some machines: 2026-03-30 14:11:21.779124+0300 0x30f2 Default 0x0 873 0 Arc: (Network) [com.apple.network:connection] [C9.1.1.1 IPv4#e5b4bb04:443 in_progress socket-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, ipv6, dns, uses wifi, flow divert agg: 1, LQM: good)] event: flow:start_connect @0.075s 2026-03-30 14:11:21.780015+0300 0x1894 Default 0x0 0 0 kernel: (402262746): No more valid control units, disabling flow divert 2026-03-30 14:11:21.780017+0300 0x1894 Default 0x0 0 0 kernel: (402262746): Skipped all flow divert services, disabling flow divert 2026-03-30 14:11:21.780102+0300 0x1894 Default 0x0 0 0 kernel: SK[2]: flow_entry_alloc fe "0 proc kernel_task(0)Arc nx_port 1 flow_uuid D46E230E-B826-4E0A-8C59-4C4C8BF6AA60 flags 0x14120<CONNECTED,QOS_MARKING,EXT_PORT,EXT_FLOWID> ipver=4,src=<IPv4-redacted>.49703,dst=<IPv4-redacted>.443,proto=0x06 mask=0x0000003f,hash=0x04e0a750 tp_proto=0x06" 2026-03-30 14:11:21.780194+0300 0x1894 Default 0x0 0 0 kernel: tcp connect outgoing: [<IPv4-redacted>:49703<-><IPv4-redacted>:443] interface: en0 (skipped: 0) so_gencnt: 14634 t_state: SYN_SENT process: Arc:873 SYN in/out: 0/1 bytes in/out: 0/0 pkts in/out: 0/0 rtt: 0.0 ms rttvar: 250.0 ms base_rtt: 0 ms error: 0 so_error: 0 svc/tc: 0 flow: 0x9878386f 2026-03-30 14:11:21.934431+0300 0xed Default 0x0 0 0 kernel: Hit error condition (not panicking as we're in error handler): t8110dart <private> (dart-apcie0): invalid SID 2 TTBR access: level 1 table_index 0 page_offset 0x2 2026-03-30 14:11:21.934432+0300 0xed Default 0x0 0 0 kernel: [ 73.511690]: arm_cpu_init(): cpu 6 online 2026-03-30 14:11:21.934441+0300 0xed Default 0x0 0 0 kernel: [ 73.511696]: arm_cpu_init(): cpu 9 online 2026-03-30 14:11:21.934441+0300 0xed Default 0x0 0 0 kernel: [ 73.569033]: arm_cpu_init(): cpu 6 online 2026-03-30 14:11:21.934441+0300 0xed Default 0x0 0 0 kernel: [ 73.569038]: arm_cpu_init(): cpu 9 online 2026-03-30 14:11:21.934442+0300 0xed Default 0x0 0 0 kernel: [ 73.577453]: arm_cpu_init(): cpu 7 online 2026-03-30 14:11:21.934442+0300 0xed Default 0x0 0 0 kernel: [ 73.586328]: arm_cpu_init(): cpu 5 online 2026-03-30 14:11:21.934442+0300 0xed Default 0x0 0 0 kernel: [ 73.586332]: arm_cpu_init(): cpu 8 online 2026-03-30 14:11:21.934442+0300 0xed Default 0x0 0 0 kernel: [ 73.621392]: (dart-apcie0) AppleT8110DART::_fatalException: dart-apcie0 (<ptr>): DART DART SID exception ERROR_SID_SUMMARY 0x00003000 ERROR_ADDRESS 0x0000000000009800 2026-03-30 14:11:21.934443+0300 0xed Default 0x0 0 0 kernel: [ 73.621397]: Hit error condition (not panicking as we're in error handler): 2026-03-30 14:11:21.934443+0300 0xed Default 0x0 0 0 kernel: t8110dart <ptr> (dart-apcie0): invalid SID 2 TTBR access: level 1 table_index 0 page_offset 0x2Expect a `deadbeef` in the error messages below 2026-03-30 14:11:21.934452+0300 0xed Default 0x0 0 0 kernel: Expect a `deadbeef` in the error messages below 2026-03-30 14:11:21.934456+0300 0xed Default 0x0 0 0 kernel: (AppleEmbeddedPCIE) apcie[0:centauri-control]::_dartErrorHandler() InvalidPTE caused by read from address 0x9800 by SID 2 (RID 2:0:1/useCount 1/device <private>) 2026-03-30 14:11:21.934469+0300 0xed Default 0x0 0 0 kernel: (AppleT8110DART) Ignored dart-apcie0 (0xfbfffe18820b0000): DART(DART) error: SID 2 PTE invalid exception on read of DVA 0x9800 (SEG 0 PTE 0x2) ERROR_SID_SUMMARY 0x00003000 TIME 0x11242d43fd TTE 0xffffffffffffffff AXI_ID 0 We do not have any correlation between machines, usage pattern or installed applications. Uninstalling the network protection features seem to largely fix the issues, even though we have heard of crashes happening even in safe mode or with our network extension disabled from system settings. We weren't able to reproduce internally and it seems to happen completely random on client machines, but often enough to be disrupting. Can you tell us please if this is a known problem and if there's a workaround or what can we do to narrow it down? Thanks.

I cannot find anywhere in the documentation how to invalidate an FSItem. It seems to be cached indefinitely or am I missing something?

I've been stuck on Guideline 2.3 for two weeks now and I'm running out of ideas. My app is iPhone-only (UIDeviceFamily = [1]) and has been on the App Store since January. Version 2.1.9 passed review fine. The only change in 2.1.10 is adding two DeviceActivity extensions — a DeviceActivityMonitor and a DeviceActivityReport — for screen time-based stress detection. Every build since then gets rejected with the same message: "The UIRequiredDeviceCapabilities key in the Info.plist is set up in such a way that the app will not install on the device used in review." Review devices: iPhone 14 Pro, iPhone 17 Pro Max, iPad Air M3. Here's what I've tried across 13+ submissions: UIRequiredDeviceCapabilities as ["arm64"] (array) — rejected Empty array [] — rejected Removed the key entirely — upload validation fails, Xcode re-injects arm64 anyway Post-build script to force ["arm64"] — rejected Dictionary format {"arm64": true} — rejected Added com.apple.developer.family-controls to extension entitlements — rejected Enabled Family Controls (Distribution) on extension bundle IDs — rejected Fixed CFBundleVersion mismatch between host app and extensions — rejected Set TARGETED_DEVICE_FAMILY=1 on all targets including extensions — rejected Tried GENERATE_INFOPLIST_FILE=YES with minimal plists — rejected Tried ExtensionKit type for the report extension — rejected In the exported IPA, every target has UIRequiredDeviceCapabilities = ["arm64"] and UIDeviceFamily = [1]. The entitlements, provisioning profiles, and code signing all look correct. arm64 is supported on every review device they listed. The previous version (2.1.9) without DeviceActivity extensions passes review with the exact same UIRequiredDeviceCapabilities and signing configuration. Has anyone shipped an app with DeviceActivityMonitor + DeviceActivityReport extensions successfully? Is there something specific about these extension types that affects device capability validation? Or is there a known issue with the review system and FamilyControls extensions? I've replied to the review team multiple times asking which specific capability is causing the failure, but the response is always the same generic template. Any guidance would be really appreciated — I'm completely blocked on shipping this update.

Hello, I am currently developing a headless macOS daemon (HarmonBridge) that requires extremely low-latency, high-bandwidth UDP video streaming between a Mac and a Linux host over a dedicated 2.5GbE/5GbE local network link. We are utilizing widely available Realtek RTL8156 / RTL8156B based USB 2.5G network adapters. Under macOS, these adapters default to the generic com.apple.DriverKit.AppleUserECM driver. The hardware itself natively supports Jumbo Frames (MTU 9000), but the DriverKit implementation artificially restricts the MTU cap to 1500 bytes. Because we are forced through MTU 1500, we are incurring significant performance penalties: Excessive IP fragmentation for our large UDP video payloads. Unnecessary CPU overhead due to increased hardware interrupts and header processing at 2.5Gbps speeds. For a latency-critical application like ours, reducing CPU interrupts and utilizing true hardware-level Jumbo Frames is essential. My Questions: Is there an undocumented boot-arg or network sysctl parameter that permits overriding the AppleUserECM 1500 MTU hard-limit for 2.5G USB adapters on Apple Silicon? Are there any roadmap plans from the DriverKit/Networking team to re-enable standard Jumbo Frame negotiation for RTL8156 hardware using the generic ECM driver? If the answer to both is no, does Apple grant NetworkingDriverKit Entitlements to independent developers specifically for the purpose of writing custom hardware overrides to patch missing MTU features in the default ECM stack? Because AppleUserECM effectively acts as a gatekeeper to the underlying MAC/PHY capabilities of these modern USB NICs, any guidance on achieving wire-native MTU 9000 under the current DriverKit paradigm would be hugely appreciated. Thank you!

Hello, I released a new build for my app but it fails to run on iOS 12.5.8 (tested on iPad Air, iPhone 6, iPhone 5s). The launch storybard is shown, then the app stops abruptly. There is no crash log. It runs fine on iOS 13 or higher. Xcode 26.3 was showing a call stack (something with UIView) that did not include any app code. Now with Xcode 26.4 (and its new command line tools) there is an info popup with a debug metadata dump. However, I don’t intend to focus on Xcode here because it officially does not support iOS 12. It’s ok if I cannot debug, I just want the app to run on the device like the previous build did. Since there is no crash log, and the console is showing a bootstrap error, I believe my app code has not been executed and is therefore not at fault. Build 674 released on 23-Mar-2026: worked fine on iOS 12, built with Xcode 26.3 Build 675 released on 29-Mar-2026: Bootstrap error as described, with both Xcode 26.3 and 26.4 Deployment target = 12.4 Tried Instruments but it fails as soon as I hit record. In the console I found BKSProcessErrorDomain code 1. Here on the forum I found a post where the cause was no internet access but my device does have internet access. I made only very little code changes to my app between 674 and 675, no storyboard updates. I get the impression the loader does not even begin to execute my code. At this point I wonder if: some certificate has expired (see release dates above), or if something is incompatible in my main storyboard (though I did not change anything there), or the device ran out of memory (1 GB) Note: The app has 4 targets: main app target framework AU app extension intents app extension Thanks, Sven PS: Misclicked subtopic which should have been General (sorry). Here’s the redacted console excerpt: standard 22:21:13.187990+0200 SpringBoard Evaluate: making new window key: <SBMainSwitcherWindow: 0x159e5f640>, for reason: push standard 22:21:13.188303+0200 SpringBoard Removed: <FBUIApplicationSceneDeactivationAssertion: 0x283c9dfe0; reason: systemAnimation; all scene levels; hasPredicate: NO> standard 22:21:13.198299+0200 assertiond Submitting new job for "com.example.app" on behalf of <BKProcess: 0x141d15d50; SpringBoard; com.apple.springboard; pid: 48; agency: SystemShell; visibility: foreground; task: running> standard 22:21:13.198867+0200 SpringBoard Bootstrapping com.example.app with intent foreground-interactive standard 22:21:13.201136+0200 assertiond Submitted job with label: UIKitApplication:com.example.app[0x1d9f][58] standard 22:21:13.201244+0200 SpringBoard Icon touch canceled (tap gesture may still succeed): <private> fehler 22:21:13.201329+0200 SpringBoard [com.example.app] Bootstrap failed with error: <NSError: 0x283e4cd80; domain: BKSProcessErrorDomain; code: 1 (bootstrap-failed); reason: "Failed to start job"> fehler 22:21:13.201421+0200 SpringBoard Bootstrapping failed for <FBApplicationProcess: 0x15d13b3e0; com.example.app; pid: -1> with error: Error Domain=BKSProcessErrorDomain Code=1 "Unable to bootstrap process with bundleID com.example.app" UserInfo={NSLocalizedDescription=Unable to bootstrap process with bundleID com.example.app, BKSProcessExitReason=0, NSLocalizedFailureReason=Failed to start job, NSUnderlyingError=0x283e4c5d0 {Error Domain=NSPOSIXErrorDomain Code=3 "No such process" UserInfo={BKLaunchdOperation=launch_get_running_pid_4SB, NSLocalizedDescription=Unable to get pid for label UIKitApplication:com.example.app[0x1d9f][58], BKLaunchdJobLabel=UIKitApplication:com.example.app[0x1d9f][58], NSLocalizedFailureReason=No such process}}, BKSProcessJobLabel=UIKitApplication:com.example.app[0x1d9f][58], BSErrorCodeDescription=bootstrap-failed} standard 22:21:13.201507+0200 SpringBoard Adding: <FBApplicationProcess: 0x15d13b3e0; com.example.app; pid: -1> standard 22:21:13.201606+0200 SpringBoard <FBApplicationProcess: 0x15d13b3e0; com.example.app; pid: -1> exited. standard 22:21:13.202002+0200 assertiond Unable to get pid for 'UIKitApplication:com.example.app[0x1d9f][58]': No such process (3) fehler 22:21:13.202145+0200 assertiond Failed to start job with error <NSError: 0x141e1aba0; domain: NSPOSIXErrorDomain; code: 3; reason: "No such process"> { description = "Unable to get pid for label UIKitApplication:com.example.app[0x1d9f][58]"; failureReason = "No such process"; userInfo = { BKLaunchdJobLabel = UIKitApplication:com.example.app[0x1d9f][58]; BKLaunchdOperation = launch_get_running_pid_4SB; } } standard 22:21:13.202238+0200 assertiond Deleted job with label: UIKitApplication:com.example.app[0x1d9f][58] standard 22:21:13.202804+0200 SpringBoard Removing: <FBApplicationProcess: 0x15d13b3e0; com.example.app; pid: -1> standard 22:21:13.221231+0200 SpringBoard Application process state changed for com.example.app: <SBApplicationProcessState: 0x28336f0a0; pid: -1; taskState: Not Running; visibility: Unknown> standard 22:21:13.221566+0200 SpringBoard Process exited: <FBApplicationProcess: 0x15d13b3e0; com.example.app; pid: -1> -> <FBApplicationProcessExitContext: 0x283e37b10; exitReason: (none); terminationReason: (none)> { stateAtExit = <FBProcessState: 0x28337c760; pid: -1; taskState: Unknown; visibility: Unknown>; }

I am trying to find out about the availability of BLE scanning for advertisements when a watchOS app (on watchOS 26.4 with CoreBluetooth) which starts running a HKWorkoutSession becomes dimmed, ie. due to the user lowering their arm. From my understanding there is still availability for ongoing scanning whilst in the dimmed mode. If this is correct, what settings are required (e.g. using background capability for 'Workout Processing', 'bluetooth-central', etc), and does scanning whilst in background mode limit to requiring service uuids in scanForPeripherals? Also if scanning is throttled, is there an 'estimated' inter scan time? Thanks

Hi all, I’m trying to determine whether the loudness gap I’m seeing between AlarmKit alert playback and normal app-managed playback is expected behavior, a sound-asset issue, or something that should be reported as a bug. Observed behavior When an alarm fires through AlarmKit while the device is locked, the alarm sound is significantly quieter than playback of the same or very similar audio once the app is active and using its own audio session. The difference is large enough that it does not feel like a small mastering difference. It feels like the AlarmKit / system alerting path is using a meaningfully lower effective output level than normal app playback. Test scenario My repro is roughly: Schedule an alarm with AlarmKit. Lock the device. Let the alarm fire and listen during the system alerting phase. Enter the app / continue into the app-driven alarm experience. Play the same or equivalent alarm asset via app-managed playback. Result: AlarmKit / lock-screen alerting phase sounds much quieter. In-app playback sounds noticeably louder and fuller on the same device. Current implementation Alarm flow is currently split into two paths: 1) System alarm path Alarm scheduling and alert surfacing via AlarmKit Device may be locked No attempt to manipulate system volume No private APIs 2) In-app playback path After app activation, playback uses: AVAudioSession category .playback AVAudioPlayer Audio is routed as normal app playback This path sounds substantially louder than the AlarmKit path Important detail I am not asking how to override system volume. I understand that AlarmKit appears to follow the system ringer / alert volume model and does not expose a public API for custom alarm loudness. My question is narrower: Is it expected that the same asset or an equivalent asset will sound materially quieter during the AlarmKit alerting phase than during ordinary app playback with AVAudioSession(category: .playback)? Questions Is the lower perceived loudness during AlarmKit alerting an expected property of the framework / system alarm path? Does AlarmKit playback use a different output path, gain policy, processing chain, or speaker treatment than normal app playback with .playback? Are there recommended authoring constraints for AlarmKit alarm sounds to maximize perceived loudness on iPhone speakers? transient-heavy mix stronger mids reduced low-end different LUFS / peak strategy shorter attack, etc. Has anyone measured this directly with: the same WAV / CAF file same device same system volume locked AlarmKit playback vs unlocked in-app playback If this is not expected, would Apple want this reported as a bug with: sample project exact iOS version device model screen recording / audio recording What I’m trying to figure out For alarm-app UX, this matters a lot because: AlarmKit is the most reliable lock-screen/system path. But if AlarmKit playback is substantially quieter than normal app playback, the alarm experience is inconsistent depending on device/app state. That makes it hard to know whether to treat this as: expected system behavior, a framework limitation, an asset/mastering problem, or a bug. If anyone has tested this in a controlled way or received guidance from Apple/DTS, I’d appreciate any technical detail. Thanks.

I have the following code that is attempting to set up Hotspot 2.0 using an EAP-TLS configuration. I am importing a pk12 file and using those certificates. I have tried all manner of permutations for the configuration, and have narrowed down all the errors I was getting and now I am just getting a generic: Error: invalid EAP settings. I have tried adding the identity separately and either get an entitlements issue which I can't figure out why since I have added the required network extension sharing groups, or a duplicate item error, meaning it was already correctly added. The certificate and configuration are correctly working through an Android app already. static let accessGroup: String? = { guard let prefix = Bundle.main.object(forInfoDictionaryKey: "AppIdentifierPrefix") as? String else { print("Could not load group") return nil } return "\(prefix)com.apple.networkextensionsharing" }() static func setupHotspot(data: CertificateData) { let h20 = NEHotspotHS20Settings(domainName: data.realm, roamingEnabled: false) h20.naiRealmNames = [data.realm] var result: CFArray? let options: [CFString: Any] = [ kSecImportExportPassphrase: "**********", kSecAttrLabel: "ident:\(data.user)", kSecAttrAccessGroup: accessGroup!, kSecReturnPersistentRef: true ] let status = SecPKCS12Import(data.p12 as CFData, options as CFDictionary, &result) guard status == errSecSuccess, let importResult = result as? [[String: Any]], let resultDict = importResult.first else { print("P12 Import failed: \(status)") return } let identity = resultDict[kSecImportItemIdentity as String] as! SecIdentity let eap = NEHotspotEAPSettings() eap.supportedEAPTypes = [NEHotspotEAPSettings.EAPType.EAPTLS.rawValue as NSNumber] eap.isTLSClientCertificateRequired = true eap.trustedServerNames = [ data.realm ] eap.outerIdentity = "anonymous" guard eap.setIdentity( identity ) else { print("setIdentity failed") return } let configuration = NEHotspotConfiguration(hs20Settings: h20, eapSettings: eap) NEHotspotConfigurationManager.shared.apply(configuration) { error in if let error = error { print("Error: \(error.localizedDescription)") } else { print("Success") } } }

The production macOS build is showing severe performance problems, while Mac_Dev performs normally. Observed behavior in production Mac build: Issue board scrolling becomes inconsistent or nearly unusable Changing an issue status in detail view is very slow Scrolling the status menu/options can be slow Typing in issue description/notes fields becomes sluggish Dragging issues between milestones/statuses on the board can lag badly Observed behavior in Mac_Dev: Board scrolling is smooth Status changes are immediate Typing in description fields is responsive Drag/drop between milestones works well Important comparison: Mac_Dev appears to run against an isolated local SwiftData store Production Mac app uses the normal CloudKit-backed store Because the same UI is fast in Mac_Dev, this does not look like a pure rendering problem Most likely cause is production store / CloudKit sync churn amplifying existing SwiftUI invalidation and save behavior Current hypothesis: The production app is saving or observing live Issue mutations too aggressively Detail view edits and some quick actions may be causing repeated saves / broad view invalidation Cloud-backed persistence likely makes the problem much worse than the isolated dev store The UI architecture may still need cleanup, but the production data lane is likely a major factor Any help in understanding how best to address this would be helpful.